Security Awareness Newsletters

This Week’s Cybersecurity News, 11/20/2025

Posted on Nov 20, 2025Share on

picture of a key with the words cyber security

Hello, everyone.

Today I have several important updates and reminders for you. The first reminder about Office 2016 and Office 2019 is particularly important and I wanted to mention it again to make sure you are in the process of upgrading as soon as possible, as unsupported software leaves vulnerabilities for hackers to exploit.

In addition, I want to remind everyone that the email transition to Microsoft 365 from Google is almost complete and that the Google Drive reduced storage limit is nearing. I also want to update everyone about what you can expect when you enter a new intake form for the new Data & Technology Risk Review. And of course, please remember to do your IT Security Awareness Training if you haven’t already.

Important Information

  • Office 2016 and Office 2019 End of Life
    • Microsoft ended support for Office 2016 and Office 2019 as of 10/14/2025, just as they did for Windows 10.
    • This means there are no more updates, and this will lead to security risks due to unpatched vulnerabilities.
    • There are no more bug fixes.
    • And there are no new features, such as no Report button for reporting phishing attempts.
    • Microsoft will no longer offer any type of technical support for these outdated Office versions.
    • Please make sure you are not using Office 2016 or Office 2019.
    • To find the version you are using please follow these steps in either Word, Excel, or Outlook:
      • Click on File on the top left corner.
      • Click on Account at the bottom left corner.
      • Your version will show on the right.
    • If you are with the UT College of Veterinary Medicine, please contact the CVM Computer Support group if you need to be updated.
    • If you are not with UTCVM, you may download the latest version from OIT’s Software Distribution site.
      • Please ignore the download for Office 2019, as it should be removed from the list.
      • Also ignore the downloads for Office 2021, as its end of life is 10/13/2026, and it doesn’t have all the necessary features we need.
      • This leaves Microsoft Office 2024 and Microsoft Office 365.
      • UTK says that Microsoft 365 is the UTK preferred Office version and I can say that I highly recommend that one, as well.
      • Microsoft 365 includes Word, Excel, PowerPoint, Outlook, etc., plus it includes access to web and mobile versions of the apps.
      • Microsoft 365 allows for 1 TB of OneDrive storage.
      • Microsoft 365 receives automatic security updates and new features.
    • Speaking of new features, Microsoft 365 has the red Report button for reporting phishing and junk emails, which is extremely important, as OIT has been moving away from allowing forwarded emails to OIT Abuse!
    • If you are not with UTCVM and you need help updating, please call the OIT HelpDesk at 865-974-9900, or go to OIT’s site to submit a help request for Computers and Mobile Devices.
  • UT Transition to Microsoft 365
    • I am sure everyone is aware that the University is transitioning to Microsoft 365 as the primary systemwide platform for collaboration and productivity tools.
    • This means that Google services are being reduced in order to provide a consistent experience, manage costs more effectively, enhance privacy and security.
    • Staff emails were migrated to Outlook over the summer and faculty email migrations should be completed by the end of November.
    • By the end of the Fall 2025 semester, all faculty and staff email services, including mail, calendar, and contacts, will be hosted on Microsoft Outlook.
    • OIT says that Google Drive and Forms will remain available to faculty, staff, and students, but they will soon significantly reduce the amount of available storage.
    • In order to not have these considerable storage reductions affect our faculty and staff, OIT can help move your files from Google Drive to OneDrive and Teams.
    • Should you need OIT’s help, please got to the Migration to Microsoft page and click on Submit a Request.
  • UT Systemwide Transition to New Data & Technology Risk Review – Process Information
    • Yesterday the Governance, Risk, and Compliance (GRC) Team met so we could walk through the start-to-finish processes for the new UT Systemwide Transition to New Data & Technology Review System.
    • This went into effect for UTIA, IPS, UTK, UTS, and UTSA on 10/31/2025.
    • All requests that involve software purchases or renewals will use the TDX Data and Technology Risk Review Intake Form, which replaces the IT Questionnaire you had been using.
    • The process will follow these steps:
      • The intake form should be completed before submitting a requisition or contract.
      • Once the intake form has been submitted, a member of the GRC Team will review the intake form to make sure it is complete, and a ticket will be created in Team Dynamix (TDX), the OIT ticketing system, and the requestor will receive an email via TDX.
      • The ticket will then be reviewed by a second member of the GRC to determine if the request is identified as “low risk” or “high risk” based on the information given on the intake form; and if it is identified as “high risk” an email will be sent to the requestor through TDX letting them know what type of security documentation is needed from the vendor in order to proceed.
      • Once the requested documents have been attached to the ticket, an appropriate member of the GRC team will then analyze the information to determine if the vendor and the software meet the necessary security requirements and the request will either be approved or rejected via the ticket and the requestor will be notified by email.
      • If approved, you will receive an Authorization to Proceed, which must be attached to your requisition or contract. For RFP and RFQ requests, please continue to use the DASH Requisition Intake process.
    • This change is expected to improve efficiency, consistency, and turnaround across all UT campuses and institutes.
    • This will allow a systemwide listing of all software being used, which may speed up the above process if a software has already been approved for another campus or institute.
    • And since this process is new and you may get emails from names you don’t recognize, so please don’t hesitate to ask me if you are concerned.
    • 2025-2026 UTK Compliance Training
      • Please remember to complete your 2025-2026 UTK Compliance Training.
      • This annual training is required for all UT employees.
      • The assignment includes the IT Security Awareness Training.
      • For UTIA employees, the IT Security Awareness Training course must be completed by 12/31/2025, or the user’s NetID will be temporarily disabled, causing the inability to connect to anything using the NetID for authentication, including email, DASH, Banner, Microsoft 365, K@TE, etc.
      • I highly recommend completing the training by 11/30, since things tend to get quite busy prior to our holiday/administrative closing in December.
      • It is my understanding that UTSA HR was able to update the TSU employees to show the correct department in DASH so the training can be assigned last week, but if you are a TSU employee and you still did not get the assignment, please let me know.

    I can’t thank you enough for everything you do to protect the Institute and its data, students, employees, clients, and yourself. Please let me know anytime you have any questions or concerns.

    Sandy

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu

    Secret Link