Due to the events that are occurring in Ukraine, it is important that I once again mention we are facing a very high likelihood of cyberattacks. Last month’s newsletter mentioned that Russia had threatened cyberattacks if the United States got in Russia’s way. This month I want to share even more about this possibility.

I am constantly looking at news, emails, social media, etc., to keep up with any news that I can share with you. I also want to remind you to stay vigilant and to know how and when to report questionable activity.

Please read below to learn more.

Russian State-Sponsored Cyber Threats

Russia had threatened that if the US got in their way, there would be consequences, which includes the likelihood of cyber threats. The US did not ‘get out of the way,’ nor did many other nations. This means the US and those countries can expect the likelihood of cyberattacks, particularly on critical infrastructure.

Yesterday, the President designated the Department of Homeland Security (DHS) as the lead Federal agency for coordinating domestic preparedness and response efforts related to the current crisis. The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency that operates directly under the DHS oversight, has provided information to help guide all organizations and their leaders at this time. I will be keeping a close eye on DHS and CISA information and promise to pass along any pertinent information as I get it.

In the meantime, please continue to follow the general guidelines I am often sharing with you:

1. Do NOT provide your password to anyone, whether it is online, over the phone, in person, or otherwise.
   • Your bank will never ask for this.
   • Your credit card companies will never ask for this.
   • Utilities companies will never ask for this.
   • Your IT staff will never ask for this, as doing so is a violation of UTIA IT0110 – Acceptable Use of Information Technology Resources Security Policy (AUP).
   • The OIT HelpDesk will never ask for this, as doing so is a violation of UTIA IT0110 – Acceptable Use of Information Technology Resources Security Policy (AUP).
   • Your supervisor, coworker, nor anyone else will ever ask for this, as doing so is a violation of UTIA IT0110 – Acceptable Use of Information Technology Resources Security Policy (AUP).
2. Do NOT click on questionable links in emails you are not sure about.
3. Do NOT open attachments in emails from anyone at all unless you are expecting it.
4. Do NOT use the same passwords for multiple accounts.
   • If you think your password has been compromised for any account, change it right away.
   • Do NOT click on a link in an email telling you that you need to change your password.
   • Always manually type in the address where your account is located, then change the password from that account.
5. Contact me at any time if you have ANY doubts about an email or link.
6. You can forward questionable emails to me because I promise I will give you advice without having to open the attachment.
7. Report suspicious emails using the Reporting Phishing Attempts instructions.
   • You must include the Internet Headers, as these headers give information to help determine from where the email was sent.
   • Copying me on these helps me to know if we have a potential problem.
8. Do not click on links within websites if you are unsure about them.
   • Spoofed sites can be made to look like the real site, so please be extra cautious.
9. Keep your data backed up regularly!
   • Do NOT leave any external backup drive attached to your computer after the backup has been completed, or there will be two copies that face theft and encryption.
   • Store the backup in a safe and secondary location.
   • Use Office 365 or Google Drive to store data in the cloud where it can be backed up securely according to our enterprise contracts.
10. Remember that phishing does not have to come from an email. Hackers use texts and phone calls, too!
11. If someone claims to be a vendor and they call asking questions about our data or business, do NOT give that information out.
    • If you didn’t ask these people to call you, why would you share information with them?
    • Many of these “vendor” emails I get are from companies I have never heard of before and I bet the same is true for everyone else.

Please know that UTK is taking steps to help reduce the risk of certain traffic coming in from certain IP addresses. As you know, it is a policy to use the VPN to access UTIA and UTK IT resources when working remotely. It is more important than ever to use the VPN at this time!

Also, please bookmark https://utiasecurity.tennessee.edu. The UTIAsecurity website contains current threats on the homepage. While I will always email things that are of an immediate need to know, I also put that information on the homepage, as well as additional threat information that may be current, but not necessarily a major announcement. The site also contains all of the monthly Security Awareness Newsletters so if you deleted the newsletter you can still find the information on the site, as well as other important IT security information.

Incident Response

If you have been a victim of a compromise or you suspect a possible compromise, please call me as soon as you suspect something has happened. A “normal” compromise can cost up to six-figures in fees and fines, as well as loss of data, loss of the Institute’s reputation, etc. It is important to follow to proper protocols to ensure we are complying with local, state, and federal laws, as well as industry regulations.

Please follow UTIA IT0122 – Information Security Incident Response Policy and UTIA IT0122P – Incident Response Plan and Reporting Procedures any time you think you have a compromised system or if something happens that you just don’t think is ordinary computer behavior.

Important Browser Popup Information

As you may remember, I let you know last month that some default browser configurations were being changed on February 1. These changes went really smoothly overall but, as with any major changes, we did find a small number of people had reported issues with certain sites that require popup windows in order to be able to do their jobs. Once the sites were reported, the site domains were added to the allow list. If this happens to you, please call the HelpDesk and let them know the domain (e.g., nearpod.com). They will notify us and the domain will be added as soon as possible so you don’t lose valuable work time.

I know that it is difficult to keep up with every little thing having to do with cybersecurity. That is why I am here. I am always available to answer your questions, to help investigate troubling links and attachments, or to hopefully relieve concerns you may have with regards to cybersecurity. I am here for the Institute and I am here for you, so please do not hesitate to email me or call me 24×7. If you email me and I don’t get back to you quickly enough, please call my cell phone. If you call my cell phone and I am unable to answer, please send me a text.

Thank you so much for all you do!!!

Sandy