Current Threats, Policies and Procedures, Security Awareness Newsletters, Services

This Week’s Cybersecurity News, 01/03/2024

Posted on Jan 03, 2024Share on

Binary matrix with the words "data security" at the bottom

Happy New Year!

Today I want to tell you about one threat. I also have a couple of reminders for you and I want to let you know about some upcoming changes for 2024.

Current Threat

  • Website and Search Engine Rankings (phishing emails)
  • These emails have multiple senders, some using @gmail.com and some using @outlook.com.
  • The emails have multiple subjects, like Google Rankings and SEO Packages price !!
  • The emails are similar, but not exactly the same.
  • The content basically tells you that the sender has been looking at your website and that its ranking is not good on all search engines.
  • The emails want you to respond for a “packages and price list” so that the sender and their company can supposedly help you improve your website ranking and get more targeted visitors.
  • There is no link and no attachment associated with these emails, but the sender wants to reel you in by getting you interested enough to start a conversation that will almost certainly involve links and attachments in future emails once your trust has been gained.
  • Per Tammy McKinley with ITS, “All of the sites within the UTIA’s web environment are indexed in Google Search and analytics are gathered on all of our sites using Google Analytics 4. All of this is managed by a team made up of members of ITS and Marketing and Communications. There is no charge for this service.”
  • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions.
  • And don’t forget that if you have questions about anything concerning the UTIA web environment, you can email utiaitscomm@tennessee.edu.

Browser, OS, and Software Updates

  • During our break, there were multiple updates to your browsers, operating systems, and third party software.
  • The Institute does automatic updates for your operating system, as well as your apps and browsers.
  • If you get a popup with the correct logo that reminds you that you need to do your updates, let the updates be completed.
  • If you have recently clicked to have your computer restart later to finish these updates, please make sure you reboot right away to ensure all available updates have been applied.
  • And if you leave your browser(s) open most of the time, please don’t forget to restart each browser often (preferably daily) to ensure you are getting the latest browser updates, as the updates won’t finish if the browser is open.

Important Reminder

  • Please make sure you are reading…and following…the Institute’s AUP!
  • UTIA IT0110 – Acceptable Use of Information Technology Resources defines guidelines for UTIA and its IT assets.
  • Users are required to review the AUP at least annually and to have an understanding of and full compliance with these guidelines (aka rules), which are based on the UT System AUP.
  • Just a few of these rules include:
    • Users will: Comply with all Institute policies and procedures, as well as all University policies, to ensure confidentiality, integrity, and availability of Institute-owned and any other University-owned IT assets under their control.
    • Users will: Be responsible for using Institute-owned IT assets and understand the associated backup and retention policies and best practices.
    • Users will: Use only supported and patched applications and operating systems on Institute-owned devices.
    • Users will NOT: Share access codes or passwords.
    • Users will NOT: Use any email account other than the UT-provided email account for conducting Institute and University-wide work-related business. (We still have some people who are using an account other than the UT-provided email account, so please be sure you pass this information along to them right away!)
    • Users will NOT: Engage in activities that violate Institute policies, plans, or procedures; local, state, or federal law, an Institute or University contractual obligation, or other University policy or rule including but not limited to Human Resources policies and Standards of Conduct for students.
  • These rules are in place to protect the Institute and its data; the University as a whole; and the users.

UTIA Policy Changes

  • In 2023, it was decided that UT System Administration would be the only part of the University that could use “policy” for any and all guidelines, standards, rules, etc.
  • For those of you who have been around for a while, you may remember this being something that has happened off and on over the years.
  • When I came back to the Institute and started our IT Security Program in 2016, only UTSA could use “policy” at that time, so I used “plan” for a couple of years until we were allowed to use policies again.
  • Now that campuses and institutes cannot use policy in the names, I will revert to calling our rules “plans”.
  • Please be assured that all UTIA IT Security Plans will continue to be based on UT policies and may sometimes be stronger based on the Institute’s unique needs.
  • In addition to these changes, the campus and institute Chief Information Security Officers and other IT security staff met last year and agreed with UTSA’s request that we all change our systemwide IT Security framework that all policies, procedures, plans are based on, from NIST (National Institute of Standards and Technology) to CIS (Center for Internet Security).
  • This is not something you will have to worry with, but as I update the UTIA IT Security Plans, you may notice that the wording and formatting will be slightly different.
  • As always, I will keep you informed of any information you need to know and will be available to you at any time to explain changes.
  • The Ask your CISO section of this newsletter may become quite useful over the next several months, so please don’t hesitate to ask anything you are wondering about.

Thank you all so much for everything you do every single day to protect the Institute and its data. I hope that in this new year you will continue to let me know about potential scams you are seeing. And please let me know any time you have any questions or concerns when it comes to IT security!

Have a great rest of the week!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu