Happy New Year, everyone.

Today I want to tell you about a non-threat that some people have recently started noticing. I also want to give a few reminders for helping to get the new year started on the right track.

Current Non-Threat

• Quarantine Email
  • For quite some time I have been getting a daily email from quarantine[@]messaging.microsoft.com.
  • The subject is Microsoft 365 security: You have messages in quarantine.
  • I receive this message at about the same time every day.
  • While we typically don’t get emails from Microsoft, these particular messages are legit and are based on malware detections by anti-malware policies, high confidence phishing detection by anti-spam policies, etc. as defined by our email administrators.
  • These email messages are flagged as prevented spam messages and the list is sent to the recipient.
  • When you get the email from “quarantine” you can review the messages listed in that email.
  • You are given the opportunity to see the messages’ senders, subjects, dates, and times, and can decide if you want to review a specific message, release the message back into the Inbox, or block the sender.
  • If you see something that you are certain should not be quarantined, you can “release” the message, but please don’t release it unless you are absolutely sure it is legit.
  • In all the times I get these emails, I have grown accustomed to randomly checking the senders and subjects, then deleting the Microsoft 365 security email.
  • I have yet to find anything in quarantine that shouldn’t be there.
  • In addition, if you just delete the Microsoft email from your inbox, the quarantined emails will be permanently deleted based on the retention time, which is typically 15 days for spam/junk and 30 days for malware/phishing as set by our email administrators.
  • If you have any questions or concerns about quarantined email, please don’t hesitate to ask me!
  • And remember that when you use the “Report” button to report those actual phishing emails, you are helping to shape the anti-phishing and anti-spam policies that will protect the University.

Important Reminders For The New Year

• Officially terminate employees when they leave!
  • As I went through the IT Security Awareness Training results, I came to the conclusion that a portion of the approximately 100 people who did not complete the training are likely no longer employed by UTIA.
  • Some of these are seasonal employees across the state who may work for a few months, but the work ends and the employee is possibly going to return at a later date for another temporary assignment.
  • At one time it was a hassle to rehire people who came back every year in the same or similar seasonal position.
  • UT System did an internal audit that included looking into not terminating employees and found that many departments across the system did not terminate those who were most likely going to return later.
  • President Boyd took into consideration that it was quite difficult to get these people hired back in a quick and efficient manner, so he made sure changes were made to make this a lot easier.
  • Please remember to officially terminate your employees no matter if they are definitely going to return.
  • Anyone who is NOT officially terminated has the same access they had as an employee, which would include files, websites, or anything that requires authentication using the NetID and password.
  • We don’t want to think that insider threats would happen, but they can, even if by accident.

• UT Email Addresses
  • Please remember that UT policy and UTIA IT Security standards state users are not to use any email account other than the UT-provided account for conducting Institute and University work-related business.
  • Automatically forwarding UT emails to any non-UT account is not permitted.
  • In addition, misrepresenting the Institute or University by using the UT-provided email for personal business in not permitted.

• UT Computer Updates and Security Patches
  • UTIA-owned computers are set up to get automatic updates and security patches as they become available.
  • These updates and patches include the operating system but also include most apps on the computer.
  • If you are in the middle of a task that will be at risk of major issues during a restart after updating, you can postpone the update or patch in some cases or the restart in others.
  • Just remember that when the task is completed, restart your computer as soon as you can.
  • A restart is often necessary to complete the installation of a particular update or patch and may cause serious problems if the restart is not done.
  • And if you are wondering how often “regular” is, that means once a week at the very least.
  • Even if you don’t notice any updates or patches being installed, they are still happening.
  • And browsers need to be closed and reopened daily to ensure you are getting those latest updates (and they don’t require a restart).

I appreciate each of you for everything you do to protect the Institute and its data, students, employees, clients, and yourself. Please let me know when you have any questions or concerns. You can call me anytime!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!