Ask Your CISO, Policies and Procedures, Security Awareness Newsletters

This Week’s Cybersecurity News, 02/23/2023

Posted on Feb 23, 2023Share on

image of a browser screen with the Google search page

Today we still have the recurring spear-phishing attempts and fake invoices being sent via email. The names may change, but the premise is always the same. So today I want to do a quick policy reminder and I want to answer a user’s question about online searches.

Policy Reminder

  • UTIA IT01xx – Media Protection Policy
    • Please note: This policy does not have a full number because UTSA does not have a corresponding system policy in place, so I am using “xx” for the time being.
    • This policy protects the Institute’s data by providing guidance for using, protecting, and sanitizing media.
    • “Media” includes but is not limited to hard drives, random access memory (RAM), read-only memory (ROM), CDs, DVDs, flash drives, memory devices, phones, tablets, networking devices, printers, and paper.
    • Users shall be given access to media on a need-to-know basis, using the principle of least privilege and role-based access control, i.e., job classification and function.
    • Users must use individual login accounts.
    • Users must never share passwords with anyone.
    • Users with a need to access media must go through the proper channels to request that access.
    • Records stored on any Institute-owned IT asset must be properly backed up, with the backup being stored in a secure location.
    • Computers must never be handed from one user to another without providing the new user a clean computer, which means wiping the hard drive and installing a clean image.
    • If sensitive data must be stored on a computer, a Department of Defense (DoD) secure wipe must be done, so please contact me if you have questions or concerns.

Ask Your CISO

  • Can you trust the results you get from a Google search to be safe and secure?
    • This is an excellent question, but not easy to answer.
    • You would like to think that search engines like Google would be safe, but they aren’t foolproof.
    • There are several search engines you can use, but you need to stick with a widely-used and highly-rated one.
    • Depending on who you ask, you will get varying answers for what search engines are the safest, but I am going to speak about Google, as it is one of the most secure search engines we support.
    • Google uses Safe Browsing to help protect users from phishing attacks and web-based threats like malware, unwanted software, and social engineering attacks across desktop and mobile platforms.
    • Users will see a Safe Browsing message in Search results when Safe Browsing has found that the site they are about to visit may be dangerous.
    • Google uses the message “This site may harm your computer” notification beneath the site’s URL if Google thinks the site may allow programs to install malicious software on your computer. 
    • Tips for safer searching:
      1. Be cautious of the first few results showing for your search if they are marked “Sponsored” or “Ad,” as these results’ links are potentially unsafe and may be hiding malware that can be installed when you click the link.
      2. Before clicking on a search result’s link, use your cursor to hover over the link presented in the search to see if it matches the actual address showing in the bottom left corner.
      3. If you are looking for something very specific, use quotes around the search term to limit all the excess junk that has nothing to do with the search you want and may include links with malware.
    • Assuming that your computer is locked down and has Microsoft Defender and Endpoint Central (formerly known as Desktop Central), you should be pretty safe most of the time…because I can never honestly say that you are safe all the time unless you turn your computer off!
    • Endpoint Central makes sure your computer gets its OS updates, Microsoft updates, and third-party updates in a timely manner.
    • Microsoft Defender, when properly updated, will run regular scans, but can also detect many viruses, worms, and other malware when installed.
    • When Defender sees malicious activity, it will quarantine it, then try to clean it right away.
    • Defender sends reports of its findings to appropriate IT staff, allowing those staff members to take care of any remaining problems as soon as possible.
    • Although Defender *should* find and quarantine this kind of activity, keep in mind that new attacks may take time for Defender to have a “fix” or may be difficult to remove, so please don’t click on things you can’t verify first.
    • And remember that once someone has stolen your data, it’s out there.

Thank you so much for all you do to protect the Institute and its data. I am here to help you, so please let me know any time you have questions or concerns. And I always appreciate your feedback!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu