Ask Your CISO, Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 03/10/2023

Posted on Mar 10, 2023Share on

globe with a laptop screen showing data being sorted

It’s Friday! Today I have an upcoming (and possibly long-running) non-threat to tell you about. I have also included information about a current phishing attempt and I answer a question about scanning for viruses.

Current Non-Threats

  • UTK’s NetReg Classification Survey (email)
    • In a recent IT Weekly email, UTK’s Office of Information Technology (OIT) announced that starting in mid-March, you will receive emails informing you to reclassify your Institute-owned devices.
    • While these surveys will start going out in mid-March, they will continue to be sent over the next few months until all devices have been classified.
    • Classification was put on a brief hold while the new NetReg system was being finished.
    • You will be once again required to complete a classification survey for each Institute-owned device.
    • You will be asked to identify, via checkboxes, the type of data stored, viewed, or processed on it.
    • Please take caution when you complete the survey(s) that you are responding for the appropriate device.
    • Also, this is very important…DO NOT INCLUDE DATA THAT IS YOUR OWN OR YOUR FAMILY’S.
      1. While your own data is very important, the device is classified based on the Institute’s and University’s data that is stored on it.
      2. Part of the purpose of classifying devices is that in the event of a breach, we know who must be contacted.
      3. If the only PII stored on your devices is your own or your family’s, there is no contact that must be made nor State and Federal reporting that is required.
      4. Including your own or your family’s data, such as personal credit cards, Social Security numbers, driver’s license numbers, etc., could cause the classification to be set at a higher level than it should and would create the need for a security plan to be written for that device when it really is not necessary based on the actual Institute’s data you are storing.
    • Once these surveys start being completed, I will begin checking the responses for Institute-owned systems and will see how those are looking.
    • If there the results are questionable (i.e., an inordinate amount of devices classified as “high”), I will start sending my own classification survey to find out more specific information about data being stored.
    • Then I can start scheduling meetings with those whose devices should truly be classified as “moderate” or “high” so I can help you create a system security plan for those devices.
    • Please complete the UTK classification survey within 30 days of notification, otherwise your devices will lose network access until the survey is complete.
    • Since this is an annual event, my best advice is that it is far less bothersome to classify all your devices on the same day so they are all on the same schedule.

Current Threats

  • Microsoft 365 (email)
    • This is very similar to the OFFICE365 threat I talked about last week.
    • This time the sender shows to be Support HelpDesk <noreply@isekkoteak.com>.
    • The subject is RE: Action Notice Expired Password Notification <day, date>.
    • The message tells you, “Your Utk.edu password is set to expire in (24)hrs Time, <date>.
    • There is a link to “Keep My Password,” but please DO NOT CLICK!
    • This message, if real, would definitely not come from this sender’s domain.
    • The message is signed “Utk.edu IT” and we know this is not how it would be signed if the message was legit.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.

Ask Your CISO

  • When you mention scanning for viruses, what exactly do you mean?
    • At the Institute, including the College of Veterinary Medicine, we use Endpoint Central to ensure updates and certain security tasks are done on Institute-owned computers.
    • Endpoint Central, formerly known as Desktop Central, is an endpoint management and security solution that helps manage and protect our assets from a central location.
    • Endpoint Central is configured to get updates for Windows Defender, the antivirus app from Microsoft, and run regular scans on Institute-owned devices.
    • However, there may be times that require an additional scan that shouldn’t be put off until the next configured scan time.
    • For instance, you may have a strange window that pops up telling you to call Microsoft (or someone else) because you need to pay them to have a virus removed from your computer.
      • This is NOT how antivirus works!
      • If this happens to you, do not click on anything in that popup window, including the “Deny” button.
      • Instead, click Ctrl+Alt+Delete to open the Windows Task Manager, then look for the browser in the list of running apps.
      • Right-click on the browser and choose “End Task” so the browser closes and you won’t have to click on anything having to do with that popup.
      • If you cannot close the entire browser because of valid reason, click only the “X” in the top right corner of the popup.
    • After closing the browser, go to the bottom left corner of the system tray (along the bottom of the screen), then click the “^” so you can click on the Windows Security shield.
    • A screen will appear that shows “Security at a glance” and you will see “Virus & threat protection,” so click on that.
    • The screen will now show you the last time a scan was run, as well as the date, time, and type of scan.
    • Click on “Scan options” here.
    • When the screen shows your options, click the button beside of “Full scan” and then click the “Scan now” button.
    • This scan will take longer than the Quick scan, but it will scan every file on the hard drive, instead of a limited selection, and you can continue to work during the scan.
    • If the scan finds threats, please let me know right away if Defender did not clean or contain them.

Thank you so much for all you do to protect the Institute and its data. I am always here to help you, so please don’t hesitate to let me know when you have concerns and questions. And I truly enjoy and value your feedback!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu