Current Threats, Policies and Procedures, Security Awareness Newsletters

This Week’s Cybersecurity News, 04/01/2026

Posted on Apr 01, 2026Share on

Security shield with binary code in the background and global connections around the shield

Good afternoon, everyone!

Today I have a relatively long newsletter that includes a current threat, but it also includes a few requests for all UTIA employees. I appreciate all you do to do the right thing; I just have some requests and reminders.

Current Threat

  • Phishing Calls (Vishing)
    • Vishing is not as cut and dried as a lot of scams we must deal with, so I want to give tips on handling them in the most appropriate way.
    • For some people it is best to just not answer the phone when it is a call you do not recognize.
    • Not answering is the easiest way to deal with potential scam callers because it does not verify that your number is active and monitored.
    • But for those who do not have the luxury of not answering calls because of your work with clients, you should hang up immediately if you suspect the call is a scam.
    • You should hang up if the caller asks you to press any buttons, asks for money, asks for private information, or becomes very persistent.
    • Do not talk, argue, say “yes” or “no”, or give them any information at all. (Remember that the more you talk or argue, the more likely you will receive MANY more calls!)
    • Don’t trust caller ID showing the call to be from a known company because the number is possibly spoofed.
    • If you see a known organization’s name, e.g., University of Tennessee, Verizon, Xfinity, Bank of America, etc., please hang up and call their known number from their website to verify that was a legitimate call.
    • Always report scam phone numbers to the FTC at https://reportfraud.ftc.gov.
    • If you receive these calls on your cell phone, you should block the number and report the call as spam.

Important Requests & Reminders

  • Network Registration (NetReg)
    • When you get a new computer or a device previously used by someone else, it is very important to make sure it is registered correctly in NetReg (https://netreg.utk.edu).
    • The information in NetReg not only helps you, but it is also extremely important information that can be used by me, as well as the Security Operations Center (SOC) for tracking computers that may be involved in security incidents.
    • It is also quite helpful for me to be able to delete computers when people leave.
    • Most computers are registered by an IT person, including Desktop Support and CVM Computer Support, so the registration information will include what is very useful for them and for me.
    • However, if you have registered your own computer, you may not have considered what is helpful for others.
    • I am asking everyone to log into NetReg at your earliest convenience and make sure the following information is there (you should get a list of all the devices showing you as the Primary User):
      • Location – building and room number
      • Device Label – use something that is useful for you (While Operating System Type, Product, S/N, and UT Tag Number all show as “Optional” fields, the OS and S/N are very helpful for me and the SOC.)
      • UT-Owned – please make sure you click “Yes” if it is
      • Resource Groups – ALWAYS click on “ag” from the provided list if you work for UTIA (CVM Computer Support will set up CVM devices and use “vetmed”)
      • Hostname – please use our naming scheme which is the service tag or serial number
    • Again, this information is crucial for me and/or the SOC team to quickly locate a compromised device, so thank you for your help!
    • Approved Servers
      • In the past few months, I have been finding that we have servers being used that have not been properly vetted.
      • Whether you mean to be running Shadow IT or not, these servers can and usually do present significant security risks, including unpatched vulnerabilities, data leaks, or other security issues.
      • All UTIA servers should be getting regular vulnerability scans per UTIA IT Security Standards.
      • In the past we used Qualys as our vulnerability scanning solution but near the end of 2025, we moved to Tenable, as that is the current systemwide scanning solution.
      • With the implementation of the SOC, a lot has been done to ensure servers are being scanned and known vulnerabilities are being found and remediated.
      • Servers are now required to have the Tenable agent installed on them for continuous and in-depth vulnerability management and that the servers are added to the Tenable console by a Tenable admin.
      • It is also a UT systemwide requirement that system administrators install Microsoft Defender for Servers, which is onboarded through Azure Arc.
      • If you are running a server that I am unaware of, please let me know as I need to ensure we are compliant and as secure as possible at all times.
      • Please send me the server’s IP address, OS, function, department/unit, contact, and location.
      • This requirement is not new, it is just a little different with regards to the SOC because if there is a security incident, the 24/7/365 SOC will be alerted, and we can get started on remediation before others are affected.
    • Approved Software Reminder
      • Unapproved software is another form of Shadow IT but includes applications, tools, or cloud services used without approval and can cause vulnerabilities, data loss, theft, licensing issues, regulatory violations, and breaches.
      • It is so important that all applications, tools, and cloud services be reviewed and approved before installing and using in order to protect our data and our network.
      • A new UT systemwide transition went into effect on 10/31/2025, and requires requests that involve software purchases or renewals to use the TDX Data and Technology Risk Review Intake Form.
      • This intake form must be completed before submitting a requisition or contract.
      • Once the form has been reviewed and approved, you will receive an Authorization to Proceed, which must be attached to your requisition or contract.
      • This intake form is also required for UTIA software purchases and renewals using procurement cards (p-cards), and the Authorization to Proceed must be attached to your p-card receipts when submitting.
      • If attempting to use any open-source software, the UTIA Chief Information Officer (CIO) must approve the software before it can be used.
      • This is a critical step in helping ensure we are getting vetted and secure software before it is ever purchased or installed.
      • It is also important to use what the University has already established as the standard for any software platform in order to ensure security, efficiency, and consistency systemwide.

    Thank you so much for reading today’s newsletter. I need to stress that following our standards will ensure that both hardware and software are designed to protect the Institute’s data and reputation, comply with UT polices, comply with UTIA standards, comply with regulatory requirements (HIPAA, FERPA, PCI, etc.), and focus on a consistent and secure technical environment which will mitigate our risks.

    I sure do appreciate you all!

    Sandy

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu