This Week’s Cybersecurity News, 04/24/2024

Share on

Hello, everyone.

Today I want to take this opportunity to remind you of some very important things you can do to protect the Institute’s data, as well as your own! The news tells us more and more about attacks targeting municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure. Take a look at this list of targets and you can see why I want to give some reminders…the Institute fits within several of these areas! I want to make sure we are all in the habit of performing these tasks below so we won’t have to worry if we are attacked.

Passwords

  • When UTK came up with the non-expiring password a few years ago, several of you may remember that I didn’t necessarily agree with this approach.
  • Even if your password is 12+ characters long, it should still be changed from time to time.
  • Passwords may be harvested by hackers using various methods and then sell them on the Dark Web.
  • I know of people who have received a blackmail-type email stating that their password is XXXXXXX, and the user remembers using that very password years ago.
  • Imagine if you never changed the password, especially if it is a simple password!
  • Keep these tips in mind:
    • Please change your password regularly, with every three months being the preferred cycle.
    • Use a strong password that is at least 16 characters, as the longer the password is, the less likely it will be cracked.
    • Use a passphrase that is meaningful to you, but one that no one else would guess.
      • This can be a sentence that you would know and remember, such as ilovetheyankees!
      • Even better, replace some of the letters with mixed-case letters, numbers, or symbols, like iL0v3Th3Y@nk33s!
      • And, because most people know that I love the Yankees, I can promise I have never used either of these as my password. 😊
  • Make sure you have a different password for each and every account you have, both work-related and personal.
  • And please don’t save your passwords in a file on your computer.

Back Up Your Data

  • A data backup means creating a copy of your data in another location (not your hard drive) so in the event of a failed hard drive, cyberattack, natural disaster, theft of a computer, etc., the backup, or copied data, can be used to restore your original data.
  • Please make sure you are backing up your data regularly!
    • If you are backing up the data that is on your hard drive, do this at least weekly to ensure you have the latest version of your files.
    • Store the backup in a completely separate location from the computer, e.g., your home.
  • The easiest way to do this is to store all your files on OneDrive.
    • When OneDrive is added to your computer, you have a choice of what to backup.
    • Desktop Support will set this up to keep the files on OneDrive only and I recommend that you keep this setting, as it will keep your files in your OneDrive Folder and not in a folder on your computer’s hard drive.
    • This means that OneDrive will have your files readily available for you on any computer that you use and not just that one computer.
    • OneDrive is backed up in the cloud and Microsoft is responsible for ensuring the data is encrypted and protected.
    • If you want to be extra certain your files are readily available if something bad were to happen, you can do a regular backup on an external drive in addition to OneDrive only.
  • To read more about backups, go to Backup Guidelines for Institute-Owned Assets and Data.
  • You can also go to the UTIAsecurity Knowledge Base and click on Backups under the Tags section on the left.
  • And finally, you can archive old data that you don’t currently use, but may need for long-term retention, compliance purposes, etc.
  • If you want to archive data, I recommend that you create a folder on OneDrive named “Archives” and then use how you see fit, or save the archives to an external drive.
  • By archiving, you can keep this data separate from your other files and it will take far less time to deal with because it is already in one location.

Phone Calls

  • While this may not seem like the place for information about phone calls, it really does go with warnings about hackers and blackmailers.
  • When you answer a call from anyone, especially someone you don’t recognize the number, please never use the word “yes” in any way, shape, or form (e.g., If asked “Is this Sandy,” I would never say “yes”.)
  • If you are answering your cell phone, I *highly recommend* that you don’t answer with “This is <your name>.”
  • If you get a call that begins with silence, then a blip kind of sound, please hang up.
  • If you get a call and you hear a recorded message instead of a live voice, this is a sign of a robocall, so please hang up.
  • If someone calls you (and you did not solicit the call!) please do not share any information with them.
  • If someone calls you and ask for/demands some sort of payment, please hang up right away, then report it using the information found under the Ask Your CISO section of This Week’s Cybersecurity News, 06/14/2023.
  • You can find more information by going to UTIAsecurity Knowledge Base and click on Reporting Cybercrime under the Tags section on the left.

While there is so much to do once cybercrime happens, it is always best to do everything you can BEFORE something happens. Remember all the other important rules, too, like don’t click unexpected attachments; don’t click links you aren’t sure about; don’t talk to strangers (yes, this works for adults, too!), and keep on eye on your information. And if you ever have ANY questions or concerns, please don’t hesitate to reach out to me immediately. If you call, I may not always answer if I don’t recognize the number, but please leave me a message and I will get back with you as soon as possible. Your questions truly help me to be able to help everyone else, as well!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!