Ask Your CISO, Security Awareness Newsletters

This Week’s Cybersecurity News, 06/21/2023

Posted on Jun 21, 2023Share on

Shows text messages on a phone

Good afternoon!

This week our current threats are pretty much the same ones that keep popping up. If you ever want a refresher on some of the current threats and non-threats, I always post these newsletters on the UTIAsecurity website. It’s easier to reference something located in one place, than to try to find it in email! Just go to https://utiasecurity.tennessee.edu/knowledge-base/ and you will find all the past newsletters right there. If you are looking for a specific topic, just click on the tag or category on the left side of the screen.

Today I want to answer a question about items to be surplused. I also want to give you some great information that may help with those smishing (text message) scams that are so annoying.

Ask Your CISO

  • Our department has items going to Surplus, but are still in NetReg. What is the best way to get these removed if we don’t have access to make changes in NetReg?
    • First of all, NetReg is the common word used for UTK’s “network registration” database.
    • Any device, whether owned by the Institute, UTK, or personally, must be registered in NetReg in order to gain network access.
    • The NetReg database contains information such as MAC address (also called physical address or hardware address), UT blue tag number, primary user, owner, location, and classification.
    • In addition to allowing IT assets access to UTK’s network, NetReg serves as a way to keep more accurate IT asset details and inventory.
    • NetReg also helps me, as the CISO, be able to find a system that has been identified as possibly compromised so that I may get the IT asset off the network ASAP and start the proper incident response process.
    • Because of these reasons, we need to keep the NetReg database as accurate as possible.
    • If an Institute-owned IT asset is headed to Surplus, the asset must be removed from the NetReg database so that it is no longer tied to an Institute employee.
    • All you need to do is email me the MAC address for each system to be removed from NetReg.
    • To get the MAC address, do the following from the computer you wish to have removed.
      • If it is a Windows device:
        • Click on the Start icon (the blue Windows icon in your system tray) OR click the Windows button on your keyboard, type in cmd, then click Enter;
        • When the Command Prompt window opens, type in ipconfig/all and click Enter;
        • Each Ethernet adapter (ethernet, wireless, etc.) will have its own set of information;
        • Copy the information for “Physical Address” for each Ethernet adapter and send to me in an email.
      • If using a Mac:
        • Open the Apple menu;
        • Click Systems Preferences, then Network;
        • Select your network connection and click Advanced; and
        • Locate the MAC address on the hardware tab.
      • If you have several devices going to surplus, you can send all the information in one email if you like.
      • If you are having trouble locating the MAC address, please let me know.
    • As an FYI, when a person leaves, the IT assets must be deleted from NetReg so that the asset may be wiped, reimaged, and registered for the appropriate user for all the reasons I have mentioned, plus the appropriate primary user must be the one who completes the classification survey.
      • I use a daily report of terminations to remove the IT assets registered in their names.
      • I do the same for anyone who transfers to another department, unit, or campus.

Good to Know!!!

  • Do Not Text (smishing help)
    • On July 01, 2023, the Tennessee Do Not Text Law goes into effect.
    • This new law will help protect Tennessee residential consumers from unwanted telemarketing text messages.
    • If you have already registered your phone number with the Tennessee Do Not Call list, you will automatically be covered under the Do Not Text law.
    • The law prohibits those attempting to sell consumer goods and services by telephone from calling or texting numbers that appear on the “Do-Not-Call/Do-Not-Text” Register.
    • There are exemptions, of course, as detailed at https://www.tn.gov/tpuc/tennessee-do-not-call-program.html.
    • If you wish to sign up for the Do Not Call/Text Register you can go to https://www.tn.gov/tpuc/tennessee-do-not-call-program/csd-online-do-not-call-registration-form.html and include your cell and home phone numbers.
    • This registry is different than the National Do Not Call Registry which is run by the Federal Trade Commission.
    • To sign up for the National Registry, go to https://www.donotcall.gov/.
    • And please report those unwanted calls and texts by using the links provided above.

I thank each of you so much for everything you do every day to protect the Institute and its data. Please let me know any time you have any questions or concerns when it comes to IT security!

Have a great rest of the week!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu