Current Threats, Policies and Procedures, Security Awareness Newsletters

This Week’s Cybersecurity News, 07/31/2025

Posted on Jul 31, 2025Share on

laptop showing a warning sign

Hello, everyone.

Time is passing quickly and classes will soon be back in session on 08/18. Today I want to take this opportunity to remind you of email threats aimed at students. This is also a time when summer workers are finishing up so I need to remind departments and units about the importance of officially terminating employees. And, I have an important reminder about using UT email accounts.

Current Threats

  • Employment Opportunities
    • With the start of every new academic semester, there are several phishing scams that typically target students.
    • Many times these emails are boasting about new job opportunities paying hundreds of dollars per week for work-from-home positions.
    • The emails may have some mention of a department on campus that is supposedly sponsoring these opportunities.
    • Please know that the departments mentioned usually don’t exist and the person to whom you are directed for contact does not work anywhere within the UT system.
    • Sometimes the supposed sender has a UT student email address, but the student’s account had been compromised.
    • Sometimes the supposed sender appears to be an employee at a different UT campus and is telling you about a job on our campus, which has shown that the supposed sender’s account had been compromised.
    • Please don’t click any link in any of these emails because the emails are not legit and could lead to your data and/or identity being stolen.
    • Contact me if you have any questions about strange emails.
    • And, finally, please share this information with ALL of your students as they return to classes.
    • Most UTIA student employees will get these newsletters, but those who don’t have a job at UTIA will not; so please help protect them all by sharing information with them.

Important Reminders

  • Terminating Employees
    • It’s that time of  year when a large number of term employees finish their seasonal work responsibilities.
    • It is extremely important to officially terminate these employees and here is why.
      • Anyone who has left a temporary job, but is not officially terminated still appears as an active employee in the system.
      • By not officially terminating the former employee, they will still have access to all the things they had access to when they were working.
      • This means that whatever Active Directory groups they were in, they are still in them, receiving emails they should no longer receive and having access to drives that should no longer be accessible.
      • They would also still be able to access departmental computers, printers, and other devices they used for work, as well as access buildings.
      • Not only would someone still have all these accesses, it is possible that a hacker could compromise the account of a terminated user who is still in the system as “active,” which could put the department, the Institute, and the University at risk.
      • Most importantly, UTIA IT0130 – Personnel Security Standard for Information Technology requires that all employees, including seasonal employees, are officially terminated.
      • In addition, UT’s HR0160 – Termination of Employment lays out the policy for terminations based on the termination code and states, “Department heads who do not enter terminations in a timely fashion may be subject to disciplinary action.”
      • When an employee is officially terminated, they will appear on the HR report I receive for terminated employees and I will remove them from all UTIA AD groups.
      • I will also remove their assigned computers from NetReg so that the computers can be wiped and reassigned to the next person, when possible.
    • Using UT Email Accounts
      • I feel the need to remind everyone about the use of UT-provided email accounts.
      • UTIA IT0110 – Acceptable Use of Information Technology Resources Security Standard (AUP) states that Users will “Use only the UT-provided email account for all Institute and University business.”
      • This means that automatically forwarding UT emails to a non-UT account, whether you are a student employee, a term employee, or regular employee, is not permitted.
      • It is also not permitted for a user to misrepresent the Institute or University by using the UT-provided email account for personal business.
      • You may think it is convenient for you to have all your emails in one account, but the AUP clearly shows this is not allowed.
      • In fact, you may not know you aren’t receiving very important UT-related emails, such as alerts, training assignments, and other pertinent information because the mail isn’t forwarding.
      • If you are automatically forwarding your UT email to a non-UT email account, please remove the forwarding as soon as possible.
      • If you have staff reporting directly to you, please make sure they are aware of this information because they may not get this newsletter due to improperly forwarding email.

    I truly appreciate all you do to protect the Institute and its data, students, employees, clients, and yourself! Please let me know if you ever have any questions or concerns.

    Sandy

    Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu