Hello, everyone.
Today is the start of Cybersecurity Awareness Month and for the eighth straight year UTIA has been named a Champion Organization by the National Cybersecurity Alliance.
Cybersecurity Awareness Month began 21 years ago as a way to teach everyone how to stay safe and secure online. The Cybersecurity and Infrastructure Secure Agency (CISA), and the National Cybersecurity Alliance combine forces each year to help government and industry leadership explore how we can improve our nation’s resilience and defend our infrastructure against bad actors. They also explore how cybersecurity professionals and the public sector can work together to address emerging technologies and implement Secure by Design best practices.
Each week I will focus on one thing we can all do to keep ourselves and our information safe and secure online. This week I want to talk about the importance of passwords.
In addition, I am happy to share with you a new change that I believe many of you will be pleased to hear about. I also want to remind you of some annual non-threats you have received. And finally, I want to remind everyone about required training.
Password Tips
- Passwords are like the keys to your house, in that you never want others to have possession of them.
- The UTIA IT0110- Acceptable Use of Information Technology Resources Security Plan states that users will not give anyone their passwords.
- It also states that users, which includes supervisors and support, will not ask others for their passwords.
- Passwords must be strong, using a minimum of 12 characters and a combination of uppercase, lowercase, numbers and/or special characters.
- While UTK no longer requires regular password changes, passwords must be changed in the event you have clicked on malicious links or attachments, or if your account has been compromised and changed from a different device than the one you were using at the time of the compromise or potential compromise.
- You can read more about passwords by going to the UTIAsecurity knowledge base for Passwords.
Important Changes
Classification Process
- Beginning October 1, 2024, the classification requirement is changing.
- As you know, every device registered on the network had to be classified through the self-classification process every 365 days.
- This process was not as accurate as hoped for, as the algorithms didn’t always assign the correct classification based on the choices made.
- In addition, if your computer had multiple network cards, you had to classify the same device for each card, which didn’t make a lot of sense.
- With all the new security initiatives being implemented, the classification process as we knew it has been deemed unnecessary.
- However, this does not mean that classification is no longer needed.
- I will be working directly with users who are responsible for systems that process or store sensitive data to ensure that the appropriate controls are in place.
- If you ever have any questions or concerns about the data that you are accessing, processing, or storing on your computer, please let me know.
Current Non-Threats
Open Enrollment (emails)
- Open enrollment begins today so you can expect to see emails about this process.
- So far, I have seen three different emails.
- One is from UT System Office of Communications <utsystemnews[@]tennessee.edu> and has the subject Fall 2024 For Your Benefit Available Online.
- The second one is from Department of Payroll, Benefits and Retirement <utinsurance[@]tennessee.edu> and has the subject Flexible Benefits Open Enrollment.
- The third email is from University of Tennessee + ALEX <reply[@]myalex.com> with the subject Your Annual Enrollment is coming up.
- These emails contain important information regarding your options for coverage and benefits for 2025.
- I am certain there will be additional reminder emails since the open enrollment window is 10/01/2024 – 10/18/2024.
- If you have questions about any emails like this, please don’t hesitate to ask me.
Important Reminder
IT Security Awareness Training
- If you have been assigned training, this is a reminder to complete that training before the end of the year.
- The IT Security Awareness training is required of all UTIA workforce, which includes student employees, on an annual basis.
- The IT Security Awareness training is part of the 2024-2025 UTK Compliance training, as assigned by UTK HR.
- Assignment and reminder emails will come from the UTK Compliance Committee noreply[@]utk.edu, but I will start sending specific reminders about the IT Security Awareness training later this month.
- As in the past, any user not completing the IT Security Awareness module by the deadline will still lose access to all Institute-owned and University-owned systems until the training has been completed.
- If you have been assigned the training, you can find it by logging into K@TE https://kate.tennessee.edu.
- While the deadline has been set for 12/31/2024, I recommend that you complete it before then to ensure you get the proper credit due to DASH implementation happening at the first of the year.
Thank you so much for everything you do to protect the Institute and its data, students, employees, clients, and yourself! And thank you for all you do for each other!
Sandy
Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!