It’s a new month, but the threats never cease to exist. This week I want to share with you a couple of current threats I have heard about. I want to give you a little reasoning behind the annual security awareness training. I also want to remind you of the importance of backing up your data.

Current Threats

• Payroll Information (phishing email)
  • Subject is: Payroll Information.
  • The message appears to be from Human Resources <hr@tennessee.edu>.
  • The emails says, in part, “I am in the process of verifying and updating all information for employee payroll information.”
  • The email asks that you open the attachment named “Payroll Info” to verify that your information is correct.
  • The email also contains a link to supposedly check your documents.
  • I can definitively verify that the link will take you to a malicious site that is known to steal personal data.
  • I can’t (or won’t) verify the PDF, but I can tell you that there will be malware installed on your computer and possibly even the start of ransomware if you open that attachment.
  • While Payroll and HR are closely tied, we do have Payroll Office that would be more likely to check your information, but I am certain that Payroll nor HR would ask individuals to verify their information in this way.
  • And lastly, there is no identifying logo or anything with UT in the email other than the From address, which has been spoofed in this case.
  • Should you receive this email, please forward the email and its Internet header using the Reporting Phishing Attempts instructions.

• Annual Yearly Plan (phishing email)
  • Subject is: Details of Your Annual Yearly Plan. Must Verify Additional Details.
  • The email appears to be from someone with a Gmail address.
  • The person supposedly sending the email does not have a connection to the University.
  • The content of the forwarded email I received just says, “Have a great day.”
  • I suspect the sender wants you to reply to the email so they can get your information.
  • Should you receive this email, please forward the email and its Internet header using the Reporting Phishing Attempts instructions.

Annual Security Awareness Training

• As you know, we are in the middle of security awareness training at the Institute.
• The training was assigned on 10/03-10/04, and is due by 5pm CT on 11/30.
• The first reminders went out yesterday.
• Please keep in mind that the second reminders will go out on or around 11/11, and these reminder will be sent to individuals and their Deans, Directors, and/or Departments Heads will be copied.
• This training is required by UTIA IT0123 – Security Awareness, Training, and Education Policy.
• While not everyone agrees with having to do the training nor the specific content, this training is expected by the UT Board of Trustees (BoT).
  • I do not take this expectation lightly.
  • I never choose the training with the desire to “check the box” just to make the BoT happy.
  • I personally view every single module that is available each year and do my best to pick what is most appropriate for each of the five role-based groups.
  • Sometimes I choose modules based on threats and issues that I have seen throughout the year.
  • I make sure that the modules mirror the Institute’s IT Security policies as closely as I can.
• Please remember that not completing the training by the deadline will result in the loss of access to anything that uses your NetID, including email.
• For those who have completed the training, I really appreciate you.
• And for those who are working on the training, I thank you, as well.
• If you have any issues with the training, please do not hesitate to let me know.

Tips for protecting the Institute’s data and yourself

• Back up your data regularly.
• If you back up to a flash drive or other physical hard drive, please disconnect that drive from your computer after the backup and store in a secure location.
  • If you leave your backup on a hard drive that stays connected to your computer, that hard drive will be compromised if your computer is compromised, which makes the backup irrelevant at that point.
  • Please store the drive in a different location than the computer, keeping in mind that in the event of a disaster, you want your backup and computer in two completely different locations so that one of them will likely be accessible.
• Back up your files to a secure cloud location that is approved by the UTIA CISO and the University.
  • Use Microsoft OneDrive or Google Drive cloud storage, as these solutions encrypt data both in transit and at rest.
    1. Encrypting data means that the data is converted into a cipher or code that prevents its unauthorized access.
    2. Encrypting data in transit means that the data is encrypted as it is being sent from one location to another, including the uploading of the file to the cloud.
    3. Encrypting data at rest means that data is securely encrypted while it is not being actively used.
  • Only UT’s OneDrive and UT’s Google Drive are certified (via UT’s contracts) as secure for all data, including FERPA (student information) and HIPAA (health information).
  • UT’s OneDrive and UT’s Google Drive do the backing up for you and store the backups in the cloud.
• Backing up your data regularly is the only way to ensure that you do not lose valuable data due to a ransomware attack AND it keeps the Institute from having to pay the ransom to get the data back, if that even really happens after paying the ransom.

Thank you for all that you do every day to protect the Institute and its data. Thank you so much for forwarding those questionable emails to me, as well. If you need me you can email or call me at any time. And please share these newsletters with peers, clients, students, and family!

Have a great rest of the week!

Sandy