This Week’s Cybersecurity News, 11/08/2023

Share on

I don’t have any specific threats or non-threats to report to you today, so I thought I would take a moment to remind everyone about something that is extremely important. It has to do with your email. I also want to let you know about upcoming changes to IT security policies.

University Emails

  • Your UT-provided mail is the *only* email you should be using when conducting University business.
  • UTIA IT0110 – Acceptable Use of Information Technology Resources Security Policy (AUP) specifically says in item 2.c. that users will, “Use only the UT-provided email account for all Institute and University business.”
  • Additionally, in item 3.c. the AUP says that users will NOT, “Use any email account other than the UT-provided email account for conducting Institute and University-wide work-related business.” This means that automatically forwarding UT emails to any non-UT account is not permitted; and misrepresenting the Institute or University by using the UT-provided email for personal business is not permitted.
  • This means that you are required to use that UT-provided email for anything work-related and NOT something that you are doing for your personal business.
  • Not only does this protect the Institute’s and University’s data and reputation, it is going to protect users from some of the phishing emails.
    • Think about the recent email that appeared to come from our Senior Vice Chancellor and Senior Vice President.
    • This email was asking you to contact him about something discreet he wanted you to do (although was sent as a bcc to hundreds of others!).
    • The From address for this email was @gmail.com.
    • This should automatically set off red flags because he wouldn’t send anything work-related from a Gmail account, as that is against policy.
  • And if you are using an address that is not the UT-provided email, you may be missing important emails from leadership, as well as meeting invites that you would only get at your UT-provided address.
  • So, if you know of someone who is using an email address that is not the UT-provided email, please show them this newsletter so it will remind them that this is not acceptable.

Upcoming Changes to Policies

  • It has been decided that all UT “policies” will now come from UT System Administration only.
  • Policies for each campus and institute are built upon the System policies, but are to now be called procedures or standards.
  • The procedures or standards will reference the System policies, and can be written as “stronger” but never with anything less than the System policies require.
  • This means that over the next few months I will be updating the UTIA IT Security policies in order to change the names.
  • We are also moving to a different security framework, instead of NIST 800-53, upon which all the UTIA IT Security policies have been based.
  • Because of that, some of the wording will change, as well.
  • As I update our procedures/standards, I will let you know about changes in these newsletters.
  • All procedures/standards are expected to be followed, as in the past, just as any other UT policy, procedure, or standard requires.

I thank each of you for everything you do to keep the Institute’s data and IT assets secure. If you ever have any questions, concerns, or comments, please know that you can contact me at any time.

Thanks!

Sandy