Current Threats, Security Awareness Newsletters, Services

This Week’s Cybersecurity News, 12/14/2023

Posted on Dec 14, 2023Share on

antimated character sitting at a desk with a laptop

Happy Friday Eve!

This year is almost over and that means if you haven’t completed your required security awareness and overall compliance training, you have only a couple of weeks left to do so. In this newsletter, you will find the most pertinent information about the training. I have also included information about a recurring threat.

Security Awareness Training Reminder

  • In the past, you have had two types of required annual training:
  • In an effort to streamline the two sets of training, I have agreed to UTSA adding the security awareness training to the overall compliance modules, giving one “assignment” and one due date, 12/31.
  • The overall training assignment should take about 2-1/2 hours, but you can see your status any time you log into K@TE <https://kate.tennessee.edu>.
  • Reminder of the changes you will notice:
    • The training was assigned mid-September.
    • The training will be due by December 31.
    • There will be a “test out” option, with the exception of new hires.
      • You will be required to watch the first and last modules.
      • Other modules will allow you to complete a quiz first.
      • If you miss an answer, you will then be required to watch the module and take the quiz again.
      • I have been assured that this will not be effective every year, but may rotate every couple of years and the Compliance modules will do the same.
    • The assignment and reminder emails are automated and now come from the Annual Compliance Team.
  • Reminder that these things did not change:
    • The training is still required.
    • There will still be role-based group assignments that depend on your job responsibilities.
    • Any user not completing the training by the deadline will still lose access to all Institute-owned or University-owned systems until the training has been completed.
    • The NetID, which is used to authenticate to these particular systems, will be disabled if training is not completed by the deadline.
  • I hope that this will be easier for everyone to keep up with.
  • I appreciate your patience as we try this new method of assigning the training.
  • Of course, if you have any questions or concerns, please don’t ever hesitate to let me know.

Current Threat

  • Retirement Planning (Phishing email)
    • This email keeps going around in many variations from many senders.
    • This week alone I have received two such emails, one was from a sender with a domain of @statepension.co and the other was from a sender using @statesdvisors.co, but there are many more examples I could give.
    • Both emails state that “as an employee of the University of Tennessee System” I am eligible for “a tailored retirement planning session.”
    • The emails are very similar, but not always the same.
    • The link provided does take you to a place to schedule an appointment, but the page is very generic with absolutely no branding and no ties to any recognizable company.
    • Please do NOT click the link!
    • Please know that these emails are NOT affiliated in any way with UT Benefits and Retirement.
    • The typical motive for these emails is to get you to sign up for a consultation, then you will be asked to provide personal information, including birthdate and social security number, which can be used to steal your identity.
    • If you wish to have a legitimate personalized retirement consultation, please visit the Seminars and Personalized Consultation page of the Retirement Services website, as these are the ONLY UT-affiliated contacts.
    • In addition, please visit Retirement Services page for How-To Guide for Employees Ready to Retire.
    • And finally, if you choose to have a consultation with a company of your own choosing, carefully do your research and NEVER agree to meet with a supposed company who reached out to you first, instead you reaching out to them.

Thank you all so much for everything you do every single day to protect the Institute and its data. And a special thanks to all those have questions and notify me about potential scams. Please let me know any time you have any questions or concerns when it comes to IT security!

Have a great rest of the week!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu