Around 90% of all data breaches involve some sort of human error. October is Cybersecurity Awareness Month and a good time to review and fortify your personal cybersecurity practices. Those same practices can and should be used at home to secure your personal digital life. Visit the IT Security Best Practices web page for tips on passwords, working remotely, securing your home Wi-Fi network and much more.

In conjunction with Cybersecurity Awareness Month, annual IT Security Training will be available Oct. 1. All full-time and part-time staff and faculty, including emeriti, with active UofM accounts must complete training by Feb. 28, 2022. We have contracted with a new training provider, KnowBe4. Training has been shortened to 30 minutes and can be completed in multiple sessions without losing your progress. All required account holders will receive a notification email with instructions on Oct. 1.

If you receive any email message that has a suspicious attachment or asks you to take a questionable action, please report the message via email at abuse@memphis.edu or by calling the ITS Service Desk at 901.678.8888.

Information Technology Services (ITS) extends a warm welcome to new and returning students, faculty and staff. Please review the following important information:

• Policies regarding information technology can be found at memphis.edu/umtech/service_desk/policies/it_policies.php. In particular, ITS recommends regularly reviewing IT Security Policies and Guidelines (memphis.edu/its/security/policies-guidelines.php) as well as Guidelines for Storage of University Electronic Data (memphis.edu/its/security/data-storage-guidelines.php) for appropriate storage services and locations for all classifications of University data.
• Be vigilant about phishing and other email scams, especially gift card, financial or employment scams that sound too good to be true. It is a violation of policy to share University passwords. University personnel will never ask for your University password. Forward any suspicious email to abuse@memphis.edu for analysis. Visit memphis.edu/its/security/phishing.php for more information, and review tips for protecting your personal information at memphis.edu/its/security.
• Beginning Jan. 25, 2021, multi-factor authentication (Duo) will be required for all University student accounts. Students are encouraged to enroll now by visiting iam.memphis.edu/duo. You can learn more about Duo at memphis.edu/duo. Beginning Feb. 1, 2021, ITS will fully enforce the requirement to use Duo, and users not enrolled in Duo will be unable to log in to University resources.

For technical assistance, visit umhelpdesk.memphis.edu to submit requests online, call 901.678.8888 for phone assistance, or email umtech@memphis.edu.

The University of Memphis is committed to safeguarding the security and confidentiality of the information entrusted to us. Protecting our IT infrastructure and data by following policies, procedures, guidelines and approved technology is paramount and a shared responsibility. We appreciate your support toward this mission. It is important that we all continue to do our part by exercising due diligence and judgment in the use of resources and by adhering to University policies.

Policy IT6007 formalizes the University’s Information Security Program and defines protocols designed to protect institutional infrastructure and data. Employees responsibilities include:

• Reviewing policies and guidelines at memphis.edu/its/security/policies-guidelines.php.
• Completing the annual IT Security Awareness Training to demonstrate an understanding of basic principles designed to protect and enhance the University’s data security.
  • If you have not completed this year’s annual IT Security Awareness Training, please access the training portal and complete the training by February 28, 2021. Reminders are sent monthly.
• Adhering to policies designed to protect the integrity of the University’s IT infrastructure and data.
  • Appropriate protections must be in place in accordance with the University’s classification of data.
  • It is critically important that individuals familiarize themselves with our data storage guidelines and ensure that data is appropriately encrypted when necessary.
    • IT Security personnel and LSPs are available to assist departments in their compliance efforts.

Information Technology Services (ITS) has implemented several technologies to support the Information Security Program and to assist employees with protecting institutional information. Specifically, technologies have been deployed to enhance security for email, networking, desktop security and authentication, in addition to supporting the IT Security Awareness Training efforts:

1. Banners have been added to external emails to assist users with identifying emails that may require additional scrutiny, such as phishing emails and emails containing malicious links. Additionally, the University has enabled filtering for malicious emails and included URL rewriting designed to provide an added layer of security for those emails containing external links.
2. External access to the University’s network has been restricted, and ITS collaborates with the research community and other offices when an exception is appropriate. Network content filtering was enabled to restrict malicious activity originating from the University’s campus network. Also, the University implemented a desktop security initiative to require encryption of desktop computers in administrative units handling sensitive information and deployed enhanced software to protect workstations.
3. Duo was adopted for multi-factor authentication, which provides an extra layer of security when accessing University technology resources. Duo provides multiple ways to authenticate using a second factor (such as the mobile app), and employees are required to use Duo. Students will be required to use Duo effective January 25, 2021. While Duo does provide an extra layer of security, users must appropriately review and authorize requests for access. Users should report unsolicited Duo access requests or suspicious Duo behavior immediately to the ITS Service Desk as indicated below.

Looking forward, the University will review and implement technologies as appropriate to assist departments in adhering to the Information Security Program.

Thank you for your cooperation and support of our continued efforts to safeguard the University’s IT infrastructure and data. Individuals needing assistance to ensure compliance with the Information Security Program or with any technology issues may contact the ITS Service Desk at umtech@memphis.edu or 901.678.8888.

Information Technology Services (ITS) is implementing additional security measures to protect University resources and the user community from malicious activity such as phishing email:

• Beginning Monday, Nov. 30, emails received from non-University accounts will have a yellow banner displayed at the top of the message. The banner will contain text indicating the email originated from outside of the University, making it easier to identify external senders especially on phones and devices where complete sender information may not be readily visible. The banner is a reminder to be extra vigilant toward messages from external senders. More information about the external email banner is available at memphis.edu/its/security/email-banners. NOTE: Emails from external University business partners may be excluded from receiving the external email banner. University offices wishing to request an exception for external business partners should contact the ITS Service Desk as indicated below.
• Beginning Jan. 25, 2021, multi-factor authentication (Duo) will be required for all University student and employee accounts. Students are encouraged to enroll now by visiting iam.memphis.edu/duo. Duo provides a second form of verification in addition to a password when logging in. Users are encouraged to install the Duo mobile app. You can learn more about Duo at memphis.edu/duo. Beginning Feb. 1, 2021, ITS will fully enforce the requirement to use Duo, and users not enrolled in Duo will be unable to log in to University resources.

Also, employees are reminded to regularly review the IT Security Policies and Guidelines page as well as the Guidelines for Storage of University Electronic Data page for appropriate storage services and locations for all classifications of University data.

For assistance, please contact the ITS Service Desk by visiting umhelpdesk.memphis.edu, emailing umtech@memphis.edu, or calling 901.678.8888.

Information Technology Services (ITS) is providing the following alert to warn against fraudulent email scam attempts targeting UofM email accounts. In some cases, emails are sent from a fake email account of University leadership or a supervisor to employees of a department. These emails typically begin with a phrase such as “Are you available?” or similar language and try to build a sense of urgency by stating the sender is in a meeting and needs an urgent errand to be completed. The sender is ultimately trying to trick the recipient into purchasing gift cards with the recipient’s personal funds and provide the gift card codes via email or text messages. In some cases, the urgent message may request a personal cell number where the attacker seeks to gain additional information about the victim including the possibility of exploiting the cell phone.

If you receive a suspicious email involving cash disbursement, gift card purchases, transfer of funds or any other financial activity that purports to be from a University official, or if you are asked to provide personal information via email, carefully review the email before responding and follow up with a phone call to the appropriate office to confirm the authenticity of the request. Forward suspicious emails to abuse@memphis.edu. If you receive an urgent request after hours and are unable to confirm the authenticity of the request, please follow up on the next business day. Taking a moment to confirm the email’s authenticity will help protect you and the University.

Note that the same methods used in email attacks can also be used via telephone calls. If you receive a phone call using similar tactics, do not feel pressured to respond immediately. Instead, request the caller’s contact information, seek validation of the request and return the call later if appropriate.

Remember to treat unsolicited job opportunities, special offers and unexpected email attachments with skepticism. Even if the message appears to come from a trusted individual, be mindful of language or addresses used in the message and be suspicious if they don’t match what you typically receive from the individual. If you receive any email message that has a suspicious attachment or asks you to take a questionable action, please report the message via email at abuse@memphis.edu or over the phone by calling the ITS Service Desk at 901.678.8888.

Information Technology Services (ITS) is closely monitoring an increase in spam and phishing attacks. Remember to treat unsolicited job opportunities, gift card requests, fund transfer requests, special offers and unexpected email attachments with skepticism. Even if a message appears to come from a trusted individual, be mindful of the language or addresses used in the message and be suspicious if they don’t match what you typically receive from the individual. If you receive any email message that has a suspicious attachment or asks you to take a questionable action, please report the message to ITS via email at abuse@memphis.edu.

For assistance, please contact the ITS Service Desk by phoning 901.678.8888, emailing umtech@memphis.edu or visiting umhelpdesk.memphis.edu.

Information Technology Services is issuing this alert due to an active ransomware campaign targeting education institutions. Malicious actors are using email phishing attacks to gain access to account credentials in order to propagate ransomware throughout institutions.

Remember to treat unsolicited job opportunities, special offers and unexpected email attachments with skepticism. Even if the message appears to come from a trusted individual, be mindful of language or addresses used in the message and be suspicious if they don’t match what you typically receive from the individual. If you receive any email message that has a suspicious attachment or asks you to take questionable action, please report the message via email at abuse@memphis.edu or over the phone by calling the ITS Service Desk at 901.678.8888.

Information Technology Services (ITS) welcomes you to the University of Memphis. The start of a new academic year is an exciting time for us all. Please take a moment to read these important reminders:

• Forward any suspicious email to abuse@memphis.edu for analysis. Be especially vigilant for financial, gift card or employment scams. Do not click suspicious links, open attachments in suspicious emails, or text personal information to suspicious phone numbers.
• Review tips for protecting your personal information at memphis.edu/its/security.
• Visit memphis.edu/umtech/service_desk/policies/it_policies.php to review information technology policies.
• Students are encouraged to enroll in multi-factor authentication (Duo) to obtain additional security protections. Information about enrolling in multi-factor authentication is provided on the Duo information page located at memphis.edu/duo.

For technical assistance, please contact the ITS Service Desk at umhelpdesk.memphis.edu, call 901.678.8888 or email umtech@memphis.edu.

ITS Center for Teaching & Learning (CTL) would like to invite you to an eCourseware training session. This session is especially designed to cover two topics:

• How to log in to eCourseware (also known as D2L)
• How to post a syllabus to your course

We are providing two opportunities for this training:

1)  Date/Time: Thursday, Aug. 6, 4:00 PM

https://memphis.zoom.us/j/97620969596?pwd=eVp4azNmczBLQ3RadUczZmREeHAyQT09

Meeting ID: 976 2096 9596
Passcode: 048437

2)  Date/Time: Friday, Aug. 7, 10:00 AM

https://memphis.zoom.us/j/91519043017?pwd=dkU1N2hjRS9rRUNmdk9URGRQYkN3Zz09

Meeting ID: 915 1904 3017
Passcode: 580641

Note: Please have your syllabus accessible and ready to upload.

If you’d like to try these tasks on your own, here are a few tutorials:

1. How to log into eCourseware: Link to video
2. How to post a syllabus to your course: Link to video
3. Want the instructions in writing? View them on our website

For more info on eCourseware training, visit the Keep Teaching website.