Information Security Program Reminder

The University of Memphis is committed to safeguarding the security and confidentiality of the information entrusted to us. Protecting our IT infrastructure and data by following policies, procedures, guidelines and approved technology is paramount and a shared responsibility. We appreciate your support toward this mission. It is important that we all continue to do our part by exercising due diligence and judgment in the use of resources and by adhering to University policies.

Policy IT6007 formalizes the University’s Information Security Program and defines protocols designed to protect institutional infrastructure and data. Employees responsibilities include:

  • Reviewing policies and guidelines at memphis.edu/its/security/policies-guidelines.php.
  • Completing the annual IT Security Awareness Training to demonstrate an understanding of basic principles designed to protect and enhance the University’s data security.
    • If you have not completed this year’s annual IT Security Awareness Training, please access the training portal and complete the training by February 28, 2021. Reminders are sent monthly.
  • Adhering to policies designed to protect the integrity of the University’s IT infrastructure and data.
    • Appropriate protections must be in place in accordance with the University’s classification of data.
    • It is critically important that individuals familiarize themselves with our data storage guidelines and ensure that data is appropriately encrypted when necessary.
      • IT Security personnel and LSPs are available to assist departments in their compliance efforts.

Information Technology Services (ITS) has implemented several technologies to support the Information Security Program and to assist employees with protecting institutional information. Specifically, technologies have been deployed to enhance security for email, networking, desktop security and authentication, in addition to supporting the IT Security Awareness Training efforts:

  1. Banners have been added to external emails to assist users with identifying emails that may require additional scrutiny, such as phishing emails and emails containing malicious links. Additionally, the University has enabled filtering for malicious emails and included URL rewriting designed to provide an added layer of security for those emails containing external links.
  2. External access to the University’s network has been restricted, and ITS collaborates with the research community and other offices when an exception is appropriate. Network content filtering was enabled to restrict malicious activity originating from the University’s campus network. Also, the University implemented a desktop security initiative to require encryption of desktop computers in administrative units handling sensitive information and deployed enhanced software to protect workstations.
  3. Duo was adopted for multi-factor authentication, which provides an extra layer of security when accessing University technology resources. Duo provides multiple ways to authenticate using a second factor (such as the mobile app), and employees are required to use Duo. Students will be required to use Duo effective January 25, 2021. While Duo does provide an extra layer of security, users must appropriately review and authorize requests for access. Users should report unsolicited Duo access requests or suspicious Duo behavior immediately to the ITS Service Desk as indicated below.

Looking forward, the University will review and implement technologies as appropriate to assist departments in adhering to the Information Security Program.

Thank you for your cooperation and support of our continued efforts to safeguard the University’s IT infrastructure and data. Individuals needing assistance to ensure compliance with the Information Security Program or with any technology issues may contact the ITS Service Desk at umtech@memphis.edu or 901.678.8888.

Leave a Reply

Your email address will not be published. Required fields are marked *