Resolve to Review Your Security Profile

Threat actors and hackers are continually looking for victim’s weaknesses in their security profile as potential ways to exploit them for malicious activity.  Performing periodic reviews (at least annually) of your security practices within your home or office environment and with your personal or business information technology (your security profile) will enable you to identify weaknesses and areas for improvement before threat actor discover and misuse them.

When performing a security review, consider at least the following practices.

Physical Security:

• Check the locks on doors, drawers and cabinets where important items (data and technology) are located or stored.
• Store important data, documents and technology securely.
• Turn monitors away from high traffic throughway and use secure screensavers to prevent casual viewing.

Technology Security:

• Secure mobile devices when not in use.
• Keep computer software (operating systems and critical use software) up-to-date and patched.  Don’t forget to update Internet router and Wi-Fi access point software and passwords.
• Ensure anti-malware software is installed, updated and current, and in-use on all devices.

Access Security:

• Change passwords on all critical (banking, consumer, personal email, etc.) Internet sites.
• Keep browser software clean (limit add-ons and extensions) and set security settings appropriately (as securely as practical).
• Use a virtual private network (VPN) connection for all Internet communications and transactions.

Beat the bad-guys by reviewing and improving your security profile early (and often) this year to protect UTMB’s and your important data, information and resources.

Thank you for being security aware!

How Are We Doing: During the month of November, 6.7% of recipients opened an attachment or revealed credentials in simulated phishing attacks that were initiated by the Office of Information Security.  Our goal is less than 3%.

A breakdown of department success/failure rates can be found at https://utmb.us/66g.

Learn more about cybersecurity at  https://www.utmb.edu/infosec. Report potential phishing to cirt@utmb.edu.

Files, unlike diamonds, are not FOREVER

Did you know?: When a user separates (ends employment, contract expiration, or graduates), normal and documented account and data lifecycle processes begin.  Lifecycle durations can be anywhere from 30 to 540 days, and when complete, the account and data is no longer available and may not be available for restoration.

During lifecycle processing, account access is disabled (and eventually deleted) and email and data files are cleaned up or deleted (Note: some clean up processes may briefly extend the availability of email/data beyond the normal lifecycle).

If, for business continuity purposes, additional time is needed beyond the lifecycle (for example, to re-assign or process calendar events, etc.), a departmental manager or Trusted Request can request a “security hold” (via email to cirt@utmb.edu) for up to 90 days.  Held accounts are still disabled, however delegated accesses (shared Inbox or OneDrive folder/files) will continue and file removal/deletion will be delayed until the hold expires.

Normal lifecycle durations/processes for common accesses and files:

• AD account and Tivoli/ITIM assigned roles – disabled immediately, removed/deleted after 30 days
• Exchange email/calendar – delegated access, Automatic Replies continued for 30 days, email/calendar events removed/deleted after 30 days
• OneDrive folder/files – delegated access continued for 60 days, folder/files retained  and recoverable for additional 210 days before being removed/deleted
• Student/Alumni MyStar access – continued for 540 days after graduation, then removed/deleted

Thank you for being security aware

IMPORTANT: White House Memo on Ransomeware

Over the past several months, there have been numerous media reports about ransomware attacks impacting government agencies, private organizations, universities and health care facilities to the point they are unable to provide critical services to the communities they serve. 

Last week, ransomware shut down the largest gasoline pipeline in the US, halting the supply of fuel to 17 eastern states and the District of Columbia. On the other side of the continent, a major health organization has been severely impacted—unable to access their electronic medical record and other electronic systems used to deliver care in hospitals.  This outage has caused appointments to be canceled and critical care patients to be diverted to other nearby hospitals.

According to Security Magazine, health care experienced a 123% increase in ransomware attacks in 2020, impacting 560 providers in the United States. 

About Ransomware

Ransomware is malicious software designed to render computer systems inoperable by encrypting (locking) stored data. Critical information like patient records cannot be accessed until a ransom is paid for a code that will unlock, or remove the encryption from, the affected files and data.

Ransomware is typically delivered via a phishing email that has been crafted to trick individuals into clicking a malicious link or opening an attached file. Once the link is clicked or the malicious attachment is opened, the ransomware automatically encrypts all files on the user’s computer and anything that the user (or the user’s computer) is connected to—including enterprise file servers, databases, applications, and other essential information resources. 

This can have a devastating impact on an organization, especially if the person who falls victim has elevated computer or network privileges.

Keeping UTMB Safe from Ransomware

Fortunately, UTMB leadership understands information security risks and has invested in technical controls designed to help guard against these types of attacks. But technical controls alone do not fully address the risk. We, as users of the UTMB network, have an obligation to take reasonable precautions to prevent the introduction of malicious software into our computer environment.

Our primary user-level defense is to identify, report and delete all malicious email that is designed to trick you into clicking a link or opening an attachment. Specifically:

1. Scrutinize all email, especially if it originates outside UTMB. (All external emails are marked with a , yellow warning banner across the top of the body of the email.)
2. Make sure the message is from a source you are familiar with.
3. If the message asks you to click on a link, hover over the link and make sure it is taking you to a place that makes sense.
4. If there is an attachment you were not expecting, don’t open it
5. If the email looks suspicious, delete it
6. If you are not sure about the email’s authenticity, send it to cirt@utmb.edu and we’ll validate it for you.

Typically, hundreds of individuals are the target of these types of email at the same time. If you are the recipient of an email that appears to be malicious, report it to  cirt@utmb.edu immediately. The sooner our incident response team becomes aware of the potential threat, the sooner we can take action against it.  We have the ability to immediately purge malicious/suspicious email from our system, blocking embedded links and/or stripping away unwanted attachments.

The Office of Information Security would like to remind everyone to practice good computer hygiene and to continue to be “Security Aware,” this is especially true during this time of remote work combined with the holiday online shopping season.  Your continued efforts will not only protect UTMB’s computers and network resources, but also your personal devices, home networks and information.

Here are a few ways you can ensure that you are practicing “Security@Home”:

Keep your computer, mobile devices and critical software up-to-date

• All computers should run the latest operating system they are capable of (Windows 10 or the most recent MacOs or IOS). Microsoft has a free upgrade from Windows 7/8 to Windows 10 and Apple regularly releases updates to its MacOS/iOS.
• Computer security patches must be installed as soon as they are available. Most computers can be configured to automatically install patches during downtime hours.
• Anti-virus software must be installed, updated and running on all computers.For Windows computers, ensure that Windows Defender is enabled. (You can validate this by typing “security” into the search box next to the Start button. Click the Windows Security Application and verify that the Virus and Threat Protection icon has a green check). For MacOS/IOS, consider running ClamXAV.

Practice online (Internet or remote connection) security

• Unless there is a need to have direct access to UTMB’s internal network, all users are encouraged to use the Citrix storefront (at https://mycitrix.utmb.edu) for their remote access/telecommuting needs. Devices running older versions of Windows, MacOS or iOS absolutely should use the Citrix storefront to access UTMB resources.
• Only use trusted sites when searching the Internet for important information (there have been multiple reports of false COVID-19 information being shared) or online shopping (look for the green lock symbol or “https:” before the site address) to protect your personal information and reputation.
• Be aware of and watch out for email scams. Remember: NEVER provide personal or financial information in response to an email you can’t verify or weren’t expecting.

Be security-aware at home

• Never store UTMB data, especially confidential or protected health information, on personally own devices.
• Use different email accounts for work and personal communications.
• Don’t use the same password for multiple Internet sites.
• Don’t overshare personal information on social media sites.

For more information, visit the following sites and remember to be security-aware.  Security is everyone’s job, no matter where we are.  If you see suspicious computer activity, please report it to cirt@utmb.edu.

https://www.utmb.edu/is/working-remotely

https://www.utmb.edu/infosec

Administrative access is the 4-wheel privilege of personal computers.

When you need the capabilities and increased power of a 4-wheel drive vehicle, it is a real confidence boost to know you have it. When you need to install or configure software and some hardware, having administrative access to the computer also instills confidence of success. In both cases, this confidence can come at a price. Increased purchase and maintenance costs and additional complexity may be the outcome with the truck. There can be unintended consequence involving admin access on personal computers.

Depending on which expert you listen to, between 75% and 98% of all known computer security compromises would be prevented by limiting or restricting accounts with administrative access. For instance, most Trojan or worm based viruses need to be installed or make registry edits, which can’t happen if the account logged on, when exposed to the virus, is not an administrative account.

Improvements in operating systems, specifically User/Group definitions and right assignments; service and support resources (think IT helpdesks, internet group forums, etc.); compromised/misused accounts (with admin access), and; computer industry and cybersecurity best practices have all had impacts, both good and bad, on the practical determination of whether it is appropriate for an account or user have administrative rights to their computers.

Security best practices, published by most computer, operating system and software manufacturers now strongly suggest a computer owner/techie have two accounts on their computers; one non-administrative user account for almost all-normal interaction with the computer, and; one administrative account for “Run As” functions, such as software installations.

Operating systems now, for the most part, provide for account/user or groups to have access to perform some essential functions, such as setting up printers, and remotely accessing the computer using non-administrative accounts with an appropriate group membership.

If administrative access is required on a UTMB desktop/laptop computer, the Helpdesk (call ext. 25200) can provide temporary admin privileges to install or configure software and provide assistance troubleshooting other issues possibly pertaining to access permissions. If persistent administrative access to a UTMB resource is required, please complete and submit the Special Access Request form, available online at https://www.utmb.edu/infosec/FormsLibrary, for review and approval by the Office of Information Security.