How Are We Doing: During the month of November, 6.7% of recipients opened an attachment or revealed credentials in simulated phishing attacks that were initiated by the Office of Information Security. Our goal is less than 3%.
A breakdown of department success/failure rates can be found at https://utmb.us/66g.
Learn more about cybersecurity at https://www.utmb.edu/infosec. Report potential phishing to cirt@utmb.edu.
Files, unlike diamonds, are not FOREVER
Did you know?: When a user separates (ends employment, contract expiration, or graduates), normal and documented account and data lifecycle processes begin. Lifecycle durations can be anywhere from 30 to 540 days, and when complete, the account and data is no longer available and may not be available for restoration.
During lifecycle processing, account access is disabled (and eventually deleted) and email and data files are cleaned up or deleted (Note: some clean up processes may briefly extend the availability of email/data beyond the normal lifecycle).
If, for business continuity purposes, additional time is needed beyond the lifecycle (for example, to re-assign or process calendar events, etc.), a departmental manager or Trusted Request can request a “security hold” (via email to cirt@utmb.edu) for up to 90 days. Held accounts are still disabled, however delegated accesses (shared Inbox or OneDrive folder/files) will continue and file removal/deletion will be delayed until the hold expires.
Normal lifecycle durations/processes for common accesses and files:
- AD account and Tivoli/ITIM assigned roles – disabled immediately, removed/deleted after 30 days
- Exchange email/calendar – delegated access, Automatic Replies continued for 30 days, email/calendar events removed/deleted after 30 days
- OneDrive folder/files – delegated access continued for 60 days, folder/files retained and recoverable for additional 210 days before being removed/deleted
- Student/Alumni MyStar access – continued for 540 days after graduation, then removed/deleted
Thank you for being security aware