Skip to content

Office of Cybersecurity

September is National Insider Threat Awareness Month

Insider Threat is a security risk that come from within an organization. While it can be, it doesn’t necessarily mean the threat is a disgruntled employee. It could be someone socially engineered to do a bad thing, or someone who as access to information they shouldn’t and doesn’t know how to protect it.

Why should we care? – According to the 2019 Verizon Data Bread Investigations Report, 34% of data breaches involve internal actors.

What can we do? – a lot of things!

  • Notice odd behavior in coworkers. Are they trying to violate policies or bypass security? Are they disgruntled?
  • If  you are a data or system owner, make sure that security controls are in place so that only the people who need access to the data have it, and only at the level they need to do their job (least privilege).
  • Monitor access to your data.
  • Train staff to adopt a data security mindset.

So now you are thinking about our campus and organization. Think beyond that.

What if the insider threat was to your family and your child is the one being socially engineered to give away a password or access to the “home” computer that has banking information on it?

What if the insider threat was a member of your church committee that has access to funds to help your charity organizations?

Phishing Emails

Concerned about Phishing Emails? Our campus is being targeted by gift card scam phishing attacks. Visit our Phishing Emails  page to see some examples of the gift card scams and read some advise from Dennis Leber, CISO on how to spot the phish. Forward suspicious emails to abuse@uthsc.edu.

 

Hacked? How do you know and what to do?

In today’s environment, it is not so much if your accounts will be compromised, but when. The Office of Cybersecurity offers these tips to know when your accounts (email, social media, banking, etc.) have been hacked and what to do about it when it happens to you. Visit our Hacked page to learn more.

 

Duo Two-Factor Authentication

Passwords aren’t getting the job done to protect the university and you against cyber attacks.  Learn more about Duo.

Things to Know to Stay Cyber Secure

  1. What to Report: Anything suspicious!
  2. Protect Yourself: Safe computer practices to follow.
  3. Get the Training: The more you know, the better.
  4. Keep Current: Update your operating systems and software
  5. Secure Your Device: Lock it up!
  6. Play It Safe: How we help keep your devices protected.
  7. Password Management: Everything you need in one place.
  8. Encrypt Your Email: Sending and Receiving the right way.
  9. Confidential/Classified Information: What it includes and examples
  10. Phishing: Know what it is and how to avoid it!

 Tips of the Week

Visit the archive of our Tips of the Week if you have missed any, or need a refresher.

Best Practices Videos

Laptop Theft

Data Handling

Passwords

Phishing and Ransomware

Removable Media

The Office of Cybersecurity serves as fundamental technical safeguard for UTHSC. We promote an environment of great ethical standards and observe numerous regulatory risks by:

  • Advancing effective ways to prevent security risk through collaboration
  • Educating employees and the student body about information security
  • Identifying security risks faced by the University.
  • Encouraging an ethical environment that encourages information security preventions
  • Promoting awareness of information security through outreaching events
  • Effective training in the numerous areas of information security
  • Providing a workplace that enables employees to participate in the compliance program without fear of retribution.

Our Team

Dennis Leber
Chief Information Security Officer (CISO)
901.448.6070
dleber@uthsc.edu

Cybersecurity Operations

Ammar Ammar
Manager
901.448.2163
aammar@uthsc.edu

Vulnerability & Patch Management

Justin Self
Cybersecurity Analyst
901.448.1187
jself6@uthsc.edu

<vacant>
Cybersecurity Analyst

Network & Endpoint Protection

Sarah Johnsen-Self
Cybersecurity Analyst
901.448.1116
sjohnsen@uthsc.edu

DevSecOps & Systems Management

Will Irby
Cybersecurity Analyst
901.448.5870
syp228@uthsc.edu

Cybersecurity Governance

Risk Management, Audit, and Outreach Management

Chris Madeksho
Lead Cybersecurity Analyst
901.448.1579
mmadeksh@uthsc.edu

<vacant>
Security Architect

Last Published: Sep 4, 2020