Technology
Security Alert: Personal Browsing Risks
ITS has seen a rise in security issues linked to personal shopping and non-work-related browsing on university computers. Many of these involve fake CAPTCHAs that prompt users to download files, install extensions, or use dangerous commands like Windows + R to open the command prompt—never do this. If you encounter suspicious pop-ups or prompts, shut down your computer immediately and contact Tier 1 support or call the ITS Helpdesk: 502-852-7997. Stay safe—keep personal browsing off university devices. Click here for a complete guide to keeping yourself safe from fake Captchas.
One IT Strategic Plan
Karlis Kaugars, Vice Provost for IT Services and CIO, is leading the One IT initiative, a strategic plan uniting IT personnel across the University to collaborate on shared goals and tools. The plan has been reviewed by senior leadership and faculty/staff senates, and feedback is welcome before finalization. View the draft at One IT.
Updated Password Policy
Password policy updated for increased protection. As part of our ongoing commitment to security, ITS has updated UofL’s password policy to enhance account protection. Effective immediately, passwords for standard UofL user accounts must be at least 15 characters long, while privileged user accounts require a minimum of 24 characters. We are removing the mandatory password expiration requirements, meaning you will no longer need to change your password periodically unless there is a security concern. These changes align with industry best practices to improve security while reducing unnecessary disruptions. There is no need to take any immediate action. The policy will take effect on your next password renewal.
Security First
This year, Information Technology Services (ITS) is emphasizing a security-first approach. Cybersecurity is everyone’s responsibility. Phishing attacks remain the largest security threat to the University, accounting for over 90% of cyberattacks targeting our community. Being diligent when checking emails can significantly reduce the risk to both the University and you. Please keep the following in mind:
The University will never ask you to click a link in an email to log in to a system to maintain access.
- Emails with an undue sense of urgency, such as “Act now to prevent loss of service,” are red flags for phishing attempts.
- Pay attention to warning messages. If you see this banner at the top of an email, exercise caution:CAUTION: This email originated from outside of our organization. Do not click links, open attachments, or respond unless you recognize the sender's email address and know the contents are safe.Additionally:
- UofL does not conduct contact tracing for any illnesses, including COVID-19, Ebola, or Monkeypox. Any emails claiming otherwise are phishing attempts.
- If you suspect an email is a phishing attempt, right-click it and choose “Report Phishing”. This alerts ITS and Microsoft to monitor for similar threats.
- When in doubt, forward suspicious emails to your Tier 1 Support team for advice.
Data Privacy
In support of National Data Privacy Week, the Information Compliance and Privacy Offices remind everyone that you have the power to take charge and manage your personal online data. Data is collected every day and almost every internet-connected device gathers data. But you often have choices when it comes to how this data is collected, shared and protected.
Click on the following to learn more about managing and protecting your personal data.