Each month, ‘Cyber Talk’ includes statistics on GUC’s Phish Alert Button usage and, occasionally, any relevant cybersecurity or Information Technology (IT) tips or updates. 

This month, our Cyber Security Team announced changes headed our way to further enhance GUC’s cyber infrastructure. 

Microsoft Security Enhancements

Microsoft Outlook
Changes are on the way to the Microsoft programs we use. Some of the changes you may notice, others perhaps not as much. All of them deal with cybersecurity.

You may have noticed a banner at the top of emails that come from outside of GUC. It looks like this:

Microsoft is taking this warning message one step further by adding a new banner the first time you receive an email from any external email address. It will look like this:

The point is to draw your attention to the fact that you should study the email to make sure it’s not potentially from a cybercriminal. 

Microsoft also rolled out the “unverified tag.” This is a feature that shows an email sender could not be confirmed as a real person or a real organization. It doesn’t mean with 100% certainty that it’s a fake account, but that GUC employees should use extra caution when reviewing emails marked as unverified. 

Next, Information Technology (IT) staff will be removing two features in Microsoft Outlook. The first deals with email while the second is about calendars. 

First, the ability to have Outlook automatically forward our emails to external accounts will soon be removed. If you have set up rules to automatically forward emails to addresses outside of the @guc.com domain, that ability is going to be removed. You can still forward emails one at a time, but not automatically to accounts outside of GUC. Second, there will no longer be the ability to share your calendar with anyone outside of the GUC network. In both cases, IT has begun reaching out to employees who currently use these tools in order to find other ways to help them based on their business needs.

Sharepoint
Finally, Sharepoint will begin logging employees out (a timeout, if you will) if the system senses they are logged into Sharepoint with no activity for two hours. This ensures that employees who log into the system don’t walk away and leave the site up, making it vulnerable to someone else sitting down at that computer and getting into GUC’s system. If you’re logged in and the program senses no activity for two hours, it will give you a five-minute warning before it shuts down.

Phish Alert Button Statistics

IT is tracking use of the Phish Alert Button. The following statistics are from June 2023. Knowbe4 is the company that provides cyber training to GUC employees, and occasionally sends mock phish emails to test our cyber awareness.