Skip to content Skip to main navigation Report an accessibility issue
Information Security

It’s the Simple Things


The vast majority of cyberattacks, 98%, start with phishing attacks that contain NO zero-days and NO malware. They simply trick us into clicking on a link or opening an attachment, thereby turning over our passwords to the bad guys.

Zero-days are bugs in software that the software company does not know exist. That’s why they’re called “zero-days,” because the second they are exploited against the people who use the software, the software company has zero days to fix them. A zero-day exploit is, therefore, a cyberattack that uses zero-day bugs.

Despite the attraction of zero-days, one of the nation’s top hackers gave a rare talk a few years ago in which he called zero-days overrated, asserting that unpatched software and credential theft are a far more common vector for attacks.

Sure, zero-days and malware are on our list of concerns, and we make it a priority to track them as they pop up. Still, it’s the simple things like patching our computers and using a unique, separate password for each application we access that reduce our vulnerability to cyberattacks. 

Patching our personal devices (Phones, laptops, iPads) and applying 2FA (Two-Factor Authentication) to our personal accounts go a long way to protecting personal and professional information. 

The news is full of stories about companies, hospitals, and universities that have been ransomed or shut down by hackers. But in most cases, it is not an elaborate nation-state attack but a simple case of a weak, unprotected password or the lack of 2FA authentication. The hack to Colonial Pipeline could have brought most of the Eastern seaboard to its knees simply due to the use of an old password and the fact that Colonial did not enforce 2FA! Consider the impact of two or three companies like that being hit. 

What can you do to protect yourself?

·         Enable two-factor authentication.
Multifactor authentication for the best defense against these attacks. Turn it on for your personal or professional accounts, wherever you can, right now.

·         Do not reuse passwords. 
Use a SEPARATE and COMPLEX password for ALL your accounts, both your personal and professional accounts. Don’t fall into the habit of using the same password on multiple accounts. Hey, your office key doesn’t fit your front door key at home!

·         Update your software. 
Keep ALL your devices up-to-date and patched with the most recent versions of software and operating systems. That Windows XP operating system you have at home? LET IT GO! 

·         Do not click on email links from unknown senders
Is there a link in that unsolicited email you received? Regardless of who sent it, do your research and call the OIT HelpDesk at 865-974-9900 BEFORE you click it.

It’s that simple. 98% of attacks thwarted.

The flagship campus of the University of Tennessee System and partner in the Tennessee Transfer Pathway.