СÀ¶ÊÓƵ

Dear faculty and staff colleagues,

We are writing to highlight a couple of actions that we need each of you to take as soon as possible as part of the university’s ongoing efforts to strengthen our IT security readiness.Ìý

Provost Russ Moore and Vice Chancellor for Information Technology Marin Stanek

Why it matters

The safety and security of our students, faculty and staff is paramount. We also must protect the knowledge and research you generate. We are facing a rapidly evolving world technologically, and the complexity, speed and number of cyber threats are increasing.ÌýColleges and universities are increasingly being targeted by aggressive cyberattacks.Ìý

Most recently, New York University saw bad actors gain access to their systems that allowed them to take over the university’s homepage and expose admissions data for millions of applicants dating back to the 1980s. This wasn’t an isolated incident. From UCLA to the University of Michigan to Stanford University, our AAU peers are feeling the effects, as have we in certain instances in the past.Ìý

We must all do everything we can to ensure the safety of our community, safeguard the personal data of our students, instructors and staff, and protect the millions of dollars worth of valuable research that you produce each year.Ìý

Steps we must take

As things slow down after finals and commencement, summer is a great time to update your devices to ensure they are secure. We are requesting you take the two vital actions below as soon as possible.

• Update your operating system: Microsoft will stop supporting Windows 10 on Oct. 15, and it is imperative that campus computers are , as Windows 10 will become increasingly vulnerable to threats. Mac users whose computers are running Ventura (macOS 13) will need to take similar steps by mid fall and update to macOS 15 Sequoia or the .
• Install Endpoint Detection Response (EDR) software: EDR software monitors devices for threats like ransomware and malware, and is a more proactive approach to detecting advanced security threats compared to antivirus solutions, which typically address only known threats. The campus offers  that meet our Secure Computing Standards.Ìý

Special cases

We acknowledge that a small number of researchers have research needs that may fall outside of this broader approach, such as a computer running software that may not function well on the upgraded operating system. OIT is working with these individuals to handle the non-standard cases to ensure their devices are secure and meet campus requirements while still achieving their research objectives. For the vast majority, however, we must take the steps noted above.Ìý

Resources and next steps

OIT has resources available to assist you in  ´Ç°ùÌý operating systems and f´Ç°ùÌý. The  has more information about the broader effort to ensure that the computers of faculty, staff and researchers meet baseline security standards. OIT will be sending more information about updating operating systems, installing EDR and how to get help completing each step throughout the spring, summer, and early in the fall semester. We will also be following up with additional information about the approach to non-standard cases.Ìý

We are grateful for all you do for the university. Please recognize that this compliance is a baseline expectation for all faculty and staff that supports our cybersecurity needs as a Tier I research institution. Please do not hesitate to reach out if you have questions by emailing the Secure Computing project team at secure-computing@colorado.edu.Ìý 

Sincerely,

Russ Moore, provost 

Marin Stanek, VC for information technology