- Author: Jaki Hsieh Wojan, Chief Information Security Officer
October is Cybersecurity Awareness Month! The theme for 2023 is “Protect Your Digital Life.”
With increasing digital threats and evolving technological developments, the best ways we have identified to help you individually protect yourself, your private information and ANR is by focusing on four key behaviors in both your personal life and at work:
- Use unique strong passwords and a password manager
- Turn on multi-factor authentication (MFA)
- Recognize and report phishing
- Protect your devices, including your cell phone, by regularly patching and updating software
There are several events happening across UC, including discussions on AI and social media privacy. A full list of cybersecurity events can be found at https://security.ucop.edu/resources/security-awareness/cyber-security-month-2023.html.
Learn more about cybersecurity and represent ANR by joining one or many of these informative sessions.
- Author: Pamela Kan-Rice
Jaki Hsieh Wojan, chief information security officer, has recorded two brief videos that employees may watch at their convenience to learn more about cybersecurity.
One video discusses best practices and general advice for securing devices, such as laptops, when traveling internationally. If you are planning a trip to another country and need to bring work materials, it is a must watch. “Travel Advice with Jaki Wojan” is on YouTube at https://youtu.be/nIviuY5g9_0.
The other video discusses privileged access or administrative rights on local devices. It describes the risks and responsibilities associated with having privileged access, and the process for acquiring those rights. Anyone who wants administrative rights on their device should watch “Admin Rights & Cybersecurity Best Practices with Jaki Wojan” at https://youtu.be/NixotK0SUy4 before submitting a request to IT.
- Author: Jaki Hsieh Wojan, Chief Information Security Officer
Phishing emails are the most common way cybercriminals attempt to gain access to an organization's systems. Spam filters will catch many of these emails, but your trained eye can easily spot the rest. Here are some tips to help you spot a phishing email and keep ANR safe from malicious actors.
Below is a suspicious email received by an ANR employee this week. The employee noticed the email seemed off and sent it to IT. Great job at spotting the phish!
- Check the sender
This may be a legitimate UC Davis email account, but it seems weird that a random person at UC Davis would send notification of an Office 365 termination to an ANR employee. If there was an issue with an Office 365 account, notification would likely come from ANR's IT – not directly from UC Davis. Additionally, if the email sender is someone you don't know and don't normally communicate with, keep your guard up.
- Subject line
In our example above, the subject line is blank. For an email notifying someone of account termination, there should be a formal subject line. This is a red flag.
- Poorly written
You can often tell if an email is a scam if it contains poor spelling and grammar.
A notification of account termination would be formal and checked for spelling errors and poor grammar. Informal emails on serious subjects containing awkward grammar and misspelled words are likely phishing attempts.
- Suspicious links
Whenever a link is sent in an email, use your mouse to hover over the link to see where it really leads. If a hyperlink address does not match the address text, it is most certainly a phishing attempt.
Use these tips to help identify phishing emails. When in doubt – don't click a link in an email, reach out to IT or your unit director for verification of an email's legitimacy.
- Author: Pamela Kan-Rice
UC was one of more than 100 institutions targeted by a nationwide cyber-attack. As a result, certain university data was accessed without authorization. Protecting the UC community remains the university's top priority. Visit UCnet's Accellion data breach page to learn how to protect yourself, find answers to your questions, and get more information on how you can access free credit monitoring and identity-theft protection.
You can also contact an Experian call center dedicated to the UC breach at (866) 904-6220.
The Substitute Notice of Data Breach was updated on May 21. The FAQs for the Accellion incident are frequently updated so please check https://ucnet.universityofcalifornia.edu/data-security/updates-faq/index.html regularly.