Higher ed cyberattacks
Cyberattacks on higher education institutions are on the rise. Universities with medical centers and substantial research profiles were identified as the most vulnerable to cyberattack. Federally funded research is also at risk from cyberespionage. According to a recent Pandemic Impact Survey, there is an increase in cyberattacks targeting employees who are working from home.
Since mid-March, there continues to be an increase in the volume, severity, and/or scope of these cyberattacks. Please review what you can do to protect yourself and UC ANR below.
What you can do
Here are some recommendations for UC ANR employees to help protect our organization:
- Exercise caution when opening emails. Due to phishing attempts, be cautious when opening emails about COVID-19, especially those from outside the organization. Whenever in doubt, please contact UC ANR IT.
- Coming soon: Enable UCANR DUO. UC ANR will be rolling out DUO multi-factor authentication (MFA) for access into our systems. In the next few weeks, you will receive an email notification from MFA DUO with instructions to enroll; please follow the steps in order to enable your account.
- Protect your personal devices. Some employees may be using personal equipment instead of, or alongside, UCANR-issued hardware. Here are some steps you should take to secure your own devices, especially when you are using them for work purposes:
- Home computers– We recommend that all employees implement security on these devices, including installing anti-virus, firewall, and anti-spyware.
- USB devices– Employees should limit the use of any USB devices that have been previously used to access various other devices.
- Lock devices when not in use - It is critical for all of us to keep work devices for work use only and lock our devices when we step away from them. Innocent activity on a work computer could potentially lead to a breach. This is also an excellent opportunity to educate your family members on cybersecurity.
- Secure your home network. While conducting business through aVPN can add a layer of security for all, be aware of what router/modem devices are being used while working from home and enable additional protection.
- Enable automatic updates for all routers and modems. If the equipment is outdated and can no longer be updated, it should be replaced.
- Secure router or modem with a unique password. Please make sure your router or modem is secured with a unique password and enable the firewall. For specific issues on modems or routers, contact your Internet Service Provider if they provided the devices. If you still have questions, contact UC ANR IT.
Want to do more to be more secure?
Here are a few free tools to help identify potential vulnerabilities on your home computers. Note: work computers may have restricted admin rights prohibiting the use of these tools.
- KnowBe4's Ransomware Simulator – Scans for ways into your network by malicious actors.
- Shodan– Reviews for vulnerable devices on your network.
- Censys– Reviews for vulnerable devices on your network.
For any questions or more information on what is listed, please feel free to contact ANR IT at firstname.lastname@example.org.
UC Travel Directive
Beginning in January, the University issued a series of executive directives that restricted nonessential, University-related international travel to all CDC Level 2 and 3 Travel Warning countries. These directives remain in effect, as outlined in a recent UCOP travel directive.
Additionally, all travelers, including those traveling for personal purposes, must follow the CDC's guidance for returning from international travel – including the requirement to quarantine for 14 days (if applicable) before returning to a UC facility.
For the well-being and safety of those who must travel internationally or domestically, it is important that travelers register their trip with the UC Travel Insurance Program, UCAway in order to ensure appropriate travel insurance coverage and trip intelligence services. Registration is an important step in reducing the risks of traveling while keeping the UC community safe, especially in environments with heightened health risks such as COVID-19. See the UCANR Risk & Safety Business Travel page for more general travel safety information and links.
Domestically, non-essential work-related travel is discouraged, particularly by air. For UCANR personnel, this means work-related travel outside of your normally assigned County(ies) or regional program area.
If travel is considered essential for University business or programmatic needs, and the activity cannot be conducted via alternative methods, consider the following:
- The employee's own current personal health condition
- Current community spread of destination location
- The possibility that extended self-isolation period may be required (both upon arrival at the destination and after return to California) if the destination location is subject to heightened COVID-19 activity
Given the widespread rate of COVID-19 infections across the country, domestic travel is now considered a risk factor in diagnosing COVID-19. CDC U.S. travel guidance recommends staying home as the best way to protect from getting sick and provides additional guidelines for those who are considering traveling within the U.S. Those approved to travel for work domestically should take appropriate precautions while traveling and upon their return to work.
You can also find more COVID-19 travel safety information for ANR travelers at: http://safety.ucanr.edu/Programs/emergency/Current_Health_Alerts/Travel/
The 4-H Healthy Living advisory team launched a statewide virtual Disease Detectives: Operation Outbreak program. More than 40 youth participants met online twice a week from June 16-July 13 to learn about disease outbreaks, virus transmissions, public health investigations and how protective actions like hand washing, wearing masks, vaccinations, and herd immunity help manage negative public health outcomes. The advisory team has also trained more than 50 volunteers, staff and community members nationally to lead this project.
To remove yourself from this automated list, click here: Unsubscribe from this list./span>