Posts Tagged: cybersecurity
Report cybersecurity incidents to IT within 24 hours
Dear ANR Community,
As part of a directive from UC President Drake, UC ANR must report all significant cybersecurity incidents to the Office of the President. To meet this requirement, it is mandatory to report any cybersecurity incidents to the IT department within 24 hours of detection. Timely reporting ensures we can take swift action to mitigate risks and prevent further damage.
Examples of cybersecurity incidents include:
- Lost or Stolen Devices: Immediately report any lost or stolen ANR laptops, ANR smartphones, or other ANR devices.
- Unauthorized Access: If you suspect someone has gained access to your ANR accounts or devices.
- Unusual Account Activity: Any unfamiliar transactions, changes in account settings, or activities that you didn't initiate.
Check our IT Security page for more examples.
Please contact IT immediately at help@ucanr.edu or call Help Desk at (530) 750-1212 if you encounter any of these incidents. By reporting incidents quickly, we uphold our shared responsibility in neutralizing security risks and protecting our organization.
Thank you for your cooperation and attention to this matter.
Jaki Hsieh Wojan
UC ANR Deputy Chief Information Officer
& Chief Information Security Officer
Coming Jan. 13: Changes to UC ANR SSO login
To comply with UC-wide policy to protect UC ANR and its employees' data, IT is taking steps to strengthen security for logins. The following changes to the Duo authentication process will go into effect on Jan. 13, 2025.
Please ensure you are using:
Duo Mobile 4.16.0 or later on Android devices
Duo Mobile 4.17.0 or later on Apple devices
How to update
- Open the app store on your device (Google Play Store for Android or Apple App Store for iOS).
- Search for "Duo Mobile" and select the app.
- Tap "Update" to install the latest version. (If the "Update" option is not there, you are already updated.)
What's changing
IT will be enabling Duo's Verified Push for UCANRSSOlogins. When youlogin using UCANRSSO (Fig. 1), Verified Push will require that you enter a code into the Duo Mobile app.
After you enter yourusername and password, a three-digit code will be displayed in your browser (Fig 2).
Duo Mobile will prompt you to enter the code and select verify to continue (Fig. 3)
After your device is verified, you can choose "Yes, this is my device" (Fig. 4) to stay verified for 16 hours. During this time, Duo won't ask you to verify again as long as you're using the same browser.
Note: Applications using UC DavisSSO (Fig. 5) will not be impacted by this change.
Need help?
If you have problems logging in, contact the Help Desk at help@ucanr.edu or (530) 750-1212.
Jaki Hsieh Wojan
UC ANR Deputy Chief Information Officer & Chief Information Security Officer
Text scam impersonates ANR colleague
A text phishing (smishing) scam has been hitting ANR employees' phones. This scammer attempts to impersonate Greg Gibbs, ANR's Executive Director of Development Services. The texts originate from a 530 number and at first appear legitimate.
I am sharing Ethan Ireland's experience and thought process. Thank you, Ethan.
Ethan received this text:
From (530) 646-XXXX
Hello Ethan, Let me know if you get
my text and if you are in office.
Greg Gibbs
Executive Director, Development Services
UCANR
Ethan told me, “I was initially taken off-guard and revealed some information I regret having revealed: I confirmed *who* I am, what my schedule is. However, I have gotten cold calls and texts from my colleagues who often have a (530) area code.
The first clue that made me suspicious is the syntax and grammar of the 'Ok sounds great' text, particularly the line '…you are to keep this confidential till the surprise will be done.' This put my back up, because I've gotten a lot of scam SMSes over the years, and they typically have mangled grammar and syntax. However, since there are some folks in the ANR team for whom English is a second language, I simply regarded this as a 'red flag' that would make me want to proceed with caution & get extra verification.
I thought I would keep them talking, and sure enough, their next message was asking me to get Apple gift cards, which I know is a common scammer tactic to get someone to get money to them in a way that is unrecoverable for the sender. I stated my concerns and brought up Greg Gibbs' page on the ANR directory. They responded with outrage — but I know emotional manipulation is a key part of social engineering, especially when impersonating someone higher up in hierarchy. By this point, I was about 95% sure it was a scam.
Ethan then tried to call Greg directly on his ANR phone and left a voicemail. Once he started pushing on verification, the scammer went silent.
This just one of manysmishing messages that went out recently. Great job to Ethan and many others who spotted this as a scam!
If you receive an unexpected text, verify its authenticity before providing information or taking action. If you receive a smishing messages purportedly from an ANR employee, report the message to ANR IT at help@ucanr.edu.
For more information on smishing and other social engineering methods, visit https://it.ucanr.edu/Security/Social_Engineering.
Jaki Hsieh Wojan
Chief Information Security Officer
Scheduled server downtime: Thursday, July 6, 2023 (6-8 a.m.)
ANR Community,
IT has scheduled an outage of our public server infrastructure on Thursday, July 6, between 6 a.m. and 8 a.m. During this window, all public-facing websites and remote access will be unavailable.
The purpose of this outage is to move our public-facing server to a new firewall to enhance security and reliability of our systems.
Please note the following details regarding the server outage:
Date: Thursday, July 6, 2023
Time: 6-8 a.m.
Duration: Approximately 2 hours
Impact: During this period, all public-facing website access will be temporarily unavailable.
We apologize for any disruption this may cause. IT will work to minimize the duration of the outage and restore normal operations as quickly as possible.
Should you have any urgent matters that require immediate attention during the scheduled downtime, please contact our support team at help@ucanr.edu.
Thank you for your patience and understanding.
Sree Mada
UC ANR Chief Information Officer
Jaki Hsieh Wojan
UC ANR Chief Information Security Officer
IT: UC ANR website performance issues
ANR Community,
As you are all aware, there have been recent performance issues with ANR's website. The performance issues are due to an increased level of bot activity. These bots are automated programs that attempt to access our servers, causing a strain on our resources and impacting the user experience. It is important to note that these bots have not infiltrated our network, and we have not experienced any security breaches or unauthorized access.
This rise in bot activity is not isolated to our organization. Many higher education entities are also encountering similar challenges. Our IT team is actively working on implementing a solution to prevent the bots from reaching our servers.
We will keep you updated on the progress of our efforts to combat the bot activity and restore stability to ANR's website. If you have any questions or concerns, please don't hesitate to reach out to our IT support team at help@ucanr.edu.
Thank you for your understanding and cooperation as we work to address this issue.
Sree Mada
UC ANR Chief Information Officer
Jaki Hsieh Wojan
UC ANR Chief Information Security Officer