code with title embedded

Cybersecurity Awareness Month 2025

National Cybersecurity Awareness Month happens every October and is a collaboration between the government and private industry to raise awareness about digital security and empower everyone to protect personal and institutional data from digital crimes.

UC Davis Information and Educational Technology (IET) is sharing actionable steps every week and Cybersecurity WORDLE three times a week throughout October, all to help students, faculty, staff, researchers, and technology professionals keep their university and personal data safe.

Cybersecurity Events

  • October 2 - How to Report a Cyber Incident at UCSF
  • Thursday, October 2, 2025 / 12:00 - 1:00 PM
    Speakers: Kristan Beynon, Sr. Security Analyst, Incident Response Team Lead & Kevin Simmons, IT Security Analyst
    Hosted by UCSF

    Cybercrime continues to rise globally, causing trillions of dollars in damage each year. Notably, healthcare and higher education institutions are among the most frequent targets. To help prevent cybercrime, everyone at UCSF is responsible for reporting suspected cybersecurity incidents. 

    Key takeaways include:
    -Why and how to report every suspected incident
    -Types of incidents to be on the lookout for
    -What happens after you report
    -Additional resources for building cybercrime awareness and vigilance

    Register to attend
  • October 7 - Deepfake Diaries: The Latest AI-Based Attacks and How to Protect Yourself From AI Scams
  • Tuesday, October 7, 2025 / 2:00 - 3:00 PM
    Speaker: Kerry Tomlinson, Emmy Award-Winning Cyber News Reporter
    Hosted by Cecelia Finney, University of California Office of the President

    What are the newest AI-fueled attacks you face at work and at home? You'll see real-life video and audio deepfakes that attackers are currently using to try to trick people into giving up passwords, data and money. Learn how and when cyber criminals are deploying this AI-generated content and the latest methods on how to defend yourself against the fakes.

    Register to attend
  • October 14 - Privacy, AI, and Cyberlaw 101
  • Tuesday, October 14, 2025 / 12:00 PM - 1:00 PM
    Speakers: Reema Moussa, Associate Attorney & Peter Mantra, Partner
    Hosted by UC Santa Barbara

    In our increasingly complex and interdependent digital world, the convergence of privacy, cybersecurity, and artificial intelligence has reshaped how we approach enterprise risk management, data protection, and governance. This presentation will explore the evolving legal frameworks surrounding AI technologies, data privacy, and cybersecurity measures. We'll cover existing laws, key challenges, and ethical considerations in safeguarding personal data as well as how the development of AI technology and (new laws to regulate it) factor into these challenges and considerations. Through examining regulatory trends and case studies alike, this session will give a high-level view of privacy, AI, and cyberlaw basics and new directions for this rapidly changing field.

    Register to Attend
  • October 14 - Quantum Computing, AI, General Cybersecurity
  • Tuesday, October 14, 2025 / 2:00 - 3:00 PM
    Speaker: John Young, ISC2 Representative and COO of Quantum eMotion America
    Hosted by UCI

    What is Q-Day, and why is the government preparing for it now? The day that quantum computers can crack current digital encryption, and plainly read our most valuable secrets, has been tagged as Q-Day. Every government, business, and individual on Earth can be negatively affected, and the question is, even if there are post-quantum solutions available, is there time to put them in place?

    Register to attend
  • October 23 - Finding Vulnerabilities Using Artificial Intelligence
  • Tuesday, October 23, 2025 / 1:00 - 2:00 PM
    Speaker: Giovanni Vigna, Distinguished Professor in the Department of Computer Science at the UCSB
    Hosted by UC Santa Barbara

    The software components that support critical infrastructure are riddled with vulnerabilities, whose exploitation could cause service disruption, financial damage, and possibly loss of life. 

    Although there are efforts, such as OSS-Fuzz, to continuously analyze these components for vulnerabilities, some categories of security bugs are still hard to detect. In addition, the creation of testing harnesses and the generation of effective patches still require substantial effort from human experts.To address these issues, researchers and practitioners alike have focused on automating the vulnerability analysis and repair process.

    In particular, DARPA has supported these research efforts with two challenges: the DARPA Cyber Grand Challenge (CGC) in 2016 and the AI Cyber Challenge (AIxCC) in 2025. In these two challenges, participants had to create Cyber Reasoning Systems (CRS) that, in different contexts, had to identify vulnerabilities, exploit them, and provide patches without any human involvement.

    In this talk, we take a historical look at these efforts that span a decade, especially in light of the recent advances in Large Language Models (LLMs), and highlight the lessons learned from participating in these competitions, as well as the challenges that still need to be addressed to achieve a completely autonomous vulnerability analysis, triaging, and repair process.

    Register to attend
  • October 23 – UCSF Federated Research Data Steward (FReDS) Program
  • Thursday, October 23, 2025 / 2:00 - 3:00 PM
    Speakers: 
     - Helena Mezgova, UCSF Sr. Data Compliance Specialist in Academic Research Services
     - Kim Ramero, UCSF Associate Director of Process Management & Compliance in Academic Research Services
     - Jennifer Cressman, Clinical Informatics Manager Academic Research Services
    Hosted by UCSF

    This session will include an overview of the Enterprise Data Request Process for Research (Enterprise Data Request Process: Research | Scuba), the standard process utilized by Data Service Providers to fulfill requests for the extraction of de-identified, limited, and PHI data sets from UCSF Health clinical data sources. This process ensures that the requirements of UCSF and UC policies and state and federal laws are met for the granting of access to, release, and sharing of health data sets. An overview of the policies governing these areas will be provided.

    We will also introduce the Federated Research Data Steward Program, a federated version of the Enterprise Data Request Process, launched in July 2025 to expand UCSF’s data extraction services for scientific research. The program was designed to address the growing complexity and volume of research-related data requests by enabling analysts outside of UCSF IT, who already have privileged access to patient health data for quality improvement and operational purposes, to also support scientific research.

    This presentation will help both analysts and researchers understand their roles, responsibilities, and next steps for effectively and securely supporting scientific research through the program.

    Register to attend
  • October 28 - Humans, Hackers, and Hallucinations: AI, Social Engineering, and the Future of Cybersecurity
  • Tuesday, October 28, 2025 / 11:00 AM - 12:00 PM
    Speaker: Dave Lewis, 1Password Global Advisory CISO
    Hosted by UCI

    Artificial intelligence has quickly shifted from a promising tool to a disruptive toddler running with scissors. While AI enables defenders to detect threats faster and automate response, it also gives attackers new ways to deceive, manipulate, and exploit. From deepfake audio convincing an employee to transfer millions, to AI-written phishing campaigns that bypass filters, the game has changed.

    This session will explore the intersection of AI and social engineering, revealing how threat actors leverage machine learning to craft convincing attacks and where defenders can push back. We’ll also examine the emerging cybersecurity trends to watch in the coming year, from the rise of synthetic identities to AI-driven security operations. Most importantly, we’ll ground the discussion in practical advice: how individuals and organizations can stay vigilant, adapt defenses, and avoid becoming the next case study.

    By the end of the talk, participants will walk away with a deeper understanding of the risks and opportunities AI presents, as well as actionable strategies to build resilience in an age where the line between human and machine manipulation is increasingly blurred.

    Register to attend
  • October 28 - Let's Talk About Privacy. Let's Talk About You and Me.
  • Tuesday, October 28, 2025 / 12:00 - 1:00 PM
    Speaker: Becky Steiger, Policy Coordinator, Campus Privacy Officer, and ADA Compliance Officer
    Hosted by UC Santa Barbara

    Get ready to protect your personal information with UCSB's Privacy Officer Becky Steiger! This presentation isn't just about boring data rules; it's about your human right to be left alone, why protecting your privacy is important and tips on how to manage your digital life. You will learn about key privacy laws and policies like FERPA, the California Information Practices Act, the UC Electronic Communications Policy (ECP) and the UC Privacy and Information Security Initiative (PISI Report). Learn how to protect your digital privacy and keep your personal business to yourself.

    Register to attend
  • October 30 - From IS-3 to a Spooktacular Risk Registry
  • Thursday, October 30, 2025 / 10:00 - 11:00 AM
    Speakers:
     - Lee Zelyck, UCSF Senior Data Security Compliance Analyst
     - Mary Morshed, UCSF Data Security Compliance Director
     - Cynthia Howell, Data Security Compliance Analyst
     - Sean Patterson, Interim Manager, UCSF IT Security Risk Management
    Hosted by UCSF

    Deep within the labyrinth of UCSF’s digital defenses, where GPUs and CPUs howl and hard drives hum their eldritch songs, the specter of compliance, once manifested as mere phantasmal checkboxes, became something more; an omnipresent horror - a thousand-eyed beast whose regulatory tentacles could reach into every database, every network packet, and every line of code, waiting to drag the non-compliant into the depths of audit despair. Like a many-headed hydra, UC’s IS-3 policy intertwined with countless regulatory beasts and security frameworks, each demanding their pound of flesh from the academic medical center’s soul. The Data Security Compliance team gazed into the abyss of costly consultants, whose gilded promises threatened to drain the institution’s lifeblood, and chose instead to confront the demons themselves.

    Armed with ServiceNow IRM, a digital blade forged in silicon fires, and the Cybersecurity Risk Foundation’s mystical mapping tools, these brave warriors began their dark crusade. They wove UC policies into the fabric of external frameworks, binding them with threads of NIST standards to seal the shadowy rifts where policies dared not tread. From their arcane labors emerged a forbidden library - a grimoire of common controls that whispered secrets of power over multiple regulations and frameworks. Even the lost souls of internal policies, once wandering aimlessly beyond the pale of cybersecurity’s light, found their place in this unhallowed concordance.

    Register to attend
  • May 12-13, 2026 - Information Security Symposium
  • Save the Date!


    The next UC Davis Information Security Symposium will be held virtually as two half conference days on May 12-13, 2026.

    The symposium is a recurring IT security conference hosted by the University of California, Davis, and is open to students, faculty, and staff in the UC system and sponsor partners.

    The 2026 theme is ENGAGE, highlighting the power of inclusion, collaboration, and shared responsibility in cybersecurity.

    Learn more

Take Action to Boost Your Cybersecurity

cybersecurity icons on an illustrated web browser

No Tricks, Just Treats: Top Cybersecurity Takeaways

Digital safety is a daily mindset. Whether you are tidying up your digital space or enhancing your cyber safety with Duo, every move you make can help protect your information and the UC Davis community.

Key Takeaways: Follow the top security tips in the list below and make them a healthy habit throughout the academic year.

Test your Cybersecurity Awareness Month knowledge with this checklist

Cybersecurity Wordle banner

Play Cybersecurity WORDLE
Digital hygiene checklist graphic

Tidy Up, Stay Safe: Your Digital Hygiene Action Plan

At UC Davis, students, faculty, and staff are immersed in technology-rich environments. From taking classes on Canvas and teaching in smart classrooms, to collaborating virtually with colleagues, technology has become a big part of our lives. However, when not managed properly, technology can come with even bigger risks. Practicing good digital hygiene protects your identity and data, and it can make your digital experiences more secure.

Key takeaway: Every day, we access all kinds of sensitive digital information, from financial aid records to research files. Poor digital hygiene can expose you to a variety of digital threats, including identity theft from hackers, AI enhanced phishing scams, data loss from malware, and more. Following the digital hygiene checklist in this article can help keep you and your data cyber safe!

Learn how to improve your digital hygiene

multifactor authentication graphic

Your Digital Armor: Duo Multifactor Authentication

One of the most common ways UC Davis students are scammed, is by approving fraudulent Duo Push notifications. Some have lost thousands of dollars! UC Davis urges all Aggies to strengthen their cybersecurity by using Duo Multifactor Authentication securely, especially passwordless options like biometrics, security keys, and Duo push while not approving Duo Push notifications not initiated by the account owner. According to Duo, when used properly, these methods can help block over 99% of account takeover attempts.

Key takeaway: Passwords or passphrases alone are not enough to protect your personal and financial information from hackers. UC Davis uses Duo Multifactor Authentication to add an extra layer of security to university accounts, websites, and services. The Information Security Office (ISO) recommends using passwordless options from Duo so you'll be protected even if a scammer tricks you into giving up your password or passphrase. 

Learn more about passwordless verification options from Duo

fish and hook graphic

Don’t Take the Bait: Aggies’ Guide to Phishing

Phishing scams are on the rise at UC Davis. Hackers are targeting students, faculty and staff with increasingly sophisticated tactics. It is essential for all Aggies to understand phishing so that you can be better prepared to protect your identity, your data, and your personal information.

Key Takeaway: Phishing is a form of cyber fraud where attackers impersonate trusted sources. Some scams may try to impersonate UC Davis departments, professors, and even job recruiters in order to obtain sensitive information from you. 

Learn how to spot, avoid and report a phishing attempt

Read More Cybersecurity-Related Articles

Auto-Mark Spam Tech News

Fight Spam Calls with New Zoom Phone Feature

Phishing scam graphic

Protect Your Paycheck: How to Avoid Direct Deposit Scams
Spring Cleaning Graphic

Add Securing Passwords to Your Spring Cleaning Routine
UCPath Phishing Graphic

Keep on the Path for Safety: 4 Ways You Can Prevent Paycheck Fraud
Scam graphic

Protect Yourself From Phishing Scams: Hackers Target Duo, Text, and Email
Zoom Meeting Graphic

Protect Your Zoom: Guidance for Securing Internal and External Virtual Meetings
Data privacy graphic

Top Tips to Protect Your Data: Data Privacy Week 2025
Holiday Scam Graphic

Five Scams to Look Out for This Holiday Season

Past Cybersecurity Awareness Month Webpages