Cyber security update for the new academic year

October 04, 2018

The Information Security Office distributed this letter via various campus listservs this week.

Colleagues,

As the 2018-19 academic year gets under way, we want to share a few thoughts about cyber security relating to current risks, steps you can take to protect yourself, the new UC information security policy, and a few extra events scheduled for National Cyber Security Awareness Month.

Duo message displayed on CoHo on Oct. 5 — Duo message displayed in the Coffee House Oct. 5

Criminals continue to adjust their tactics as they seek to steal money and data from universities. Recent phishing attempts have targeted students’ account information, in hopes of stealing financial aid. Focused phishing messages (“spearphishing”) have targeted employees who have budgetary authority, attempting to convince them that a supervisor or vendor wants them to transfer funds, create a purchase order, or buy iTunes gift cards and email the serial numbers to the hacker. Hostile or aggressive nations continue to target research, faculty and students at research universities, trying to break into accounts and steal valuable information.

So what can you do? Plenty. First, remember that cyber security is everyone’s job. Be careful how you handle, send, and store private data. Also:

Question any email message that asks you for your password.
Keep software updated on all your smartphones, computers, and any device connected to the internet. This is the #1 step you can take to protect yourself.
We recommend that any devices, whether managed by the campus or privately owned, receive patches and updates automatically.

New UC policy, Duo, and a free lunchtime talk

The University of California has adopted a new information security policy, known as IS-3. You can read more on the UC IT blog website. At UC Davis, we are in the initial stages of rolling out Duo, a multi-factor authentication tool that will reduce the harm caused by stolen passwords. Read more at movetoduo.ucdavis.edu.

Also, the campus is planning several National Cyber Security Awareness Month events in October, from messages displayed at campus locations and posted to social media, to tabling by the student-led Cyber Security Club. The Information Security Office has also arranged a talk by FBI Agent Justin Lee from noon to 1 on Thursday, Oct. 31, in 1003 Kemper. Any faculty member, student or employee at UC Davis is welcome to come hear his presentation.

Traveling securely, good basic habits, more

For general guidance, see the UC collection of Information Security articles. The topics include security while traveling, avoiding tax scams, and a list of eight fundamental habits of good cyber security.

Cyber security isn’t an event, or a process, as much as it is a habit. Knowing how to be safe online is essential to protecting ourselves, our colleagues, and our university. With awareness, we can avoid most of the threats, and keep more of our focus on our mission of teaching, research, and public service.

Thank you for your attention to this subject.

Viji Murali

Chief Information Officer

Vice Provost, Information and Educational Technology

UC Davis