April 1, 2023

UCSF IT Security

Awareness News You Can Use

Monthly Articles, Contests, and Upcoming Events

April's Quiz is on Updating Your Software in a Timely Manner

Please read "Keep Your Software Updated!" and take the monthly quiz. All UCSF faculty, staff, contractors, students, and affiliates who take the quiz will be entered in a drawing for one of six $50 Amazon gift cards.

Remember, you can also visit our previous security awareness articles and take the quizzes. Visit our past campaigns at the UCSF Awareness Site.

New IT Security Awareness Flyer Posting Contest to Help Combat Duo Fatigue Attacks! Win a $50 Amazon Gift Card!

Attackers are using “Duo fatigue attacks” to bypass security. They spam you with Duo push notifications, hoping you will eventually “fatigue” from the onslaught of requests and give in, granting access to your account and UCSF resources such as email.

Duo fatigue attacks are increasing and to help combat them, IT security has created a flyer with the actions needed to protect your credentials and the University. Post them everywhere allowed such as breakrooms, department bulletin boards, or your refrigerator. Take a picture of the posted flyer and send it to [email protected]. Each picture of a posted flyer is one entry in a drawing for a $50 Amazon gift card.

Click here to view and print the flyer

Latest Phishing Campaign

Congratulations to the over 2400 people who reported the document deletion mock phish via Phish Alarm!

If you missed the "red flags" from our latest mock phish, they are displayed at the bottom of our page "Protect UCSF and Myself from Phishing and Other Similar Scams".

If an email seems at all strange, report it via Phish Alarm. You will find out almost instantly how to further interact with the email. Over-reporting is not an issue! Better safe than sorry! 

New and Improved Required UC Cybersecurity Awareness Course

The next time you complete your annual mandatory UC Cyber Fundamentals Awareness Course on the UC Learning Management System (LMS), you will see a new and improved course - and you could win a $50 Amazon gift card. Find out more about the course and see the new contest below!

See the Latest Phishing Scams and Know

What To Do! 

In the last year, cyber criminals delivered a wave of cyber-attacks that were not just highly coordinated, but far more frequent and advanced than ever before seen. Many of them began with a phishing email. To help everyone be more aware of the current widespread and impactful phishing scams, IT Security has created a page New Phishing Threat Alerts. It lists the prevalent phishing campaigns and provide additional information on:

  • What to watch out for
  • Key actions to take
  • Tips to remember

Please bookmark the page and check back often. IT Security will be updating it frequently.

 

Ongoing Monthly Contests

 

Everyone Can Win a Prize!

1. Refer your UCSF friends and colleagues to the UCSF Awareness Site and ask them to:

  • Read the latest article and take the quiz.
  • Ask them to enter your email address as the referrer.
  • State they are new to the site on the last page of the monthly quiz.

For each 20 people you refer, you will win a $25 Amazon gift card (limit 2/year, referrals do not expire).

 

2. Each month we will be selecting one person to win a $50 gift card from everyone who uses the Phish Alarm Button to report suspicious emails. They will win a $50 gift card. This important security tool analyzes the email and lets you know if it is an actual phish. No need to contact the Service Desk or IT Security when you get something suspicious. For more information, please visit the Phish Alarm Overview Page.

 

3. Each month we will be randomly selecting five people from everyone with “current” status on their UC Cyber Fundamentals Awareness Course assignment to win a $50 Amazon Gift Card. Here’s how to check your status on the annual training requirement:

  • Click on the UC Learning Center link in MyAccess
  • Click on “UC Learning Center Login” from the UC Learning Center page
  • Click on “Required Training”
  • Check the Status of “eCourse: UC Cyber Security Awareness Fundamentals”

Winners Circle

March Awareness Quiz Winners

Fairie Tale

Majosefinaluisa Aquino

Christina Delsman

Aleem Khaliq

Sarah Pedonti

Alicia Lim

 

March Phish Alarm Winner

Izza Anwar

 

March LMS Cybersecurity

Awareness Course Winners

Liz Murray

Eva Banh

Veronica Segredo

Jade Vi

Kwong Law

 

March Top Quiz Referrers

Millo Pasquini

Eve Phong (Dinh)

Khin Nyunt

Cristina Morrison

Jennifer Camacho

Julie Erich

Matthew Lau

Thea Dela Cruz

Casey Nelson

John Hasper

Gato Gourly

Jason Dong

Future Events

Thursday, April 20, 2023, 9:00-10:00 AM

A Fireside Chat on Public and Private Collaboration in Healthcare Cybersecurity Preparedness

Greg Garcia, Executive Director for Cybersecurity, Healthcare Sector Coordinating Council (HSCC)

Join Dr. Kevin Fu and Greg Garcia for a fireside chat on public and private collaboration in healthcare cybersecurity preparedness.

With relentless ransomware and other cyber attacks on health providers and companies, how do we protect ourselves, as individual enterprises and as a collective industry sector? Where do volunteer best practices end and government regulations begin? Where is that balance, both politically and operationally? Learn how the nation’s healthcare cybersecurity advisory council mobilizes a collaborative approach to the sector’s cybersecurity preparedness and advises the government about its appropriate partnership role. What have we done so far to move the needle left of boom and what lies ahead?

Click here to register for the fireside chat

Past Events

October 1, 2022-October 31 2022

UC Cybersecurity Awareness Month 2022

October is UC Cybersecurity Awareness Month (UCCAM), an annual effort to increase cybersecurity awareness and provide resources for people to stay safer and more secure online. The Systemwide Cyber Champions held events throughout the month.

Recordings will be added as they become available

Click here to view October 2022 Cybersecurity Awareness Month Events

 

Tuesday, October 4 2022, 11:00AM-12:00 PM

Accessibility and Security Panel Discussion

Panel Members:

Scott Hollier, CEO & Co-founder Centre for Accessibility

Yue-Ting Siu, TVI PHD, Teacher of Students with Visual Impairments

Jiatyan Chen, Online Accessibility Program Manager, Stanford

Nicholas Borton, Chief Information Security Officer UCD

Lucy Greco, Web Accessibility Evangelist UCB

Diane Tyo, IT Operational Continuity Analyst UCLA

Moderator:

Cecile Puretz, Assistant Director of Disability Access & Inclusion at University of California San Francisco

Accessibility and Cybersecurity are both important considerations, particularly in inclusive yet cyber-vulnerable environments like those in the University of California system. Typically, conversations on these two topics are completely separate, but this event brought them together in a panel discussion to increase understanding and awareness of both sets of needs. With some effort and collaboration, it's possible to make technology both more accessible and more secure.

Click here to watch the Accessibility and Security Panel Discussion Webinar

 

Monday, October 24, 2022, 10:00-11:00 AM

Social Engineering

Rosa Smothers, Senior Vice President of Cyber Operations at KnowBe4

Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud, unauthorized system access.) Rosa Smothers discussed these types of approaches and ways to be a “human firewall” for UCSF and your digital life.

Click here to watch the Social Engineering Webinar

Tuesday May 17, 2022 1:00-2:00 PM

QB3 Webinar: Cybersecurity: What You Need to Know in 2022

Elvis Chan, FBI; Allison Henry, UC Berkeley; Patrick Phelan, UCSF

Cybersecurity is a key issue for us in our private lives — think identity theft — and at the national scale — such as federal elections. For scientists in academic & commercial labs, threats include IP theft, ransomware, and hacktivism. Where are we vulnerable to those who want to disrupt or steal from us? How can we do the best possible job of protecting ourselves and the organizations we serve? Join us to learn best practices from the FBI's Elvis Chan, who manages San Francisco’s Cyber Branch, which is responsible for cyber investigations and digital forensics, and Allison Henry and Patrick Phelan, chief information security officers at UC Berkeley and UCSF respectively.

Co-sponsored by the UCSF Cyber-Champion Team.

Click here to watch to QB3 FBI Webinar

Tuesday, June 21, 2022 10:00-11:00 AM

Advanced Persistent Threats (APTs) and their use of social engineering to target your organization

James R. McQuiggan, Security Awareness Advocate

APTs often utilize social engineering, the psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud, unauthorized system access.) Various approaches by APT groups and ways to be a “human firewall” for UCSF will be discussed.

Click here to watch the APT Webinar