October 1, 2023

UCSF IT Security

Awareness News You Can Use

Monthly Articles, Contests, and Upcoming Events

 

‌UC Cybersecurity Awareness Month

(UC CAM) Celebration!

October 2023 marks 20 years of Cybersecurity Awareness Month. Once again, the UC campuses have banded together to provide a wide variety of events and activities to help you to individually protect yourself, your private information, and the University. The University of California (UC) theme this October is Protect Your Digital Life – Be CyberSafe. Please click here to find out more and register for events.

October's Quiz is on Proper Data Disposal 

Please read "Dispose of Data Properly!" and take the monthly quiz. All UCSF faculty, staff, contractors, students, and affiliates who take the quiz will be entered in a drawing for one of six $50 Amazon gift cards.

Remember, you can also visit our previous security awareness articles and take the quizzes. Visit our past campaigns at the UCSF Cybersecurity Awareness Site.

Latest Phishing Campaign

If you missed the "red flags" from our latest  UCSF-wide mock phish, they are displayed at the bottom of our page "Protect UCSF and Myself from Phishing and Other Similar Scams".

If an email seems at all strange, report it via Phish Alarm. You will find out almost instantly how to further interact with the email. Over-reporting is not an issue! Better safe than sorry! 

New Flyer Posting Contest for UC CAM - Cyber Hygiene is Critical!

IT security has created a flyer to remind everyone of the importance of basic cyber hygiene to help protect ourselves and UCSF. Please post them everywhere allowed such as breakrooms, department bulletin boards, or your refrigerator. Take a picture of the posted flyer and send it to [email protected]. Each picture is an entry in a drawing for a $50 Amazon gift card. Contest ends on 10/31/23.  

Click here to view and download the flyer.

In case you need a reminder, the nine basic cyber hygiene habits to greatly reduce cyber risk for everyone are:

  1. Always think twice before clicking on links or opening attachments.
  2. Verify requests for private information (yours or anyone’s), even if the request seems to come from someone you know.
  3. Protect your passwords and use multi factor authentication whenever it is available.
  4. If you receive any email, text, or call asking you to approve an access request for a login that you did not initiate, do not approve it! 
  5. Protect your stuff! Lock it up or take it with you before you leave.
  6. Keep a clean machine! Keep your devices, apps, browsers, and anti-virus/anti-malware software patched and up to date.
  7. Backup critical files.
  8. Delete sensitive information when you are done with it.
  9. If it’s suspicious, report it!

 

More information on how to do these habbits are included in the articles on the UCSF Cybersecurity Awareness Site! Take the quizzes and you could win a prize!

Required UC Cybersecurity Awareness Course

All UCSF Faculty, Staff, and Students must annually complete the UC Cyber Fundamentals Awareness Course on the UC Learning Management System (LMS). Five people win a $50 Amazon gift card each month! Find out more about the course and see the new contest below!

See the Latest Phishing Scams and Know

What To Do! 

In the last year, cyber criminals delivered a wave of cyber-attacks that were not just highly coordinated, but far more frequent and advanced than ever before seen. Many of them began with a phishing email. To help everyone be more aware of the current widespread and impactful phishing scams, IT Security has created a page New Phishing Threat Alerts. It lists the prevalent phishing campaigns and provide additional information on:

  • What to watch out for
  • Key actions to take
  • Tips to remember

 

Please bookmark the page and check back often. IT Security will be updating it frequently.

 

Ongoing Monthly Contests

 

Everyone Can Win a Prize!

1. Refer your UCSF friends and colleagues to the UCSF Awareness Site and ask them to:

  • Read the latest article and take the quiz.
  • Ask them to enter your email address as the referrer.
  • State they are new to the site on the last page of the monthly quiz.

For each 20 people you refer, you will win a $25 Amazon gift card (limit 2/year, referrals do not expire).

 

2. Each month we will be selecting one person to win a $50 gift card from everyone who uses the Phish Alarm Button to report suspicious emails. They will win a $50 gift card. This important security tool analyzes the email and lets you know if it is an actual phish. No need to contact the Service Desk or IT Security when you get something suspicious. For more information, please visit the Phish Alarm Overview Page.

 

3. Each month we will be randomly selecting five people from everyone with “current” status on their UC Cyber Fundamentals Awareness Course assignment to win a $50 Amazon Gift Card. Here’s how to check your status on the annual training requirement:

  • Click on the UC Learning Center link in MyAccess
  • Click on “UC Learning Center Login” from the UC Learning Center page
  • Click on “Required Training”
  • Check the Status of “eCourse: UC Cyber Security Awareness Fundamentals”

Winners Circle

September Awareness Quiz Winners

Diane Perun

 Renee Jiang

Frank Farm

Karina Ky

Roxanne Lee

 Georgina Lopez

 

September Phish Alarm Winner

Craig Joe

 

September LMS Cybersecurity

Awareness Course Winners

Joshika [email protected]

Nagat [email protected]

Rachel [email protected]

Omar [email protected]

Mona [email protected]

 

September Top Quiz Referrers

Millo Pasquini

Eve Phong (Dinh)

Khin Nyunt

Cristina Morrison

Jennifer Camacho

Julie Erich

Matthew Lau

Thea Dela Cruz

Casey Nelson

John Hasper

Gato Gourly

Jason Dong

 

 

Upcoming Events

October - UC Cybersecurity Awareness Month (UC CAM)

The UC campuses have banded together to provide a wide variety of events and activities to help you to individually protect yourself, your private information, and the University. The University of California (UC) theme this October is Protect Your Digital Life – Be CyberSafe. Please click here to find out more and register for events.

UC CAM Events Hosted by UCSF

Tuesday, October 3, 2023, 10:00 AM – 11:00 AM

Social Engineering - The Art of Manipulation

Rosa L. Smothers, Senior Vice President of Cyber Operations at KnowBe4

Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud, unauthorized system access.) Rosa will discuss these types of approaches, the newest scams, and ways to be a “human firewall” for UCSF and your own digital life.

Click here for more information and to register

Thursday, October 12, 2023, 12:30 PM – 2:00 PM

Understanding Cybersecurity in Healthcare: Emerging AI Threats and Essential Safeguards

Elvis Chan, FBI; Patrick Phelan, USF

Sponsored by UCSF Rosenman Institute and the UC-Wide Cyber Champions

Cybersecurity has rapidly evolved into a crucial concern, affecting our private lives with risks such as identity theft, and at a larger scale, national issues such as federal elections. For healthcare startups, working as scientists in academic & commercial labs, and IT departments professionals, the threat landscape is increasingly complex. Alongside traditional risks like IP theft, ransomware, and hacktivism, there's a rising risk posed by the exploitation of generative artificial intelligence by cyber criminals. Where do our vulnerabilities lie? How can we maximize our defensive strategies to protect ourselves and the organizations we serve? Join us to learn the best practices from our experts FBI's Elvis Chan, who manages San Francisco’s Cyber Branch focusing on cyber investigations and digital forensics, and Patrick Phelan, the Chief Information Security Officer at UCSF. This webinar will provide an important opportunity to stay ahead in understanding both traditional and emerging cyber threats. 

Click here for more information and to register

Thursday, October 19, 2023, 2:00 PM – 3:00 PM

Connected Diabetes Device Security

David C. Klonoff, M.D., F.ACP, FRCP (Edin), Fellow AIMBE

Connected diabetes devices require sound cybersecurity. FDA, FBI, HHS, and the President of the United States are increasingly focused on the need for medical device cybersecurity. The Consolidated Appropriations Act of 2023 mandates the FDA to require increased medical device cybersecurity. This law requires manufacturers of medical devices to: 1) submit a plan to monitor, identify, and address postmarket cybersecurity vulnerabilities, 2) ensure devices remain cybersecure, which includes issuing updates and patches, 3) submit a software bill of materials (e.g. commercial, open-source, and off-the-shelf components), 4) comply with such other requirements that may be added through regulation. IEEE 2621, recognized by the FDA in December 2022, is the first Standards Development Organization-developed medical device cybersecurity standard containing both performance and assurance requirements. This standard is intended for wireless diabetes devices, such as blood glucose monitors, continuous glucose monitors, insulin pumps, closed loop automated insulin delivery systems, smart insulin pens, and spinal cord stimulators. IEEE 2621 is a conformity assessment standard that defines a framework for a connected electronic product security evaluation program for diabetes devices. Its purpose is to provide grounds for confidence that connected electronic diabetes products deliver the security protections claimed by their developers and deemed necessary by stakeholders. Conforming to IEEE 2621 can prevent breaches and associated negative effects.

Click here for more information and to register

Thursday, October 26, 2023, 10:00 AM - 11:00 AM

Privacy Breaches and the Aftermath - A Behind the Scenes Look - Panel Discussion

Christian Sisenstein, UCSF Manager of IT Security Incident Response and Security Operations

Jaison Mathew, UCSF Health Manager, Privacy Investigations & Regulatory

Maral Iftekhary, UCSF Health Research Privacy Specialist

Mary Morshed, UCSF Director of Data Security Compliance

Mike Benevento, UCSF health Privacy Investigator 

Mike Lee, UCSF Office of Healthcare Compliance and UCSF Privacy Data Analyst 

Michael Victor, UCSF Health Senior Privacy Investigator

Who hasn’t been on the receiving end of a letter explaining their personal information was inappropriately accessed and/or disclosed. But what happens behind the scenes leading up to mail carriers delivering breach notification letters or public postings of privacy breach announcements? 

Join a panel of privacy and cybersecurity experts from UCSF to get a closer look at the types of privacy violations and breaches investigated in large healthcare and research focused organizations. The panel will discuss privacy investigation techniques and tools; data analysis and algorithmic advancements; regulatory reporting of breaches involving personal health information (PHI); complications involving research health information (RHI); technical security controls; and regulatory penalties that can have lasting impacts.

Click here for more information and to register