August 1, 2024

UCSF IT Security

Awareness News You Can Use

Monthly Articles, Contests, Resources, and Upcoming Events

Click here to sign up for the Monthly IT Security Awareness News You Can Use Newsletter

‌View as a Webpage

View previous newsletters

August's Quiz is on Avoiding Back to School Scams

Please read  the article "Beware of Cyber Scams as the School Year Kicks Off" and take the monthly quiz. 

‌All UCSF faculty, staff, contractors, students, and affiliates who take the quiz will be entered in a drawing for one of six $50 Amazon gift cards.

Remember, you can also visit our previous security awareness articles and take the quizzes. Visit our past campaigns at the UCSF Cybersecurity Awareness Site.

NEW Phish Alarm contest! You could win a $50 gift card and an official certificate of recognition! 

‌The top five people who use the Phish Alarm button to report potential phishing messages between June 1, 2024 and October 31, 2024 will be recognized as Phish Alarm Champions with an official certificate and win $50 Amazon Gift Cards. Remember if an email is at all strange, just report it.  Always better safe than sorry!

‌

‌To learn more about how to report a phish, go to phishalrm.ucsf.edu.

Latest Phishing Campaign

If you missed the "red flags" from our latest  UCSF-wide mock phish, they are displayed at the bottom of our page "Protect UCSF and Myself from Phishing and Other Similar Scams."

If an email seems at all strange, report it via Phish Alarm. You will find out almost instantly how to further interact with the email. Over-reporting is not an issue! Better safe than sorry! 

IT Security Awareness Flyer Posting Contest to Help Combat Duo Fatigue Attacks! Win a $50 Amazon Gift Card!

Duo Fatigue Attacks are on the rise! Attackers are once again spamming people with Duo push notifications, hoping they will eventually “fatigue” from the onslaught of requests and give in, granting access to their account and UCSF resources such as email. To help combat these attacks, IT Security has created a flyer with the actions needed to protect your credentials and the University. Please post them everywhere allowed such as breakrooms, department bulletin boards, or your refrigerator. Take a picture of the posted flyer and send it to [email protected]. Each picture is an entry in a drawing for a $50 Amazon gift card. July's winner is Mallory Geraci.

‌Click here to open and print the flyer

Required UC Cybersecurity Awareness Course

All UCSF Faculty, Staff, and Students must annually complete the UC Cyber Fundamentals Awareness Course on the UC Learning Management System (LMS). 

‌

‌Pat Phelan, UCSF CISO,  spoke at the June 7, 2024 UCSF Town Hall on the importance of this course and our new mandated compliance rate of 100%. Click here to see his whole presentation.

‌

‌Click here to read Pat Phelan's article An Insider’s View on Why It’s Important to Take UC-Required Security Trainings

See the Latest Phishing Scams and Know

What To Do 

In the last year, cyber criminals delivered a wave of cyber-attacks that were not just highly coordinated, but far more frequent and advanced than ever before seen. Many of them began with a phishing email. To help everyone be more aware of the current widespread and impactful phishing scams, IT Security has created the Real Phishing Threats Page. It lists actual phish that have been received by UCSF and the prevalent phishing campaigns out in the world. It provide additional information on:

• What to watch out for
• Key actions to take

‌‌Please bookmark the page and check back often. IT Security will be updating it frequently.

‌

‌This past month, attackers leveraged the recent Microsoft IT outage caused by the  CrowdStrike’s production incident to steal credentials and install malicious software (malware). Remember that cybercriminals commonly leverage current events in phishing attacks. Major stressful events, such as a global IT outage, give attackers ample material for sending out phishing lures.

Ongoing Monthly Contests

Everyone Can Win a Prize!

1. Refer your UCSF friends and colleagues to the UCSF Awareness Site and ask them to:

• Read the latest article and take the quiz.
• Ask them to enter your email address as the referrer.
• State they are new to the site on the last page of the monthly quiz.

For each 20 people you refer, you will win a $25 Amazon gift card (limit 2/year, referrals do not expire).

2. Each month we will be selecting one person to win a $50 gift card from everyone who uses the Phish Alarm Button to report suspicious emails. They will win a $50 gift card. This important security tool analyzes the email and lets you know if it is an actual phish. No need to contact the Service Desk or IT Security when you get something suspicious. For more information, please visit the Phish Alarm Overview Page.

3. Each month we will be randomly selecting five people from everyone with “current” status on their UC Cyber Fundamentals Awareness Course assignment to win a $50 Amazon Gift Card. Here’s how to check your status on the annual training requirement:

• Click on the UC Learning Center link in MyAccess
• Click on “UC Learning Center Login” from the UC Learning Center page
• Click on “Required Training”
• Check the Status of “eCourse: UC Cyber Security Awareness Fundamentals”

Winners Circle

July Awareness Quiz Winners

Patricia McDaniel

Valerie Pascual

Karen Gee

Tia-Jane Desplancke

Crystal  Hunt

Bob Somers

July Phish Alarm Winner

Matt Springer

July LMS Cybersecurity

Awareness Course Winners

Karin Clifton

Jessica Alway

Monica Korell

Jordyn Blackburn

Rahaman Navazgangji

July Top Quiz Referrers

Millo Pasquini

Cristina Morrison

‌‌Eve Phong (Dinh)

‌Khin Nyunt‌‌

‌Julie Erich

‌Thea Dela Cruz

Jennifer Camacho‌

Matthew Lau

Casey Nelson

‌‌Erin Accurso

‌Gato Gourly

‌John Hasper

Jason Dong

Upcoming Events

The UC Cybersecurity Awareness Month (UC CAM) celebration is coming this October!  

‌Once again the UC's are banding together for a month of educational events and activities. 

‌Click here to see some of the events and activities UCSF is working on and be the first to register!

The UC Tech IT Blog - Events Page

‌Events for the UC Tech community help introduce new skills, resources, perspectives and people/network in support of your work and career. 

‌Click here to go to the UC IT Blog Events Page for live informative events

‌

Great Free Awareness and Training Resources

UC Cybersecurity Awareness Month Recordings

‌If you missed some of the educational events held by the University of California during Cybersecurity Awareness Month in October, don't worry!  Many of the events were recorded and are now available by video. 

Click here to see a list of the recordings you can watch

‌Cybersecurity for the Clinician Video Training Series 

‌Produced and published in April 2023 as a free public service by the Health Sector Coordinating Council Cybersecurity Working Group

‌The “Cybersecurity for the Clinician” video training series totaling 47 minutes among eight videos explains in easy, non-technical language what clinicians and students in the medical profession need to understand about how cyber attacks can affect clinical operations and patient safety, and how to do your part to help keep healthcare data, systems and patients safe from cyber threats.

‌Click here to watch the Cyber Clinician Video Series