October is National Cyber Security Awareness Month
This year we have seen an unprecedented number of threats across the country with a focus on compromising systems in order to gain access to COVID-19 related information/data. As we continue to experience so much of our work and personal lives online, we want to take the opportunity to remind all members of our community the crucial role we each play in safeguarding our systems.
UCLA Health and UCOP, along with the other UCs, have put together a month full of events for you, from speakers to games – and even some improv comedy. These events are designed to show you that cyber security can be interesting and even enjoyable, while helping make sure you know the basic steps you need to take to keep yourself, your family, and UCLA Health secure.
- Guard against malware
UCLA Health IT teams work tirelessly to make sure that our systems are as technically secure as possible, but every single one of us is a gatekeeper for those systems. Just as the best locks won’t keep someone out of your house if you leave the door open, our resources, efforts, and funding to keep you secure will not get very far if you share your password with the wrong person, open a suspicious email attachment, or create weaknesses with unapproved software or tools.
Two recent headlines have highlighted how technology has revolutionized health care and the care we provide, but these advances come with an increasing dependence on that same technology, and issues with those systems could have serious consequences.
- German hospital hacked, patient taken to another city dies [Associated Press, September 17, 2020] where a ransomware attack led to a delay in patient treatment highlights how crucial it is that we take our cyber security seriously.
- Closer to home and even more recent, “UHS says all U.S. facilities affected by apparently ransomeware attack" [Healthcare IT News] .
Although your work-issued computers are set up with malware protection, it is as easy as it is important to #BeCyberSmart and stay aware:
- Be observant about what links you click on and the sites you visit so as to keep your computer healthy.
- Keep your computer protected by keeping it up-to-date. This will ensure it has all the tools available to stay safe from all the known malware that could infect your computer.
- Protect any personal device used for university business with antivirus and malware software.
- Don’t take the bait!
Fishing can be relaxing, but being “phished” is typically stressful. Phishing emails account for 90% of data breaches.Somake sure to check forred flagson emails such as spoofed(forged)sender addresses and urgency so you don’t get hooked into a data breach.
Does it smell “phish-y”? If you’re unsure, we’ll check it out for you! Don’t forget, you can report suspicious emails (including phishing or spam) directly from within Outlook. Once you’ve reported an email, the message will be sent to our teams for review and will erase the message from your inbox if found to be malicious.
- Building a stronger defense
With every National Cyber Security Awareness Month that passes, we find ourselves living in an ever increasingly digital world with malicious hackers constantly looking for ways to break through our security protections. While sites continue to ask for stronger passwords, your new code can still be susceptible to a determined hacker. The strongest defense towards these attackers is to enable multi-factor authentication on any site that has that feature available.
Multi-factor authentication provides a unique solution in depending on additional checks that only you would be able to verify. The extra step may be cumbersome but it’s an advantage over what the hackers have access to. Multi-factor authentication also allows you to know if and when someone else is trying to log in to your device as you’ll receive a notification that you did not ask for. Within UCLA Health, we have implemented the use of Duo in order to access any of our resources while off-site. We encourage you to check the available security options on sites that keep any of your sensitive data and keep your information secure.
- True Eye (Full Length short film)
True Eye is a thriller which follows new-hire, Adrian Bridges, through his first day at a global AI-technology firm. Adrian’s policy orientation and security training quickly spin into suspense and intrigue as his personal AI device, Guide, starts asking him to do unethical and even dangerous things with sensitive data. His adventure offers a glimpse into proper operational security, how technology affects people and what we can do about it.
- Zombie Hotspot Mini-Game
Zombie Hotspot is a self-led timed mini-game to locate all security threats or violations in sight...watch out for zombies!
- Craft A Phish Mini-Game
Craft a Phish is a foundational training mini-game that challenges users to decide which phishing email is the most difficult to spot.
- Raw Phish Game
RawPhish is an advanced training mini-game that challenges your users to locate the malicious phishing emails using only the email raw logs in this game for advanced players.
- Cyber Security Awareness Month Zoom Background
More events available on UCOP NCSAM UC Systemwide Events Schedule.
Are My (Internet of) Things Vulnerable? A Look at the Security of Embedded Systems
October 26, 12:00 p.m. - 1:00 p.m.
In this talk, I will explain how embedded systems are built, and what kind of security concerns they face. Then, we will discuss some interesting real-world attacks and learn how difficult it really is to build a “secure” embedded system. Finally, I will walk through a few real attacks and see what is being done to defend these systems in practice. Ideally, after this presentation you will understand that these embedded systems are not-so-different from your laptop, but how these subtle differences radically change the game from a security perspective.
Zoom Security & Cool New Features
Hosted by UCSB
October 28, 10:00 a.m. - 11:00 a.m.