Guide for Cybersecurity
Simple steps to securing your information
Our teams work behind the scenes to monitor and protect our systems from cyberattacks. We can’t stress enough the important role that every member of our community plays in keeping our systems safe and our patients’ data secure.
Additionally, the same principles and caution we ask you to use to keep our systems and data safe can also be used to keep your personal finances and information safe.
Use our guide to cybersecurity to help you stay safe online.
Your password is the first line of defense against unauthorized access to your information. Maintaining a strong and unique password for each of your accounts makes you less susceptible to attacks. We recommend using a passphrase over a password to stay secure and make it easier for you to remember.
Always enable multi-factor authentication (MFA) for your accounts when available. MFA makes stealing your accounts harder by ensuring you confirm your identity on a separate device prior to allowing access into your account. Within UCLA Health, you are required to use Duo MFA to gain access to our tools and services.
Updates can prevent security issues and improve compatibility and features. We strongly encourage you to regularly update your personal device and mobile devices' software and any apps that you have installed. For your IT-managed devices, we'll make sure you get all updates regularly.
Keep your work secure
A quick way to keep your work secure is to use the UCLA Health IT approved services for your work. If you aren't already, make sure you use the following services that are offered at no-cost to you.
Beware of phishing
Phishing happens when bad actors email you pretending to be someone else in an attempt to deceive you into giving them personal or financial information. Phishing emails can be sent to your Mednet or personal email. Emails to your Mednet account can appear to come from a colleague or another member of UCLA Health.
Things to look out for when you are suspicious of an email:
- Pressure to take immediate action
- Poor grammar and spelling mistakes
- Inconsistent email address, links and domain names
Click here to view more tell-tale signs that an email might be phishing →
Fortunately, at UCLA Health, we have made it easy for you to report a phishing email to our security team with a click of a button. Use the Report Suspicious button in the Outlook desktop client and the Outlook Web App. Learn more about reporting →
Protect your devices
Back up your data
Here are a few simple reminders when storing your data:
- Save your data to your network drive or an approved cloud storage solution (Box) rather than saving directly to your computer.
- Protected data should be saved on a secure platform.
- Before disposing of a device, make sure your data has been backed up.
Tips on where to dispose of safely:
- For your work device, make sure to contact Customer Care at (310) 267-CARE (2273).
- For your personal device, visit the FTC's guide on disposing of old computers.
Encrypt your devices
Encryption is required on all devices attempting to connect to our network and internal resources. Removable media devices (like flash drives/USB sticks, CDRs, etc.) must also be encrypted. Make sure to always store removable media in a secure place to avoid losing it.
Learn more about encryption for your:
Lost a device? Make sure to immediately report it to Customer Care at (310) 267-CARE (2273).
Lock before you walk
If you’re stepping away from your computer, even just for a few minutes, you should lock the screen. It helps keep whatever you’re working on secure and confidential, and makes sure that no one else can (deliberately or accidentally) do something on your computer which gets attributed to you.
You’re responsible for all activity done under your login, so it’s good to be in the habit of keeping your system safe - even if you trust everyone in your workspace, or think that no one else has access to your computer.
It’s easy! Just hit the windows key + L, on a Mac hit control+ command + Q, or if you’re on a computer with the tap badge system, tap your badge.
Webinar recordings
Cybersecurity at home and work
This event was held as part of the 2024 Cybersecurity Awareness Month (UC-CAM).
Listen in as members of our UCLA Health Cybersecurity team, Conrad Culling, and Michael Taggart discuss best practices to stay cyber-safe at home and work! Learn how to protect your personal and professional data, avoid common threats, and implement simple security measures to keep your digital world secure.
Gone Phishin': A live phishing/hacking demonstration
This event was held as part of the 2024 Cybersecurity Awareness Month (UC-CAM).
In this session, UCLA Health Cybersecurity Researcher Michael Taggart will review and demonstrate some of the newer forms of phishing attackers are using to steal your data. For each demonstration, we’ll explore the motivations and techniques of the attackers, and what you can do to protect against these all-too-common attacks.
Secure your sign-in
This event was held as part of 2023's Cybersecurity Awareness Month (UC-CAM).