Guide for Cybersecurity
October is Cybersecurity Awareness Month!
The theme set this year by the University of California is Pause, Protect, Prevent. The campaign is designed to help you recognize everyday online risks and take simple actions to reduce them. Each step is intentional:
- Pause. Slow down before clicking a link, opening an attachment, or responding to unexpected messages.
- Protect. Use strong passwords, enable multi-factor authentication, and keep your devices and apps up to date.
- Prevent. Stop cyber threats before they spread by spotting scams early, reporting them, and practicing safe habits online.
Throughout the month, we’ll share tips and resources to help you Pause, Protect, and Prevent for stronger cybersecurity at home and at work. Plus, keep an eye out on our emails and attend UC-CAM events to earn points for the Cybersecurity Challenge to be entered to win prizes.
Upcoming events
Bait & Breach
Join the Security Operations team for any of the upcoming in-person demos held throughout the month. Our teams will:
- Host interactive, staged attacks
- Explain how phishing and social-engineering attacks actually work
- Give you practical steps to keep you secure
- Plus, our Customer Care team will be available to answer any additional questions.
Dates and locations:
We'll be at each location from 11 a.m. - 1 p.m.!
- Tuesday, October 14
- IT Connect in Center for Health Sciences (CHS)
- Wednesday, October 15
- B Level in RRUCLA
- Wednesday, October 22
- Cafeteria in SMUCLA
- Thursday, October 30
- Front lobby in WVUCLA
Staying Secure in the Age of AI
October 29, 2025 | 2 - 3pm
In this session, we’ll explore the use of AI at UCLA Health, the top security concerns around AI, share practical do’s and don’ts, and walk through a live demo showing how AI can go wrong when misused or manipulated. We hope you’ll leave with a clear understanding of the threats, a personal checklist for safe AI use, and confidence to protect both yourself and your organization.Register on Zoom →
Your password is the first line of defense against unauthorized access to your information. Maintaining a strong and unique password for each of your accounts makes you less susceptible to attacks. We recommend using a passphrase over a password to stay secure and make it easier for you to remember.
Always enable multi-factor authentication (MFA) for your accounts when available. MFA makes stealing your accounts harder by ensuring you confirm your identity on a separate device prior to allowing access into your account. Within UCLA Health, you are required to use Duo MFA to gain access to our tools and services.
Updates can prevent security issues and improve compatibility and features. We strongly encourage you to regularly update your personal device and mobile devices' software and any apps that you have installed. For your IT-managed devices, we'll make sure you get all updates regularly.
Keep your work secure
A quick way to keep your work secure is to use the UCLA Health IT approved services for your work. If you aren't already, make sure you use the following services that are offered at no-cost to you.
Know how to classify your data
Data is one of our most valuable assets, both personal and professional. As a health organization with access to sensitive information such as patient records, research data, and other confidential materials, it is imperative that we protect it.
To ensure data remains safe, it’s important to understand how we classify, manage, and protect the information we handle every day. Know how to classify your data by identifying whether your data is public, internal, sensitive, or restricted and be mindful of where you store or share that data.
Beware of phishing
Phishing happens when bad actors email you pretending to be someone else in an attempt to deceive you into giving them personal or financial information. Phishing emails can be sent to your Mednet or personal email. Emails to your Mednet account can appear to come from a colleague or another member of UCLA Health.
Things to look out for when you are suspicious of an email:
- Pressure to take immediate action
- Poor grammar and spelling mistakes
- Inconsistent email address, links and domain names
Click here to view more tell-tale signs that an email might be phishing →
Fortunately, at UCLA Health, we have made it easy for you to report a phishing email to our security team with a click of a button. Use the Report Suspicious button in the Outlook desktop client and the Outlook Web App. Learn more about reporting →
Protect your devices
Back up your data
Here are a few simple reminders when storing your data:
- Save your data to your network drive or an approved cloud storage solution (Box) rather than saving directly to your computer.
- Protected data should be saved on a secure platform.
- Before disposing of a device, make sure your data has been backed up.
Tips on where to dispose of safely:
- For your work device, make sure to contact Customer Care at (310) 267-CARE (2273).
- For your personal device, visit the FTC's guide on disposing of old computers.
Encrypt your devices
Encryption is required on all devices attempting to connect to our network and internal resources. Removable media devices (like flash drives/USB sticks, CDRs, etc.) must also be encrypted. Make sure to always store removable media in a secure place to avoid losing it.
Learn more about encryption for your:
Lost a device? Make sure to immediately report it to Customer Care at (310) 267-CARE (2273).
Lock before you walk
If you’re stepping away from your computer, even just for a few minutes, you should lock the screen. It helps keep whatever you’re working on secure and confidential, and makes sure that no one else can (deliberately or accidentally) do something on your computer which gets attributed to you.
You’re responsible for all activity done under your login, so it’s good to be in the habit of keeping your system safe - even if you trust everyone in your workspace, or think that no one else has access to your computer.
It’s easy! Just hit the windows key + L, on a Mac hit control+ command + Q, or if you’re on a computer with the tap badge system, tap your badge.
Webinar recordings
Gone Phishin': A live phishing/hacking demo - 2025
Phishing scams are everywhere-at work and at home. In this session, the UCLA Health IT Compliance & Security Operations team will give you a quick refresher on what phishing is, the most common types of scams, and simple ways to protect yourself in our environment and at home.
Cybersecurity at home and work - 2024 Cybersecurity Awareness Month
Listen in as members of our UCLA Health Cybersecurity team, Conrad Culling, and Michael Taggart discuss best practices to stay cyber-safe at home and work! Learn how to protect your personal and professional data, avoid common threats, and implement simple security measures to keep your digital world secure.
Gone Phishin': A live phishing/hacking demonstration - 2024 Cybersecurity Awareness Month (UC-CAM)
In this session, UCLA Health Cybersecurity Researcher Michael Taggart will review and demonstrate some of the newer forms of phishing attackers are using to steal your data. For each demonstration, we’ll explore the motivations and techniques of the attackers, and what you can do to protect against these all-too-common attacks.
Secure your sign-in
This event was held as part of 2023's Cybersecurity Awareness Month (UC-CAM).