Add yourself to our Newsletter list to receive future installments.
Welcome to the first quarterly newsletter from the UC Berkeley Information Security Office (ISO). In our newsletters, we’ll share a little bit about the projects we are working on, the services we provide, things we think you’ll be interested in, cool cybersecurity events, and more!
“We are excited to launch this newsletter and hope that it will help keep our Berkeley community informed and engaged in cybersecurity best practices and to learn more about our office. We all have a part to play in securing our campus data.” - Allison Henry, Chief Information Security Officer
So what were the types of things going on at ISO in early 2021?
We Hired a New Associate CISO
Join us in welcoming Charron Andrus to Berkeley. Charron is our new Associate CISO and comes from UC Davis Health where she was a senior manager in Enterprise Applications. Her portfolio included Identity and Access Management, Privacy Surveillance, Regulatory Initiatives, and Financial Reporting. She has a strong history of implementing effective IT services, leading successful teams, and public service to the larger University community. We couldn’t be happier to have her here!
Ensurng Secure Passphrases
At the start of the year, we launched our CalNet Passphrase Reset Project. You probably got one of our emails asking you to change your passphrase and we thank you! This change helps protect our CalNet security by requiring longer, more complex passphrases. Every month we see credentials exposed on the dark web, which is why it’s vital that you don’t reuse your CalNet passphrase on any other accounts. Check out our article on “Why Reusing Passwords is a Bad Idea”.
Reviewing Privacy Settings
In January we also celebrated Data Privacy Day. We what now? Data Privacy Day. January 28th. It’s the day every year where information security and privacy professionals remind you to review privacy settings and where we provide tips about how you can better protect your online data. This year, we worked with the bConnected team to educate users on how to review privacy settings for Google Calendar (bCal), Google Groups (bConnected Lists), and Google Drive (bDrive). We encourage you to review and implement these tips, even when it’s not Data Privacy Day.
Bringing Awareness to Tax Scams
February may have been a short month, but criminals were still at work thinking up new ways to deliver Tax and IRS Scams. Especially with COVID-19 and Stimulus Checks going out this year, we saw several new phishing scams targeting Higher Ed. Remember, if you get an email that seems off, report it by:
- Opening the message and to the right of the 'Reply' arrow
- Select 'More' (typically denoted with three vertical dots)
- Then 'Report phishing'
If you are unable to log into bMail, forward the message to firstname.lastname@example.org. Also, you can always check our Phish Tank, where we post phishing emails.
Promoting LastPass Premium
We marched into March by bringing campus FREE LastPass Premium accounts. LastPass can generate and remember all your passwords for you - no more writing your passwords down or reusing passwords. Using strong, unique passwords on all your accounts increases your personal and professional online security. Your LastPass Premium account is good as long as you remain a UCB Affiliate and it's seriously easy to use, so sign up today! For departments, we also offer LastPass Business for sharing credentials across teams.