Info (in a) Sec: April 2021

Add yourself to our Newsletter list to receive future installments.

Hello World!

Welcome to the first quarterly newsletter from the UC Berkeley Information Security Office (ISO). In our newsletters, we’ll share a little bit about the projects we are working on, the services we provide, things we think you’ll be interested in, cool cybersecurity events, and more!

 “We are excited to launch this newsletter and hope that it will help keep our Berkeley community informed and engaged in cybersecurity best practices and to learn more about our office. We all have a part to play in securing our campus data.” - Allison Henry, Chief Information Security Officer 

So what were the types of things going on at ISO in early 2021?

We Hired a New Associate CISO

Join us in welcoming Charron Andrus to Berkeley. Charron is our new Associate CISO and comes from UC Davis Health where she was a senior manager in Enterprise Applications. Her portfolio included Identity and Access Management, Privacy Surveillance, Regulatory Initiatives, and Financial Reporting. She has a strong history of implementing effective IT services, leading successful teams, and public service to the larger University community. We couldn’t be happier to have her here!

Ensurng Secure Passphrases

At the start of the year, we launched our CalNet Passphrase Reset Project. You probably got one of our emails asking you to change your passphrase and we thank you! This change helps protect our CalNet security by requiring longer, more complex passphrases. Every month we see credentials exposed on the dark web, which is why it’s vital that you don’t reuse your CalNet passphrase on any other accounts. Check out our article on “Why Reusing Passwords is a Bad Idea”.

Reviewing Privacy Settings

In January we also celebrated Data Privacy Day. We what now? Data Privacy Day. January 28th. It’s the day every year where information security and privacy professionals remind you to review privacy settings and where we provide tips about how you can better protect your online data. This year, we worked with the bConnected team to educate users on how to review privacy settings for Google Calendar (bCal), Google Groups (bConnected Lists), and Google Drive (bDrive). We encourage you to review and implement these tips, even when it’s not Data Privacy Day.

Bringing Awareness to Tax Scams

February may have been a short month, but criminals were still at work thinking up new ways to deliver Tax and IRS Scams. Especially with COVID-19 and Stimulus Checks going out this year, we saw several new phishing scams targeting Higher Ed. Remember, if you get an email that seems off, report it by: 

  • Opening the message and to the right of the 'Reply' arrow
  • Select 'More' (typically denoted with three vertical dots)
  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to Also, you can always check our Phish Tank, where we post phishing emails. 

Promoting LastPass Premium

We marched into March by bringing campus FREE LastPass Premium accounts. LastPass can generate and remember all your passwords for you - no more writing your passwords down or reusing passwords. Using strong, unique passwords on all your accounts increases your personal and professional online security. Your LastPass Premium account is good as long as you remain a UCB Affiliate and it's seriously easy to use, so sign up today! For departments, we also offer LastPass Business for sharing credentials across teams.


We want to spotlight our Identity Theft Resources page and the Identity Theft Protection Town Hall Town Hall we put together in response to the UC Accellion Data Breach.

If you haven’t already, we highly recommend signing up for free credit monitoring through the Experian IdentityWorks website using the enrollment code JCZGTC333:

For help with enrolling call (866) 617-1923 and reference engagement number DB26512.

Cybersecurity Events:

  • (May 20) Cybersecurity: What You Need to Know
  • (June 8–10) Educause - Cybersecurity and Privacy Professionals Conference
  • (June 15-16) UC Davis Information Security Symposium
  • (July 16–17) Diana Initiative

See all event details at our Security Related Events page.

What keeps us busy?

These charts may help explain. The first chart shows the number of alerts processed by our threat detection systems and the second chart shows detected compromises and vulnerabilities. If you get a security notice from our office be sure to follow the instructions to remedy the situation immediately. 

General alerts graph
Compromises and Vulnerabilities Chart