Info (in a) Sec: June 2022

In our newsletters, we share a little bit about the projects we are working on, the services we provide, and things we think you’ll be interested in. Add yourself to our Newsletter list to receive future installments.

Welcoming New Bears!

​​This quarter we welcomed two new staff to our ISO family: Emily Gladstone and Erica Ching! Emily joined our Security Operations team and comes to us with extensive Operations and Security experience for large enterprises and startups. She has worn many hats throughout her career and shares her expertise by mentoring under-represented individuals interested in cybersecurity - how cool is that!? For fun, she performs in musical theater, does historical re-enactment and dance, cheers on her Oakland A's, and she and her husband are staff to two cats.

Erica has joined our Security Assessments team. Fun story about Erica, while preparing for California’s teaching credential exam, she took a programming class for fun. She enjoyed the course so much that she decided to pursue a career in tech! Before joining UC Berkeley, Erica worked as a System Administrator/Developer at an educational nonprofit for four years. In her free time, she daydreams of coffee (often while drinking it) and dim sum. We are thrilled to have them both here at Berkeley!

​​And hey - are you looking to grow in your career? Do you like solving puzzles and having variety in your day? Want to work with a fantastic team of colleagues? Well, we are going to be posting several positions over the next few months. Stay tuned for more information, or visit our Job Postings page for up-to-date openings.  

General Updates

Are You Using a Conference Room Camera?

Many campus departments are purchasing conference room cameras (Jabra, Owl Labs products, Logitech video bars, etc., etc.) to keep our meetings remote-friendly. However, it’s important to remember that these devices need to be updated regularly and cared for just as you would any other laptop, phone, tablet, watch...  you get my drift. So, what do I do? Be sure to update your video conference camera software and firmware regularly. Uh, how do I do that? Each device is totally different! I would start by searching for “how to perform security updates for [insert the make and model of your device here]” - that should get you to the right place. Oh - if your department is looking to update existing spaces with audio-visual equipment, see our recommendations here: Guidance for Departmental Classrooms.

Note: many camera device types cannot connect to the eduroam network. For performing firmware upgrades you will need first to connect the device to another network (e.g., use your phone as a hotspot) and then reconnect to the campus network. See this article on How to turn your phone into a Wi-Fi hotspot.

Cybersecurity: What You Need to Know in 2022

Hear from our own Chief Information Security Officer, Allison Henry, speak about Cybersecurity issues like threats related to Intellectual Property (IP) theft, ransomware, and hacktivism and how we can do the best possible job of protecting ourselves and UC Berkeley. This seminar is available exclusively to the UC Berkeley community - you will need to log in with your CalNet ID to view it on our YouTube channel. And while you are there, check out our other Cybersecurity videos!

Doing Some Traveling This Summer?

Staying connected while traveling often means connecting to public networks in hotels, airports, train stations, or wherever there is free Wi-Fi. The problem is that these open networks don’t have many (if any) security measures in place. While you are traveling protect your data and devices by following our security tips before, during, and after your trip. Security Tips for Travel

Hope to see you at UC Tech 2022 in San Diego

Well, I like San Diego - but what's this UC Tech you mention? UC Tech 2022 is an annual conference put on by the University of California system to celebrate and promote innovation and collaboration within the technologist community. Each year, a different location is selected to host the multi-day event. The program features a wide range of topics and strives to enlighten, enrich, and encourage UC folks to grow in IT. We encourage you to attend - there are in-person and virtual options available! Learn more and register here: https://uctech.ucsd.edu/

The vision of UC Tech is to foster an inclusive and collaborative community of IT professionals that continually improves services that place the University of California system at the forefront of higher education, research, and patient care. 

Ask ASCII:

I’m a designer and sometimes we get requests to use QR codes on marketing collateral. We are not in support of using them due to security concerns, but we do recognize how easy it is to drive people to websites. Does your office have a best practice or use policy regarding QR codes used for this purpose? Any light you can shed on this would be much appreciated.

- QRConfusion

Dear QRConfusion, 

This is an excellent question! Obviously with the pandemic we’ve seen more and more folks using QR codes to make things like menus, flyers, and instructions much easier to obtain. However, along with that can come some security risks – such as malicious QR codes leading to harmful websites or imposter login pages. While we don't have a policy against using QR codes, we do suggest that if you use QR Codes that you include a link to the URL that you are sending folks to so they can verify the locations. This is also helpful in case someone doesn't want to scan the QR code. For example:

QR Code for Security Website

For more information scan this QR code or visit security.berkeley.edu.

Dear ASCII, 

My research project collaborators and I need a secure way to transfer data among us - data that includes identifiable information that could cause a risk if breached. We have been using manual (i.e. thumb drive) transfer and a continuous file synchronization program, but we imagine there must be a better way to transfer files to one another securely?

- LostinTransfer

Dear Lost, 

Thanks for reaching out, I would recommend checking out CalShare for sharing highly sensitive data. Depending on the Data Classification, Box and Google can handle moderately sensitive data transfers - more information on this in our FAQ Article

See our article on "How to Classify Research Data" for help determining which service works best for your data!

Find more cybersecurity best practices at our Education & Awareness page

-Information Security. Made Bearable

What keeps us busy?

These charts may help explain. The first chart shows the number of alerts processed by our threat detection systems and the second chart shows detected compromises and vulnerabilities for this quarter.

If you get a security notice from our office be sure to follow the instructions to remedy the situation immediately. 

Q2_2022 Threats Detected
Graph for Q2_22Comp and Alerts.