*********PLEASE GIVE WIDEST DISTRIBUTION**********
October 19, 2021
TO: UC Santa Barbara Campus Community
FR: Sam Horowitz, Chief Information Security Officer
Kip Bates, Associate Chief Information Security Officer
Mirabelle Le, Cyber Security Awareness Coordinator
RE: Cybersecurity Awareness Month - Multi-Factor Authentication
****This message is being sent on behalf of Sam Horowitz, Kip Bates & Mirabelle Le. Please do not reply to this message.****
Colleagues,
October is Cybersecurity Awareness Month (CSAM). It is our goal to increase awareness about cyber security and to educate the campus community on ways to better protect themselves or their devices from unauthorized intrusions or cyberattacks. This week we will focus on Multi-Factor Authentication (MFA).
MFA is defined as a system that requires more than one distinct authentication factor for successful login. Simply stated, a factor is something you have like a cell phone or something you know like a password. A familiar example is withdrawing money from an ATM: your PIN number acts as a second authentication factor in case someone else gets ahold of your ATM card. For MFA with campus applications like UCPath, your smartphone acts as a second factor along with your password. Together these multiple factors will grant you access to your account.
UC Santa Barbara has recently been in the process of rolling out MFA for various applications, like UCPath and the Campus Virtual Private Network (VPN), with plans to use MFA for more applications over the next year. The goal is to apply the best security practices to ensure the integrity of campus networks, data, and user accounts.
For more information, as well as an MFA Q&A with Chief Information Security Officer Sam Horowitz, visit security.ucsb.edu
Sam Horowitz samh@ucsb.edu
Kip Bates kip.bates@ucsb.edu
Mirabelle Le mirabellenle@ucsb.edu
For more information, visit http://security.ucsb.edu or #mfaUCinfosec and don’t forget to follow @UCSBInfoSec on Facebook, Twitter, LinkedIn, and or Instagram, where you can find the most up to date information there about the events we’re hosting this school year. Thanks again, and we hope you stay cyber safe!
*********PLEASE GIVE WIDEST DISTRIBUTION**********
October 12, 2021
TO: UC Santa Barbara Campus Community
FR: Sam Horowitz, Chief Information Security Officer
Kip Bates, Associate Chief Information Security Officer
Mirabelle Le, Cyber Security Awareness Coordinator
RE: Cyber Security Awareness Month - Social Engineering
****This message is being sent on behalf of Sam Horowitz, Kip Bates & Mirabelle Le. Please do not reply to this message.****
Colleagues,
This is week two of Cyber Security Awareness Month (CSAM), which aims to educate the campus community on ways to better protect themselves and their devices from unauthorized intrusions or cyberattacks. This week we will focus on Social Engineering.
Social engineering in the context of IT security is “any act that influences a person to take actions that may or may not be in their best interest.” It is often a confidence trick done to obtain access to systems and confidential data that can be part of a bigger scheme. It is still on the rise and is now the number one cause of cyber security breaches. Fraudsters can trick people by playing with their emotions and getting them to act before they think, something people often do in an emotional state.
Examples include:
Desire to please: Pretending to be your boss or other authority figure and telling you to do something critical, right away.
Trust: Pretending to be a close friend or relative.
Fear of scarcity: Saying offers are limited and/or will end soon.
Threats to wellbeing: Pretending that access to a critical resource, such as your bank account or paycheck, is about to be cut off.
Euphoria/Greed/Entitlement: Saying you won something or you are getting a free gift.
Types of social engineering attacks include:
Phishing: The most common form of social engineering, phishing, uses emails that appear to come from legitimate sources to trick people into providing their information or clicking on malicious links. They frequently employ tricks that put users into an emotional state that causes them to act without thinking.
Vishing: Uses social engineering over the telephone, sometimes with a rogue interactive voice response (IVR) system, to mimic a legitimate institution and persuade you to supply your credentials and/or other data.
Smishing: Uses SMS text messaging to get you to divulge information or click on a malicious link.
Spear Phishing: Similar to phishing, but the attacker customizes the email specifically for an individual to make the phish seem more real. They often target key employees with access to critical and/or confidential data.
Quid Pro Quo: Pretends to be a service provider and keeps calling people until they find someone who actually requested or needs the service.
Baiting: Baiting relies on the greed or curiosity of the victim. For instance, leaving malware-infected flash drives strategically lying around public areas is a common tactic that exploits human curiosity.
Students, staff, and faculty have all suffered losses from the disclosure of personal data and research to unauthorized parties. Knowing what you're up against can help you be more secure. For specific steps that you can take to guard against social engineering attacks, visit security.ucsb.edu.
Don’t forget to check out the lineup of Cyber Champion events this month! Students, staff, faculty, families, friends - all are welcome to join and learn! https://security.ucop.edu/resources/security-awareness/cyber-security-month-2021.html
Sam Horowitz samh@ucsb.edu
Kip Bates kip.bates@ucsb.edu
Mirabelle Le mirabellenle@ucsb.edu
October 15, 2021
Dear Members of Our Campus Community,
As most of us know, the Alisal Fire has been burning along the Gaviota Coast since Monday afternoon. The fire is currently 41 percent contained, and poses no threat to UC Santa Barbara’s physical campus. We are continuing to carefully monitor developments and work with local emergency management and fire officials to stay informed of the latest updates.
We have heard that some of our community members are concerned about the air quality, which is expected to fluctuate for the duration of the fire, as well as classroom ventilation as we balance potential smoke exposure with our COVID-19 mitigation protocols. The University of California, using systemwide experts, developed a detailed process released in October 2019 to help campuses make decisions when assessing air quality for wildfire smoke events. While we do not anticipate that our campus’s air quality will reach the sustained levels of particle pollution that would necessitate a mandatory curtailment of operations, we are closely monitoring the situation. We have consulted with our Academic Senate, Deans, campus health experts, GSA and AS student leadership, CSAC and Staff Assembly leadership, and administrative colleagues on our campus response regarding the possibility of moving to temporary remote instruction and curtailing campus operations if the situation requires.
Based on the UC policy, a sustained Air Quality Index (AQI) of 101-150 would suggest accommodations for students, staff, and faculty who have respiratory issues or medical conditions that make them particularly sensitive to air quality conditions. It is at this point that we would also consider closing building doors and windows, which we recognize could conflict with our current COVID-19 mitigation protocols for classroom ventilation. In the event that there is a sustained AQI of 151-200, we would encourage instructors to consider conducting their classes remotely, and our campus would consider limiting outdoor work if practicable for our staff colleagues. For a sustained AQI over 200, remote instruction would become mandatory, outdoor work would be suspended, and campus operations would be curtailed to the extent possible. Yesterday, the AQI hovered between “good” and “moderate,” and the highest level we have seen this week has been an AQI of 160 for a relatively brief period.
At this time, the AQI has not reached the sustained levels that would trigger the need for remote instruction or curtailment of campus operations. However, the Highway 101 closure earlier this week affected some of our staff colleagues. The highway has now reopened, but we encourage supervisors to exercise flexibility in allowing our staff colleagues to work remotely if they are impacted by a future highway closure due to the Alisal Fire.
In the meantime, for our students, faculty, and staff, we expect to have N95 masks available for pickup this afternoon at Student Health, the Student Resource Building, the Library, Campus Store, Residence Halls, and Pardall Center in Isla Vista.
We also encourage our community members to monitor websites for possible changes to upcoming campus events that may be impacted by the fluctuating air quality.
This is an unexpected challenge that we will meet together. We will continue to assess the fire and air quality conditions, with the health and safety of our campus as our highest priority, and will update our community if the situation warrants.
Sincerely,
Henry T. Yang
Chancellor
Information on the Alisal Fire and air quality conditions:
https://inciweb.nwcg.gov/incident/7862
https://readysbc.org/alisal-fire/
https://www.ourair.org/todays-air-quality/
https://www.iqair.com/us/usa/california/santa-barbara
*********PLEASE GIVE WIDEST DISTRIBUTION**********
October 13, 2021
TO: Campus Community
FR: Megan Sandy, Director of Environmental Health & Safety
RE: Santa Barbara Air Quality Information
The Santa Barbara County Public Health Department and Santa Barbara County Air Pollution Control District issued an Air Quality Watch for Santa Barbara County on October 12, 2021. Smoke from the Alisal wildfire is affecting local air quality and conditions may continue over the next few days. Strong winds, locally and across the state, are also stirring up dust and ash into the air. This is a dynamic situation, and local air quality conditions can change quickly.
Various government agencies monitor the air at locations throughout California and report the current AQI (Air Quality Index) for those places. The AQI rating is a measurement of how polluted the air is. An AQI rating over 100 is unhealthy for sensitive groups, and an AQI rating over 150 is unhealthy for everyone.
The easiest way to find the current and forecasted AQI is to go to https://www.airnow.gov/ and enter your zip code.
For the most up-to-date information concerning the air quality and current conditions, refer to the following links:
https://www.countyofsb.org/phd
Additional campus resources can be found at https://www.ehs.ucsb.edu/ih/protection-wildfire-smoke .
*********PLEASE GIVE WIDEST DISTRIBUTION**********
October 5, 2021
TO: UC Santa Barbara Campus Community
FR: Sam Horowitz, Chief Information Security Officer
Kip Bates, Associate Chief Information Security Officer
Mirabelle Le, Cybersecurity Awareness Coordinator
RE: Cybersecurity Awareness Month – Phishing
***This message is being sent on behalf of Sam Horowitz, Kip Bates
and Mirabelle Le. Please do not reply to this message.****
Colleagues,
This is week one of Cybersecurity Awareness Month (CSAM), which aims to educate the campus community on ways to better protect themselves and their devices from unauthorized intrusions or cyberattacks. This week we will focus on phishing, a type of social engineering. Social Engineering in the context of IT Security is “any act that influences a person to take actions that may or may not be in their best interest.”
Phishing is an attempt, usually by email, to obtain your personal information in order to commit fraud. Cybercriminals use phishing to manipulate people into doing what they want. Social Engineering in the context of IT Security is “any act that influences a person to take actions that may or may not be in their best interest.” Social engineering is at the heart of all phishing attacks, especially those conducted via email. These days technology makes phishing easy. Setting up and operating a phishing attack is fast, inexpensive, and low risk: any cybercriminal with an e-mail address can launch on.
Right now, members of our community and at other UC campuses are reporting an uptick in fraudulent online banking accounts from Chime and GO2bank. You may see emails with different subject lines. For example,
· Welcome to Chime!
· Congrats! SpotMe is activated
· <YOUR NAME>. Your GO2bank account is ready to go
· Please verify your account
· Please confirm your email address
· Action Required: Activate Features
If you receive any messages like this and you did not open an account or activate any features with one of these banks, do not click any links. Please forward a copy of the email to security@ucsb.edu, then contact the bank directly and inform them that an account has been fraudulently created with your name and email address. Please ask them to close the account and confirm that they have done so.
You can contact Chime at 844-244-6363 or support@chime.com. You may contact GO2bank at 855-459-1334 or by using one of the methods listed athttps://www.go2bank.com/help/contact-us .
You should always be on the alert for fraud from banks, credit cards, and all other financial institutions. If you receive information about activity that you did not initiate, contact the financial institution and report possible fraud.
Here are a few things you can do to guard against phishing attacks:
· Limit what you share online. The less you share about yourself, the smaller the target you are for a phishing attack. Cybercriminals use information you post online to learn how to gain your trust.
· Protect your credentials. No legitimate company or organization will ask for your username and password or other personal information via email. The University definitely won't. Still not sure if the email is a phish? Contact your IT help desk.
· Beware of attachments. E-mail attachments are the most common vector for malicious software. When you get a message with an attachment, delete it unless you are expecting it and are certain it is legitimate. If you’re not sure, call the sender at a number you know is legitimate to check.
· Confirm identities. Phishing messages can look official. Cybercriminals steal organization and company identities, including email addresses, logos, and URLs that are close to the links they're trying to imitate. There's nothing to stop them from impersonating the university, financial institutions, retailers, a wide range of other service providers, or even someone you know.
· Trust your instincts. If you get a suspicious message that claims to be from an agency or service provider, use your browser to manually locate the organization online and contact them via the website, e-mail, or telephone number that you looked up – not what was provided in the message.
· Check the sender. Check the sender's e-mail address. Any correspondence from an organization should come from an organizational email address. A notice from your college or university is unlikely to come from IThelpdesk@yahoo.com.
· Take your time. If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cybercriminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.
· Don't click links in suspicious messages. If you don't trust the e-mail (or text message or post), don't trust the links in it either. Beware of links that are hidden by URL shorteners or text like "Click Here." They may link to a phishing site or a form designed to steal your username and password.
For more information, visit http://security.ucsb.edu or #phishUCinfosec, and don’t forget to follow @UCSBInfoSec on Facebook, Twitter, LinkedIn, and or Instagram, where you can find the most up to date information there about the events we’re hosting this school year. Thanks again, and we hope you stay cyber safe!
For specific steps you can take to guard against phishing attacks, visit: security.ucsb.edu
For a listing of all cyber security events see: https://www.it.ucsb.edu/news/cyber-security-awareness-month-2021-ucsb-events
Sam Horowitz
Kip Bates
Mirabelle Le