By Casey Hennig and Jeané Blunt. As Cybersecurity Awareness Month (CSAM) draws to a close, it’s important to recognize the meaning behind the movement. CSAM raises awareness about the importance of cybersecurity and the tagline, “Do your part. #BeCyberSmart,” encourages people and organizations to increase personal accountability for cybersecurity. As UC employees we have a responsibility to protect not only ourselves, but also the university.
IS-3 is UC’s Electronic Information Security Policy. Robert Smith, systemwide IT policy director at UCOP, recently wrote an article in the UC IT Blog explaining the policy in layperson’s terms. Smith said, “IS-3 embraces the notion of shared accountability for security. That means we all need to understand policy requirements and help our organizations comply.”
Cybersecurity is a top priority on every UC campus and each location has a different approach to raise cybersecurity awareness. For example, UC Berkeley’s Information Security Office encourages staff to focus on three areas to increase cybersecurity: protecting yourself, protecting devices, and protecting data.
Protect Yourself
The best way to protect yourself from identity theft is to limit the personal information you post online. If you’re going to post on social media, try not to give too many personal details. It’s also a good idea to set your account to private, so only your approved circle will see your posts.
Phishing attacks are some of the most common—and most successful—types of attacks. Learn how to recognize them by paying close attention to details and being wary of clicking on embedded links. If you suspect a phishing email, contact your campus IT security office.
Protecting Devices
Protect your devices by keeping them safe, turning on a lock screen, and keeping your operating systems and applications updated. It’s important to keep devices updated security flaws may have been fixed or a new, more secure version of the software is available. Installing anti-virus or anti-malware software on your devices is also critical. The good news is that many newer devices come with anti-virus or anti-malware software, it just needs to be turned on. When you get a new device, read through the user’s manual to ensure you are using all the online protection offered.
Protecting Data
Create unique, long passwords for all your accounts. Using a password manager is a safe and effective way to ensure your passwords are secure, updated regularly, and stored safely. Many password managers are available online for free, but first check with your campus, as they may offer employees a campus-sponsored password manager.
When working with UC data, you should think about what kind of data you interact with, learn the Protection Level of your data so you know how best to use, store, and destroy it.
Smith’s blog article about IS-3 goes into greater detail about data classification and gives more information on best practices. For questions about managing records, contact your local Records Management coordinator.
Casey Hennig is outreach and engagement coordinator, Information Security Office, UC Berkeley.
Jeané Blunt is IT communications and UC FCC licensing coordinator, Information Technology Services, UC Office of the President.