COVID-19 (Novel Coronavirus) Cybersecurity Guidance and Recommendations
Last Updated: July 9, 2021 4:27:51 PM PDT
Give feedback
Find COVID-19 (Novel Coronavirus) cybersecurity guidance and recommendations for UC San Diego staff members who are telecommuting or working in a remote off-campus location.
The COVID-19 pandemic presents an imminent and serious threat to the members of our community, the US healthcare system, and the economy. The welfare and safety of our community during this time is our primary concern. Yet in every crisis there are those who will attempt to profit from the chaos and disruption created. Here’s what you should know about cybersecurity and the coronavirus pandemic:
COVID-19 Specific Phishing Campaigns
- Campus Notice - Be Aware of COVID-19 Related Hacking and Phishing Attacks
- Federal law enforcement and the FTC are reporting a massive growth of spam, phishing, and text messaging scams, as well as web-based advertising offering false COVID-19 cures, treatments, and personal protection advice. Additional information about these campaigns was provided by our email security vendor Proofpoint in the form of this awareness video (2:27).
- Across the Internet we are seeing evidence of organized crime attempting to lure unsuspecting users to bogus COVID-19 information websites while invisibly downloading malicious software designed to steal corporate and personal information. A recent example uses the actual COVID-19 data taken off an identical (legitimate) site provided by Johns Hopkins University. This can be safely viewed at: https://app.box.com/v/coronavirusscam.
COVID-19 Trusted Sources
- While the campus’ anti-spam service has been stopping several large coronavirus-related phishing campaigns, some messages will manage to get delivered. If you receive a suspicious email, please forward it to abuse@ucsd.edu where it will be automatically analyzed and the results used to prevent additional deliveries.
- Visit UC San Diego's Coronavirus portal for the latest information for the campus community and sign up to receive official campus information through the Triton Alert Emergency Notification System.
- Do not respond to other email, phone, or digital advertising pertaining to the COVID-19 pandemic.
- Rely instead on established, respected news sources, such as:
How to Protect Yourself While Working From Home
At home your laptop or home computer does not benefit from the full range of protections computers receive when on campus. Please take the following actions when using a home or other unmanaged computer off campus:
- If your computer is not managed by campus IT staff, or is a loaner or emergency computer, immediately run the system update service which installs software fixes for known security weaknesses in your software.
- Install a quality antivirus product on your personal computer. The campus recommends the Sophos Home edition. See antivirus.ucsd.edu for more information.
- When logging into the campus VPN, use the group “2-step secured - allthruucsd”. This will ensure that all of the traffic to your computer runs through campus network-based security sensors. While working on University business, this is the preferred VPN group.
- Make sure that all your personal banking, investment, and email accounts are protected by two-step login, also known as multi-factor authentication (MFA). Most commercial services do this by texting you a short code to a phone registered with the service. Take the time to set this up immediately.
- With the tremendous reliance on Zoom within higher education, a phenomenon known as “Zoom Bombing” is becoming common. Our colleagues at UC Berkeley have a really informative description of what Zoom Bombing is and how to prevent it.
International Access to UC San Diego
At this point in time we have not received any reports of campus resources being unavailable from overseas. However, if you find you are unable to access a service due to local access restrictions, using the campus VPN should re-enable access as we believe the campus VPN will work globally. Note that you can access the VPN through your browser (EasyConnect) or using the AnyConnect client. For more information, see: https://blink.ucsd.edu/go/vpn
If one fails or is blocked, you should try the other. EasyConnect will not provide access to library resources. Faculty and staff working internationally should, when possible, rely on the campus VPN to provide secure connectivity to campus services. Students should use the campus VPN if desired or necessary to access a specific service.
Third-Party VPNs
While we do not recommend the use of a third-party VPN, it may help you gain access to publicly available resources if the campus VPN is blocked in your region. Note that third-party VPNs are not able to access campus resources restricted to the campus VPN.
If one fails or is blocked, you should try the other. EasyConnect will not provide access to library resources. Faculty and staff working internationally should, when possible, rely on the campus VPN to provide secure connectivity to campus services. Students should use the campus VPN if desired or necessary to access a specific service.
Third-Party VPNs
While we do not recommend the use of a third-party VPN, it may help you gain access to publicly available resources if the campus VPN is blocked in your region. Note that third-party VPNs are not able to access campus resources restricted to the campus VPN.
Resources
For more information, contact the Office of Information Assurance at security@ucsd.edu.