Security

Last Updated: November 3, 2021 3:40:09 PM PDT

Personal Cybersecurity and Identity Protection Resources, Including Steps to Take Following the UCOP / Accellion Data Breach

Sophos Antivirus License Expires November 1, 2021

The campus license for Sophos Antivirus will expire November 1. For continued protection against viruses and malware, be sure your university-owned computer has FireEye HX installed and registered.

Read a message sent to campus Sophos Antivirus users that includes FireEye HX installation information.
Learn more about FireEye HX and anti-virus software for personal computers at antivirus.ucsd.edu.

October Is Cybersecurity Awareness Month

As we welcome October, Cybersecurity Awareness Month is finally here! Previously known as National Cybersecurity Awareness Month, this initiative raises awareness about the importance of cybersecurity.

Co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security, they continue using the overarching theme:

“Do Your Part. #BeCyberSmart.”

This evergreen theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

Our Systemwide Cyber Champions team worked to bring the information and tools we all need to be safer and more secure online. UCOP and a few of our sister campuses are hosting a multitude of engaging sessions, and we have some unique vendor product offerings. Plus, UCOP created CSAM 2021 Zoom backgrounds for every location. Download ours today!

Head on over to our CSAM events page where you'll find all of the registration details for the sessions (be sure to check out The Mentalist!), games like Spot the Phish, and even more resources. Also, reach out to cybersecurity@ucsd.edu and schedule to play the new CyberEscape Online escape rooms or the Security Feud game for your teams. You're guaranteed to have fun!

AD Password Change Is Required

In response to previous and ongoing attacks on campus accounts, UC San Diego and UC San Diego Health are enforcing stricter Active Directory (AD) security measures:

AD passwords will require 12 or more characters.
Passwords known to be available on the dark web or part of a previous compromise will be rejected.

All academics, staff and affiliates on campus and at UC San Diego Health and Health Sciences are required to make a one-time AD password change. You will receive email notification on your password change start date, and will continue to receive notifications until your end date or your AD password has been changed.

Please change your password within the date range assigned to your rollout group:

Health Sciences and UC San Diego Health: August 12 to September 22
Campus Academics and Staff (by last name):
- A through B: August 18 to September 8
- C through G: August 25 to September 15
- H through N: September 1 to September 22
- O through Z: September 8 to September 29
Students: Password changes will be required at a later date.

How to Change Your AD Password

Campus Academics and Staff AD Password Change instructions

Health Sciences and UC San Diego Health AD Password Change instructions

Support

Please first reach out to your unit's IT team for assistance or questions.

Main campus

Web: support.ucsd.edu/its

Email: servicedesk@ucsd.edu

Phone: 858-246-4357

Health Sciences and UC San Diego Health

Web: https://uchealth.service-now.com/ess_ucsd/

Email: 3help@ucsd.edu

Phone: 619-543-4357 or Ext. 3-HELP

Webinar: Living on the Dark Web

Webinar presented July 13, 2021 by Michael Corn, Chief Information Security Officer, UC San Diego. The identity protection tips and accompanying links and phone numbers are available at: identitytheft.ucsd.edu.

Now available: English and Spanish subtitles.

UCOP Security Incident: News, FAQs, and Resources

July 1, 2021: UCOP has begun sending individual notices via USPS and email to impacted personnel. Read the updated FAQs from UCOP for more information.

May 10, 2021: UCOP has issued as "Substitute Notice of Data Breach" with updated information.

April 2021: the Office of the President has announced a significant security incident involving UC employee information due to the Accellion data breach. The Office of the President continues to investigate the incident, and we expect that more details will become known over time.

It is very important that every member of the UC San Diego community take steps now to protect themselves against identity theft and fraud.

The following documents published by the Office of the President provide additional information about the security incident.

Identity Theft Protection Workshop, presented April 8, 2021, by Vince Kellen, Chief Information Officer, and Michael Corn, Chief Information Security Officer

Steps to Take

Protect yourself by signing up for UCOP's free identity monitoring service (Experian) and place a fraud alert on your credit files.
Review the five rules for protecting your information.

Resources, News and FAQs from UCOP

UCOP Accellion security incident homepage (including Experian links and enrollment code)
Substitute Notice of Data Breach - posted May 10
Frequently asked questions - updated July 1
Update on Accellion data breach and what you should do to protect yourself - April 2
UC part of nationwide cyber attack - March 31

Translated Information

Identity Theft and Your Social Security Number

Guidance from the Social Security Administration

Questions

Questions about the incident or using the identity monitoring services can be submitted to communications@ucop.edu.

Cybersecurity Awareness

Visit our cybersecurity awareness page to find featured topic articles, videos, and other resources throughout the year to help you build good cybersecurity habits.

Learn more

Events

View our events page for campus presentations (currently offered only via Zoom in light of COVID-19) you may attend to stay #CyberAware.

Learn More

Security while working from home

Find out the latest security guidance and recommendations for working from home in the COVID-19 Cybersecurity section of the Remote Work page.