Time: 8:00 AM- 12:00 PM (or until truck hits full capacity)
Location: Parking Lot 12A near the Natural Sciences buildings
Each of us is responsible for the security of information assets with which we work. Properly disposing of electronic data is a key component of cybersecurity. Improper disposal, donation, or recycling of devices with electronic data may inadvertently disclose sensitive information, which could be exploited by cyber criminals.
Much like digital data, keeping paper records with sensitive information that no longer need to be maintained under the UC Records Retention Schedule is both a security and privacy risk. Good document hygiene includes shredding unnecessary paper and deleting e-records in a way that is consistent with the UC University Records Management Program (BFB-RMP-1) and the UC Records Retention Schedule.
Southern California Shredding will be on campus to shred both paper and electronic data devices on October 23rd.
Acceptable Items for Data Disposal Day
Paper Records (Remove documents from ring binders and hanging folders. Staples, paper clips, rubber bands, binder clips and folders with metal prongs don’t need to be removed.)
Hard drives, SSDs (Where possible, please remove hard drives from devices before bringing them to be shredded)
Smart phones and tablets
Flash Drives
SD Cards
CDs/DVDs
Do Not Bring
Backup tapes
VHS tape
Cassette tapes
Accordion folders
Hanging File Folders
Three Ring Binders
X-Rays
Monitors
Office Equipment
Lab Equipment
Drop Off
You can drop off any items that your unit has determined should be destroyed. The truck will shred your paper records and electronic data devices onsite. Certificate of destruction can be made available upon prior request.
If you have more than ~100 hard drives that need to be shredded, please connect with security@uci.edu
If a department needs assistance with dropping off items at this event, please contact Stephanie Tenney before Wednesday, October 16, 2024.
Before you shred
Identify the records you have and whether they are still in use.
If the retention period has lapsed and no one uses the records, destroy or delete the records. Shred sensitive paper records.
If the retention period has lapsed but the records are part of a foreseeable or ongoing litigation, an investigation, an ongoing audit, or a pending Public Records Act request, KEEP the records. Do NOT destroy them.
If your unit/department has been notified by Risk Management or counsel to retain the records, do NOT destroy them.
Verify with your supervisor that it is acceptable to destroy the records.
Visit the IT Security Proper Data Disposal webpage for choosing the correct disposal method for your device/data.
For examples of sensitive protected information, please visit the IT Security Protection Levels webpage.
Questions about classifying records or data elements can be directed to security@uci.edu.
Thank you for helping to clear out unneeded documents and reduce security and privacy risks at UC. This free event is brought to you by the UCI Office of Information Technology, UCI Records Management, UCI Privacy, UCI Procurement Services, and UCI Libraries Special Collections & Archives.
October is Cybersecurity Awareness Month! This year’s theme is ZotDefend: Protecting UCI’s Digital World. The month was originally created through a collaboration with the National Cyber Security Alliance and the Department of Homeland Security. Feel free to check out the events and resources listed below.
Events
Executive Director, U.S. Cyber Command: Morgan Adamski – Hot Tips for Being Cyber Safe in Today’s Threat Environment (10/17 @ 11:30am)
Description: Come hear from Morgan Adamski, the Executive Director of U.S. Cyber Command, about the latest cyber threats to national security and your role in protecting yourself and the U.S.!
Previously, Ms. Morgan Adamski was the Chief of the Cybersecurity Collaboration Center for NSA’s Cybersecurity Directorate where she led the Agency’s open private sector relationships to secure the Defense Industrial Base and its service providers. During her time there, she revitalized the way NSA collaborates with the private sector to harden billions of endpoints against nation-state cyber threats. Ms. Adamski also served as the Deputy Strategic Mission Manager for NSA’s Cybersecurity Directorate and was responsible for leading complex and groundbreaking initiatives for the agency specifically aimed at gaining insights against nation-state cyber actors and collaborating with the private sector.
For more than a decade, Ms. Adamski has been at the forefront of NSA’s Computer Network Defense, Computer Network Exploitation, and Cyber analysis missions. Prior to her position in CSD, she served as a senior Cyber Policy Advisor to the Deputy Assistant Secretary for Defense (DASD) for Cyber Policy. Ms. Adamski acted as technical and operational subject matter expert to the DASD for Cyber Policy, specializing in operational issues in the Middle East and Eurasia area of responsibility. She was a primary contributor to the 2018 DoD Cyber Strategy and was responsible for orchestrating the Department’s new approach to cyber deterrence.
Ms. Adamski served as a Chief Operating Officer for NSA’s offensive cyber mission from 2016-2018, responsible for planning and executing operations against some of the agency’s hardest intelligence targets. Prior to serving in NSA’s offensive mission, she served as the NSA Deputy Director’s executive assistant (2014-2016) and as a senior SME for the Middle East cyber analysis office (2010-2014).
Ms. Adamski received the Director of National Intelligence Merit Unit Citation in 2019 and the Meritorious Civilian Service Award in 2016.
Cyber@UCI is the premier club on campus for applied cybersecurity education. Their mission is to help students learn about and engage in cybersecurity, regardless of prior experience. Whether you are completely new to cybersecurity, have already chosen it as your field, or just want to learn enough to pair with another profession, they can help get you to where you want. You can get involved through attending their weekly workshops, hanging out at their dedicated lab space, and joining their various sub-teams, including their Collegiate Cyber Defense Competition team (which got 4th place at Nationals last year!) Check out their Discord for more information: discord.cyberuci.com.
In collaboration with the UCI Information Security team for Cybersecurity Awareness Month, Cyber@UCI is delivering a live hacking demonstration! We often hear about the potential to be “hacked” and go through security training because of it, but what does an end-to-end attack look like? Join us for an exciting, hands-on session where we’ll showcase real-world cybersecurity vulnerabilities and exploitation techniques. Don’t miss out on this chance to see cybersecurity in action!
The featured UCI Cybersecurity Awareness Month Starbucks drink, the “Java Chip Securi-ccino”, will be available at all three Starbucks locations on Campus during the month of October.
Security Quiz Raffle (10/1 – 10/31)
Complete the security quiz and be entered into a drawing for one of three $25 Amazon gift cards! Winners will be picked at random at the end of the October and contacted through email. Participants must input a UCI email address and can only enter in once. You do not have to get all the questions right in order to participate in the drawing and you must be UCI-affiliated to win.
Reports have been received from individuals on campus receiving job scam emails promising offers of employment and work benefits. Be wary of these offers and do not respond to these scammers with any information (e.g. bank account numbers, phone number(s), email addresses, etc.)
Cybersecurity Training
If you are employed by UCI, please remember to complete the yearly cybersecurity training. The training offers useful information on how to protect yourself online, at home, and at work.
Data Loss Prevention & Access Controls
Store your information in a safe and secure location making sure the access controls are adjusted with security in mind. This helps protect your data from only being accessed by those who need to access it and that a malicious individual doesn’t gain access to it.
Timely escalation of cybersecurity incidents
Report any suspicious security events or possible breaches to OIT Security, timing is critical! The sooner a cybersecurity incident is reported, the faster the issue can be resolved.
Personal Information Redaction
There is a lot of information online that you may want to remove. If you wish to remove information from any personal accounts, make sure to figure out what site(s) the information is located on, and review what you wish to make public. For more information, please visit How to Redact Your Personal Information Online.
Listed below are some security resources available from UCI:
Visit the IT Security website “How To…” page for guidance on security practices.
1Password – password management tool to securely store passwords and personal information.
Use PhishAlarm to report suspicious emails to IT Security.
Securely shred sensitive electronic and paper data at Data Disposal Day.
Identity Theft Protection, UC provides free identity protection for UC employees, retirees and their dependent children up to age 18.
Report potential information security incidents to security@uci.edu
Major email providers have announced that they have started enforcing DMARC/DKIM/SPF email security standards in order to send email to them. What that means to us is that external email providers will increasingly block or mark as spam email coming from UCI unless this email security standard is fully implemented. This is to ensure that all email where the “from” address is “uci.edu” are not being spoofed but rather being sent from a UCI-approved service.
OIT is implementing changes to OIT-managed email services to comply with these standards.
If you are using a 3rd party service to send bulk emails as “uci.edu” (such as Constant Contact, MailChimp, SendGrid, etc), please contact the OIT Security Team at security@uci.edu to help get your 3rd party service configured properly.
OIT is also offering Proofpoint Secure Email Relay (SER) for campus services that require an email relay. SER allows the relay of any uci.edu or uci.edu subdomain email to any recipient. SER sent emails are fully DMARC, DKIM, SPF compliant. SER is available in two options:
Authenticated SMTP in the cloud
If your application or server can support authenticated SMTP, this is the preferred method.
Requirements:
Authenticated SMTP (SMTP AUTH PLAIN or LOGIN)
Port 25 (STARTTLS required), port 465 (SMTPS), port 587 (STARTTLS required)
TLS v1.2+
Able to connect to smtp-us.ser.proofpoint.com
On-campus network SMTP relay
If your application can not support authenticated SMTP or can not reach the Internet, this on-campus service can relay the email to SER.
Requirements:
Unauthenticated SMTP only, no support for authenticated SMTP
Port 25 (STARTTLS optional)
TLS v1.2+
Able to connect to ser.service.uci.edu, a round-robin A record to ser1.service.uci.edu [128.200.151.76] and ser2.service.uci.edu [128.200.91.82]
Please contact the OIT Security Team at security@uci.edu to setup your application or server to use Proofpoint Secure Email Relay.
October is Cybersecurity Awareness Month! The month was originally created through a collaboration with the National Cyber Security Alliance and the Department of Homeland Security. Feel free to check out the events and resources listed below.
Security Now Host: Steve Gibson – Porosity: Why Cybersecurity Remains Elusive (10/26 @ 2pm)
Description: The benefits to society from secure and trustworthy computing systems are obvious and many. But despite decades of monumental investment toward in this obvious goal, cybersecurity remains elusive with damages ranging from individual users to international corporations. With the causes of each failure clear in retrospect, why do we seem unable to get ahead of them? Steve is going to share and layout his concept of “security porosity”.
Steve Gibson is the founder & CEO of Gibson Research Corporation, located in Southern California. Since 1988, all of the bills have been paid by the sales of Steve’s long-standing mass storage maintenance and data recovery utility: SpinRite. GRC’s website mostly reflects Steve’s life-long passion for all-things-technology including Internet Security. He began programming early computers in 1970, at the age of 15, and he never stopped. Steve believes in “old School” computing, and, yes, misses working with computers having 16 Kbytes of memory. So today, because he lives to code, even though it’s a bit nuts, he still writes all of his programs in 100% pure assembly language. Listeners to his weekly Security Now podcast often comment that they can hear his love and enthusiasm for technology in his voice. It’s the real deal.
The featured UCI Cybersecurity Awareness Month Starbucks drink, the “Java Chip Securi-ccino”, will be available at all three Starbucks locations on Campus during the month of October.
Security Quiz Raffle (10/1 – 10/31)
Complete the security quiz and be entered into a drawing for one of three $25 Amazon gift cards! Winners will be picked at random at the end of the October and contacted through email. Participants must input a UCI email address and can only enter in once. You do not have to get all the questions right in order to participate in the drawing and you must be UCI-affiliated to win.
Use Multi-factor (Two-factor) authentication for your online accounts. This method uses two or more factors for authentication and includes but is not limited to: Something You Have, Something You Know, and Something You Are.
Create a long and different password for each online account with a minimum of 12 characters. Use a mixture of different sets of characters and use a password management tool to help store passwords.
Look out for phishing/email scams asking for your information. Some senders may masquerade as someone you know or a legitimate organization. Their aim may be to acquire personal or financial information among other items. If you believe the email to be a scam and have not replied, ignore the email. If you have replied, cease all further contact with the sender.
Be sure to automatically backup your data and apply the latest security patches. Doing so will keep your software current and helps to address security vulnerabilities.
Be wary of voice phone scams. Scammers are now using AI to trick people into thinking that the person who is calling is in trouble and is in a state of emergency. They often times ask for assistance through monetary means (e.g. money, crypto, gift cards, etc.) and is in a state of urgency. If you suspect the call to be a scam, hang-up and call the actual person to ask them to verify their situation.
Sent on 8/30/2023 to All Campus Employees and Students by the Office of Data and Information Technology
UCI Information Security reports “a new wave of fraudulent activity” tied to Chime and Go2Bank. Unauthorized accounts have been opened using UCI members’ personal information and victims then receive requests to click on links or transfer funds via UCI email, personal email and/or a letter and debit card sent to their mailing address. This activity has also been reported at other UC locations. For more information, visit https://www.security.uci.edu/2023/08/14/chime-go2bank-fraudulent-activity/
According to the National Council on Identity Theft Protection, identity theft scenarios are increasing drastically in 2023. The most recent Federal Trade Commission reports show 5.7 million cases of identity theft and fraud in 2021, up from 4.7 million in 2020. Cases are at an all-time high, because of a wider range of identity theft methods and reports indicate that nearly 33% of Americans have faced some kind of identity theft attempt in their lives, according to the National Council on Identity Theft Protection.
UC is also hearing reports that fraudulent debit, business, investment and other financial accounts are being opened in the name of university employees and students without their authorization. Often, these accounts are opened at online financial institutions that don’t require a credit check, which means credit monitoring services may not alert you to this activity.
To help protect you, UCOP is providing this non-exhaustive list of contact information for financial institutions that may be affected. UCOP is also working with these institutions where appropriate. Also below are tips and best practices from consumer protection agencies and other experts.
In general, it’s a good practice to closely monitor your work and personal email as well as your physical mail to look out for these unauthorized account openings.
If you’ve had an unauthorized account opened in your name and feel comfortable sharing your experience with us, please send a message to security@uci.edu with details on when and how you discovered the account, as well as any steps you’ve taken to resolve the issue.
Identitytheft.gov is a one-stop federal government resource where consumers can report and learn about identity theft. The site provides step-by-step advice and such resources as easy-to-print checklists and sample letters.
ReportFraud.ftc.gov is where consumers should go to report fraud, scams or bad business practices.
OptOutPrescreen.com is the official consumer credit reporting industry website for consumers to opt in or opt out of receiving offers of credit or insurance. To opt out, call 888-5-OPT-OUT (888-567-8688) or visit their website.
AnnualCreditReport.com is the only source for free credit reports. To obtain a copy of your credit report (one per year), visit their website.
Here are steps you can take to help protect yourself from identity theft if you get a notice that says a company lost your personal information in a data breach or learned that an online account was hacked.
Check out the FTC’s identity theft articles to find out what can you do to keep your personal info secure, learn more about whether identity protection services worth the cost, and about credit freezes.
Free Identity Theft Resources — in English and Spanish — can help you protect your identity and recover if an identity thief strikes.
