We use the Internet at work, home, for enjoyment, and to connect with those close to us. However, being constantly connected brings increased risk of theft, fraud, and abuse. Universities, which are characterized by their openness based on academic freedom, are among the most widely attacked targets. The University takes steps to ensure the security of our infrastructure and systems, but cybersecurity is a shared responsibility, and everyone can take a few simple steps to make the Internet more secure!
Secure UCSB Program
As a world-class institution, UC Santa Barbara is committed to safeguarding the privacy of our community, and the evolving digital landscape requires enhanced protections to secure sensitive personal, financial, academic, and research information. Secure UCSB is an initiative to invest in critical technology updates during the upcoming academic year to protect our campus from rapidly evolving cybersecurity threats.
Security For Faculty & Staff
Find more information for important security topics such as data backups and storage, phishing scams and information technology security best practices specifically relevant to faculty and staff at UC Santa Barbara.
Security For Students
Discover relevant security information for topics such as social media and password management best practices to help you be safe and prepared to handle IT security situations as a UC Santa Barbara student.
General Security Resources
Find information about identifying and avoiding phishing scams, managing passwords, or tips to secure your personal information.
Visit here if you have Ransomware on your device or if you would like additional Ransomware resources!
Report Harassing or Unwanted Email
We encourage UCSB computer and network users to report email abuses as well as computer intrusions and other hostile activity.
Report Scanning, Hacking, and Other Hostile Activity
We take matters of hacking and other hostile activity seriously and will investigate all reports of abusive activity.
Report Lost or Stolen Computer Device
Complete this form to report your lost or stolen device to the Network Security Team. If this is an emergency, please contact the local authority.
Security News
Cybersecurity Awareness Month: How to Safely Use Artificial Intelligence
UCSB is participating in UC Cybersecurity Awareness Month (UCCAM) during the month of October. The goal of UCCAM is to increase systemwide awareness about cybersecurity and to educate our campus community on ways to better protect yourselves and your devices from cyber-attacks. This week we will focus on safely utilizing AI technology.
Cybersecurity Awareness Month: Understanding Deepfakes
A deepfake is a synthetic audio or video created using deep learning, a type of machine learning that mimics the human brain's ability to process information. While deepfake technology can be used for entertainment and creative purposes, it also poses significant risks due to its ability to spread misinformation and commit fraud.
Online Shopping Tips for the Holiday Season
UCSB is a Champion of International Data Privacy Week, which is observed from January 21-27 in 2024. Data Privacy Week is an international effort, sponsored by the National Cybersecurity Alliance, that is held annually in January to spread awareness about online privacy and educate citizens on how to keep their personal information secure. Millions of people are unaware of and uninformed about how their personal information is being used, collected, and shared in our digital society. Data Privacy Week aims to inspire dialogue and empower individuals and companies to take action.
Data Privacy Week 2024 - January 21-27
UCSB is a Champion of International Data Privacy Week, which is observed from January 21-27 in 2024. Data Privacy Week is an international effort, sponsored by the National Cybersecurity Alliance, that is held annually in January to spread awareness about online privacy and educate citizens on how to keep their personal information secure. Millions of people are unaware of and uninformed about how their personal information is being used, collected, and shared in our digital society. Data Privacy Week aims to inspire dialogue and empower individuals and companies to take action.
Cybersecurity Awareness Month: Social Engineering
Social engineering in the context of IT security is “any act that influences a person to take actions that may or may not be in their best interest.” It is often a confidence trick performed to obtain access to systems and confidential data that can be part of a bigger scheme. It is still on the rise and is now the number one cause of security breaches. Scammers can trick people into acting before they think by putting them in an emotional state.
Cybersecurity Awareness Month: Securing Financial Accounts
As our everyday lives become increasingly digital, protecting your financial accounts against cybercrime is more important than ever. Safeguarding your financial accounts encompasses more than just your savings and checking accounts; it should also include protecting your investments, retirement, and online payment applications like Venmo.
Cybersecurity Awareness Month: Phishing
Phishing is an attempt, usually by email, to obtain your personal information and commit fraud. Cybercriminals use phishing to manipulate people into doing what they want. These days technology makes phishing easy. Setting up and operating a phishing attack is fast, inexpensive, and low-risk; any cybercriminal with an email address can launch one.
Cyber-Smart Traveling
Traveling today is so much easier with technology -- whether it’s to the coffee shop around the corner or to a café in Paris. Unfortunately, traveling with devices can mean increased cyber risks for keeping your personal and University information private, as well as the potential for device theft.
Digital Spring Cleaning
Many of us are familiar with the concept of spring cleaning. This year, consider taking some time to spring clean your digital life, too, especially as our world continues to move online. Just like your home, your digital life can become cluttered; things pile up, become out of date, get lost, are no longer needed, or need some care.
UCSB Recognizes Identity Theft Awareness Week
Identity theft happens when someone steals your personal information to commit fraud. All individuals have one thing in common - we are all good targets for identity theft. Thieves will use your sensitive data to steal your identity and pretend to be you for many reasons. They might open new financial accounts, file taxes, make purchases, or even use your identity for more nefarious reasons.
Cybersecurity Awareness Month 2022
This year's UC Cybersecurity Awareness Month (UCCAM) campaign theme is Overcoming the Human Factor. We each need to develop an understanding around our responsibility and accountability for our individual roles and actions in cyber safety. Systemwide events cover a variety of topics and are hosted online. #BeCyberSmart and spread the word!
Detecting Fraudulent Job Opportunities
Recently, members of the UCSB community have reported receiving offers for fraudulent job opportunities. The UCSB IT Security Operations team would like to provide some guidance to help users identify job opportunities that may be a scam. Regardless of whether you are actively job seeking, you may receive emails, phone calls, texts, or other notifications of potentially fraudulent job opportunities. There are a few things you should keep in mind if you receive a message that you believe could be a scam.
Cyber Security Awareness Month: Ransomware
Ransomware is a type of malicious software (a.k.a malware) that locks the victim out of their computer or files – most often by encrypting them – until a ransom is paid. Ransomware is often spread through the use of stolen credentials, malicious links, and harmful attachments in emails; however, these are not the only delivery mechanisms. Other sources include malicious applications and files, and adware/spyware.
Cyber Security Awareness Month: MFA
Multi-factor authentication (MFA) is defined as a system that requires more than one distinct authentication factor for successful login. Simply stated, a factor is something you have like a cell phone or something you know like a password. UCSB has recently been in the process of rolling out MFA for various applications, like UCPath and Kronos Timekeeping, with plans to use MFA for more applications over the next year.
Cyber Security Awareness Month: Social Engineering
Social engineering in the context of IT security is “any act that influences a person to take actions that may or may not be in their best interest.” It is often a confidence trick done to obtain access to systems and confidential data that can be part of a bigger scheme. It is still on the rise and is now the number one cause of cyber security breaches.
Beware of COVID-19-Related Phishing Emails
Any time you see an email related to COVID-19, take extra precautions. Look carefully at the source. Is it a real address or something designed to mislead you into thinking it's real?
New Login Screen to Access Campus Resources
On March 7, 2020, UCSB Enterprise Technology Services (ETS) will release the upgraded Single Sign-On (SSO) service. SSO is the service that enables our community to log in to many campus systems including Electronic Timekeeping and UCPath. The SSO upgrade prepares the Identity infrastructure for future modernization.
Back to School Cybersecurity
Over 200,000 UC students will be starting classes over the next couple of months. The new school year is an exciting time for students, faculty, and staff. It’s also an exciting time for hackers, identity thieves, and other unscrupulous types who take advantage of people during this busy time of year.
Phishing for Gift Cards
In the past few weeks, the campus experienced a rash of phishing attacks. The most common form is a short message that starts with something like, "quick help needed," "are you in the office?," or "available?" - Anything to attract a response. The messages often appear to come from vice chancellors, deans, and department chairs.
Don't Take the Bait
Google incorporates user feedback to train its algorithms to recognize new phishing attacks. Both Horowitz and Lovan recommend reporting a message to Google if you suspect it is a phishing attack. You can do this directly from your online Gmail box.
Phishing Scams
They use clever techniques to induce a sense of urgency on your part so that you don't stop to think about whether they are legitimate or not. Some even target a select group of users and tend to be more specific and include information more detailed and familiar to the recipient.
Password Best Practices
Passwords are the key to almost everything you do online, and you probably have multiple passwords that you use throughout the day. Choosing hard-to-hack passwords and managing them securely can sometimes seem inconvenient.
Online Phishing and Scams
Spear phishing emails are a special type of phishing email targeted to a select group of users. These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient.
Security Personnel On Campus
Information Security at UCSB is a distributed effort shared among IT teams and individuals across campus. You can find key resources in your divisions, departments, and in ITS. Here are some places to start.
Office of the CIO
Jackson Muhirwe, CISO drjackson@ucsb.edu
Core IT (Information Technology Services)
Jennifer Mehl, Cybersecurity Operations Manager jennifer.mehl@ucsb.edu
Security Operations Center (SOC) security@ucsb.edu
UCSB Cyber Security Checkup
What better way to make sure you're secure with a cyber security checkup? View the documents below to follow best practices for securing your devices on or off-campus.