A representative from the Department of Homeland Security gave tips to UCLA staff and employees Monday on ways to improve cybersecurity on campus.
Deron McElroy, chief of operations at the Department of Homeland Security said individuals should take steps to protect their information by improving their password strength and avoiding unfamiliar sites.
“There has been a massive increase in threat actors in the environment that we live in today,” McElroy said. “The sophistication required for threat actors is declining, and the sophistication of available cyberattack tools is growing.”
UCLA officials announced in July that a cyberattack on a UCLA administration server in May potentially breached the personal information of about 32,000 students. The university offered one year of free identity protection for students whose information may have been accessed.
McElroy said individuals now own more devices with Internet Protocol addresses that uniquely identify electronics. He added devices with IP addresses include high-tech thermostats, refrigerators and handheld devices like phones and tablets.
He said these kinds of devices are susceptible to cyberattacks and added he thinks individuals are often not well-equipped to handle data breaches.
“Fifty percent of incidents arise from human error, whether from not encrypting sensitive data, or accidentally disclosing information,” McElroy said.
He added he thinks the multifactor authentication system that UCLA officials are requiring staff and faculty to adopt before the end of the month is an important step to promote cybersecurity protection and awareness.
Multifactor authentication requires users to enter an alternate form of identification when using their UCLA Logon ID, such as a push notification sent to their phone or a voice call to a cellphone or landline.
Mike Story, chief information security officer at UCLA, said he thinks UCLA needs to have heightened cybersecurity because it is a regular target of cybersecurity attacks, particularly phishing attempts. Phishing is a type of cyberattack that misleads an individual into revealing personal information, like a credit card number or social security number.
Story said he helps run a website that compiles phishing attempts to alert individuals on campus about known cyber threats. He added that when confronted with a suspicious email, individuals can navigate to the website and check whether the email is part of a verified phishing attempt. If they do not see it listed, but suspect it is part of a cyberattack, they can alert IT services, who can then add it to the list, Story added.
“(The website) has been very successful,” Story said. “In the last couple of months we’ve seen an increase in the number of times we’re reached out to by someone in the campus community (about a cyber attack incident).”
Although students are not required to enroll in multifactor authentication unless they qualify as UCLA employees, UCLA IT Services is hosting sign-up events to encourage students to enroll, he said. Last week, the first 300 students to sign up for multifactor authentication were given a free In-N-Out burger. He said IT services will hold the event again next week, and will have up to 500 free burgers.
“We don’t want to overwhelm the campus, so we want to (introduce multifactor authentication) in a logical way,” he said. “Eventually, students will also be required to use it.”
Brittany Currie, a UCLA information security analyst, said she thinks staff and employees required to enroll in multifactor authentication will be receptive to it because it is becoming more common in other online platforms.
“Facebook does it, your email does it, it’ll become just another thing you have to do,” Currie said.
Cecelia Finney, the program manager for information security and awareness education, said she thinks many employees register for multifactor authentication because they understand its security benefits.
“There’s a misconception that (multifactor authentication) is more difficult to use, but once (individuals) understand how it works, they find that it becomes routine,” she said.
Finney added she thinks cybersecurity is important because more campus research and personal information is being stored electronically.
“There have been a number of increased threats on campus, and it’s imperative that we protect against the potential harm,” she said.