With increased cybersecurity threats in the health care and higher education sectors, UCSF is boosting its efforts to ensure that all faculty, staff and learners comply with mandatory cybersecurity training.
UCSF recently launched an enterprise-wide effort to improve compliance with all mandatory trainings, a priority monitored by the University of California Office of the President and the UC Board of Regents.
Everyone is strongly encouraged to complete all four courses on the UCSF Learning and Development website. These trainings address important issues across the entire UC system, including bolstering knowledge of the importance of protecting cybersecurity to minimize the risks of data breaches, including those that compromise employee and patient privacy.
Patrick Phelan, UCSF Chief Information Security Officer, underscores why University officials are concerned about cybersecurity threats.
Why is cybersecurity training important to me and UCSF?
Cybercrime has skyrocketed over the last five years with no sign of slowing down.
Globally, cyberattacks cause trillions of dollars in damages every year. Attacks on the University of California can interrupt clinical, research and education activities, and cause financial harm. UCSF was the victim of a significant ransomware attack in 2020.
UCSF uses sophisticated technology and processes to protect our data and networks but security is a shared responsibility. While we prevent nearly all malicious messages from reaching your inbox, it’s critical for every employee to recognize and avoid these attacks. A devastating cyberattack can begin with a single phishing message that evades detection.
Why is cybersecurity a top priority now?
We have a new mandate requiring 100% compliance for cybersecurity awareness training from UC President Michael Drake.
There are serious consequences for non-compliance with training:
- Increase in cyber insurance premiums for UCSF
- Non-compliant units will be assessed costs related to security incidents up to $500,000
- Merit increases for unit heads whose units are found to be non-compliant will require approval from their Chancellor
- An individual’s access to UCSF IT systems may be suspended until the employee comes into compliance
- An individual’s access to UCSF IT systems may be suspended until the employee comes into compliance
What do I need to do?
Take your cybersecurity training annually.
If you are currently overdue, please take your training as soon as possible. The training is designed to educate workforce members to recognize cybersecurity risks and take appropriate action. It also provides guidance on protecting valuable systems and data.
How do I take my training?
You can access the course via the UC Learning Center:
- Login to the UC Learning Center with your MyAccess credentials.
- Click on “Assigned Activities” in the “My Required Training” box.
- Click on the “Start” button next to the course title to launch the training.
Relevant trainings also are linked directly on the Learning and Organization Development Compliance website.
Clicking on the relevant training will take you to the UC Learning Center page to log in with your MyAccess credentials, then you will be taken directly to the training.
Why do I have to take a similar training every year?
The training is updated each year to ensure current issues are being addressed and the scenarios are updated. There are key points of significant importance that are reiterated each year.
Cybersecurity attacks are a serious issue since data security breaches can lead to compromising confidential information, such as patient and employee data.
Annual cybersecurity awareness training is an important component of protecting our organization and requires everyone’s participation. Don’t miss out on important information and make sure to take your training.