Protect Your Identity
Q&A with Kip Bates
On April 2, 2021, UCOP notified all employees of a systemwide data security incident affecting the UC community. Over the past few years news of this type has become commonplace. This breach, however, is significant in its scope and action should be taken to protect our identities. Understanding just how to protect ourselves can be overwhelming so we turned to Kip Bates, Associate Chief Information Security Officer, to answer some questions that we hope will help to clarify what we can do to make it harder for our identities to be infiltrated.
Q: What are the critical first steps we should take to protect our identity?
A: I recommend three steps to take immediately.
- Sign up for credit monitoring and identity theft protection with Experian Identity Works provided for free by UCOP.
- Place a fraud alert on your credit file; once a fraud alert is placed on your credit file additional identity verification steps are required prior to extending new credit. Alternatively you can freeze your credit for better protection.
- Enable Multi-Factor Authentication (MFA) on all of your online accounts and especially your financial accounts.
Additionally, UCSB Information Technology has provided helpful information including a link to UCOP’s frequently asked questions page (also available in Spanish) regarding the Accellion data breach.
Q: Can family members enroll at Experian? Do they use the same code as employees?
A: Family members who are listed as dependents or beneficiaries on employee or retiree accounts, or who are listed on student paperwork, can and should sign up at the Experian IdentityWorks.
Q: What is Multi-Factor Authentication (MFA)?
A: We all know passwords are the “keys” to most devices and almost everything we do online. Unfortunately, even the best passwords can get hacked, stolen, or unintentionally shared. Fortunately, there is an easy way to add another layer of protection in addition to your username and password to make your login more secure. This is called multi-factor authentication, or MFA. MFA, sometimes referred to as two-factor (2FA) or two-step authentication, is a security enhancement that requires you to present an additional piece of information beyond your username and password when logging in to an account. This additional information is usually in the form of something you have (like an app on your phone, a token, or smart card); or something you are (like your fingerprint or facial/speech recognition). Some examples of MFA that you are likely already using include the DUO app used to access your UCPath account or face recognition to access your phone home screen. You can read more about MFA here.
Q: What steps can be taken to better secure online bank accounts and other online accounts?
A: I advise enabling MFA for every account that offers it, especially your financial accounts. MFA adds an additional layer of security by verifying not only that the person knows a password, but that the person also has access to a registered device, like a personal smartphone. Additionally, you’ll want to monitor your account(s) for suspicious transactions and report any to your bank. Finally, ask the bank if they provide online monitoring or alerts on your account that will give you an early warning of any fraudulent transactions.
Q: It can be difficult to remember passwords. Is there an easy and secure way to store passwords?
A: We recommend that you use different passwords for different sites. This way if your credentials are compromised at one site your credentials are not compromised at all sites. The best way to manage all these passwords is with a password manager. The two that I recommend are Bitwarden or LastPass.
Q: Will the campus offer any workshops to hear about how to protect our identities/data?
A: You can watch a recording of a Protect Your Identity workshop in English (embedded above) and Spanish. Sam Horowitz, UCSB Chief Information Security Officer, covers topics such as credit monitority, fraud alerts, managing your online persona, and tips to improve online security.
Q: Are there any other resources you feel would be helpful?
A: I’ve provided some links below that I think will be helpful. If you do nothing else, please get signed up for Experian IdentityWorks offered for free through the UC.
Credit Fraud alerts - contact one of these organizations or enable it in IdentityWorks:
Additional Information: