Skip to content

ProtectUs

What is ProtectUs

UC Merced's Office of Information Technology is committed to maintaining the safety and security of your technology and your data while you work, study, research, and grow on our campus. While a significant amount of this work is done in the background through various arcane security hardware and software, there are active tools and services we provide to the community to utilize as well. Much like classic versions of security, cybersecurity is a community effort, and OIT cannot do it alone. It depends on us, you, and the entire bobcat community working together to ProtectUs.

ProtectUs is the embodiment of our collective efforts, resources, and services aimed at protecting every member of our campus community. Here, you can explore the ongoing and new initiatives, as well as existing resources available to secure your information. By being proactive and contributing to the community's safety, you can help minimize the risk to yourself, your fellow bobcats, and to ProtectUs as a whole.

With that in mind, cybersecurity is a very technical discipline. While our goal is to share information in an inclusive way that the campus community can well understand, many of the terms we use are the only or best way to describe our services and resources. These might be unfamiliar or unclear to the average bobcat, and to support you, we've made a glossary page with definitions that you can reference (as well as suggestions on terms to add).

Active Enhancements Underway

In the Spring of 2024, UCOP sent a letter to all the UC Campuses outlining the requirements of a system-wide cybersecurity investment initiative. You can read more about this and our response here

Identity
Communications
Devices
Knowledge
Take Action

ProtectUs Pillars

Much like the pillars of a building, we have pillars to support your cybersecurity needs. With each pillar of ProtectUs highlighting services, resources, and efforts based on the support they provide.

Identity - Your UCMNetID, much like a key to a safe, is your gateway to most technology services at UC Merced. Just as you would protect your valuables in a safe, it's crucial to safeguard your UCMNetID and never share it. OIT operates numerous services in the backend to ensure the security of your accounts, working tirelessly to keep unauthorized users out. This pillar is dedicated to supporting and protecting your identity on campus, featuring services such as secure single sign-on, two-factor authentication, and password security.

Communication - On a daily basis, the community uses many tools to communicate with our friends, families, peers, and more. Have you ever wondered about what's happening behind the scenes to keep the data you're sharing safe? It is also important to consider which tool to use and how those looking to compromise the community may attempt to infiltrate or abuse them. This pillar covers topics such as email protections and zoom encryption.

Devices - Your devices or "endpoints" are the gateway to everything from the systems and services you use at UC Merced to your bank account; moreover, where our work, school, and research can be stored and managed. This, of course, also means they double as a gateway for bad actors. Under this pillar, we'll cover the tools and services to keep those devices and your data safe, secure, and backed up should a device be compromised by bad actors or an accidentally spilled cup of orange juice.

Knowledge - Despite all the hardware and software at our disposal, knowing about cybersecurity and understanding the risks are some of the most powerful tools for keeping you safe. Cybersecurity is an ever-changing and evolving discipline, and keeping up with it can be overwhelming and confusing. Knowing when and how to act, what is expected behavior, trends, best practices, and policies can equip you to prevent a cyber incident before it even starts. In this pillar, we aim to provide the most current information and recommendations regarding policy, training, and cyber-hygiene.

Take Action - Sometimes, despite our best efforts, cybersecurity incidents can, do, and will happen. On the other hand, there are times when you need to have an exception or accommodation when security collides with a need. Don't panic! OIT is here to help, and this pillar takes you through reporting a problem, vendor risk assessments, and escalation pathways.

Identity ShieldIdentityIdentity Shield

Password Policy

Passwords are the first and, considered by many, the most annoying defense layer for your online accounts. UC Merced tries to help soften this annoyance by having a Single Sign-On service that allows you to access all your UC Merced resources with one password. As a trade-off for such a privilege, it is essential that ensuring this password remains as strong and unique as possible. Community members are required set passwords that meet modern security standards when an account is claimed.

Breached Password Detection

UC Merced has developed a tool that searches through breached password databases to help you stay protected. Should your UC Merced credentials be detected in any of these databases, you will receive an alert the next time you log in and immediately be prompted to update your password to keep your identity secure. Additionally, you can use these systems to verify any password on any account (Apple, Google, Facebook, etc...) using the Breached Password Detector located within the Identity Management website's security check-up page. Just enter any password and see if it has been breached. 

Two-Factor Authentication

There are three ways to authenticate your identity:

  • Using something you know (a password or PIN).
  • Using something you are (fingerprint or face scan).
  • Using something you have (a device in your hands that can receive or provide confirmation of your identity).

Two-factor authentication (2FA) means using at least two of these factors to secure your identity. At UC Merced, that's a password you know and a device in your possession. We require 2FA for everyone accessing systems and services. You can learn more about this on our 2FA website.

Communications ShieldCommunicationCommunications Shield

Suspicious Email Reporting

Within our supported email client, Outlook, OIT provides a tool to report any emails you suspect are junk and/or phishing. These reports are sent to our security team to evaluate and include in our automated tools to attempt to catch these before they ever reach someone's inbox.

Zoom Encryption

Video and audio conferencing are convenient tools to help make meetings happen and have become essential in our increasing presence hybrid world. With that in mind, knowing that your communications are secure ensures you can conduct university business safely and confidently. All Zoom meetings and webinars are protected with end-to-end (E2E) encryption by default. Learn more about the feature and how to ensure it is enabled.

Devices ShieldDevicesDevices Shield

Cloud Storage

Collaboration keeps the university running across different departments and teams, and sharing files to support this collaboration is easy using cloud storage; OIT offers Box access to everyone on campus. Box keeps your data safe within UC Merced systems and allows you to share it safely and securely with your internal teams and external partners as needed.

Back-up Software

An overlooked part of data security is backups. Whether your system is on its last legs or has been compromised and wiped, data back-ups can save the day by keeping all of your essential research, work, or whatever you have stored safe and ready to be booted onto your next system. UC Merced utilizes CrashPlan as our data backup tool and it is free and available for all Staff and Faculty in the ServiceHub.

Knowledge ShieldKnowledgeKnowledge Shield

Cybersecurity Training

Available to you the in UC Learning Center, all UC employees are required to complete cybersecurity training annually. The training includes detailed explanations of threats, bad actors, and how community members can help prevent or thwart potential cybersecurity incidents.

Technology Hygiene

Technology isn't so different form your body; it requires care, feeding, and nurturing in order to operate at its every day best. Part of that technology nurturing includes utilizing some of the services IT provides that are highlighted in ProtectUs. But, it also includes "hygiene" such as ensuring you regularly check for updates to your operating system and applications, watching for what type of data you "consume", and exercising a healthy amount of skepticism and awareness in your cyber-surroundings.

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month (CAM). Every year, IT celebrates and engages campus with several events to educate on cybersecurity risks and opportunities to keep your information secure in your personal, professional, and academic lives.

Townhalls

To further meet the needs of campus, IT hosts townhall events to provide information and take in feedback from the campus community on all cybersecurity efforts IT is undertaking.

Policies & Guidelines

In order to ensure a consistent execution of technology usage & safety, policies or guidelines are often issued by UCOP and/or locally to support these efforts. OIT maintains a list on our website for awareness and review.

Take Action ShieldTake ActionTake Action Shield

Exceptions

While policy often tries to strike the balance between diligence and accomodation, sometimes there are outliers that need to be resolved. OIT offers a service to work without CISO to see if an exception to a policy can be accommodated.

Security Check Up

Within MercedID is your security check up, a place where you can check your registered 2FA devices, password age, and more! This lets you at a glance see the landscape of your UCMNetID and it's associated resources. 

Vendor Risk Assessment

As a part of software procurement at UC Merced, the OIT partners with CBS2 and Office of Legal Affairs to do a comprehensive review of all software purchases. This is to verify their comply with accessibility, privacy, and security policy to manage or mitigate the risk associated with those applications and UC Merced data.

Reporting a Cybersecurity Incident

Click here to report a potential incident or call 209-228-4357 and speak to someone at the Service Desk. Learn more about them here.