Environmental Horticulture Thefts

Lessons Learned

IT Security Meeting

June 6, 2017

The Scene

Incident #1

​Monday, March 20

  • Staff noticed items missing from unlocked cabinet

 

Wednesday, April 26

Stolen items identified as:

  • iPhone 7 Plus 256GB with case, cord, charger
  • iPad 3 16GB with case, cord, and charger
  • 2 cameras, 1 audio recorder, other A/V

Incident #2

​Wednesday, April 12

  • Laptop and cell phone reported stolen from Plant Sciences in Environmental Horticulture

 

Wednesday, April 26

Stolen items identified as:

  • Dell Latitude 7470 laptop
    • Un-encrypted
  • Keys for a shed

Incident #3

​Friday, April 14

  • Laptop reported missing from International Programs Office
  • Vandalism, paper files stolen from filing cabinet
  • Planners, Post-Its, calendars stolen from desks
  • Refrigerator unplugged

Monday, April 17

Stolen items identified as:

  • Dell Latitude 7440​
    • Encrypted
    • Disabled in uConnect
    • Data stored in Dropbox

Incident #4

​Wednesday, April 26

  • Laptop reported missing from International Programs Office

 

Stolen items identified as:

  • Dell Latitude 7240​
    • Encrypted
    • Disabled in uConnect
    • Data stored in Dropbox

Incident #3 Part 2

​Wednesday, April 26

  • Found that users had purchased external hard drives for use with Latitude 7440
  • Hard drives contained complete backups of departmental SmartSites 

Response

  • Reset all user passwords
  • Confirmed Bitlocker encryption
  • Disabled computer objects in uConnect
  • Removed MAC DHCP reservations
  • Confirmed no-checkins to BigFix
  • Checked CrashPlan backups of laptops
  • IdentityFinder scans on home directories
  • IdentityFinder scans on DropBox shares
  • De-authorized devices on DropBox
  • DropBox remote wipe

Data Loss

  • Passports
  • Social Security
  • Credit Cards
  • Bank Accounts
  • Student Contact Info
  • Signed Contract & Grant forms

Actions Taken

  • Notifications to a few hundred folks
    • Complied with CA state laws even when not applicable
  • USAID notifications
    • Property loss
  • UCD Police physical security assessment
    • Will act on all suggestions
  • Cyber-insurance claim filed
    • Documentation of incidents key!

Lessons Learned

  • Physical Security
  • Outreach to Police Department
  • Outreach to everyone! CISO, Privacy, Executives, ...
  • Data Retention
    • Justify why and how long
  • DropBox
    • Forced by other institutions
    • Hesitant to commit in writing to campus standards
    • Look at CASB
      • CipherCloud

E-Hort thefts

By Adam Getchell

Made with Slides.com

E-Hort thefts

  • 190

More from Adam Getchell