As we enter a new year at UMMC, the Division of Information Systems (DIS) would like to remind everyone to beware of phishing scams that could attack your personal and professional email accounts. Phishing is a form of online fraud in which an attacker tries to gain access to your account information by pretending to be a reputable individual or company via email.
“Access to health care information is more valuable now to cybercriminals than Social Security information,” said Kevin Yearick, DIS chief technology officer. “Every day someone in the world is being hacked, and many of these cases come from preventable phishing attacks.”
DIS is taking multiple precautionary measures to protect UMMC accounts. Throughout January, all users will receive prompts to change their passwords, and accounts will soon have a two-factor authentication feature. This is similar to online banking where a security question or series of questions is used to confirm a user's identity.
Microsoft Outlook is equipped with ProofPoint, an email protection solution, to scan all incoming emails for suspicious content. Outlook also blocks any emails without a subject, due to trends in phishing emails.
Even with the most vigilant systems in place, some spam or phishing emails do sneak through. There are many steps that individual users can take in order to protect personal and professional information:
- According to Microsoft.com, phishing emails typically contain an “urgent” request for personal information alongside a threat to close or lock an account. Users should never reply or disclose any information to these sources.
- Never use your work email to sign up for a mailing or distribution list, such as sales and promotional emails. These lists can easily be sold to hackers, putting your account at risk.
- Avoid clicking unknown links within an email as well. The UMMC Office of Information Security states that users should not click links nor reply to a suspicious email and should instead report the email by forwarding it to firstname.lastname@example.org, then delete it.
- Never download any unexpected attachments or communicate personal information in an email; this includes passwords, account IDs, banking details and Social Security numbers. UMMC will never ask for sensitive information via email.
Users can also expect to see additional security precautions and changes from DIS throughout 2016 as future threats are discovered.
“DIS recognizes that many security enhancements will make an application harder to use,” Yearick said. “Know that we are committed to balancing secure solutions with usability. Without preventive measures, we leave ourselves and UMMC at an extreme risk.”