Information Assurance Archive
In case you missed any tips on cyber security or on how to protect yourself and others, please see latest posts below.
Michigan Medicine offers LastPass Enterprise password manager as an opt-in service to the Michigan Medicine community members who have an email address at med.umich.edu and a Michigan Medicine (Level-2) password.
In addition to enrolling into a LastPass Enterprise account, Michigan Medicine encourages you to also create a free LastPass Premium account for your personal passwords’ security.
As of Aug. 15, 2020, there is a new password requirement for newly created, changed or reset UMICH (Level-1) passwords:
- They must be 15 characters or longer.
- Will be dynamically assessed for strength using an algorithm that calculates a strength score.
- Will be checked against a database of known breached passwords.
Protect Yourself from Phishing Emails
Phishing remains the No. 1 cyber-attack method, making it a shared responsibility to do your part, be cyber-smart, and learn how to protect Michigan Medicine and yourself from phishing attacks.
Continue reading to learn more about phishing:
Q: What is phishing and why is it important to understand?
A: Emails sent to a group of people designed to trick the recipient into opening an attachment, clicking a link, or downloading a malicious file in order to obtain your credentials or share sensitive information. These phishing emails bypass technical safeguards and leverage human vulnerabilities to attempt to penetrate our network.
Q: With some of the workforce working remotely and relying on technology more than ever before, what are signs people can look for to recognize phishing?
Reminder: Wipe it clean
Whether you are changing or upgrading computers or upgrading your cell phone, it’s important to remember that you must completely wipe it clean. The Michigan Medicine Information Assurance team shares a few tips on what you need to know.
Did you know?
- Deleting files from a device like a PC, laptop or phone does NOT completely remove your information from the device.
- Securely wiping the data prevents it from recovery.
Using personal devices for work purposes?
- Properly delete U-M files and data (when your role or employment status changes.)
- Wipe the device before you resell, transfer, or recycle it.
- It’s policy!
Leave no data behind!
Email, Patients, and PHI – Communicating with Patients via Email
- Only use your @med.umich.edu account to send communication containing PHI to a patient.
- Type [SECURE] in the subject of an external email to encrypt it.
- If you are emailing information to more than one patient, use the BCC field. Patient email addresses are PHI and cannot be exposed to other patients.
Protect Yourself from Tax Fraud
- Filing your taxes early helps prevent criminals from filing under your name before you do!
- Elect to receive to receive W-2 information online.
- Use direct deposit for refunds.
- The IRS will NEVER contact taxpayers by email, text messaging or social media. Initial correspondence will always come through the U.S. mail.
2020 was a record for cyberattacks, with large organizations such as Microsoft, Marriott and Magellan Health becoming victims to data breaches, ransomware and other cybercrimes. This year is shaping up to be even larger for cyberattacks. According to the Information Systems Audit and Control Association (ISACA), damages from cybercrime are expected to reach $6 trillion globally this year.
Spring Review: Passwords. Phishing. Tech Scams.
May is Protect Your Passwords Month!
Managing all of your passwords can be a challenge, but with so much at stake, it’s important to do it well to protect both your personal information as well any sensitive Michigan Medicine information you have access to.
When is it okay to share your passwords or passcodes? NEVER!
Check out these reminders:
- Use different passwords/passcodes for different accounts
- Use short, unrelated words, mixed case, numbers and special characters
- ONLY YOU should know your own passwords/passcodes
- Know your U-M login pages
- Use a passphrase
- Passphrases are a series of random words or a sentence used as a password. They’re easy to remember but hard to guess — adding additional security strength. Just remember that it still needs to meet the (Michigan Medicine Level 2 password policy requirement.
- Make each account unique
- Never use the same password for more than one account. Each account that you log into should have a unique password. This way, if one account password becomes compromised, the others will still be protected.
- A password manager can help
- If you have too many passwords to remember, using a password manager can help. A password manager is a program that securely stores all of your passwords. You then only have to remember the passwords for your computer or device and the password manager program. Michigan Medicine offers LastPass as a password manager. For more information, contact the HITS Service Desk or go to https://michmed.service-now.com/sp and search for “LastPass.”
October is National Cybersecurity Awareness Month.
Phishing continues to be the primary threat for cyberattacks. It is easier and takes less time to set up a phishing attack to manipulate busy people than it is to attempt to break through the security technology companies and organizations use to protect their information.
Phishing is a cybercrime that uses email, telephone or text message posing as a legitimate establishment or person to lure individuals into providing personal or work-related sensitive data to be used for illegal purposes.
It’s really out there! Beware of ransomeware
Cybersecurity is a shared responsibility within Michigan Medicine. Attention to detail and reporting suspicious emails can seriously help protect our organization.
A few important tips to remember:
- Always report suspicious emails
- Use the Report Phish button in Outlook Or forward the phishing email to: ReportPhish@umich.edu
- Do not open unexpected email attachments
- Hover over the links with your mouse to check the URL destination
- Double check who the email is from; senders can be easily forged