Spring review: Passwords. Phishing. Tech scams.
May is Protect Your Passwords Month!
Managing all of your passwords can be a challenge, but with so much at stake, it’s important to do it well to protect both your personal information as well any sensitive Michigan Medicine information you have access to.
When is it okay to share your passwords or passcodes? NEVER!
Check out these reminders:
- Use different passwords/passcodes for different accounts
- Use short, unrelated words, mixed case, numbers and special characters
- ONLY YOU should know your own passwords/passcodes
- Know your U-M login pages
- Use a passphrase
- Passphrases are a series of random words or a sentence used as a password. They’re easy to remember but hard to guess — adding additional security strength. Just remember that it still needs to meet the (Michigan Medicine Level 2 password policy requirement.
- Make each account unique
- Never use the same password for more than one account. Each account that you log into should have a unique password. This way, if one account password becomes compromised, the others will still be protected.
- A password manager can help
- If you have too many passwords to remember, using a password manager can help. A password manager is a program that securely stores all of your passwords. You then only have to remember the passwords for your computer or device and the password manager program. Michigan Medicine offers LastPass as a password manager. For more information, contact the HITS Service Desk or go to https://michmed.service-now.com/sp and search for “LastPass.”
April was all about phishing
Phishing remains the No. 1 cyber-attack method, making it a shared responsibility to do your part, be cyber-smart, and learn how to protect Michigan Medicine and yourself from phishing attacks.
Phishing can be emails sent to a group of people designed to trick the recipient into opening an attachment, clicking a link or downloading a malicious file in order to obtain your credentials or share sensitive information. These phishing emails bypass technical safeguards and leverage human vulnerabilities to attempt to penetrate our network.
Signs to look for to recognize phishing:
- Keep your emotions in check: Phishers frequently use emotions like fear, curiosity and greed to compel recipients to open attachments or click links.
- Look at the domain name: Some attackers modify domains to catch targets off guard. For example, if the correct domain is www.example.com, the phishers may register “examp1e.com” or “example.co.”
- Think twice: Read emails thoroughly and be wary of words like “Caution,” “Act Now,” and “Warning,” which draw your attention and make you act quickly.
- Pay close attention to emails that have shared documents, ask for password changes, indicate purchase order problems or technical support issues.
Departments/business units that are identified as least susceptible to phishing were recognized in April, and those identified as most susceptible will soon receive further phishing training activities from IA Education & Awareness to help reinforce the need to stay vigilant.
March was about spotting tech scams
If you received a message from a tech company about a problem with your computer and they want money, personal information or remote access, DON’T RESPOND. REPORT IT!
Examples of scams:
- A phone call or email from a software vendor
- A text message with a passcode to approve
What to do if you get scammed:
- Change any passwords and/or PINs that you shared. (Do not reuse old passwords)
- Contact customer service for the account and let them know what happened.
- If you used your device for U-M-related work, call the Service Desk.
Michigan Medicine Information Assurance Educational Resources: https://safecomputing.umich.edu/michigan-medicine
Search for various topics from the Safe Computing Home Page: https://safecomputing.umich.edu/
More about Information Technology Policies: https://it.umich.edu/information-technology-policies
For additional information, email: email@example.com