Cyberattacks are happening. Protect yourself and the network.

October is National Cybersecurity Awareness Month. 

Phishing continues to be the primary threat for cyberattacks. It is easier and takes less time to set up a phishing attack to manipulate busy people than it is to attempt to break through the security technology companies and organizations use to protect their information. 

Phishing is a cybercrime that uses email, telephone or text message posing as a legitimate establishment or person to lure individuals into providing personal or work-related sensitive data to be used for illegal purposes. 

It only takes a few seconds to fall victim to a phishing email, but the results can take hours, days or weeks to recover from one person falling victim. Do your part and help keep yourself and Michigan Medicine safe from cybercrimes. 

How can you recognize phishing in your everyday life? Here are a few common tactics to look out for:  

Too good to be true: Rewarding or eye-catching offers designed to attract people’s attention immediately. The communication may claim that you have won something and ask you to “claim your reward.”  Remember, if it’s too good to be true, it probably is! 

Sense of urgency or strong emotion: Cybercriminals ask people to act fast, use fear or empathy to get people to react based on emotion before thinking through the possible implications.

Hyperlinks: Phishing emails may contain hyperlinks that will take you to an impersonated webpage to attempt to deceive users into sharing sensitive data. Closely review hyperlinks for accuracy before clicking.   

Attachments: If there is an attachment in an email you were not expecting or seems a bit suspicious, do not open it! Attachments can contain ransomware or other viruses. The only file type safe to open is a .txt file.  

Unusual sender or out of the ordinary: Whether it looks like it’s from someone you don’t know, or someone you do know, if anything seems out of the ordinary, unexpected, out of character, or just suspicious in general, don’t click on it. If an email seems odd, and is from someone you know, call them first. 

Ransomware – On the rise more and more 

There are a variety of phishing approaches cybercriminals utilize, and ransomware is one of these that is seen more and more in the health care industry. Ransomware is a form of malicious software that encrypts or locks files and documents from a single PC or an entire network.   

At Michigan Medicine, most of the computers are connected via a network, which means if one person is infected by ransomware, it can spread to any device connected to the same network.    

“While ransomware is a threat everyone in the health sector has been navigating for a few years, we are ramping up our attention and capabilities to meet the?needs?of the growing impacts and frequency of these threats,” said Jack Kufhal, Michigan Medicine’s chief information security officer. “Our best, most effective resource is a savvy and attentive workforce that continually and cautiously review their incoming email to report or delete suspicious messages or attachments.” 

No one is excluded, it’s a shared responsibility 

Because cyberattacks are so focused on human behavior to be successful, it’s up to everyone to stay vigilant and educated when it comes to cyberthreats. What can YOU do? Below are ways for you to do your part:  

• Report suspicious emails using the Report Phishing button in Outlook or forward the email to ReportPhish@umich.edu 

• Do not click links or attachments from unknown sources 

• Review URLs and links carefully 

• Stay educated and learn more: 
  • Phishing and Suspicious Email: Phishing & Suspicious Email / safecomputing.umich.edu 
  • Videos and Elearning Modules: Michigan Medicine Information Assurance Educational Resources / safecomputing.umich.edu 
  • Request a representative to speak to your team, send an email to: ia-edawareness@umich.edu 

Become part of the Cyber Safety Crew to help disseminate awareness topics to your team or department: ia-edawareness@umich.edu