Throughout Cybersecurity Awareness Month, our Security and Privacy Team is offering valuable tips and tricks to help staff safeguard sensitive data and stay informed about common cyber threats. Eric Graham, Security Analyst with the Security and Privacy Team, explained how critical it is to be aware of methods hackers may use to access your computer and how to safeguard against it.
Can you describe the initiative and how this came about?
Cybersecurity is critically important to protecting sensitive data, not just in our work with the region’s hospitals and community health care partners, but in our personal lives as well. Protecting data from malicious actors requires a collective effort on all our parts to be aware of the tactics used and be vigilant in detecting and reporting them. We have implemented the Report Suspicious button for inbound emails and are very encouraged by the increase in percentage of staff detecting and reporting suspicious emails. Known as phishing scams, cybercriminals use email, SMS messaging, text and phone calls to attempt to trick you into giving them information by clicking on a fake link, giving log-in information by pretending to be IT support or by a “colleague” making an urgent request for documents, for example – all designed to gain access to data.
Who worked on this project?
The Cybersecurity team at TransForm is continuously conducting phishing campaigns to ensure staff are aware of the different types of emails they may see from cyber criminals, from fake URLs such www.micrasoft.com made to look very close to the real URL of the company, to fake requests from IT or Human Resources to “confirm” personal information.
What are some of the ways users can protect themselves from phishing tactics?
There are some essential aspects of cybersecurity awareness, vigilance and education that everyone can use as a daily practice. Human error is the main factor in security breaches and cybercriminals use this fact to create increasingly sophisticated methods to trick users. This is referred to as Social Engineering. It is vitally important to: avoid clicking links from an unknown or unexpected source, double-check URLs before entering personal information, use strong passwords, use multi-factor authentication (MFA), always read security updates and alerts and report any suspicious emails or activity. It is important to trust but verify websites, email addresses, requests for documents, cold calls asking for information or any other attempt to elicit personal information.
What are the challenges with ensuring cybersecurity awareness?
With the continually sophisticated methods cybercriminals use to try and access data, it means we have to be more vigilant than ever to spot these attempts. For instance, cybercriminals recently used a method of bombarding users with MFA requests in the hope that they will eventually wear them down and get them to authenticate the log-in attempt just to stop the notifications. This is called MFA Fatigue and any attempts to log-in that you did not initiate should be reported immediately. Remember it is okay to deny authentication requests and not get into the habit of selecting “Approve” when prompted. Ensuring all users understand the critical importance of being aware of and reporting suspicious activity is a continuous process of education and training.
Anything else you would like to share?
Cybersecurity is all of our responsibility and by following the best practices guidelines and training provided, and remaining vigilant, users can significantly reduce the risk of falling victim to cyberattacks and help protect your personal data. This in turn, protects us, our hospitals and their patients from data theft. The Security and Privacy Team appreciate your time and patience as we implement the measures needed to ensure the security of our data from bad actors.
|