It is no secret that cyberattacks are becoming more sophisticated and persistent. UW Medicine employees have accidentally compromised their logins over 300 times this year alone by clicking on links or attachments in phishing emails. Phishing continues to be our biggest security challenge, even though it is a well-known threat.
By forming good security habits, every employee can help prevent cyberattacks. UW Medicine Information Technology (IT) provides three simple and effective practices to adopt.
When in doubt, delete it
Links in email and online posts are often the way cyber criminals compromise your computer. If an email is unexpected and looks suspicious, here is what you can do:
- DO NOT click on any links or follow them to any websites asking for login credentials.
- DO NOT enter your NET ID login in any forms or websites.
- DO NOT open any attachments.
- DO contact the “sender” if known to you, but use a different, trusted way to confirm legitimacy.
- DO delete the email (if reporting it, send it as an attachment before you delete it).
- DO report phishing emails by sending an attachment of the email to help@uw.edu.
- DO report spam emails by sending an attachment of the email to reportedspam@cac.washington.edu.
Lock down your login
To reduce account theft at work or home, develop good habits that protect your login and identity.
- DO enable multi-factor authentication (MFA) on your bank, social media and work accounts. This simply means you agree to verify your identity multiple ways before getting access. Many applications offer MFA security.
To get started, here are some factors you can combine:- Something you know like your username/password.
- Something you have like a text to your smart phone.
- Something you are like your fingerprints.
- DO create strong passwords. Try using longer sentences or phrases that are easy to remember.
- DO NOT use the same password for different accounts.
If you connect it, protect it
Whether it is your work or home devices, the best defense against viruses and malware is to update to the latest security software, web browser and operating systems.
- DO sign up for automatic updates.
- DO NOT delay updating devices. Install security updates when your programs tell you they are available.
- DO NOT store confidential information on unapproved systems or devices.
RESOURCES:
- Learn more about Cybersecurity Awareness Month and download the factsheet.
- Protecting Patients: Security & Compliance Guidance for Teleworking.
- UW Medicine Information Security.
- To report a cyber security event, email UW Medicine Help Desk at mcsos@uw.edu.
