As part of UMMS IS&T Security Team’s ongoing efforts to maintain a secure and safe working environment and protect you and your personal information from attack, here are some key points to keep in mind:
Phishing (Fraudulent emails that try to convince the recipient to perform a certain action.)
- Recognize Phishing Emails: Be cautious of emails from unknown senders, especially those that ask for personal information or urge immediate action. Look for signs like poor grammar, suspicious links or unexpected attachments. Bad actors will take advantage of current events, such as the CrowdStrike outage, to provide context for phishing emails.
- Verify Requests: Always verify the authenticity of requests for sensitive information by contacting the sender through a known and trusted method.
- Report Suspicious Emails: If you receive a suspicious email, do not click on any links or attachments. Use the suspicious report button in the banner at the top of the email.
Vishing (Voice Phishing)
- Be Skeptical of Unsolicited Calls: Be wary of unsolicited phone calls asking for personal or company information. Scammers can impersonate legitimate organizations. Scammers will use information from LinkedIn and social media to make their calls more convincing.
- Verify Caller Identity: If you receive a call requesting sensitive information, verify the caller’s identity by calling back using a trusted phone number.
- Do Not Share Sensitive Information: Never provide personal or confidential information over the phone unless you are certain of the caller’s identity and the legitimacy of the request.
Safe Web Browsing
- Use Secure Connections: Ensure you are using a secure connection (look for “https” in the URL) when browsing the internet, especially when entering personal or financial information.
- Avoid Suspicious Websites: Do not visit websites that seem suspicious or are not from a trusted source. These sites can host malware or phishing attempts.
- Keep Software Updated: Regularly update your web browser and other software to protect against security vulnerabilities. Enable automatic updates where possible.
- Avoid Unauthorized Software: Only download software from trusted sources. Unauthorized downloads can contain harmful malware. Protect your device and personal information by sticking to official app stores and verified websites.
Shared Accounts
- Do Not Share Accounts: Avoid sharing accounts entirely. Each team member should have their own unique login information. Shared accounts can lead to security vulnerabilities and make it difficult to trace activities back to specific individuals.
- Individual Accountability: Having individual accounts ensures accountability and security. It allows us to monitor actions accurately and respond to any security incidents effectively.
- Request Access Properly: If you need access to a particular system or resource, request it through the proper channels rather than using someone else’s credentials.
Your vigilance and adherence to these security practices are vital in protecting our organization from potential threats and in safeguarding your personal information. Thank you for your attention to these important matters.