Are You Safe Online?Published: Jan. 13, 2015
Why We All Must "STOP. THINK. CONNECT."
Roger Hertz, CPHIMS
Vice President & Chief Information Officer
Methodist Health System
Headlines like these have become commonplace:
- "Sony Breach Fuels Worldwide Security Fears”
- “Additional 70 Million Target Customers Hit by Holiday Hack”
- “5 Million Gmail Accounts Compromised”
- “145 Million eBay Users Asked to Change Passwords After Cyberattack”
Why? Because every individual and company connected to the Internet is vulnerable to cybercrime.
Tech-savvy criminals who may be sitting at keyboards half a world away are stealing personal and organizational data to use or sell to other criminals. Experts estimate that 75 percent of these cyberattacks are opportunistic -- meaning they are not targeted against a specific individual or company, but scattered like shotgun blasts at everyone online.
What makes most successful cyberattacks possible? Ordinary people who unknowingly let a hacker into their computer network. More than 90 percent of breaches are the result of human error.
Favorite techniques used by cybercriminals include:
“Phishing” or Fake Emails
Emails can be made to look like a communication from a legitimate business (including our own) to obtain personal information, such as user name, password or financial details. By replying or by opening an email attachment or embedded link, you might give the attacker a gateway to install “malware,” a malicious software program designed to disrupt or control your computer.
This is the use of human interaction to obtain information about an organization or its computer systems. With a phone call, a persuasive cybercriminal may coax compromising information from an overly helpful employee by pretending to be a new hire at the company, a repair person or researcher, etc.
Cybersecurity: Every MHS Employee's Responsibility
In the months to come, you will be hearing much more about cybersecurity. While the MHS Information Technology (IT) team works diligently to assure the safety and security of our company information and computer systems, every employee must play an active role in protecting our organization from outside threats. The Internet has become a more dangerous place, and we share a responsibility to take measures to stay safe in our online activities.
Because cybersecurity affects us all, the U.S. Department of Homeland Security has developed a national public awareness campaign called “STOP. THINK. CONNECT.” This campaign is designed to increase the understanding of cyberattacks and empower the American public to be safer and more secure online.
Before you use the Internet, take time to understand the risks and learn how to spot potential problems. Stop others from accessing your accounts by setting secure passwords. Do not share personal information online, especially passwords and social security numbers. If your job involves electronic transmission of patient information, you are required to follow MHS HIPAA email security rules, including ZIXIT email message encryption.
Practice stranger danger and be skeptical. Slow down and watch for warning signs, especially in messages that arrive from unexpected sources, including messages that appear to come from inside our organization. Before you click, take a moment to be certain the path ahead is clear. Is this truly from a trusted source? Is the request really relevant to you? Whenever you click or share information online, be certain it is safe and wise to do so.
Safeguard yourself and your computer. Use only secure networks. Wifi hotspots may not offer the same protections. Trust your gut. If it does not look or feel right, close out or delete the email.
Ways to Protect Yourself
- Remember that Methodist Health System and other legitimate businesses will never email or call asking you to confirm your account details.
- Look for your name in all emails to you, not a general term, such as “Dear Valued Customer.”
- Rest your mouse pointer (being careful not to click) on the email sender’s URL address to see if it matches with the correct company.
- Look for spelling errors, grammar mistakes and other indicators the email is unprofessional.
- Do not click on links in emails you receive. Use one of your own trusted bookmarks, or type the address into your browser.
- If you suspect for any reason an email is not legitimate, call the sender or company directly.
- Call the MHS IT Help Desk at (402) 354-2280.
- Visit the "STOP. THINK. CONNECT." website.
Supervisors, please post for employees and discuss with your team.
We welcome your feedback. To comment on this Online Forum, send an e-mail to ForumFeedback@nmhs.org or use Employee Connection’s "Submit a News Idea" online form.
Your Forum Feedback messages are forwarded to the appropriate administrator with your name for a direct response, unless you ask to remain anonymous. A sampling of Forum Feedback questions or comments of broad impact to employees may appear in future Online Forums.