Increased Cyber Security Recommendations
Dear Students and Colleagues,
In light of current world events, the College of Medicine I.T. unit has been informed of an increase in the number of fraudulent emails and phone calls being reported by the larger campus community. We are aware that the increased potential for cyber-attacks will continue. We have prepared the following items that will help us secure our environment:
Phishing:
Phishing is one of the main ways to infiltrate and spread malware, and we have seen it more than double recently.
-
If you are not expecting an email or a phone call, it is safer to ignore it.
-
Ensure that the source is trusted, email addresses and phone numbers cannot be trusted.
-
Be wary of:
- Job Opportunities
-
Gift card offers
-
Email attachments ( they may contain malware)
-
Requests for private information
-
Remember you may have posted personal information on social media sites that will be harvested.
-
Scrutinize emails with [EXT] or EXTERNAL EMAIL, as they are originating from a possible untrusted source.
Downloads:
Security has now embraced a “zero trust” model and moved away from “trust but verify”
-
Refrain from downloading free internet software.
-
Download only from trusted sources.
-
Verify the integrity of downloads by checking hashes
-
Use tools like https://www.virustotal.com to help analyze files, domains, IPs, and URLs.
Keep items up to date:
Updates are created to not only provide updated functionality but also patch known and unknown vulnerabilities.
-
Update and patch all technology to include software and hardware
-
Home routers
-
Smartphones
-
Smart Home equipment (lightbulbs, garage door openers, door locks)
-
Do not use End-of-Life (EOL) items such as Windows 7
-
Antivirus and Antimalware tools should be updated constantly
Passwords:
Passwords have evolved from ‘something you know’ (a password), to ‘something you have’ (your smartphone), ‘something you are’ (biometrics).
-
Use Multi-Factor-Authentication. In 2019 Microsoft reported that 99.96% of account compromises could have been thwarted with the use of MFA.
-
Here are some popular services and how to enable MFA:
-
Do not reuse passwords between services
-
Do not share your passwords ( even your Netflix one)
-
Use difficult passwords to crack (password123 is not a good password)
-
Remember your first puppy's name is probably on social media.
-
Use passphrases ( i.e. "This can be a substitute for a simple password" vs. "Password")
-
Use a password manager, I don't remember all of my passwords.
Use approved and enterprise solutions:
- A list of HIPAA compliant systems can be found here: https://medicineit.arizona.edu/compliance-security/hipaa-phi/approved-ph...
- University Enterprise solutions undergo a rigorous acceptance process that includes a formalized Risk Assessment process
- A list of university software can be found here: https://softwarelicense.arizona.edu
Training:
- While not part of the required training courses we encourage you to review the following training materials:
- Insider Threat Awareness Certification
- UA Box Health Training
- Zoom For Health Training
- Secure Application Developer
We are here to help:
-
Please reach out through https://comhelp.arizona.edu if anything seems off.
-
We are happy to review emails, files, IPs, domain names for safety.
-
If you receive a message that your password has been changed and you did not change it contact our 24/7 Support center at (520) 626-8324