National Cyber Security Awareness Month - October 2020
As National Cyber Security Awareness Month comes to an end, we would like to share our appreciation for all the work the UCLA Health community does to keep our computing environment safe. Your partnership helps keep us from falling prey to a never-ending slew of malicious attacks aimed at gathering health care data.
At this time we want to share with you the recent statement released by the Federal Bureau of Investigation and the U.S. Department of Health and Human Services regarding credible information they’ve obtained to warn of increased and imminent cybercrime threats to U.S. hospitals and health care providers. As an academic medical center, we take our commitment to safety and security for our communities very seriously and hope you will join us in staying vigilant and aware.
While our security team continues to monitor and protect our systems, we can’t stress enough the importance of every member of our community in keeping our and our patients’ data secure. Continue practicing the below tips to ensure we are able to maintain our environment’s integrity.
- Always be wary of attachments you receive from external or unknown email addresses and please be extra cautious of any email containing a request for you to take an action such as enabling macros.
- If you receive suspicious email, make sure to report it by using the Report Suspicious button or option within Outlook.
- Directly browse to trusted sites when looking up information as opposed to clicking links from untrusted emails.
#BeCyberSmart Tips
Guard against malware
UCLA Health IT teams work tirelessly to make sure that our systems are as technically secure as possible, but every single one of us is a gatekeeper for those systems. Just as the best locks won’t keep someone out of your house if you leave the door open, our resources, efforts, and funding to keep you secure will not get very far if you share your password with the wrong person, open a suspicious email attachment, or create weaknesses with unapproved software or tools.
Two recent headlines have highlighted how technology has revolutionized health care and the care we provide, but these advances come with an increasing dependence on that same technology, and issues with those systems could have serious consequences.
- German hospital hacked, patient taken to another city dies [Associated Press, September 17, 2020] where a ransomware attack led to a delay in patient treatment highlights how crucial it is that we take our cyber security seriously.
- Closer to home and even more recent, “UHS says all U.S. facilities affected by apparently ransomeware attack" [Healthcare IT News] .
Although your work-issued computers are set up with malware protection, it is as easy as it is important to #BeCyberSmart and stay aware:
- Be observant about what links you click on and the sites you visit so as to keep your computer healthy.
- Keep your computer protected by keeping it up-to-date. This will ensure it has all the tools available to stay safe from all the known malware that could infect your computer.
- Protect any personal device used for university business with antivirus and malware software.
Don’t take the bait!
Fishing can be relaxing, but being “phished” is typically stressful. Phishing emails account for 90% of data breaches.Somake sure to check forred flagson emails such as spoofed(forged)sender addresses and urgency so you don’t get hooked into a data breach.
Does it smell “phish-y”? If you’re unsure, we’ll check it out for you! Don’t forget, you can report suspicious emails (including phishing or spam) directly from within Outlook. Once you’ve reported an email, the message will be sent to our teams for review and will erase the message from your inbox if found to be malicious.
Building a stronger defense
With every National Cyber Security Awareness Month that passes, we find ourselves living in an ever increasingly digital world with malicious hackers constantly looking for ways to break through our security protections. While sites continue to ask for stronger passwords, your new code can still be susceptible to a determined hacker. The strongest defense towards these attackers is to enable multi-factor authentication on any site that has that feature available.
Multi-factor authentication provides a unique solution in depending on additional checks that only you would be able to verify. The extra step may be cumbersome but it’s an advantage over what the hackers have access to. Multi-factor authentication also allows you to know if and when someone else is trying to log in to your device as you’ll receive a notification that you did not ask for. Within UCLA Health, we have implemented the use of Duo in order to access any of our resources while off-site. We encourage you to check the available security options on sites that keep any of your sensitive data and keep your information secure.
Activities
- True Eye (Full Length short film)
Watch Film
True Eye is a thriller which follows new-hire, Adrian Bridges, through his first day at a global AI-technology firm. Adrian’s policy orientation and security training quickly spin into suspense and intrigue as his personal AI device, Guide, starts asking him to do unethical and even dangerous things with sensitive data. His adventure offers a glimpse into proper operational security, how technology affects people and what we can do about it. - Zombie Hotspot Mini-Game
Play Game
Zombie Hotspot is a self-led timed mini-game to locate all security threats or violations in sight...watch out for zombies! - Craft A Phish Mini-Game
Play Game
Craft a Phish is a foundational training mini-game that challenges users to decide which phishing email is the most difficult to spot. - Raw Phish Game
Play Game
RawPhish is an advanced training mini-game that challenges your users to locate the malicious phishing emails using only the email raw logs in this game for advanced players. - Cyber Security Awareness Month Zoom Background