Cybersecurity Awareness: What You Need to Know About Phishing Attacks

As you may be aware, October is National Cybersecurity Awareness Month and the emphasis focuses on the mantras of Own IT, Secure IT, Protect IT. In previous weeks, we've focused on "Own IT" as it relates for Remote Access Security, "Secure IT" as it relates to multi-factor authentication, and "Protect It" as it relates to HIPAA violations. This week, I want to focus again on "Protect It" and how it relates to protecting data from scammers or hackers.

Before I jump into the topic of phishing, I wanted to remind you that wehosted a series of five short 10-minute webinars each day the last week in October called "Cybersecurity Coffee Chats." We covered topics including remote access security, multi-factor authentication, phishing, and patient privacy.

Click this link to access the entire Cybersecurity coffee chat series.

Now, on to the topic of phishing. A key to protecting "it" is knowing the tricks used by scammers to steal our information. Let's outsmart them!

Sadly, breaches can happen because we are a trusting people at heart! Time, effort, and money is spent locking down devices and remote users, then a (seemingly) innocent email comes through from the (supposed) CEO, and someone unknowingly clicks on a bad link.

These emails come in many forms, sometimes looking like people that you know (your boss, a colleague), someone you've done business with (the IRS, PayPal... fill in the blank), yet it's not your trusted source at all. Now you have a security issue.

Catching you off guard and posing as a trusted source is but one common internet scam that impacts organizations and private citizens. And, the scammers try again and again until someone that's busy or not paying close attention clicks on the link...

Let's look at a few other examples and types of theft that can happen.

Categories of Scamming:

• Identity theft - your personal identity is stolen and misused for fraudulent purposes. PHI is often a target because of the high value placed on this information.
  
• Imposter scams - This can involve email phishing and spear phishing (a more targeted attack using specific personal information about you), as was described in the example above.
  
• Impersonation - someone claiming to be someone else to get private information. For example, someone walking into a nurse's station posing as a guardian or family member of a patient and asking to access their information.

Each of these categories require their own safeguards needed to ultimately protect PHI. Most scammers are technologically savvy, using card skimmers on gas pumps and ATMs to steal information. They used advanced phishing tools and human nature to mislead and direct recipients to fraudulent websites to capture information and infect their computers.

How to Protect Your Organization and Yourself from Scammers:

• Use multi-factor authentication to verify users accessing your network
  
• Have your mail server place alerts on any messages originating from outside your domain
• Train employees regularly about how to be cyber smart
• Do not automatically click on links in emails. Do some investigation first, like looking at the url before you go to the site
• Never solely trust a card reader; inspect it, twist it and move it to see if there are loose parts

Earlier this year, we hosted an educational webinar "Tips for Winning the War on Cybersecurity." It shares more details about phishing and things you can do to increase security for your organization.

You can watch the recording of "What You Need to Know About Phishing Attacks" webinar below.

{% video_player "embed_player" overrideable=False, type='scriptV4', hide_playlist=True, viral_sharing=False, embed_button=False, width='1920', height='1080', player_id='19790639338', style='' %}

Click this link to access the entire Cybersecurity coffee chat series.