Surfing the internet leaves behind a trail — everything you typed and every site you visited was tracked. Even when you click the “X” button to close out of your browser, your search history and personal data will often linger. Companies can then purchase this information for commercial reasons, or worse, hackers can steal it and use it in many ways. You need to remain vigilant in protecting your privacy, especially when it comes to your protected health information (PHI). These five tips from Sharp HealthCare’s information technology risk management team can help:
1. Enable two-factor authentication (2FA) wherever possible.
Two-factor (or multifactor) authentication (2FA or MFA) requires more than one method of verification to validate the identity of a user before access is granted. Passwords can be easily stolen, so this is the best way to protect yourself online. If you’re unsure which websites and services offer 2FA, visit twofactorauth.org and search for your favorite sites.
2. Use strong, unique passwords and do not share them.
Creating and remembering complex passwords can be frustrating, but weak passwords are easily guessed or “cracked” by hackers using automated tools. Instead, be sure to make your password long because length matters far more than complexity. Here are two ways to pick strong, easy-to-type passwords:
- Option 1 — Pick a unique phrase (five or more words) only you would know and that’s easy for you to remember (e.g., yellow post-its consume my life).
- Option 2 — String five or more random words together (e.g., agency roving stoplight lip derail).
Find your own way to incorporate these tips. If policy requires it, add a number and symbol for a little complexity. Each password should be unique and never shared. Consider using a password manager (e.g., LastPass) to generate and remember all of your unique passwords.
3. Beware of phishing and social engineering.
Phishing is an online form of social engineering, which is tricking someone into giving something up to an imposter. Over 90% of successful cyberattacks involve some form of social engineering because it works, and the attacks usually come in the form of an email, phone call, text message, social media post, etc., so it’s critical that we look for red flags if and when they occur:
- Communication received is unexpected, sender is unknown, the content is out of the ordinary or the use of terminology is atypical.
- Request to click on links or open files or attachments, provide credentials or sensitive information, or perform a critical task (e.g., reroute direct deposit).
- Sense of urgency or striking fear (e.g., acting as the IRS or law enforcement).
If you’re unsure, contact the alleged individual or entity through approved channels such as their secure website or phone number, and validate the communication. Unfortunately, we now live in a world where we need to use a bit of skepticism because these types of attacks are only increasing and becoming more sophisticated.
4. Keep your devices up to date, use anti-virus software and change default passwords on network-connected devices.
Software companies are constantly protecting their products against vulnerabilities that they identify regularly. These vulnerabilities can be easily exploited by hackers to gain access to your system or device. Ensure all of your network-connected devices (computers, phones, routers, TVs) are set to automatically update their operating system, as well as application software installed on those devices. Consider installing a reputable anti-virus solution on your computer(s). Change the default password on all other “Internet of things” (IoT) devices that connect to the network.
5. Think about what you’re posting on forums and social media.
It’s frightening what information exists about us on the internet with or without our knowledge and approval. Hacking 101 is gathering that personal information about the individual or entity being targeted, and using it against them. Keep your social media profiles private and don’t overshare online; even publishing your birthday can be used by hackers to engineer their way into your life. Don’t make it easy for them. For additional tips on how to protect your PHI, visit the Federal Trade Commission’s OnGuardOnline