Cyber Security Awareness Month
Cyber Security Awareness Month is an international campaign in October to help you stay safe online. Over the next four weeks, you will receive information and tips—through mass emails and the Daily Bulletin—on how to protect yourself and your electronic devices.
If you connect it, protect it!
It's tempting to delay taking action to make yourself more cyber secure. After all, who wants to interrupt work to download a software update for their computer? However, the unfortunate fact is that cybercriminals are a constant threat. If you aren’t following best practices for cyber security, you risk becoming a victim.
So stop making excuses! Cyber Security Awareness Month is a great opportunity to adopt some best practices for cyber security.
Did you know?
- Once a digital device is connected to the Internet, it can be attacked within five minutes and targeted through specific activities within 24 hours.
- Cyber threats, such as ransomware, can disrupt the healthcare sector by interfering with critical processes, slowing them down or making them completely inoperable.
- Ransomware may enter your computer system in three ways:
- Through phishing, vishing (voice mail) or smishing (SMS message)
- When you click on a malicious link
- When you view an advertisement containing a virus or malware
Find out how knowledgeable you are about cyber security by answering a few questions in the Cyber Safe Checkup.
You can play a role in ensuring your own cybersecurity. Think before clicking! There are many steps you can take to enhance your cybersecurity.
- Lock down your login
Use two- or multi-factor authentication, whenever it is offered.
- Avoid clicking... when in doubt!
Links in emails, tweets, texts, social media postings and online advertising are the easiest way for cybercriminals to get your sensitive information. Be cautious when clicking on links or downloading information that comes from an unknown source/organization or that you were not expecting.
- Update your devices
To reduce the risk of your devices becoming infected with malware, update all your internet-connected devices. Have your devices update automatically or notify you when an update is available.
- Back up your data
Protect your valuable data and documents by making an electronic copy. If your device is avictim of ransomware or another cyber threat, you will able to restore the data from a backup. Use the 3-2-1rule as a guide to backing up your data:
- Keep at least three copies of your data.
- Store two backup copies on different storage media.
- Store one of those backups offsite.
- Configure your privacy and security settings
Whenever you sign upfor a new account, download a new app or obtaina new device, configure the privacy and security settings that regulate information-sharing. Verify your settings often—at least once a year.
- Think...before you put information online
Stop and think before you place information online. Think about who might see the post and how it might affect you or others.
- Learn about using WiFi hotspots
Public wireless networks and WiFi hotspots are not secure. Anyone can see what you’re doing on your laptop or smartphone while you’re connected. Limit what you do on public WiFi and avoid logging into your main accounts, such as email and banking services.
Cybersecurity at work and at home
- Keep your devices up to date and install antivirus protection.
- Think before clicking on an email or text, or taking a phone call that asks for personal information.
- Make sure you know your recipients when you share information or data.
- Before clicking on or downloading an attachment, inspect the links and ensure they are from trusted senders.
- Avoid cloud-based platforms (e.g., Dropbox) that have not been approved by your organization, especially when sharing confidential information.
You experience a cyber security incident...
- Cyber security breaches may affect the confidentiality, integrity and/or availability of information.
- If you experience an information security incident, we invite you to fill out this form: https://www.ciussswestcentral.ca/zone-for-partners/information-security/.
- All suspicions need to be addressed. The information security form should be completed, and phishing needs be reported to the IT team, along with an Octopus request: https://ccomtl.octopus-itsm.com/Web/Login.aspx?ReturnUrl=/ccomtl/Web/RequestList.aspx.
Protecting yourself from cyber crime
How do you develop a cyber security plan?
- Secure your accounts
- Secure your devices
- Secure your connections
Keep your passwords secure and activate multi-factor authentication (such as security questions, PINS, voice recognition, SMS authentication, etc.). Remember: When there is DATA, there are OPPORTUNITIES!
More tips for staying cyber safe at work and at home
- Install security software and always use an antivirus.
- Take stock of your devices (e.g., phone, computer, smartphones).
- Never skip an update for any of your devices.
- Update your browser.
- Clear your browsing history.
- Customize your settings.
- Be aware of which files you have downloaded.
- Verify the GUEST network.
Some examples of passwords to avoid:
- Your address
- Names of your family members or pets
Five words to remember at all times to stay safe online and offline:
What is the connection between patient safety and cyber security?
Cyber Security Awareness Month is a great opportunity to adopt some best practices for cyber security. Throughout October, you will be receiving information and tips—through mass emails and the Daily Bulletin—on how to protect yourself and your electronic devices. This will put you in a stronger position to respond to patients’ needs more quickly and efficiently.
Impact of cyber threats
It is important for all employees in the healthcare and social services network to be aware of the impact of cyber threats on clinical workflows. These threats may affect patient care systems and medical devices. They may also interrupt proper communication and supply networks and threaten the confidentiality of medical records.
Cyber incidents can have significant consequences on critical care systems, resulting such acts as theft of information or unauthorized access to patients’ records.
Ensuring the security of cyberspace requires the use of proper, approved collaborative tools to protect personal information. Collaborative tools were recently introduced by the MSSS and offer multiplatform access (smartphones, tablets, etc.). They also enable our CIUSSS’s employees to develop and maintain interactions in their secure work environment.
MSSS’s collaborative tools
The collaborative tools that the MSSS has acquired meet ministerial requirements, as well as standards for information security in government. The tools are:
- Microsoft Forms: surveys and polls
- Microsoft Planner: project manager
- Microsoft Stream: share videos, presentations and meetings
- Microsoft Teams: instant exchange of information, files, etc.
- My Analytics: data analysis for better productivity
- OneDrive for Business: storage of business and personal files
- Outlook: mail system, calendar, task planner, etc.
- Power Automate: creation of workflows between applications, files and data
- SharePoint Online: content sharing and management
- Sway: creation and sharing of reports, presentations, interactive personal stories
- The user of these platforms must respect the rules of use and function when confidential information is shared, whether the user is working in the office or at home.
- The user is accountable for his/her identity, e.g. email signature.
- The information exchanged within these platforms remains the property of the CIUSSS.
- The user must ensure that his/her credentials are protected, so that access the platforms is possible.
- The use of videoconferencing or recording from mobile devices should be limited, and used only in the proper circumstances.
- The user must be familiar with the documents or the information that is shared.
- Encryption must be applied to documents whose level of sensitivity is high.
Tips to protect your digital tools at work
Whether you're at home or in the office, all of your digital devices and work tools must be maintained and protected. Here are a few tips to ensure strong cyber security:
- Regular updates to your operating system
- Multi-factor authentication
- Complex passwords
- Prevention against malware and phishing
- Implementation of a secure Wi-Fi network
- Protection of the corporate network
- Preparing your networks for smart devices
- Changing your privacy settings
Most phones have minimal security and anti-malware protection. Even if you avoid banking apps, you may use messaging apps that have previously experienced spyware attacks. Thus, you may be exposing information that was previously sent using these messaging apps.
Electronic devices, such as routers, are necessary to ensure proper communication in a computer network. Their main function is to connect users to their tools. Proper protection of these devices is important, because they allow data to be transferred quickly and securely over the same or separate networks.
For more information, visit the Government of Canada's Get Cyber Safe web site.
Frequently asked questions
- How do I recognize a cybercrime?
It may arrive as an email, text message or phone call from someone who is looking for personal information.
- Why is it dangerous for data about patients to be hacked?
Patients’ data may be used maliciously by internal or external individuals in the healthcare network. This could have a negative effect on the care and treatment that patients need.
- Why is the healthcare network a prime target for cybercrime?
- Patients' and employees' personal information may be valuable, and some of it may have lasting value.
- Large numbers of employees, clinicians and patients/users have access to the information. This means that there are many potential targets for attacks such as phishing.
- Increasing numbers of medical devices are connected with one another.
- Many healthcare organizations have substantial financial resources and payrolls.
- Healthcare organizations may make decisions that individuals or groups disagree with. Therefore, the potential exists to disrupt critical infrastructure and services.
Additional people can also gain access to healthcare information, particularly through patient portals. Therefore, it is essential for protection to be provided and for security strategies and systems to be implemented.
- Why is cybersecurity important?
- More people are using more systems in more places and on more devices.
- Cybercriminals can use medical data to sell fake identities.
- Medical information tends to include enough information to allow a criminal to open a credit card or bank account or to request a loan in the victim's name.
- If the attempts in the previous point are unsuccessful, cybercriminals can use ransomware to extort healthcare organizations and force them to pay a ransom to the cybercriminals, in order to regain access to compromised systems and data.
- What is ransom software?
Ransom software (viruses or worms) has malicious intent: the theft or destruction of data. Keyboards are locked and computers are prevented from providing access to data, until a ransom is paid. Hospitals are tempting targets for ransomware, because they urgently need to provide uninterrupted service to patients.
- Why install an antivirus or make regular backups?
An antivirus is one of the best methods of protection against ransomware. Regular backups also allow data be stored on devices that are not connected to the internet and, thus, are more secure.
Does an email’s sender seem suspicious to you?
Cyber Security Awareness Month is a great opportunity to adopt some best practices for cyber security. This is especially the case when you receive an email or text message.
Key questions to ask yourself
- Who is sending the email—colleague, family member, friend or trusted organization?
- Is this organization likely to send you an email or text message?
- Does this organization's email have an identifiable and valid logo?
- How are the email’s graphics or general template presented?
- Has the sender addressed you by name?
- Does the email contain grammatical errors or the excessive use of exclamation marks?
- Are any files attached to the email?
- Is the email requesting your identification or any personal information by pretending to be a trusted source? Personal details might include your date of birth, social insurance number, credit card number or your mother’s maiden name.
- Does the URL in the link match the URL of organization’s website? To verify, hover your mouse over the link.
Please remember that a common type of phishing involves cyber criminals who call you and, after claiming to work for a government agency, threaten you.
Also be aware that as part of the process to validate the truthfulness of the request, you can contact the organization that has requested the information.