Select Page

CIO QUARTERLY REPORT — November 2021

  1. Archives
  2. November 2021

Cybersecurity: Debunking the myths.

We go to great lengths to keep our families and ourselves safe. We install security systems for our homes, cameras to monitor front door activity and alarms to protect our cars. But do we take the same measures to protect ourselves from a cyberattack? If you’ve seen cyberattack reports on the news and think it can’t happen to you, think again!

Let’s explore some common cybersecurity myths and what you can do to protect yourself.

Myth #1 – I don’t have anything worth protecting.
You might think your data isn’t worth protecting or that you don’t have anything to hide, but here’s a myth buster – every time you install a new mobile app and sign the terms and conditions, you’re putting your personal data at risk. You may be unknowingly sharing your private data that lets the apps build detailed demographic profiles of you. That data is sold to marketers and is making companies millions; hackers want to cash in on that.

Myth #2 – Phishing scams are easy to spot.
Another common myth is that phishing scams are easy to catch. A phish is when someone sends you an email, often trying to bait you into clicking or opening an attachment that can infect your computer and/or steal personal information. In fact, each year phishing scams are becoming more sophisticated. Some appear to come from familiar accounts that are not as easy to detect and not all of them are as simple as an external email asking you to click a link. Unfortunately, 75% of organizations around the world experienced some kind of phishing attack in 2020. Phishing emails are the easiest and most common means of attack.

At Houston Methodist, approximately 17% of our employee population is still clicking our phishing drills and only 14% are reporting the drills as suspicious. To be sure our patient and employee data remains safe, we need your help to decrease our click rate and increase our reporting rate. We’ll continue to conduct phishing drills as part of our security awareness training, so be on the lookout.

Myth #3 – My passwords are strong.
Did you know there are programs that can run billions of password combinations in just one second? And hackers have sophisticated methods for identifying the passwords we use. These days, simply having strong passwords isn’t good enough. That’s myth #3.

Change your password at least every 180 days to reduce your chance of being hacked. Use different, strong and unique passwords for every single account to make it more difficult for a hacker to log on to multiple accounts of yours. And use a password manager to keep track of all your unique and regularly changing passwords.

Lastly the most important tip is to add multi-factor authentication (MFA) to your accounts, whenever possible. MFA or two-factor authentication is a method that requires two or more verifications to access an account. Usually this is your password and an additional code sent to you via text message or voicemail. Microsoft and Google also have authentication apps for your mobile devices that can securely and automatically validate your access. This extra layer ensures that if someone has your password, they won’t be able to access your account without the other authenticator(s).

Myth #4 – Anti-virus software is enough.
If you think you’re fully protected by having anti-virus software, think again. While it’s certainly important to keep your data safe, it won’t protect you from everything. A group of hackers were able to successfully attack three servers from major anti-virus providers. Don’t panic. There are strategies that can help you combat this myth. Keep your operating system software and security software updated. When we tell you about Apple or Windows updates, be sure you install them. These are very important to keep you and your data safe. Updates are intended to safeguard against vulnerabilities. Do the same for all your smart devices, including TVs, tablets, video doorbells, etc.

Myth #5 – Our IT department is responsible for cybersecurity.
While our IT cybersecurity team has a huge responsibility when it comes to keeping Houston Methodist safe, we all have a role. Do your part by continuing to report suspicious emails using the Report Phish button and being mindful before clicking any link from an external sender.

The Reality
At Houston Methodist, besides our cybersecurity team, we also have superior tools and programs to support their efforts. And of course, we have you. Always remain vigilant and report any suspicious emails. Even if you know it’s a drill, help us know you’re aware of what to do in the case of a real phish by reporting it.

Here are the ways to report a suspicious email:

  • Desktop/laptop (preferred method): Click Report Phish – PhishAlarm button on the Outlook toolbar.
  • Mobile: Tap the three dots by the sender’s name and tap the Report Phish icon.
  • Webmail/Office 365: Select the email. In the preview pane, click the three dots. Scroll down and click Report Phish.
  • Apps Center: The Report Phish button isn’t available, so forward the email to spamspotting@houstonmethodist.org.