| |
|
|
Email Security and Policies
Email will always be targeted as a means to attack computers and access data, since it can be the fastest way to trick the computer user. The three
major email security issues - Viruses, Phishing and Spam - are explained below, with information on to how to recognize and handle any problematic messages or attachments
that show up in your inbox.
Email Policies at CUMC
In addition to general email security concerns, the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act (ARRA) of 2009, requires encryption policies that directly affect CUMC email accounts. To prevent release of PHI data, accidental or otherwise, users cannot forward their institutional email to an external account such as Gmail, Yahoo mail, etc.
Repercussions are costly on many levels:
-
The financial cost of a data breach includes fines and penalties by the Government, the cost of notifying each individual and possibly offering free credit monitoring to each individual that is affected by a loss of data.
- In addition, CUMC is required to notify the Government of this loss and it will post this information on a public website. CUMC may also be required to notify media about the data loss.
- Finally, the individual responsible for the loss of data can be held accountable by the Government if he/she failed to follow the organizations policies and procedures.
Please see the following PDF documents for more information:
New requirements for loss or theft of patient data under ARRA/HITECH Act
CUMC HIPAA Email Policy
Attachments and Viruses
Opening an email attachment is still one of the most common ways that computers can become infected with a virus. Always take these
precautions when you receive an email with a file attached:
- Do not open the attachment unless you are 100% positive that the sender intended you to have it.
- Viruses often spread themselves by using the email account on a computer they infect.
- Viruses can "spoof" or mimic an email address so it appears to be coming from someone you know.
- Be especially wary of any messages that have nonspecific text.
- Messages with vague subjects such as "Here's that file you requested" should not be trusted.
- A message that addresses you by name shouldn't be trusted either,
since this can be culled from someone's email address book or other means.
- Content stressing urgency is often an attempt to keep you from being
cautious.
- Before opening any email attachments, save them on your computer and then scan them with your antivirus software.
- Saving an attachment does not put your computer at risk, just make sure you do not open it before scanning.
- To scan a file with Columbia's Symantec Endpoint, right-click on
the file's icon (command-click from a Mac) and select "Scan for viruses".
Phishing
Email messages that urge you to click on a link to change your password, verify account information, or otherwise give out personal
information should not be trusted. These phishing messages often look as if they come from a valid company, but the sites they take you to
are phony and can be used for identity theft.
Due in part to the huge increase in phishing scams over the past few years, businesses that offer online accounts almost never ask for this type of
account related information in an urgent email message. If you suspect that you've received a phishing message but are concerned about the
online account it references, go to the company's main site by typing their web address into your browser directly (for example,
"www.ebay.com" or "www.citibank.com") rather than using a link within the email.
For more details please see CUIT Security's page on
Phishing Scams and Spam.
Spam
Columbia's mail servers are programmed to block as much spam as possible, but spammers constantly update their methods of bypassing
spam filters to flood your mailbox. It is almost impossible to block all spam, but here are some things you can do to
cut back on the amount you receive:
- Use a "throwaway" email address to sign up for freebies or create an account on web sites. Many sites that require an email address for you to access information or download free programs don't care about protecting your
privacy and will give lists of email addresses they've collected to spammers. Use a free yahoo, gmail or other account in these instances instead. Once an email address is "out in the wild", your chances of
receiving spam increase exponentially.
- Use spam filters on your email program and account.
- Almost all email programs have settings you can adjust to detect spam or junk mail. Configuring them can vary from program to program, so
it's best to check the Help menu for detailed information.
- You can set filters for your Columbia account by logging into the myUNI site and selecting the "Email Filters" link, or click here for detailed instructions on setting filters.
- Don't open or reply to junk mail or spam.
- Spammers increase the likelihood of making money from their junk messages if they're able to verify that they've reached active email account.
- Simply opening a message can notify a spammer that your account is valid. The message can contain an image that isn't requested from the spammer's server until you open it, or set a cookie, or run a script within the message. Many email programs now have these features disabled by default, but it's a good idea to check the program's setting - or just delete any spam without opening it.
- If you reply to a message with the intention of opting out of what appears to be an email list, you can end up getting more spam. Don't
opt out or unsubscribe unless you're sure you subscribed in the first place, or know and trust the institution that sent you a list message.
| TOP |
Last updated 2/03/2010
|
|
Home