Privacy and confidentiality are core values of health science librarians, but defending our patron and personal information from attacks has become increasingly difficult as technology advances. Health care networks are especially valuable targets for hackers – these systems collect personally identifiable information including health records, social security numbers, dates of birth, addresses, and much more. While our information security teams are the main defense against malicious actors, there’s much we can do to protect our patrons and ourselves.
Sophisticated data breaches, like the one targeting the Equifax credit reporting system, are often in the news. However, it turns out that one of the biggest threats to internet security is right in your inbox. A recent study found that victims of a data breach are 10 times likelier to have their accounts hijacked than a random user, but phishing victims are 400 times as likely to have their account hijacked.
Phishing is the use of fraudulent websites or e-mails that trick individuals into providing secure information or access to their system. A phishing e-mail may look like a request from a reliable source such as your bank, a colleague, even the IT department. These e-mails may provide a link to a login page that only appears to be legitimate or ask you to download an attached file that gives scammers access to your computer or network. A Verizon report found that over 10% of health care employees are susceptible to phishing. Once scammers have access to your email or other accounts, they can then use that to access additional accounts, target your colleagues, family and friends, and/or infect your computer or network. You likely won’t know you’ve been compromised until it’s too late.
Most organizations have filters that block obvious phishing attempts and questionable websites, but vigilance is the best defense from these attacks. The following tips and tools can be used to protect yourself and your patrons:
General Email Safety – Be cautious when opening email attachments or clicking on a link. If you’re unsure whether an email is legitimate, reach out to the company or individual directly instead of following the link in their email.
Secure Passwords and Password Management Software – Use strong passwords and never reuse a password across accounts. This protects your other accounts when one account is compromised. Password management tools help you generate and securely save your passwords.
Multi-factor identification – Instead of only requiring passwords or the answer to security questions when logging in, many sites can now turn on a feature with an additional layer of security called multi- or two-factor identification. This way, you will receive a text or call with a code that must be entered before allowing you to access your account. It’s strongly recommended that you utilize this feature whenever available.
Ad Blockers – These browser extensions not only stop annoying pop up ads and hide visible ads from web sites, but they also stop the ads from using cookies to track your online activities.
Private Search Engines – Unlike most search engines, these sites don’t track your history to create a user profile or send you targeted ads. Some examples of private search engines include:
HTTPS Everywhere – This browser extension is a collaboration between the The Tor Project and the Electronic Frontier Foundation. It forces sites to use a more secure HTTPS connection if available and warns you if a site is not using HTTPS.
Secure Browsers – Web Browsers like Internet Explorer, Google Chrome, and Safari often make it easy for users to be profiled and tracked based on their online activities. A secure browser, like Mozilla Firefox or Tor, is instead built with privacy as the top concern. The Library Freedom Project has many resources online to learn how to use the Tor browser and even set up a Tor Relay at your library.
Virtual Private Network (VPN) – A VPN encrypts your internet connection so that your online activity is not linked to your IP address. Some free VPNs have been linked to commercial tracking and more malicious behavior, so use caution when considering this approach.
For additional information, review the Online Safety page from USA.gov.
-Alicia Lillich, Kansas/Technology Coordinator