Security
Information Security is a crucial part of our environment, and something we must all be aware of and actively participate in at all times in order to protect ourselves and our data. SOM works with UMB/CITS, FPI and UMMC to defend against threats. Our Policies comply with federal, state and University System requirements.
Remember that each security control we put into place is not designed to prevent our users from doing something, but to prevent threat actors from accessing our data or doing harm to our environment. It is important that we work together with you, our users, to succeed.
We manage all electronic devices that interact with our digital environment. All desktop and laptop devices are subject to regular security updates, or patches, and are monitored constantly for viruses and vulnerabilities. Windows devices are managed by the Microsoft platform, and macOS devices are managed by Jamf. If you have a desktop or laptop that is not managed, please contact the help desk.
All mobile devices that are to contain SOM data, including but not limited to your SOM mailbox, must either use the Microsoft mobile apps (i.e. Outlook), or be enrolled in Intune. This is something you can do yourself. Learn more about Intune here.
Things you can do to help
- Use strong passwords, and always enable multi-factor authentication (MFA) whenever available - even on personal accounts!
- Never share your password with others, or allow others to use your accounts.
- When you step away from your desk, lock your computer (Win key + L).
- Always be suspicious of emails asking you for personal information, money for financial information, or anything else out of the ordinary. Be especially wary of emails with the External tag.
Outlook in a browser:
Outlook desktop app: - Do you have any pending security training? Log and and review at any time! https://training.knowbe4.com/
- Keep your mobile devices secure at all times. Consider security cables for unattended laptops.
- Use Azure Virtual Desktops when not on campus to perform your work in a safe environment.
PHI/PII
Protected Health Information or Personal Identifiable Information is something we need to be aware of as a medical school. PHI consists of 18 personal identifiers that be used to uncover a person's identity. PII refers to any data beyond these 18 identifiers that alone may not reveal a person's identity, but when combined with another piece of information, could. Any information containing PHI/PII should be handled with the utmost care.
Any email sent outside the organization that contains any of these 18 identifiers will automatically be encrypted. Learn more about encrypted email here.
Documents containing PHI/PII can be saved in SOM's Microsoft 365 environment, and should absolutely not be saved in any other type of third party storage account, such as Box, Dropbox, Google Drive, etc. Learn more about SOM file storage here.
More information
Take a look at UMB/CITS's page on IT Security to pick up a few more tips!
https://www.umaryland.edu/cits/it-security-and-compliance/