WMed email warning banners are a component of our overall security strategy.  The goal is to help you quickly assess the trustworthiness of incoming email messages.

Banner messaging is separated into two categories:

An orange Caution for senders on a “trusted third party” list, which looks like this:

• A caution message indicates that:
  • The sender is an outside entity providing a specific function to WMed (software, service, etc.)
  • The sender has been determined to be a low risk for sending out malicious email.
• Some examples are NetSuite (Accounting) and Workforce Ready (Employee Self-Service).
• Be cautious with links and attachments from trusted third parties, even if you are expecting the message.
• WMed IT considers several factors when determining the trustworthiness of an email sender. Appropriate senders are added to the trusted third party list.

A red Warning for messages originating from all other external senders, which looks like this:

• A warning message indicates that the sender is an outside entity of unknown risk.
• Do not click links, open attachments, or provide information to the sender unless you recognize them or are expecting the message.

To request that a service, software, or vendor be added to the trusted list, submit a ticket to IT Support at https://support.med.wmich.edu.

What Constitutes a HIPAA Violation When Content Is Being Delivered to Students in a Medical Education?

First, we must understand what is HIPAA covered PHI and then appropriate disclosure:

What is HIPAA covered PHI?

• Sourced from a Covered Entity.
  • a healthcare provider (WMed)
  • health plan or health insurer
  • or a healthcare clearinghouse
  • or a business associate of a HIPAA-covered entity
• In the relation to the provision of healthcare or payment for healthcare services by the Covered Entity
  • Autopsies by the Medical Examiner are not services covered by HIPAA, but privacy is still important.
• A pairing of identifiers and health information together (PHI).
  • Identifiers:
    • Names
    • Dates, except year
    • Telephone numbers
    • Geographic data
    • FAX numbers
    • Social Security numbers
    • Email addresses
    • Medical record numbers
    • Account numbers
    • Health plan beneficiary numbers
    • Certificate/license numbers
    • Vehicle identifiers and serial numbers, including license plates
    • Web URLs
    • Device identifiers and serial numbers
    • Internet protocol addresses
    • Full face photos and comparable images
    • Biometric identifiers (i.e. retinal scan, fingerprints)
    • Any unique identifying number or code

Who can you disclose PHI to?

• Individuals involved in:
  • Health Care Operations
  • Exchange for Treatment

Where does medical education fall?

• “Health care operations” are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment. These activities, which are limited to the activities listed in the definition of “health care operations” at 45 CFR 164.501, include:
  • Reviewing the competence or qualifications of health care professionals, evaluating provider and health plan performance, training health care and non-health care professionals, accreditation, certification, licensing, or credentialing activities;
  • https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/disclosures-treatment-payment-health-care-operations/index.html

How much can you share?

• HIPAA minimum necessary requirement to medical trainees:
  • Covered entities can shape their policies and procedures for minimum necessary uses and disclosures to permit medical trainees access to patients’ medical information, including entire medical records.
  • https://www.hhs.gov/hipaa/for-professionals/faq/209/does-minimum-necessary-allow-students-to-access-patient-information/index.html

What is a HIPAA violation in relation to medical education?

• Disclosing more than the minimum necessary PHI without consent from the patient.

What is recommended to provide only the minimum necessary?

• All identifiers must be removed or redacted/blocked out.
• For all images:
  • Focus specifically on the area necessary for the medical education purposes.
  • Redact or mask the following:
    • Facial features
    • Distinctive birth marks or identifying tattoos
    • Other areas that alone or combined with narrative or text might identify the patient
  • Facial Images specifically:
    • They should be cropped so the entire face is not shown, the patient’s eyes and nose are blocked out, to the extent “reasonably possible” for purposes of de-identification of the patient.
  • Use a snipping tool to remove hidden meta data in the image file.
• Make sure all slides have no PHI data in the notes sections or in areas beyond the displayable slide.

Updated November 8, 2021

1) Click on the gear icon in the upper right of Outlook on the Web. 



2) Click View All Outlook settings at the bottom of the menu



3) On the settings screen, select Mail --> Customize actions.



4) On the Customize Actions screen, scroll down to the Message surface settings.



5) Check the Phish Alert V2 checkbox to add the icon to the top of the Message Surface.



6) Click the Save button.

Re-Enrollment Information

If you have a new phone and automatically transferred your applications from your old phone to your new one, you will need to uninstall the NetIQ app and then reinstall it. If you do not do this, you will run in to issues when trying to re-enroll.

-----------------------------------------------------------------------------------------------
Requirements to complete

• 15 minutes of time
• Reliable internet connection
• Computer
• Smartphone
• Cellphone number must be on file with IT

Installing the NetIQ Advanced Authentication App

1. Download the NetIQ Advanced Authentication app on your smartphone in one of the following ways:

• Navigate to Google Play App store and search for the NetIQ Advanced Authentication app  

2. Perform the following action to install the app in your smartphone:

• Android: Tap Install

Launching the NetIQ Advanced Authentication App

1. Tap the  NetIQ Advanced Authentication icon.

2. Accept the license agreement.

• A message "New PIN" is displayed.

3. Specify a PIN to access the app and tap OK. (The PIN code can only be numbers)

The App is now installed. Proceed with enabling fingerprint if desired, or with 'Enrolling your smartphone as a second factor'

Enrolling your smartphone as a second factor

First time enrollment requires the ability to receive one-time password (OTP) code via text message from WMed. If you do not have a cell phone number on file at WMed, a ticket must be submitted to IT Support.

On your computer's web browser

1. Navigate to the WMed Multifactor Self-Service portal by clicking here.

2. Enter your WMed username and click the Next button:


 
3. Enter your WMed password and click the Next button.




On your smartphone in your text messaging app

4. A text message will be sent to your cell phone number with an one-time password (OTP) code.




On your computer's web browser

5. Enter the OTP code received via text and click the Next button.

• If you did not receive a text message with the OTP, click the “Resend” button to receive another OTP text.

6. On the Authentication Methods page, click the Add button.



7. Select Smartphone from the available second factor methods.




Warning - the QR Code must be scanned within 2 minutes of clicking the "Get QR Code" button.  It is recommended to have the NetIQ Advanced Authentication app open on your smartphone in advance.


8.Click the Get QR Code button, a QR code will be displayed.

• If the enrollment times out, click the cancel button and restart the process.

On your smartphone in the NetIQ Advanced Authentication App

9. Tap the + icon on the lower-right of the Enrolled Authenticators screen.

10. Aim your phone at the screen to capture the QR code.

• The screen closes automatically when a green square appears over the QR code indicating that a compliant QR code is captured.

On your computer's web browser

12. Return to the MFA Self-Service Portal on your computer, a message should state Enrollment is complete. Click the Save button.




12. The smartphone authentication method should appear in the list of available authentication methods for multi-factor authentication.

Enrollment is now complete!

Enabling Fingerprint for NetIQ Advanced Authentication App access

The Fingerprint option is only available if your smartphone device supports this functionality.

1. In the  NetIQ Advanced Authentication App, tap the  menu icon.

2. Tap Settings.

3. Set PIN to ON to enable PIN protection for your app.

3. Set Fingerprint to ON to enable fingerprint authentication.

• The fingerprint you set for the phone is used as a touch sensor for your app.

 

Re-Enrollment Information

If you have a new phone and automatically transferred your applications from your old phone to your new one, you will need to uninstall the NetIQ app and then reinstall it. If you do not do this, you will run in to issues when trying to re-enroll.

-----------------------------------------------------------------------------------------------
Requirements to complete

• 15 minutes of time
• Reliable internet connection
• Computer
• Smartphone
• Cellphone number must be on file with IT
  
  

Installing the NetIQ Authenticator App

1. Download the NetIQ Advanced Authentication app on your smartphone in one of the following ways:

• Navigate to App store and search for the NetIQ Advanced Authentication app.

2. Perform the following action to install the app in your smartphone:

• iOS: Tap Get

Launching the NetIQ Authenticator App

1. Tap the  NetIQ Auth app icon to run the NetIQ Advanced Authentication app.

2. Accept the license agreement.

• A message "New PIN" is displayed.

3. Specify a PIN to access the app and tap OK.  (The PIN code can only be numbers)

• A message "NetIQ Auth" Would Like to Send You Notifications is displayed.

4. Tap Allow to enable the push notification.

• This will allow the “Push to Accept” functionality, otherwise the one-time code must be entered each time.

Enrolling your smartphone as a second factor

First time enrollment requires the ability to receive one-time password (OTP) code via text message from WMed. If you do not have a cell phone number on file at WMed, a ticket must be submitted to IT Support.

On your computer's web browser

1. Navigate to the WMed Multifactor Self-Service portal by clicking here.

2. Enter your WMed username and click the Next button:


 
3. Enter your WMed password and click the Next button.




On your smartphone in the text messaging app

4. A text message will be sent to your cell phone number with an one-time password (OTP) code.




On your computer's web browser

5. Enter the OTP code received via text and click the Next button.

• If you did not receive a text message with the OTP, click the “Resend” button to receive another OTP text.

6. On the Authentication Methods page, click the Add button.



7. Select Smartphone from the available second factor methods.




Warning - the QR Code must be scanned within 2 minutes of clicking the "Get QR Code" button.  It is recommended to have the NetIQ Advanced Authentication app open on your smartphone in advance.


8. Click the Get QR Code button, a QR code will be displayed.

• If the enrollment times out, click the cancel button and restart the process.

On your smartphone in the NetIQ Advanced Authentication App

9. Tap the + icon on the upper-right of the Enrolled Authenticators screen.

• A message Advanced Authentication Would like to Access the Camera is displayed.

10. Tap OK.

11. Use the camera of your smartphone to capture the QR code using the NetIQ Advanced Authentication app.

• The screen closes automatically when a green square appears over the QR code indicating that a compliant QR code is captured.

12. Specify WMed for the Account text box.

13. Tap Save on your smartphone app

• The authenticator that you enrolled is displayed in the Enrolled Authenticators screen of your smartphone app.

On your computer's web browser


14. Return to the MFA Self-Service Portal on your computer, a message should state Enrollment is complete. Click the Save button.



15. The smartphone authentication method should appear in the list of available authentication methods for multifactor authentication.

Enrollment is now complete!

Enabling Touch ID or FaceID for NetIQ Authenticator App access

TouchID or FaceID options are only available if your smartphone device supports this functionality.

1. In the  NetIQ Authenticator App, tap the  menu icon.

2. Tap Settings.

3. Set Touch ID to ON to enable fingerprint authentication.

4. Set FaceID to ON to enable face authentication.

• The fingerprint you set for the phone is used as a touch sensor for your app.
  
  

When do I use it?

Click the (Phish Alert Button) PAB anytime you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded WMed and Microsoft for analysis.

The PAB should only be used to report emails you believe to have malicious intent. If you are receiving obvious spam or marketing emails, you should not use the PAB. You can delete these types of emails or add the sender or sender's email domain to a block list.

How do I use it?

Depending on your device and email client, the steps for reporting an email using the PAB may vary. 

However, across all devices, the reported email will be handled the same. The email you report will be forwarded to WMed and Microsoft and then deleted from your inbox. If you report an email in error, you can retrieve the email from your Trash/Deleted Items.

Outlook on the Web

The PAB icon will appear in the drop-down menu of an open email.

To report an email as a phishing email:
    1) Click the PAB icon.
    2) A sidebar prompt will ask you if you are sure you want to report the email as a phishing email. Click the Phish Alert button to report the email.

Outlook mobile app (Android)

To report an email as a phishing email:

1) On any open email, tap the three dots at the top-right of the screen.

2) The Phish Alert add-in will appear. Tap the Phish Alert add-in.



3) A prompt will ask you if you are sure you want to report the email as a phishing email. Tap the Mobile Phish Alert button to report the email.



4) If you have successfully reported a simulated phishing email sent on behalf of your organization, a congratulatory message will display. Click OK to close it.

Outlook mobile app (iOS)

To report an email as a phishing email:

1) On any open email, tap the three dots at the top-right of the screen.



2) The Phish Alert add-in will appear. Tap the Phish Alert add-in.



3) A prompt will ask you if you are sure you want to report the email as a phishing email. Tap the Phish Alert button to report the email.



4) If you have successfully reported a simulated phishing email sent on behalf of WMed, a congratulatory message will display. Click OK to close it.

Why should I use it?

Reporting emails will help WMed stay safer. Because the potential phishing emails you report are sent for analysis to WMed and Microsoft, WMed will now be aware of which phishing attacks are able to reach employee inboxes. Once we're aware of possible vulnerabilities, we can better defend against them. You are an important part of the process of keeping WMed safe from cybercriminals.

When do I use it?

Click the Phish Alert Button (PAB) if you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded to WMed and Microsoft for analysis.

The PAB should only be used to report emails you believe to have malicious intent. If you are receiving spam or marketing emails, you should not use the PAB to report these. You can delete these types of emails or add the sender or sender's email domain to a block list.

How do I use it?

1) The PAB add-in will appear at the top of your Outlook client.


2) A prompt will ask you if you are sure you want to report the email as a phishing email. Tap the Phish Alert button to report the email.


3) If you have successfully reported a simulated phishing email sent on behalf of your organization, a congratulatory message will display. Click OK to close it.

Why should I use it?

Reporting emails will help WMed stay safer. Because the potential phishing emails you report are sent for analysis to WMed and Microsoft, WMed will now be aware of which phishing attacks are able to reach employee inboxes. Once we're aware of possible vulnerabilities, we can better defend against them. You are an important part of the process of keeping WMed safe from cybercriminals.

When do I use it?

Click the Phish Alert Button (PAB) if you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the PAB will be automatically deleted from your inbox. The emails you report will also be forwarded to WMed and Microsoft for analysis.

The PAB should only be used to report emails you believe to have malicious intent. If you are receiving spam or marketing emails, you should not use the PAB to report these. You can delete these types of emails or add the sender or sender's email domain to a block list.

How do I use it?

You will see the PAB in one of two ways:

1) The PAB add-in will appear at the top of your Outlook client.

 In this view, to report an email as a phishing email:

1. Click the Phish Alert button while the email is open.
2. A prompt will ask you if you want to report the email as a phishing email. Click Yes to report the email, or click No to not report the email.

2) WARNING: THIS OPTION NO LONGER WORKS WITH THE OLDER OUTLOOK 2016 CLIENT.  USE THE BUTTON AT THE TOP OF THE OUTLOOK CLIENT.

The PAB add-in will appear as a clickable Phish Alert tab in any opened email.

In this view, to report an email as a phishing email:

1. Click the Phish Alert tab to open a drop-down screen.
2. A prompt will ask you if you want to report the email as a phishing email. Click the Phish Alert button to report the email.

If you have successfully reported a simulated phishing email sent on behalf of WMed, a congratulatory message will display. Click OK to close it.

Why should I use it?

Reporting emails will help WMed stay safer. Because the potential phishing emails you report are sent for analysis to WMed and Microsoft, WMed will now be aware of which phishing attacks are able to reach employee inboxes. Once we're aware of possible vulnerabilities, we can better defend against them. You are an important part of the process of keeping WMed safe from cybercriminals.

What is MFA?

It is an authentication process that requires a user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. Factors are categorized by Something you know (Passwords, PINs); Something you have (Badges, Token generators, Smart phone apps); Something you are (Biometrics).

Why do we need MFA?

It can prevent most brute force attacks and phishing attempts from compromising the organization and its data. The nature of computer-based operations means that a single account being compromised can lead to significant harm to the organization, its staff, students, and patients. By enabling MFA, it becomes far more difficult to compromise an account as a username and password alone will not grant access.

Does MFA mean I’m safe from phishing emails?

No. While compromise from phishing attacks is more difficult with MFA in place, it is not impossible. The attacker will still have your password and may access systems that do not have MFA. Phishing attacks can also be used to install malware to compromise your computer. Users should continue to be diligent and utilize the Phish Alert button when they receive a suspicious email.

How Does MFA work for external access to WMed systems?

• The Pulse Secure VPN app will require MFA authentication every 2 weeks based on device.
• If using a browser app, you will be asked to do MFA anytime you are asked for WMed credentials. It depends on the browser as to how often this will happen. We cannot say a determined amount of time because it depends on cookies, different browsers, etc.
• If you have applications loaded directly onto your device and you are off site those should hold for 90 days and then you will be asked to do MFA again. Examples would be if you downloaded the Team's client, Microsoft Office installed on your local device, or the Outlook desktop application.

1. Unusual, non-descriptive subject that does not fit email message
2. Unusual, non-printing character
3. Unusual, low contrast color scheme that is hard to read
4. Link goes to suspicious foreign country URL

Description

This is a guide for logging in to WMed services and applications using a smartphone for Multi-Factor Authentication (MFA).

Requirements

Ensure the App is installed on your smartphone and you are enrolled with 'smartphone' as your second factor.

Instructions for iOS

Instructions for Android

Procedure

1.  Log in to a WMed service or application in the normal way. The following prompt will be displayed if a second factor is required.




2.  Unlock your smartphone and tap the 'Authentication required!' notification.


If no notification appears, manually start the NetIQ Advanced Authentication app  (Android) or  (iOS).


3.  Unlock the app with a fingerprint or your PIN that was selected during setup.

4.  An 'Authentication request' similar to the one below will be displayed in the app. Press 'ACCEPT' if the details are appropriate and the login should proceed and allow access to the service. If no authentication request appears proceed to step 5.



5.  If no Authentication request appears after opening the app, press the hamburger button  in the upper left then select 'Authentication requests'. Any pending requests will be listed here provided that your smartphone is reachable by WMed over the Internet.


6.  For occasions where WMed MFA cannot reach your smartphone the One-Time Password (OTP) second factor is available. During Step 1 when the prompt for a second factor appears, select the link 'Offline OTP Option' toward the bottom. A text box will appear under the link labeled 'One-Time Password'. 





7.  Open the NetIQ Advanced Authentication app on  (Android) or  (iOS) and unlock using your fingerprint or PIN selected during enrollment. The One-Time Password is the 6-digit code under 'WMED\username' and next to the green dot. The code changes every 30 seconds.


If you see no code, press the hamburger  button then 'Enrolled Authenticators'. If nothing is listed here, enrollment must be completed using the links in 'Requirements' section at the top.

Work from Home – Security Best Practices 

As more employees work from home to help prevent the spread of COVID-19, Information Technology would like to share some security best practices for working remotely. 

Be on guard for increased phishing attacks  

Hackers will be trying to take advantage of the COVID-19 pandemic by exploiting your generosity and increased levels of stress.   

• Do not log into websites directly from an email link.  Go to the website directly via the web browser. 
• Avoid emails that pressure you to act now out of fear or negative consequences. 
• Remember to look out for the “Outside” email banner. 
• IT should never ask you for your password. 

Personal Devices  

Malware is the greatest risk factor when using a personal device.  Personal devices do not have the same security controls as WMed owned devices and pose a greater risk to the organization. 

• Apply the latest operating system and application updates. 
• Make sure antivirus is installed and up to date. (VPN access will be limited without this) 
• Enable the operating system firewall. (VPN access will be limited without this) 
• Use a user account that does not have Administrator privileges on the computer. 
• Utilize Office365 web applications as much as possible to limit saving sensitive data on personal devices. 
  • Data resides in WMed’s secure cloud environment.   
  • Data is encrypted at rest and in transit. 
  • Data is recoverable in the event of a hardware failure. 
• Lock the computer when away.
• Log out of any WMed service/application when no longer using. 
• Use only password protected wifi. 

Exercise good password practices 

• Do not use personal passwords for WMed services/applications. 
• Do not use personal information in passwords. 
• Use long passphrases. 

Physical Security  

• Take reasonable measures to prevent viewing of sensitive information by unauthorized persons. 
• Keep mobile devices in sight and store them in a secure location.