Before You Log On
Desktop and Workstation Security
Members of the Jefferson workforce have access to computerized and other information sources containing protected health information (PHI). With this in mind, work areas containing a workstation or other types of records or data need to be designed and constructed for efficient operations, yet they must be shielded from public view or possible unauthorized access. All workstations with access to sensitive information need to be blocked from public viewing. Documents bearing protected information should be secured when not being used.
Accounts & Password Security
- For members of the Jefferson community, accounts are generated automatically with access to systems determined by role. Your campus key is used for your logins.
- No department, including IS&T, will ever ask you for your account information, such as your password via email.
- If you receive an email request this information or that links to a website that requests this information, do not respond. If you reply to such an email your Jefferson accounts may need to be disabled. Please remember that IS&T will NEVER ask for your Social Security Number, password or account data via email.
After You Log On
After you log on:
- Email Security – what you should and shouldn’t do and how to protect our assets
- Phishing: is an illegal Internet activity that often ends up in identity theft for its victims. Phishing scams try to steal confidential information by trolling for unsuspecting victims through e-mails and sending them to fake web sites where they are tricked into providing personal information. The phishing problem is so widespread that the Federal Trade Commission and a global anti-phishing group are actively fighting it.
- Phishing e-mails appear to come from banks and many other businesses such as eBay and Paypal. Their messages urge you to go to their counterfeit web sites that appear identical to the authentic ones, with warnings of dire consequences if you do not comply. The fake web sites request that you “validate” personal or financial information or otherwise try to trick you into providing credit card, bank account, and/or Social Security numbers. No matter how compelling or urgent these requests seem, you can be sure that they are phishing if you did not initiate the contact. Legitimate businesses would never seek personal information in this manner.
- Thousands of fraudulent messages flood Jefferson’s e-mail system every day, but fortunately, Jefferson's anti-spam defense is at work to reduce the number of unwanted emails that arrive in your mailbox. Even with a robust Security program, phishing emails can still make it through our defenses.
Tips & Tricks
How do I recognize a phishing attempt?
Phishing attempts often come from seemingly legitimate sources but usually contain clues that they are not valid like:
- Odd English sentence structure or misspellings.
- A return email address/web link that is not from or to the institution.
- Questions about you that the organization already knows about you like your account name, password, location, etc.
How do I take precaution when managing email?
- Do not open emails from email addresses you do not know.
- When you receive a message from a friendly or recognized email account, even those that say they are Jefferson executives or departments, and the request is for a wire transfer or file containing sensitive employee/student information, do not immediately reply or forward the message. Do not click on any links or attachments within the message.
- Verbally refer any of those requests for sensitive information to your supervisor.
- Immediately follow up with the email sender via phone or an in-person conversation to validate authenticity of the email.
- Contact the IS&T Solution Center at 5-7975 or through the Self-Service Portal (solution.jefferson.edu) to report the issue.
Think you know how to avoid phishing? Try the OnGuard Online "Phishing Scams: Avoid the Bait" online quiz.
For more information on phishing scams, refer to:
If you feel you have been victimized by identity theft, check this Federal Trade Commission web site for advice about the next steps to take.