October is National Cyber Security Awareness Month, an opportunity to focus on why cyber security matters and how Yale New Haven Health System workforce members can protect online information.

YNHHS' Information Technology Services (ITS) department's Office of Information Security encourages employees to participate in the Department of Homeland Security's National Cyber Security Awareness Campaign. All YNHHS workforce members play critical roles in keeping protected health information (PHI) safe by using proper cyber security practices. Follow these five rules for improving security:

1. Read and abide by the YNHHS Appropriate Use of Electronic Resources Policy.
2. Make your passwords complex. Use a combination of numbers, symbols and letters (uppercase and lowercase when supported by the application). Change your passwords at least every 60 days and don't share them. Log off or lock your workstation when you leave your work area.
3. Open only emails or attachments you are expecting, from people you know and trust. Do not click links in emails from untrusted sources; email phishing is on the rise. Use of web mail (Yahoo, Gmail, etc.) to transmit PHI is not permitted. Send encrypted email to authorized external recipients only, with appropriate approval and in accordance with YNHHS' email policy.
4. Never install or connect any personal software or hardware to the YNHHS network or hardware without permission from the ITS department. 
5. Never save PHI to the computer's local hard drive (C: drive); use a network drive. All personal/portable devices used to access or store PHI must be managed, password protected and encrypted. Contact the ITS Service Desk for assistance.

Report all suspicious or unusual problems with computers to the ITS Service Desk, 203-688-HELP (4357).

The ITS department's Office of Information Security was recently recognized for its cyber security efforts with the FairWarning Privacy Excellence Award for Visionary of the Year, 2015. The award honors organizations that combine technical and cultural innovation, along with contributions to the industry that are unique and far beyond the benchmarks set by their peers for information security and privacy.