Frequently Asked Question
Cybersecurity Tips (General)
Last Updated 21 days ago
1. Never Leave Devices Unlocked When Unattended
DO: Lock your computer once you will not be physically present.
WHY: This will prevent unauthorized persons from accessing the computer and its data.
HOW TO: On a Windows computer, you can quickly lock your computer by pressing the Windows Key + L at the same time. On a Macintosh computer you will use Control-Shift-Power to lock your screen.
2. Never Connect Unknown USB Devices to Work Computers
Do not insert unknown USB devices into work computers. If the USB is infected with malware, it could transmit said malware to the Ministry's network via your computer. For known USB devices, allow the installed antivirus to fully scan the device before using.
3. Always use a strong password for your MOHW accounts
A strong password should have at least eight characters (upper and lower-case letters), symbols and numbers, without using personal information (e.g. birthdays or your name). Also ensure these passwords are not the same as for your personal accounts (eg. personal email, social media etc.)
4. Always perform regular backups of your important data/files.
This is important in the case of a cyber attack that results in a loss of data.
You can access the MOHW Cloud storage service via https://cloud.moh.gov.jm. Use your domain credentials to login (same username and password used to access MOHW computers). There, you can create folders and upload files from your computer. You can also utilize other storage such as removable media, like external hard drives or flash drives for data backup.
5. Never connect to public (free) WIFI with MOHW devices (computer, tablet, mobile etc.)
Public (Free) WIFI at coffee shops, airports or other places pose a potential danger when connected to MOWH devices because it is not easy to verify who manages these networks, meaning anyone could be monitoring the network traffic, including any confidential work information, passwords etc. that you share.
Identifying Phishing Emails
6. Phishing emails usually have a tone of urgency, requiring you to give up sensitive information right away. (E.g. "Your account has been compromised, login with your username and password now to reset it"). Always be suspicious of such emails. If in doubt, verify with the apparent sender of the email via a secondary medium (E.g. phone call).
7. While not always the case, many phishing emails contain typos or other grammatical errors that you would not normally see in a professionally formatted/automated email from an official organization. (E.g. If your bank is sending you an email, it most likely will not be filled with typos).
8. Always verify the sender's email address, especially when the email is requesting sensitive information. For example, if an email is requesting that you change your MOH password and it appears to come from someone within MOH, the domain (the part after the @ symbol) would likely say moh.gov.jm. If it doesn't, this is likely a phishing email.
Safe Internet Practices
9. Avoid visiting untrusted websites and downloading unknown software.
10. Ensure the websites you are visiting uses HTTPS (look at the URL), indicating a secure connection.
11. Avoid clicking on pop-up ads or unsolicited links on websites, as doing so can potentially infect your computer with malware.
12. Keep devices and software up to date
Updates are very important for cybersecurity as many times updates are security updates whether that is a new security feature, or a patched vulnerability. Not updating devices or software exposes your data to more vulnerabilities and possible cyberattacks.
DO NOT interrupt an update once it has begun. Interruptions during software updates can corrupt files, lead to incomplete installations, and leave your device vulnerable to security risks.
13. Be Cautious of Social Engineering Attacks
DO: Be wary of unsolicited requests for personal information, even if they appear to come from trusted sources. Verify the identity of the requester through a separate, known channel.
WHY: Social engineering manipulates individuals into divulging confidential information or performing actions that compromise security. Attackers may impersonate colleagues, IT support, or other authority figures.
HOW TO: Train yourself to recognize common social engineering tactics, such as pretexting, phishing, and baiting. Always verify requests for sensitive information through a secondary, trusted communication method.
14. Utilize a Virtual Private Network (VPN) When Accessing Sensitive Information Remotely
WHY: A VPN encrypts your internet traffic, protecting it from potential eavesdropping and unauthorized access. This adds a crucial layer of security when handling sensitive information outside of the secure office environment
Always verify the sender before clicking on links or downloading attachments in emails. Phishing attacks often mimic trusted contacts or organizations to steal sensitive information. If in doubt, contact the sender directly using a known, trusted method.
DO: Lock your computer once you will not be physically present.
WHY: This will prevent unauthorized persons from accessing the computer and its data.
HOW TO: On a Windows computer, you can quickly lock your computer by pressing the Windows Key + L at the same time. On a Macintosh computer you will use Control-Shift-Power to lock your screen.
2. Never Connect Unknown USB Devices to Work Computers
Do not insert unknown USB devices into work computers. If the USB is infected with malware, it could transmit said malware to the Ministry's network via your computer. For known USB devices, allow the installed antivirus to fully scan the device before using.
3. Always use a strong password for your MOHW accounts
A strong password should have at least eight characters (upper and lower-case letters), symbols and numbers, without using personal information (e.g. birthdays or your name). Also ensure these passwords are not the same as for your personal accounts (eg. personal email, social media etc.)
4. Always perform regular backups of your important data/files.
This is important in the case of a cyber attack that results in a loss of data.
You can access the MOHW Cloud storage service via https://cloud.moh.gov.jm. Use your domain credentials to login (same username and password used to access MOHW computers). There, you can create folders and upload files from your computer. You can also utilize other storage such as removable media, like external hard drives or flash drives for data backup.
5. Never connect to public (free) WIFI with MOHW devices (computer, tablet, mobile etc.)
Public (Free) WIFI at coffee shops, airports or other places pose a potential danger when connected to MOWH devices because it is not easy to verify who manages these networks, meaning anyone could be monitoring the network traffic, including any confidential work information, passwords etc. that you share.
Identifying Phishing Emails
6. Phishing emails usually have a tone of urgency, requiring you to give up sensitive information right away. (E.g. "Your account has been compromised, login with your username and password now to reset it"). Always be suspicious of such emails. If in doubt, verify with the apparent sender of the email via a secondary medium (E.g. phone call).
7. While not always the case, many phishing emails contain typos or other grammatical errors that you would not normally see in a professionally formatted/automated email from an official organization. (E.g. If your bank is sending you an email, it most likely will not be filled with typos).
8. Always verify the sender's email address, especially when the email is requesting sensitive information. For example, if an email is requesting that you change your MOH password and it appears to come from someone within MOH, the domain (the part after the @ symbol) would likely say moh.gov.jm. If it doesn't, this is likely a phishing email.
Safe Internet Practices
9. Avoid visiting untrusted websites and downloading unknown software.
10. Ensure the websites you are visiting uses HTTPS (look at the URL), indicating a secure connection.
11. Avoid clicking on pop-up ads or unsolicited links on websites, as doing so can potentially infect your computer with malware.
12. Keep devices and software up to date
Updates are very important for cybersecurity as many times updates are security updates whether that is a new security feature, or a patched vulnerability. Not updating devices or software exposes your data to more vulnerabilities and possible cyberattacks.
DO NOT interrupt an update once it has begun. Interruptions during software updates can corrupt files, lead to incomplete installations, and leave your device vulnerable to security risks.
13. Be Cautious of Social Engineering Attacks
DO: Be wary of unsolicited requests for personal information, even if they appear to come from trusted sources. Verify the identity of the requester through a separate, known channel.
WHY: Social engineering manipulates individuals into divulging confidential information or performing actions that compromise security. Attackers may impersonate colleagues, IT support, or other authority figures.
HOW TO: Train yourself to recognize common social engineering tactics, such as pretexting, phishing, and baiting. Always verify requests for sensitive information through a secondary, trusted communication method.
14. Utilize a Virtual Private Network (VPN) When Accessing Sensitive Information Remotely
WHY: A VPN encrypts your internet traffic, protecting it from potential eavesdropping and unauthorized access. This adds a crucial layer of security when handling sensitive information outside of the secure office environment
Always verify the sender before clicking on links or downloading attachments in emails. Phishing attacks often mimic trusted contacts or organizations to steal sensitive information. If in doubt, contact the sender directly using a known, trusted method.