SLAM Method

Cybersecurity is at the top of mind for many businesses, especially during October’s Cybersecurity Awareness Month. The main cause for concern for healthcare organizations in particular is how to recognize phishing emails to prevent breaches. There is a simple method that healthcare organizations can use to aid in the identification of phishing emails, the SLAM method. 

What Does the SLAM Acronym Stand For?

The SLAM acronym can be used as a reminder of what to look for to identify possible phishing emails. The SLAM acronym stands for sender, links, attachments, message.

Sender: when hackers send phishing emails, they often mimic a trusted sender’s email address to trick recipients into opening the email. This is why it is important to analyze a sender’s email address before opening an unsolicited email. To check an email address for validity, recipients should hover their mouse over the sender name to reveal where the email came from prior to opening it. Email addresses should be checked carefully to look for misspellings in a trusted individual’s name or a company name. It is also important to note that an email coming from a company will usually have the company’s name in the domain address. For instance, an email coming from [email protected] is not a legitimate Microsoft email address. An email coming from Microsoft support would read [email protected]

Links: phishing emails generally contain links that enable hackers to steal a recipient’s login credentials and infiltrate their network. Just like with the sender’s email address, links contained in an email should be hovered over to check the legitimacy of the link. Is the URL actually directing you to the page it says it will? Are there misspellings in the link address? It is also best practices to, rather than clicking on a link in the email itself, to go to the company website directly. For instance, many phishing emails wrongly state that your login credentials for a particular company were compromised, providing a reset link in the body of the email. However, by clicking on this link, you expose your login credentials to the hacker. Since most people use the same login credentials across multiple platforms, by stealing your credentials in one incident, it is likely that hackers will gain access to your other accounts. Whenever you receive an email that says that your login credentials were compromised, or that you need to reset your password, you should manually input the company’s website into your web browser. This way you can be certain that you are on a legitimate website, preventing your login credentials from being stolen.

Let’s Simplify Compliance

Cybersecurity and HIPAA compliance go hand-in-hand. Protect your business by becoming HIPAA compliant today!