Educational institutions such as WashU are prime targets for cybercriminals who use ever-evolving tactics to infiltrate systems, steal data, block access, and demand ransoms under the threat that they will publish sensitive data online. Universities operating medical centers are especially vulnerable, as they manage large amounts of sensitive patient health data. According to the Ponemon Institute, the average cost of a data breach in higher education and healthcare in 2020 were $3.9 million and $7.13 million respectively (Seltzer 2021). Such attacks are financially costly, damage trust in the institution, and create significant disruptions to daily operations.
At WashU OIS, we strive to stay ahead of novel tactics used by cybercriminals. Working with IT managers across the University, we continuously monitor systems’ security, provide trainings, and regularly communicate with our campuses about protections against emerging threats. The cybercrime threat landscape is constantly changing as criminal organizations try new tactics to infiltrate our systems. The best protection against these evolving threats is to foster an informed and aware user community. This newsletter is part of that effort. Here, we will distill recent trends in cybersecurity, discuss the threats that we see on our campus, and offer guidance for how to protect yourself, your personal data, and your work. In protecting yourself, you will also defend our entire institution against cybercrime.
In addition to this newsletter, we frequently update our website with cybersecurity alerts, guidance, and discussions of the tools we use to protect our campus. Below, please find a brief snapshot of some of these essential resources. The WashU Information Security website contains many resources beyond those described here, and we encourage you to stop by and take a look!
- Encryption makes information unreadable to all unauthorized users. We offer services such as WUSTL Box and Large File Transfer to securely manage data, as well as guidance for encrypting e-mails and devices. Visit our encryption page and read our recent article “Better Protection with Encryption” to learn more about this vital security strategy.
- WashU DUO Two-Factor Authentication (2FA) adds a second layer of security by requiring authentication through a second device when logging into WashU systems using your WUSTL Key. These systems contain sensitive personal information, so you must control access through this double-layered strategy. Learn more about WashU 2FA on our website and in our post, “2FA—Control in the Palm of Your Hand.”
- Security Tracking of Office Property (STOP) tags, offered through WashU Police, deter theft of your computer and help identify you as the owner of your device when it is recovered. Visit the WashU Police website to learn more about obtaining a STOP tag for your device, and see our recent guidance on Physical Device Security Strategies to learn how to avoid theft of your devices.
- Travel Loaner Laptops are available to WashU Faculty and Staff. These encrypted loaner devices help protect you against theft and loss of private and proprietary information while traveling.
- We frequently publish Guidance to help you stay ahead of trends in cybercrime. Our Guidance page includes device-specific security recommendations (e.g., iOS/iPadOS, MacOS, Android, Windows 10), travel guidance, remote work guidance, and links to institutional policies on mobile devices, personal devices, encryption, and computer use.
- Our Alerts page provides timely announcements about threats affecting our campus. Recent alerts include news about tax scams targeting educational institutions, credential phishing, and social security vishing on our campus. These alerts inform you of emerging threats and provide recommendations for how you can protect yourself and your data.
We are proud to be your ally in preventing cybercrime on our campus. Thank you for joining us in the effort to keep WashU secure.