Keeping Information Security Simple – Who’s Responsible for Information Security?

Letter from the CISO, Vol 2 Issue 1 Washington University Community: Who’s responsible for Information Security at WashU? It seems like an odd question for me to ask since I’m the Chief Information Security Officer, but I ask it anyway. I know information security is my responsibility. Or, at least, it’s usually the person in […]

Top Ten Travel Tips for Better Information Security

Travel map and compass.

By Christina Pomianek-Smith Many in the WashU community will travel this summer, visiting friends and family, taking vacations, attending classes and summer programs, staking out new study abroad opportunities, conducting research, or meeting with colleagues. The long days of summer ahead provide time to rest, relax, and recharge while also renewing professional and academic pursuits […]

The SIM Swap Scam

Hacker's Hand With Black Glove Stealing SIM Card Information.

By David Puzder Your mobile phone number may be pivotal for accessing your most important accounts. Many banks, brokers, businesses, and payment service providers rely on text messaging to verify your identity when you access or update your account. Sometimes, a login screen will offer users a choice between text messages or phone calls to […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help you protect yourself at home and while traveling. Guidance for Reporting Phishing Have you seen the Phish Alert Button? It’s the easiest […]

Joint IT and InfoSec Project Seeks Better Protections for WashU

Storage servers in data room

A joint Information Technology and Office of Information Security vulnerability management project aims to strengthen and better protect the WashU network from attacks.  The project has two main objectives: Install CrowdStrike on all Wash U servers immediately. Remediate tool-evaluated critical vulnerabilities, guiding department owners through updates, patches, and other steps. About Objective 1 WashU IT […]

Scam of the Month: Urgent Administrative Job Opportunity

This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. If you see a message like the one below, please report it immediately using the Phish Alert Button (PAB) in your Outlook interface. You can find more information about the PAB and alternative […]

Meet Your InfoSec Team: Clark Huskey, Information Security Analyst

Clark Huskey, Information Security Analyst III, started his journey in information security as an amateur radio broadcaster. In his youth, Clark tinkered with personal computers and radio broadcasting equipment. Specifically, his family used citizen band radios with a large antenna to broadcast their own bulletin board service, Silver Fox BBS, until someone hacked their broadcast. […]

SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor

SMiSh Example

A recent SMiShing scam targeted our institution by impersonating Chancellor Martin and asking recipients for gift cards. You can rest assured that the chancellor (or your supervisor) will not reach out to ask for gift cards. SMiShing is a type of attack that uses the social engineering tactics commonly associated with email phishing via text […]

Website Scavenger Hunt with $250 prize and New Protections in Office 365

Trophy with five stars

The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]

Keeping Information Security Simple – Phishing, Spear Phishing & Whaling

Letter from the CISO, Vol 1 Issue 12 Washington University Community: Do you know the differences between phishing, spear-phishing, and whaling? Let’s start with the difference between phishing and spear phishing. In short, phishing messages are those all-too-familiar messages that try to get you to give away information or install malware. They arrive via email, […]

InfoSec Allies: Office of Resource Management

By Christina Pomianek-SmithHave you ever snagged a WashU staff discount for a product or service, or found a great deal on gently used WashU office equipment through the WashUReuse Surplus Program? Do you sometimes pause to admire the design of a new office space? Did you receive personal protective equipment (PPE) or a COVID vaccine […]

Chance to Win $250 with OIS Website Scavenger Hunt

Trophy with five stars

The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]

The Dark Side of Cryptocurrency

By David PuzderAs of the writing of this newsletter, the price of Bitcoin, according to CoinMarketCap, is $29,239.16 (although this number is bound to change quickly due to Bitcoin’s high volatility) to $40,176.86. About three years ago, the price of Bitcoin was $5,251.94 (/Bitcoin price Today, BTC to USD live, market cap and Chart/). If […]

Scam of the Month: Authenticate Your Account

This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. This one is particularly tricky, but it uses a very common set of steps that criminals deploy to steal account credentials. The user receives the suspicious email, in this case from an ‘@wustl’ […]

Meet Your InfoSec Team: David Puzder, Information Security Analyst

David Puzder is our newest information security team member. David hails from Ohio and is a recent graduate of the University of Dayton. He splits his time as an Information Security Analyst between Governance, Risk, and Compliance (GRC) and Information Security Awareness, Behavior, and Culture. With the GRC, he will identify internal and third-party risks […]

Catch a Phish to Protect Yourself and WashU

Phishing is the most common tactic cybercriminals use to steal login credentials, data, and intellectual property. Billions of these messages are sent every day, but it’s now easier than ever to protect yourself and WashU by helping the Office of Information Security (OIS) catch the phish and remove it from our system. The Phish Alert […]

Keeping Information Security Simple – The Only Constant in Life is Change

Letter from the CISO, Vol 1 Issue 11 Washington University Community: There are only two things to worry about—that things will never get back to normal, or . . . that they already have. In other words, the only constant in life is change, and Information Security is no exception. I sometimes worry that I […]

Cybersecurity and the Supply Chain

Supply Chain

By Christina Pomianek-Smith You’ve undoubtedly heard the term “supply chain disruption” more times than you can count lately. The past few years have been fraught with disruptions—labor shortages caused by COVID-19, warfare, tropical storms and wildfires, factory fires, railroad transportation disruptions, and the six-day blockage of the Suez Canal. We’ve endured incredible upheavals, and many […]

Advice from a Graduating Student: Things to do as You Leave WashU

Woman moving with boxes

By Harrison Stites As members of our community graduate or otherwise move on from their time at WashU, it can be tempting to ignore or put off the things you need to do here as you look forward to the path ahead. WashU’s Office of Information Security offers you some tips and tricks to help […]

Avoid Phishing and Another Chance to Win $100 in Bear Bucks

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help us identify and report potential phishing attacks. Have you seen the Phish Alert Button? It’s the easiest way for you to report […]

Scam of the Month: Important Payroll Message

Example of Important Payroll Message Phish

This month, we’re focusing on a particularly tricky scam. This one isn’t tricky because it’s complex on its surface; it actually relies on simplicity and brevity to lure in its victims. This scam mimics an important notification to trick recipients into handing over sensitive login information. It contains many hallmarks of a typical phish, but […]

Meet Your InfoSec Team: Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response

Jason Murray - Assistant Director and Architect of Digital Forensics and Incident Response

Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response, describes his role as the leader of “a team of talented Security Analysts who defend the university from cyber villains.” Throughout his career, he’s subscribed to the design principle, “build it secure,” considering the methods hackers might use to exploit flaws and access […]

Keeping Information Security Simple – Device Management – March 2022

Letter from the CISO, Vol 1 Issue 10 Washington University Community: This month I’m going to bore you with another really basic idea: that everyone needs to manage their devices. I can almost hear you yawning when I write those words, but it’s essential and not quite as easy as you might think. Step 1: […]

Security Spring Cleaning Top Five

Spring Flowers

By Christina Pomianek-Smith  Spring has arrived, and with it, the age-old tradition of spring cleaning. Getting organized, cleaning up your computer, and checking on your security hygiene will make your life easier as you approach the end-of-semester push toward summer adventures! As you clear away the cobwebs and shake off the dust of winter, also […]

Another Chance to Win and New Defender Features Coming to Office 365

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’re introducing new security features in Office 365 and running another prize competition! March Prize Giveaway We had a great turnout for our February Information Security prize giveaway, so we’re doing it again this month! […]

Scam of the Month: Ukraine Donation Scam

This month, we’re focusing on another scam that preys on your emotions and altruistic intentions. This time, it involves cybercriminals taking advantage of fundraising for Ukraine. In just one week, legitimate fundraising for Ukraine mobilized more than $50 million in cryptocurrency. That kind of success always attracts opportunists who want their cut. This time, they’re […]

Meet Your InfoSec Team: Quint Smith, Information Security Training and Communications Manager

For the past three years, Quint Smith, Information Security Training and Communications Manager, has been building and managing the InfoSec marketing, communications, and culture program. He aims to encourage an informed, aware, and empowered user community, resilient to the continually evolving cyber threat landscape. He says, “information security is an arms race, and technical defenses […]

Electronic Waste & Paper Shredding Drives this March

E-Waste Recycling Event Flyer

On Tuesday, March 22 and Tuesday, March 29, the Operations & Facilities Management Department, the Office of Sustainability, and WashU’s Office of Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard […]

Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine

Illustration of anonymous cyberattacker

The threat of state-sponsored cyberattacks increasingly accompanies international relations. Russia has developed and demonstrated its capacity to attack and inflict damage using cyber-warfare tactics. With news of Russia’s invasion of Ukraine, many cybersecurity professionals are recommending increased vigilance during this period of unrest. While much of the responsibility for anticipating and preventing cyberattacks of this […]

Keeping Information Security Simple – Isn’t there an App for that?

Letter from the CISO, Vol 1 Issue 9 Washington University Community: This month I’d like to warn you about dangerous applications and Internet services, and four things you can do to avoid problems. Many experts focus on iPhone/iPad/iOS and Android devices, but PC and Macs are also vulnerable to malicious applications, so I’ll speak about […]

10 Security Tips for Spring-Break Travelers

Dog on beach

By Christina Pomianek-Smith Spring Break is on the horizon, and many in the WashU community plan to travel for conferences, study away, research opportunities, and maybe even a little rest and relaxation! Smartphones and other digital devices are an integral part of our everyday lives, and they can make travel seem like a blissful dream. […]

Security Tips for Working From Home

Woman working form home desk

By now, we’re all intimately familiar with the benefits and drawbacks of working from home. You may have been working from home for most of the pandemic, are a hybrid employee, or simply take your work or devices home for breaks and weekends. Whatever your unique situation, you probably have direct experience walking the increasingly […]

Seven Lucky Winners and More Chances to Win Prizes!

Trophy with five stars

The results of our 2021 Cybersecurity Awareness Month competitions are in! Our office has selected seven lucky winners. If you’re a winner, we will contact you at your WUSTL email address to request the information we need to deliver your award. If you didn’t win this time, don’t despair! Read on for information about future […]

Scam of the Month: Fake Norton or Geek Squad Call Scam

Geek Squad scam attempt

Attackers are using criminal Gmail accounts to target members of our institution with a phishing scam that involves requesting the recipient call a phone number for additional information. The attackers use dozens of Gmail accounts, using each account to target only one or a few users and modifying minor details to avoid detection. As a […]

Meet Your InfoSec Team: Bob Therina, Information Security Analyst II

Bob Therina with plane

Bob Therina, Information Security Analyst II, came to Information Security after training and working in Computer Technology and the IT-sphere more broadly. He humbly reports that he sees himself as a generalist rather than an expert, capable of working across the IT space, building bridges between colleagues with deep expertise in a variety of areas. […]

InfoSec Alert: Update Google Chrome Immediately to Address Zero-Day Vulnerability

Earlier this week, a member of Google’s threat analysis group discovered a vulnerability in Google Chrome that would allow attackers to execute arbitrary code or corrupt data on impacted machines. Google released a fix for this exploit soon after, and all Chrome users should be sure to update their browsers immediately. Chrome should update each […]

Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!

Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]

Threats to Your Research Data and Intellectual Property

World intellectual property day and education concept

By Christina Pomianek-Smith Your research data and intellectual property are valuable, not only in the pursuit of knowledge for the betterment of society but also to cybercriminals who seek to steal it or hold it for ransom. According to the Federal Bureau of Investigation , intellectual property theft is a growing threat in the digital […]

Phishing Awareness Phase II: Competition Winners to be Notified

WIn 10 PAB (Report Phish)

The Office of Information Security recently added several layers of phishing protection for our institution. We hope you have located, and perhaps even used, the new Phish Alert Button (PAB). Last week, our office distributed our first university-wide message from the KnowBe4 platform, asking users to report it as a phish using the PAB to […]

Security Advice from a Busy Student

Fingerprint and padlock on digital screen

By Jack Ballenger (Class of 2024) During these two weeks of virtual classes, students will need to use Duo Mobile, an app for two-factor authentication (2FA), to access Canvas, Outlook, WebStac, and other WashU resources since they are not connected to campus WiFi. Two-factor authentication, also called multi-factor authentication (MFA) or two-step authentication, supplements your […]

How to Take Back Control of Your Data This Data Privacy Week

Are you airing your dirty laundry?

Adapted from The National Cybersecurity Alliance, January 2022 From social media to online shopping, our lives and the digital world become more intertwined every day. The digital world affords us a new level of convenience and access to information, but there may be a hidden cost to your privacy associated with these conveniences. Consumers must […]

Data Privacy Fast Facts

Keep not Private

Adapted from National Cybersecurity Alliance 67% of internet users in the US are not aware of their country’s privacy and data protection rules. (LegalJobsIO) 47 U.S. states have nonexistent or consumer-data privacy laws only. Bills are pending in 16 states, six states have study committees or task forces, and just three states have modern data-privacy […]

Scam of the Month: SMiShing and 3 Viruses Detected Scam

Example SMiSh with 3 Viruses Scam

The Office of Information Security has received reports of a SMiShing campaign targeting people at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to their unsuspecting victim. The reported scam (pictured below) is a text-based version of a common and long-running scam that is […]

Meet Your InfoSec Team: Christina Pomianek-Smith, Policy and Risk Analyst

Photo of InfoSec Analyst Christina Pomianek-Smith

Information security involves solving complex problems, incorporating diverse perspectives to address the technical, legal, social, and behavioral dimensions of the digital era. Christina Pomianek-Smith’s recent move into information security demonstrates the multidisciplinary demands of the field. She is a cultural anthropologist by training (PhD, University of Missouri—Columbia, 2012), with research interests in trust, cooperation, and […]

Keeping Information Security Simple – Automagically update everything!

Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]

It’s the Scam, Scamiest Season of All!

Dog Shopping Image

The holidays have arrived! These final weeks of the year are extremely busy for many of us. People are traveling, shopping, awaiting packages, making end-of-year-donations, and trying to put a pin in 2021. Cybercriminals know and await these frenzied times. They especially like seasons of heightened online shopping and financial transactions because impersonating a bank, […]

Protecting the World’s Most Valuable Resource

Woman with data in brain

By: Christina Pomianek-Smith, Information Security Analyst The refrain “knowledge is power” has been repeated around the world for centuries, from ancient Sanskrit proverbs to the theme song of the animated American educational series, School House Rock. The pursuit of knowledge is central to our university mission. The objective—use knowledge to empower individuals and communities for […]

Best of: A Lookback at 2021

2022 Loading Image

What a year! We’ve continued to adapt to new working environments, a return to campus, new technologies, and novel cyberthreats. The Office Information Security launched a monthly newsletter, ran university-wide competitions, and engaged the WashU community with a slate of events and communications for Cybersecurity Awareness Month. Once again, we are proud to be among […]

The Realities of Ransomware

Ransomware is scary

By: Harrison Stites (class of 2022) Ransomware accounted for over 80 percent of the cybersecurity attacks in the education sector in 2020, according to the Verizon Data Breach Investigation Report. Healthcare organizations such as BJC (and, by extension, WashU) are significant targets for ransomware attacks because they work with Personal Health Information (PHI) and other […]