Keeping Information Security Simple – Your Internet Bodyguard

Letter from the CISO, Vol 2 Issue 6 Washington University Community: High School Bodyguard? When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when […]
Chance to Win $100 in Our Monthly Challenge

Chance to Win $100 in Our Monthly Challenge

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you to a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. We’d like to thank our challenge and giveaways participants. […]
Token-based Authentication

Token-based Authentication

By: David Puzder Last month, we covered password-based authentication explaining how to authenticate a user based on something they know. Another means to authenticate a user’s identity is through something they possess – a token. A common instance of token-based authentication is a house key. Ideally, only the person who possesses the proper key can […]
Tips for Traveling and Shopping Safely This Holiday Season

Tips for Traveling and Shopping Safely This Holiday Season

With Black Friday, Small Business Saturday, and Cyber Monday around the corner, it can be tempting to buy discounted items on impulse. Before getting caught up in a “while supplies last” frenzy, remember that scammers capitalize on hasty decisions involving payment information. According to the Federal Trade Commission’s Consumer Sentinel Network data, online shopping scams […]
Scam of the Month: Package Scheduled for Delivery Today

Scam of the Month: Package Scheduled for Delivery Today

The Office of Information Security has observed a trend where criminals send fraudulent delivery notifications in hopes that victims will scan a QR code. If you see a message like the one below, please do not interact with the sender and do not follow any special instructions. Simply report the email using the Phish Alert […]
Meet Your InfoSec Team: Victor Tinsley, GRC Security Analyst

Meet Your InfoSec Team: Victor Tinsley, GRC Security Analyst

Victor Tinsley, Governance Risk and Compliance Security Analyst I, has always been curious about how malicious actors manipulate a target environment. How do they devise new ways to exploit a system? Following his interest, he pursued a Bachelor of Science with a focus on information security. Aside from having interest in the field, Victor believes […]

Keeping Information Security Simple – You’re smart and getting smarter, but…

Letter from the CISO, Vol 2 Issue 5 Washington University Community: Everyone loves to hear how smart they are! Right? I don’t know anyone who doesn’t like hearing how they are “smart,” “bright,” “clever,” “hard-working,” “correct,” and best of all, “you’re right; I was wrong.” Today I have good news, better news, bad news, and […]
Password-based Authentication

Password-based Authentication

By David Puzder Virtually every online account requires a password. Many account providers require additional authentication steps, like the Duo push alert, to increase security. As for password-based authentication, the principle is relatively straightforward: the user provides an account name or identifier (ID) plus a password, and the system compares the given password to the […]
Cybersecurity Awareness Month 2022 Recap

Cybersecurity Awareness Month 2022 Recap

Cybersecurity Awareness Month 2022 is coming to a close. This year, we hosted four webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published a newsletter full of original content authored by WashU’s office of Information Security. Competition Our Cybersecurity Awareness Month competitions are always popular. In 2021, […]
Scam of the Month: Assistant Job Posting

Scam of the Month: Assistant Job Posting

The Office of Information Security has observed a trend where criminals send fraudulent job requests in hopes that victims will text a phone number with their personal information. If you see a message like the one below, please do not interact with the sender, phone number, or follow any special instructions. Simply report the email […]
Meet Your InfoSec Team: Brian Allen, Information Security Director

Meet Your InfoSec Team: Brian Allen, Information Security Director

Brian Allen, Certified Information Systems Security Professional (CISSP) and Information Security Director, “plays defense for WashU” by overseeing the Incident Response* and Vulnerability Management teams. Throughout his career, he has fostered connections at WashU and in the InfoSec community at large. Dependable working relationships are essential to Brian because he sees “InfoSec as a department […]
Cybersecurity Awareness Month: Multi-Factor Authentication

Cybersecurity Awareness Month: Multi-Factor Authentication

WashU’s multi-factor authentication provider is Duo, an industry leader in cybersecurity services. You can improve the strength of multi-factor authentication by opting for multi-factor authentication exclusively via an app. Here is a link that helps you set this up for WashU MFA Where can I change my device’s default authentication method? (duo.com). Did You Log […]

Revised and Updated Policies 2022

The Washington University in St. Louis Office of Information Security (OIS) supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems […]
The Anatomy of a Data Breach: What to do When You Spot One

The Anatomy of a Data Breach: What to do When You Spot One

The term “data breach” has dominated the tech world the last 24 months. From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, headlines of cybersecurity mishaps saturated news in the last two years. Yet, despite the prevalence of the breach-centric news cycle, many […]
Cybersecurity Awareness Month: Updates

Cybersecurity Awareness Month: Updates

You can control when your WashU computer updates using the Updates section in Software Center. Most updates require your computer to restart, so please save all work beforehand. You can configure automatic updates to run outside of your business hours using these steps: Navigate to Software Center. Select Options. Work Information section: Enter your Business Hours. […]
Cybersecurity Awareness Month: Ransomware

Cybersecurity Awareness Month: Ransomware

Ransomware is malicious software that renders data and systems unusable until the targeted individual or organization pays a ransom. Find out more at Ransomware | Office of Information Security | Washington University in St. Louis (wustl.edu). Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our […]
4 Easy Steps for Staying Secure in 2022

4 Easy Steps for Staying Secure in 2022

Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a […]
Cybersecurity Awareness Month: Passwords

Cybersecurity Awareness Month: Passwords

For tips on how to strengthen your passwords, visit How can I make my password secure? – Information Technology (wustl.edu). If you see fit to change your WUSTL key password, you can read the guide at How do I Change my WUSTL Key Password – Information Technology. Cybersecurity Awareness Month Test Your Knowledge Competition We […]
Cybersecurity Awareness Month: Phishing

Cybersecurity Awareness Month: Phishing

When you receive a suspicious email, please report it using the Phish Alert Button (PAB) from your Outlook account.  Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our Test Your Knowledge: Cybersecurity Awareness Month edition. Complete this activity to test what you know and receive an entry […]

Phish Alert Button Video Guide

Phishing is the most common tool used by cybercriminals to steal login credentials, personal information, data, and intellectual property. If you receive a “phishy” email (i.e., an email that demands unexpected quick action, comes from an unknown sender, asks you to supply login credentials or other personal information, etc.), please protect yourself and others at […]

Keeping Information Security Simple – It’s All About “The Hook”

Letter from the CISO, Vol 2 Issue 4 Washington University Community: What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches? The simple answer is all of us working together. And “The Hook.” Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most […]
October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]
Security Resources for Faculty and Researchers

Security Resources for Faculty and Researchers

By Christina Pomianek-Smith The Office of Information Security (OIS) supports WashU’s mission of excellence in teaching, research, and patient care by assessing the security of the tools our community uses every day to do our work. Faculty and researchers often have specific needs for secure storage and communication services and unique needs for tools that […]
Smart Gadgets Are Mostly Insecure

Smart Gadgets Are Mostly Insecure

By David Puzder Devices like smart thermostats, speakers, and doorbells might be more functional than their non-internet-enabled designs, but are they smart enough to protect themselves or the network they are on? According to a survey released in August of 2022, there were about 8.6 billion smart devices – or Internet of Things (IoT) devices […]
Win Up To $1,000 in Our Cybersecurity Awareness Month Test Your Knowledge Competition

Win Up To $1,000 in Our Cybersecurity Awareness Month Test Your Knowledge Competition

The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in our efforts. For this year’s Cybersecurity Awareness Month, we broadened the range of topics covered by our knowledge test, and we increased our prize amounts accordingly. We hope that taking this quiz and playing the […]
Information Security for your Car

Information Security for your Car

By Matt Lang Deeply integrated into our daily lives, laptops and cell phones are well-known targets for hackers. A less-obvious target that we also use almost every day has recently emerged—the car. Today’s cars are like big computers on wheels, and the consequences of a hack could be deadly. To hack your car, all a […]
Scam of the Month: Fake Password Expiration

Scam of the Month: Fake Password Expiration

The Office of Information Security has observed a trend where criminals send fraudulent password expiration notices in hopes that victims will disclose their WUSTL Key on a fake login page. If you see a message like the one below, please do not interact with any links or follow any special instructions regarding authentication methods. Simply […]
Meet Your InfoSec Team: Andrew Duba, Information Security Analyst III

Meet Your InfoSec Team: Andrew Duba, Information Security Analyst III

Andrew Duba, Information Security Analyst III, is a member of the Digital Forensics and Incident Response Team. During conversations about his job, “most people think of what they see in movies and TV.” These depictions often embellish what the job is like, so “it can be tough to demystify and make it more accessible.” Realistically, […]

Keeping Information Security Simple – Help Yourself by Helping Others

Letter from the CISO, Vol 2 Issue 3 Washington University Community: Want to know how to be “enough” of an information security expert? In “Outliers,” Malcolm Gladwell popularized the idea of needing 10,000 hours of practice to become an expert. I studied karate for many years, and one of my sensei’s (instructor’s) expectations was that […]
Helpful Resources for Students (and Everyone Else)

Helpful Resources for Students (and Everyone Else)

Welcome back! We know you’ll be busy as the semester begins, so we’ve pulled together resources to help you with a variety of common security needs. See below for our roundup of guidance to help you get in the swing of the semester! Devices Device security is essential for protecting your privacy and data. Sound […]
InfoSec Ally: University Registrar, Keri Disch

InfoSec Ally: University Registrar, Keri Disch

By: Christina Pomianek-Smith University Registrar Keri Disch is serious about securing student data in the digital era. Disch moved to St. Louis in July 2020 to join the WashU community after twenty years at Northwestern University, where she first became interested in central registrar work. The University Registrar serves as a central hub for many […]
Scam of the Month: Student-Focused Scams

Scam of the Month: Student-Focused Scams

As school begins on campuses nationwide, criminals turn their attention to scams targeting students who are busy preparing for the upcoming semester. Criminals frequently rely on timely topics and strategies to exploit their victims. Below, you will find examples of real scam emails reported to our team within the last month. As we all gear […]
Meet Your InfoSec Team: Greg Whipple, Information Security Analyst III

Meet Your InfoSec Team: Greg Whipple, Information Security Analyst III

Greg Whipple, Information Security Analyst III, is new to the Digital Forensics and Incident Response Team. In his role, Greg will perform forensic analysis of log data to further investigations into potential system compromises. Greg will also recommend ways to improve our processes and tools. Greg started his journey in information security with the US […]
Chance to Win $100 in Our Monthly Challenge

Chance to Win $100 in Our Monthly Challenge

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish […]
The CIS Workbench is Your Security Toolkit

The CIS Workbench is Your Security Toolkit

CIS WorkBench is a resource where IT staff at Washington University in St. Louis can view CIS Benchmarks (Center for Information Security Benchmarks). These benchmarks are configuration standards and best practices for hardening digital assets; therefore, they help determine how to harden legacy systems.Here is how you can create your account with CIS WorkBench: Visit […]

Keeping Information Security Simple – Why Do Cars Have Brakes?

Letter from the CISO, Vol 2 Issue 2 Washington University Community: Why Do Cars Have Brakes? Why do cars have brakes? The obvious answer is that it helps them slow down and stop. The “real” counter-intuitive reason is that brakes let cars go fast. Imagine the panic and fear of being in a car that […]
Identity Theft: Unflattering Imitation

Identity Theft: Unflattering Imitation

By David Puzder Identity theft is nothing new. The term itself dates back to 1964 – a time exclusive to physical theft of documents like social security cards, credit cards, and driver’s licenses. These days, much of our personal information is on the internet. Due to the pandemic’s restrictions, more people used the internet for […]
Wonderful OneTrust

Wonderful OneTrust

By Christina Pomianek-Smith The Information Security Governance, Risk, and Compliance (GRC) team, led by Assistant Director, Denise Woodward, handles many types of security-related requests from the WashU community. When researchers need a security review of the tools they’re using for a study, when a department wants to adopt new technology, or when someone requires a […]
QR Codes: How Safe are They?

QR Codes: How Safe are They?

By Matt Lang Quick Response Codes (QR codes) are increasingly popular, especially since most people no longer need a third-party app to scan them. During the Super Bowl last year, cryptocurrency company Coinbase spent millions of dollars on an ad that simply featured a QR code displayed on the screen. That ad became one of […]
Vulnerability Management Project: Expanded Server Protection

Vulnerability Management Project: Expanded Server Protection

Overview The WashU Information Security team is actively engaged in keeping our network and data safe. Through the Security Vulnerabilities Project, one of the team’s main objectives is to expand server protection throughout WashU. Why A recent serious security incident was detected early because a server had the WashU Falcon CrowdStrike sensor installed. Due to […]
Chance to Win $100 in Our Monthly Challenge

Chance to Win $100 in Our Monthly Challenge

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish […]
Business Impact Analysis and Risk Assessment Reviews

Business Impact Analysis and Risk Assessment Reviews

Over the next several months, the Office of Information Security will conduct a Business Impact Analysis (BIA) and Risk Assessments (RA) on 24 important and critical applications. The BIA is essential to building an effective framework for a Business Continuity Plan. The goal of the BIA is to identify critical functions of the organization and […]
Scam of the Month: Fake (Real) Invoice Scam

Scam of the Month: Fake (Real) Invoice Scam

The Office of Information Security has observed a trend where criminals are sending fraudulent invoices to unsuspecting victims in hopes that they will be paid without the recipient noting that they are part of a scam. The tricky part of this particular scam is that the invoices are actually generated by payment handlers like PayPal. […]
Meet Your InfoSec Team: Brett McFadden, Information Security Analyst II

Meet Your InfoSec Team: Brett McFadden, Information Security Analyst II

Brett McFadden, Information Security Analyst II, originally wanted to be a website designer. After taking a few classes in web development, he concluded that CSS – a style sheet language used by effective web developers – can only be understood by “wizards.” After consulting with a friend, Brett decided to investigate the cybersecurity program at […]
Top Ten Travel Tips for Better Information Security

Top Ten Travel Tips for Better Information Security

By Christina Pomianek-Smith Many in the WashU community will travel this summer, visiting friends and family, taking vacations, attending classes and summer programs, staking out new study abroad opportunities, conducting research, or meeting with colleagues. The long days of summer ahead provide time to rest, relax, and recharge while also renewing professional and academic pursuits […]
The SIM Swap Scam

The SIM Swap Scam

By David Puzder Your mobile phone number may be pivotal for accessing your most important accounts. Many banks, brokers, businesses, and payment service providers rely on text messaging to verify your identity when you access or update your account. Sometimes, a login screen will offer users a choice between text messages or phone calls to […]
Chance to Win $100 in Our Monthly Challenge

Chance to Win $100 in Our Monthly Challenge

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help you protect yourself at home and while traveling. Guidance for Reporting Phishing Have you seen the Phish Alert Button? It’s the easiest […]
Joint IT and InfoSec Project Seeks Better Protections for WashU

Joint IT and InfoSec Project Seeks Better Protections for WashU

A joint Information Technology and Office of Information Security vulnerability management project aims to strengthen and better protect the WashU network from attacks.  The project has two main objectives: Install CrowdStrike on all Wash U servers immediately. Remediate tool-evaluated critical vulnerabilities, guiding department owners through updates, patches, and other steps. About Objective 1 WashU IT […]
Scam of the Month: Urgent Administrative Job Opportunity

Scam of the Month: Urgent Administrative Job Opportunity

This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. If you see a message like the one below, please report it immediately using the Phish Alert Button (PAB) in your Outlook interface. You can find more information about the PAB and alternative […]
Meet Your InfoSec Team: Clark Huskey, Information Security Analyst

Meet Your InfoSec Team: Clark Huskey, Information Security Analyst

Clark Huskey, Information Security Analyst III, started his journey in information security as an amateur radio broadcaster. In his youth, Clark tinkered with personal computers and radio broadcasting equipment. Specifically, his family used citizen band radios with a large antenna to broadcast their own bulletin board service, Silver Fox BBS, until someone hacked their broadcast. […]
SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor

SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor

A recent SMiShing scam targeted our institution by impersonating Chancellor Martin and asking recipients for gift cards. You can rest assured that the chancellor (or your supervisor) will not reach out to ask for gift cards. SMiShing is a type of attack that uses the social engineering tactics commonly associated with email phishing via text […]
Keeping Information Security Simple – Phishing, Spear Phishing & Whaling

Keeping Information Security Simple – Phishing, Spear Phishing & Whaling

Letter from the CISO, Vol 1 Issue 12 Washington University Community: Do you know the differences between phishing, spear-phishing, and whaling? Let’s start with the difference between phishing and spear phishing. In short, phishing messages are those all-too-familiar messages that try to get you to give away information or install malware. They arrive via email, […]
InfoSec Allies: Office of Resource Management

InfoSec Allies: Office of Resource Management

By Christina Pomianek-SmithHave you ever snagged a WashU staff discount for a product or service, or found a great deal on gently used WashU office equipment through the WashUReuse Surplus Program? Do you sometimes pause to admire the design of a new office space? Did you receive personal protective equipment (PPE) or a COVID vaccine […]
Chance to Win $250 with OIS Website Scavenger Hunt

Chance to Win $250 with OIS Website Scavenger Hunt

The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]
The Dark Side of Cryptocurrency

The Dark Side of Cryptocurrency

By David PuzderAs of the writing of this newsletter, the price of Bitcoin, according to CoinMarketCap, is $29,239.16 (although this number is bound to change quickly due to Bitcoin’s high volatility) to $40,176.86. About three years ago, the price of Bitcoin was $5,251.94 (“Bitcoin price Today, BTC to USD live, market cap and Chart”). If […]
Scam of the Month: Authenticate Your Account

Scam of the Month: Authenticate Your Account

This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. This one is particularly tricky, but it uses a very common set of steps that criminals deploy to steal account credentials. The user receives the suspicious email, in this case from an ‘@wustl’ […]
Meet Your InfoSec Team: David Puzder, Information Security Analyst

Meet Your InfoSec Team: David Puzder, Information Security Analyst

David Puzder is our newest information security team member. David hails from Ohio and is a recent graduate of the University of Dayton. He splits his time as an Information Security Analyst between Governance, Risk, and Compliance (GRC) and Information Security Awareness, Behavior, and Culture. With the GRC, he will identify internal and third-party risks […]
Catch a Phish to Protect Yourself and WashU

Catch a Phish to Protect Yourself and WashU

Phishing is the most common tactic cybercriminals use to steal login credentials, data, and intellectual property. Billions of these messages are sent every day, but it’s now easier than ever to protect yourself and WashU by helping the Office of Information Security (OIS) catch the phish and remove it from our system. The Phish Alert […]
Cybersecurity and the Supply Chain

Cybersecurity and the Supply Chain

By Christina Pomianek-Smith You’ve undoubtedly heard the term “supply chain disruption” more times than you can count lately. The past few years have been fraught with disruptions—labor shortages caused by COVID-19, warfare, tropical storms and wildfires, factory fires, railroad transportation disruptions, and the six-day blockage of the Suez Canal. We’ve endured incredible upheavals, and many […]
Advice from a Graduating Student: Things to do as You Leave WashU

Advice from a Graduating Student: Things to do as You Leave WashU

By Harrison Stites As members of our community graduate or otherwise move on from their time at WashU, it can be tempting to ignore or put off the things you need to do here as you look forward to the path ahead. WashU’s Office of Information Security offers you some tips and tricks to help […]
Avoid Phishing and Another Chance to Win $100 in Bear Bucks

Avoid Phishing and Another Chance to Win $100 in Bear Bucks

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help us identify and report potential phishing attacks. Have you seen the Phish Alert Button? It’s the easiest way for you to report […]
Scam of the Month: Important Payroll Message

Scam of the Month: Important Payroll Message

This month, we’re focusing on a particularly tricky scam. This one isn’t tricky because it’s complex on its surface; it actually relies on simplicity and brevity to lure in its victims. This scam mimics an important notification to trick recipients into handing over sensitive login information. It contains many hallmarks of a typical phish, but […]
Meet Your InfoSec Team: Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response

Meet Your InfoSec Team: Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response

Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response, describes his role as the leader of “a team of talented Security Analysts who defend the university from cyber villains.” Throughout his career, he’s subscribed to the design principle, “build it secure,” considering the methods hackers might use to exploit flaws and access […]
Security Spring Cleaning Top Five

Security Spring Cleaning Top Five

By Christina Pomianek-Smith  Spring has arrived, and with it, the age-old tradition of spring cleaning. Getting organized, cleaning up your computer, and checking on your security hygiene will make your life easier as you approach the end-of-semester push toward summer adventures! As you clear away the cobwebs and shake off the dust of winter, also […]
Another Chance to Win and New Defender Features Coming to Office 365

Another Chance to Win and New Defender Features Coming to Office 365

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’re introducing new security features in Office 365 and running another prize competition! March Prize Giveaway We had a great turnout for our February Information Security prize giveaway, so we’re doing it again this month! […]

Scam of the Month: Ukraine Donation Scam

This month, we’re focusing on another scam that preys on your emotions and altruistic intentions. This time, it involves cybercriminals taking advantage of fundraising for Ukraine. In just one week, legitimate fundraising for Ukraine mobilized more than $50 million in cryptocurrency. That kind of success always attracts opportunists who want their cut. This time, they’re […]
Meet Your InfoSec Team: Quint Smith, Information Security Training and Communications Manager

Meet Your InfoSec Team: Quint Smith, Information Security Training and Communications Manager

For the past three years, Quint Smith, Information Security Training and Communications Manager, has been building and managing the InfoSec marketing, communications, and culture program. He aims to encourage an informed, aware, and empowered user community, resilient to the continually evolving cyber threat landscape. He says, “information security is an arms race, and technical defenses […]
Electronic Waste & Paper Shredding Drives this March

Electronic Waste & Paper Shredding Drives this March

On Tuesday, March 22 and Tuesday, March 29, the Operations & Facilities Management Department, the Office of Sustainability, and WashU’s Office of Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard […]
Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine

Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine

The threat of state-sponsored cyberattacks increasingly accompanies international relations. Russia has developed and demonstrated its capacity to attack and inflict damage using cyber-warfare tactics. With news of Russia’s invasion of Ukraine, many cybersecurity professionals are recommending increased vigilance during this period of unrest. While much of the responsibility for anticipating and preventing cyberattacks of this […]

Keeping Information Security Simple – Isn’t there an App for that?

Letter from the CISO, Vol 1 Issue 9 Washington University Community: This month I’d like to warn you about dangerous applications and Internet services, and four things you can do to avoid problems. Many experts focus on iPhone/iPad/iOS and Android devices, but PC and Macs are also vulnerable to malicious applications, so I’ll speak about […]
10 Security Tips for Spring-Break Travelers

10 Security Tips for Spring-Break Travelers

By Christina Pomianek-Smith Spring Break is on the horizon, and many in the WashU community plan to travel for conferences, study away, research opportunities, and maybe even a little rest and relaxation! Smartphones and other digital devices are an integral part of our everyday lives, and they can make travel seem like a blissful dream. […]
Security Tips for Working From Home

Security Tips for Working From Home

By now, we’re all intimately familiar with the benefits and drawbacks of working from home. You may have been working from home for most of the pandemic, are a hybrid employee, or simply take your work or devices home for breaks and weekends. Whatever your unique situation, you probably have direct experience walking the increasingly […]
Seven Lucky Winners and More Chances to Win Prizes!

Seven Lucky Winners and More Chances to Win Prizes!

The results of our 2021 Cybersecurity Awareness Month competitions are in! Our office has selected seven lucky winners. If you’re a winner, we will contact you at your WUSTL email address to request the information we need to deliver your award. If you didn’t win this time, don’t despair! Read on for information about future […]
Scam of the Month: Fake Norton or Geek Squad Call Scam

Scam of the Month: Fake Norton or Geek Squad Call Scam

Attackers are using criminal Gmail accounts to target members of our institution with a phishing scam that involves requesting the recipient call a phone number for additional information. The attackers use dozens of Gmail accounts, using each account to target only one or a few users and modifying minor details to avoid detection. As a […]
Meet Your InfoSec Team: Bob Therina, Information Security Analyst II

Meet Your InfoSec Team: Bob Therina, Information Security Analyst II

Bob Therina, Information Security Analyst II, came to Information Security after training and working in Computer Technology and the IT-sphere more broadly. He humbly reports that he sees himself as a generalist rather than an expert, capable of working across the IT space, building bridges between colleagues with deep expertise in a variety of areas. […]

Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!

Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]
Threats to Your Research Data and Intellectual Property

Threats to Your Research Data and Intellectual Property

By Christina Pomianek-Smith Your research data and intellectual property are valuable, not only in the pursuit of knowledge for the betterment of society but also to cybercriminals who seek to steal it or hold it for ransom. According to the Federal Bureau of Investigation , intellectual property theft is a growing threat in the digital […]
Phishing Awareness Phase II: Competition Winners to be Notified

Phishing Awareness Phase II: Competition Winners to be Notified

The Office of Information Security recently added several layers of phishing protection for our institution. We hope you have located, and perhaps even used, the new Phish Alert Button (PAB). Last week, our office distributed our first university-wide message from the KnowBe4 platform, asking users to report it as a phish using the PAB to […]
Security Advice from a Busy Student

Security Advice from a Busy Student

By Jack Ballenger (Class of 2024) During these two weeks of virtual classes, students will need to use Duo Mobile, an app for two-factor authentication (2FA), to access Canvas, Outlook, WebStac, and other WashU resources since they are not connected to campus WiFi. Two-factor authentication, also called multi-factor authentication (MFA) or two-step authentication, supplements your […]
How to Take Back Control of Your Data This Data Privacy Week

How to Take Back Control of Your Data This Data Privacy Week

Adapted from The National Cybersecurity Alliance, January 2022 From social media to online shopping, our lives and the digital world become more intertwined every day. The digital world affords us a new level of convenience and access to information, but there may be a hidden cost to your privacy associated with these conveniences. Consumers must […]
Data Privacy Fast Facts

Data Privacy Fast Facts

Adapted from National Cybersecurity Alliance 67% of internet users in the US are not aware of their country’s privacy and data protection rules. (LegalJobsIO) 47 U.S. states have nonexistent or consumer-data privacy laws only. Bills are pending in 16 states, six states have study committees or task forces, and just three states have modern data-privacy […]
Scam of the Month: SMiShing and 3 Viruses Detected Scam

Scam of the Month: SMiShing and 3 Viruses Detected Scam

The Office of Information Security has received reports of a SMiShing campaign targeting people at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to their unsuspecting victim. The reported scam (pictured below) is a text-based version of a common and long-running scam that is […]
Meet Your InfoSec Team: Christina Pomianek-Smith, Policy and Risk Analyst

Meet Your InfoSec Team: Christina Pomianek-Smith, Policy and Risk Analyst

Information security involves solving complex problems, incorporating diverse perspectives to address the technical, legal, social, and behavioral dimensions of the digital era. Christina Pomianek-Smith’s recent move into information security demonstrates the multidisciplinary demands of the field. She is a cultural anthropologist by training (PhD, University of Missouri—Columbia, 2012), with research interests in trust, cooperation, and […]

Keeping Information Security Simple – Automagically update everything!

Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]
It’s the Scam, Scamiest Season of All!

It’s the Scam, Scamiest Season of All!

The holidays have arrived! These final weeks of the year are extremely busy for many of us. People are traveling, shopping, awaiting packages, making end-of-year-donations, and trying to put a pin in 2021. Cybercriminals know and await these frenzied times. They especially like seasons of heightened online shopping and financial transactions because impersonating a bank, […]
Protecting the World’s Most Valuable Resource

Protecting the World’s Most Valuable Resource

By: Christina Pomianek-Smith, Information Security Analyst The refrain “knowledge is power” has been repeated around the world for centuries, from ancient Sanskrit proverbs to the theme song of the animated American educational series, School House Rock. The pursuit of knowledge is central to our university mission. The objective—use knowledge to empower individuals and communities for […]
Best of: A Lookback at 2021

Best of: A Lookback at 2021

What a year! We’ve continued to adapt to new working environments, a return to campus, new technologies, and novel cyberthreats. The Office Information Security launched a monthly newsletter, ran university-wide competitions, and engaged the WashU community with a slate of events and communications for Cybersecurity Awareness Month. Once again, we are proud to be among […]
The Realities of Ransomware

The Realities of Ransomware

By: Harrison Stites (class of 2022) Ransomware accounted for over 80 percent of the cybersecurity attacks in the education sector in 2020, according to the Verizon Data Breach Investigation Report. Healthcare organizations such as BJC (and, by extension, WashU) are significant targets for ransomware attacks because they work with Personal Health Information (PHI) and other […]

Scam of the Month: COVID Omicron Phishing

Security researchers are warning of an uptick in phishing attacks targeting universities themed around COVID, Omicron, and testing information. These attackers seek to steal valuable information and often have the goal of tricking users into handing over their university (or other) log-in credentials. Below, you will find an example of a phishing message using Omicron […]
Meet Your InfoSec Team: James Gagliarducci, Information Security Director

Meet Your InfoSec Team: James Gagliarducci, Information Security Director

James Gagliarducci, Director of Information Security, an electrical engineer by training and a security whiz by experience and certification, started out designing radar systems for the Department of Defense. He joined WashU IT as a network engineer in the 90s. Remembering those days, James says, “I loved it.” When the Health Insurance Portability and Accountability […]
Have a Happy (and Secure) Thanksgiving

Have a Happy (and Secure) Thanksgiving

People across America are preparing to travel over the river and through the wood, visiting friends and family for Thanksgiving. The American Automobile Association predicts more than 53 million people will travel for Thanksgiving this year, an increase of 13% from 2020 and the most significant single-year increase since 2005. Many of us are eager […]
Online Holiday Shopping Scams

Online Holiday Shopping Scams

Winter-holiday shopping of yesteryear kicked off with the deep discounts and early-bird specials of Black Friday, a retail frenzy on the day after Thanksgiving. Traditionally, shoppers forwent their post-feast dreams, waking early to await doorbuster sales at their favorite retailers. Today, shoppers avoid the crowd, line, and occasional brawl by shopping online. The move to […]