Keeping Information Security Simple – Automagically update everything!

Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]
It’s the Scam, Scamiest Season of All!

It’s the Scam, Scamiest Season of All!

The holidays have arrived! These final weeks of the year are extremely busy for many of us. People are traveling, shopping, awaiting packages, making end-of-year-donations, and trying to put a pin in 2021. Cybercriminals know and await these frenzied times. They especially like seasons of heightened online shopping and financial transactions because impersonating a bank, […]
Protecting the World’s Most Valuable Resource

Protecting the World’s Most Valuable Resource

By: Christina Pomianek-Smith, Information Security Analyst The refrain “knowledge is power” has been repeated around the world for centuries, from ancient Sanskrit proverbs to the theme song of the animated American educational series, School House Rock. The pursuit of knowledge is central to our university mission. The objective—use knowledge to empower individuals and communities for […]
Best of: A Lookback at 2021

Best of: A Lookback at 2021

What a year! We’ve continued to adapt to new working environments, a return to campus, new technologies, and novel cyberthreats. The Office Information Security launched a monthly newsletter, ran university-wide competitions, and engaged the WashU community with a slate of events and communications for Cybersecurity Awareness Month. Once again, we are proud to be among […]
The Realities of Ransomware

The Realities of Ransomware

By: Harrison Stites (class of 2022) Ransomware accounted for over 80 percent of the cybersecurity attacks in the education sector in 2020, according to the Verizon Data Breach Investigation Report. Healthcare organizations such as BJC (and, by extension, WashU) are significant targets for ransomware attacks because they work with Personal Health Information (PHI) and other […]

Scam of the Month: COVID Omicron Phishing

Security researchers are warning of an uptick in phishing attacks targeting universities themed around COVID, Omicron, and testing information. These attackers seek to steal valuable information and often have the goal of tricking users into handing over their university (or other) log-in credentials. Below, you will find an example of a phishing message using Omicron […]
Meet Your InfoSec Team: James Gagliarducci, Information Security Director

Meet Your InfoSec Team: James Gagliarducci, Information Security Director

James Gagliarducci, Director of Information Security, an electrical engineer by training and a security whiz by experience and certification, started out designing radar systems for the Department of Defense. He joined WashU IT as a network engineer in the 90s. Remembering those days, James says, “I loved it.” When the Health Insurance Portability and Accountability […]
Have a Happy (and Secure) Thanksgiving

Have a Happy (and Secure) Thanksgiving

People across America are preparing to travel over the river and through the wood, visiting friends and family for Thanksgiving. The American Automobile Association predicts more than 53 million people will travel for Thanksgiving this year, an increase of 13% from 2020 and the most significant single-year increase since 2005. Many of us are eager […]
Online Holiday Shopping Scams

Online Holiday Shopping Scams

Winter-holiday shopping of yesteryear kicked off with the deep discounts and early-bird specials of Black Friday, a retail frenzy on the day after Thanksgiving. Traditionally, shoppers forwent their post-feast dreams, waking early to await doorbuster sales at their favorite retailers. Today, shoppers avoid the crowd, line, and occasional brawl by shopping online. The move to […]
Last Chance for Prizes and Cybersecurity Awareness Month 2021 Recap

Last Chance for Prizes and Cybersecurity Awareness Month 2021 Recap

Cybersecurity Awareness Month 2021 is in the rearview mirror! This year, we set out on the Road to Cybersecurity together. We hosted several events, sent out weekly security tips, and published a great newsletter full of original content authored by WashU’s information security staff. Competitions Our Cybersecurity Awareness Month competitions are always popular. In 2020, […]
Easy Security with WUSTL ONE and WashU’s DocuSign

Easy Security with WUSTL ONE and WashU’s DocuSign

Last month, we published an article about a common tactic that uses fake DocuSign emails to trick users into handing over personal information. This month, we take a closer look at the process using WashU’s enterprise (i.e., university-provided) DocuSign service. When you receive a DocuSign request from a WashU sender, you will receive an email […]
Bonus Scam of the Month: Emotet Attachment Scam

Bonus Scam of the Month: Emotet Attachment Scam

The Information Security Office recently became aware of the reemergence of a malware distribution network previously taken down by law enforcement. This phishing email may look like a reply from a previous familiar email chain. This malicious phishing email uses three types of email attachments to install malware. These attachments include: Microsoft Excel spreadsheets Microsoft […]
Meet Your InfoSec Team: Michael Mayer, Information Security Analyst

Meet Your InfoSec Team: Michael Mayer, Information Security Analyst

Michael Mayer is an Information Security Analyst II working in Governance, Risk, and Compliance. This part of our office is a critical component of our information security posture. Michael cooperates with researchers and other university offices in support of safe and ethical research. He works with the Institutional Review Board to evaluate security requirements for […]
Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership

Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership

Members of the WashU community are receiving phishing emails impersonating university leadership, including Chancellor Martin and Dean Perlmutter. These messages request changes to direct deposit information due to suspicious activity.  Phishing scams often impersonate people in leadership positions to encourage a heightened sense of urgency in the recipient. Additionally, information about leaders is publicly available […]
Know the Rules of the Road

Know the Rules of the Road

We’re on the last leg of our road trip, but our cybersecurity adventure is far from over. The WashU Office of Information Security will always be your trusty navigator and loyal travel companion on the Road to Cybersecurity. We’ll help you steer through the twists and turns of the road ahead and give you a […]

Employee Follows Policy to Report Colonial Pipeline Attack

A little before 5 a.m. on May 7th, 2021, an employee at the Colonial Pipeline noticed a ransom note on their computer demanding cryptocurrency. This employee followed the company’s policies and procedures and immediately reported the situation. The Colonial Pipeline attack might be one of the largest and most impactful cyberattacks in history. It started when […]
Test Your Knowledge Competition

Test Your Knowledge Competition

To wrap up another successful Cybersecurity Awareness Month, we invite you to show us what you know by entering our Test Your Knowledge Competition.  Complete this activity to test what you know and receive an entry for one of several Bear Bucks awards.  Prizes Grand Prize: $500 BearBucks credit. Additonal Prizes: $250 BearBucks credits. Don’t […]
Enter Our Student Prize Competition

Enter Our Student Prize Competition

On October 20th, CISO Chris Shull and WashU Computer Science Major Skylar Fong cooperated to run a webinar discussing Careers in Cybersecurity. Dozens of students participated in the evening event. Chris Shull offered valuable insights about the interdisciplinary nature of cybersecurity and the qualities that he looks for in a prospective new hire. Skylar shared […]

He Held Her Hostage with His Words

Bonus Scam of the Month  On Father’s Day, 2021, Jaime Bardacke, a licensed clinical social worker in San Fransisco, received a phone call from a man who identified himself as Lt. Timothy Reid of the San Mateo County Sheriff’s Office. Initially, Bardacke was not surprised by the call. She had dealt with legal issues involving […]
Scam of the Month: DocuSign Phishing

Scam of the Month: DocuSign Phishing

Attackers continuously adjust their tactics to circumvent our defensive strategies, using new methods to access our systems, data, and personal information. Even as attackers develop new scams, one element seems to carry on—impersonation. Our office frequently publishes about impersonation because it forms the basis of most phishing attempts. Often, attackers impersonate a high-ranking employee in […]
Verify and Report

Verify and Report

This week, read about how the employees of FireEye and SolarWinds responded to a hack and where a timely verification would have changed the outcome. The SolarWinds hack was first spotted by someone at FireEye, a cybersecurity company. A staff member noticed that an employee signed in using their username and password but a new […]
Student Prize Competition 2021

Student Prize Competition 2021

Thank you for your interest in our student prize competition! Use the Phish Alert Button (PAB) to report phishing attempts for your chance to win! To participate, register here by November 3rd: https://wustl.az1.qualtrics.com/jfe/form/SV_7418aAb5ROape6i Additional Resources from Webinar Slide deck Event Recording Using the Phish Alert Button About the KnowBe4 Program
The Race Against Ransomware

The Race Against Ransomware

Ransomware is a specific category of malware that causes harm to the computer and the computer system. The U.S. Cybersecurity and Infrastructure Security Agency defines ransomware as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” The threat actors (hackers) behind […]
Cyberattacks are speeding up

Cyberattacks are speeding up

Organizations have been a driving force behind cybersecurity awareness and training. It’s more important than ever to be up to date with cybersecurity knowledge so that attacks don’t happen on your watch.  In these special edition Cybersecurity Awareness Month articles, you’ll read about damaging attacks that happened in 2021 — and how employee actions changed […]

Keeping Information Security Simple – Physical Security Comes First

Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]
Cybercrime and Human Intelligence

Cybercrime and Human Intelligence

To defend ourselves against cybercrime, we cannot rely on technology alone. Cybercriminals constantly try different attack strategies, attempting to confuse, surprise, and manipulate their targets. Phishing emails are the most common attack strategy, and these messages are subject to the limitless creativity of their criminal authors. As a result, even state-of-the-art technology cannot perfectly detect […]
October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month is here!  Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools […]
SHRED-IT: Electronic Waste & Paper Shredding Drives

SHRED-IT: Electronic Waste & Paper Shredding Drives

On Tuesday, October 19 and Tuesday, October 26, Operations & Facilities Management Department, the Office of Sustainability, WashU Office of Information Security, and BJC Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard drives […]
Scam of the Month—September 2021

Scam of the Month—September 2021

Zero-Click Security Threat Earlier this month, the Office of Information Security published an alert about “zero-click” spyware. Typical cyberattacks require the target to interact in some way with malicious content by clicking on a link or downloading an attachment from an unknown sender. Zero-click attacks do not require this sort of engagement. According to the interim […]
Meet Your InfoSec Team: Denise Woodward, Information Security Manager

Meet Your InfoSec Team: Denise Woodward, Information Security Manager

Denise Woodward is an Information Security Manager in Governance, Risk, and Compliance for our Office of Information Security. She has 27 years of experience in IT, 22 of which are in information security. She got her start in information security working on the Help Desk of A.G. Edwards & Sons and has enjoyed solving problems […]

Keeping Information Security Simple – Be Skeptical and a Little Paranoid

Letter from the CISO, Vol 1 Issue 3 Washington University Community: “Keep Information Security Simple” has been my motto for nearly a decade. This month, I’d like to share an important thing that everyone can do to improve our security—slow down, just a little bit because haste makes good people fall for bad tricks. In the first […]

Get Inside the Hacker Mindset to Create Stronger Passwords

By Harrison Stites. In the last issue of SECURED, Chris Shull, Chief Information Security Officer, wrote about the importance of passwords. Specifically, Chris emphasized using unique and long passwords for each login to prevent hackers from accessing your accounts. However, for most users, remembering long, unique passwords is not feasible. Today, we will describe the tactics […]

Safety Tips for Back to School (Poster/Graphic)

By Harrison Stites. The Office of Information Security wishes everyone a safe and productive return to the classroom. In support of your return, we want to remind you of a few simple but important security strategies that you can use to protect yourself and your data.  Back-Up Devices Back up your devices and accounts to prevent […]

Protect Yourself from Misinformation

By Harrison Stites. The internet provides a platform for anyone to share information, and legitimate news must fight through the noise of misinformation to reach readers.  Misinformation is false or misleading information created by actors with malicious intent. It is especially dangerous when readers fail to detect its illegitimacy and perpetuate it by sharing it on social […]
Scam of the Month—August 2021

Scam of the Month—August 2021

The Office of Information Security has received reports of a SMiShing campaign targeting students at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to the unsuspecting victim.  The reported SMiShing attempt is posted below. The message sender is posing as someone in a position […]
Meet Your InfoSec Team: Kevin Hardcastle, WashU Associate CISO

Meet Your InfoSec Team: Kevin Hardcastle, WashU Associate CISO

Kevin Hardcastle, a long-time leader in information security has been instrumental in keeping WashU secure. Kevin was first drawn to IT while studying at Missouri State, where he received a bachelor’s degree in computer information systems. He has 36 years of experience in information technology, including 21 years of experience in information security. He began […]

Keeping Information Security Simple – Multi-Factor Authentication

Washington University Community: Thank you for the positive feedback on June’s first issue of our new Information Security Bulletin, “Secured!” If you missed it, you can read it and other articles of interest at https://informationsecurity.wustl.edu/blog/. For almost a decade, I’ve been trying to “Keep Information Security Simple” (KISS) for my clients, employers, and friends. KISS is […]

Workday Security

Washington University recently adopted Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU.  WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive information such […]

How to use your source-checking skills to stay safe from phishing

By Harrison Stites According to IC3, an FBI subsidiary, 241,342 Americans were victims of successful phishing attacks in 2020. The tactics used in phishing continue to evolve with the intent of getting you to divulge sensitive information or download malicious attachments. However, you already possess the skills to prevent phishing attacks and stay safe online. […]

Save, Secure, and Share with Box and OneDrive

Institutions such as Washington University have incredible data storage and transfer needs. Members of our community are continuously engaged in research, teaching, and patient care, producing large quantities of data that need secure storage as well as accessibility. Further, the COVID-19 remote-work era has demonstrated the need for file access from multiple devices, in multiple […]

Phishing 101

Email phishing has long been the method of choice for many cybercriminals who seek to exploit vulnerabilities for personal gain. These attacks are continually revised and refreshed to take advantage of current trends and new strategies used to socially engineer their victims.  Phishing works so well because it takes advantage of human emotion, convincing unsuspecting […]

Scam of the Month—July 2021

Before we get to our Scam of the Month for July, we wanted to take a minute to say thanks to one of our readers who took the time to reach out and provide some additional clues from last month’s column. Here is a link to our post from last month: https://informationsecurity.wustl.edu/scam-of-the-month-june-2021/ Our reader points out […]
Don’t Let Digital Highwaymen Spoil Your Summer Adventures

Don’t Let Digital Highwaymen Spoil Your Summer Adventures

After more than a year of remote work and learning, summer vacation is calling, and families are ready to roam! According to the American Automobile Association (AAA), more than 47.7 million Americans will travel this Independence Day (July 1-5) ( Hall 2021 ), a 40% increase in travel volume over last year. Most travelers (43.6 […]

Avoiding Workday Phishing Scams

Washington University will soon adopt Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU. Background WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive […]

Meet Your Infosec Team: Chief Information Security Officer, Chris Shull

On June 1, 2021, Chris Shull assumed the role of Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to WashU from Huron Consulting Group, which is working on several other projects at WashU. Chris has joined Joe Susai, the CISO for the School of Medicine, and Kevin Hardcastle, Associate CISO […]

Scam of the Month—June 2021

In each issue of the newsletter, we will feature, discuss, and dissect a scam that has appeared on our campus. These scams are “real” attempts to infiltrate our systems and/or gain access to sensitive and personal information of individuals in our community. By sharing these examples with our readers, we hope to enhance your awareness […]

The Office of Information Security (OIS) is Your Ally in the Cybercrime Arms Race

Educational institutions such as WashU are prime targets for cybercriminals who use ever-evolving tactics to infiltrate systems, steal data, block access, and demand ransoms under the threat that they will publish sensitive data online. Universities operating medical centers are especially vulnerable, as they manage large amounts of sensitive patient health data. According to the Ponemon Institute, […]

Social Engineering Red Flags

Phishing, the practice of sending fraudulent emails in order to induce recipients into surrendering private information and login credentials, is the single most common type of cybercrime today. According to a recent report by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), nearly one-third of complaints received in 2020 were about various forms […]

Letter from the CISO – Everyone is in InfoSec

Washington University Community: I welcome you to this inaugural edition of our new Information Security Bulletin. My primary goal for the bulletin is to empower every member of our community to do their part in protecting us from cybersecurity attacks. A few years ago, the CISO for a health system was asked how many people […]

Updated Device Security Guidance and Best Practices

Device security is essential for protecting your privacy and data. Sound device security involves using features built into your devices, such as setting a passcode or adjusting privacy settings and protecting the physical security of the device itself. Devices are valuable and are enticing to opportunistic passersby, whether they are after the device itself or […]

The Magical World of Password Managers

Adapted from Tara Schaufler/EDUCAUSE I admit it. I was hesitant and fearful of using a password manager. But then my employer purchased password management software and asked me to introduce it to our organization. What a conundrum! I had avoided using the software up until this time. But why? Honestly, I did not trust that […]

Keep Your Information Secure This Tax Season

Tax season is here again, and as always, that means internet scammers are looking for openings to take advantage of heightened online traffic. According to IRS Commissioner Chuck Rettig, “This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert” […]

INFOSEC ALERT: Social Security Vishing on Campus

Our office received a report of a vishing (fraudulent phone call) attack targeting a WashU student. In the attack, the caller claimed that the student’s social security number had been associated with overseas drug-trafficking activity.  Another popular Vishing campaign involves impersonating support personnel from companies like Apple or Amazon. In this scam, the attackers call […]

Seminar – Securing Research Data Compliance CMMC/NIST 800-171

This free, one-day seminar will bring you up-to-speed on the new, government-mandated research data (Controlled Unclassified Information – CUI) cybersecurity requirements. The new requirements reach beyond IT cybersecurity by requiring processes, procedures, and documentation throughout any part of our organization that provides resources for the regulated Department of Defense (DoD) research. Follow this link to […]

The Importance of Risk Assessment When Reading Terms and Conditions

Adapted from Ken Ries (CISO UW-River Falls) for EDUCAUSE. Did you buy new tech for the holidays? Read the terms and conditions. As the chief information security officer for the University of Wisconsin (UW)-River Falls and UW-Stout, I have been asked to review an increasing number of web and mobile applications (from an information security […]

Device Security for the Entire Family

The holiday season is here! As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic […]

Top Phishing Threats Last Year: Impersonation and Credential Phishing

The Office of Information Security works diligently to protect our institution from phishing threats. Ultimately, however, our shared security depends on your vigilance. You can protect yourself by avoiding engagement with phishing attempts, and you can help protect all of us by swiftly reporting these threats to our office. When you report a phishing attempt, […]

KringleCon Holiday Hack Challenge 2020

For more than a decade, SANS has offered a free Holiday Hacking Challenge. In 2018, the challenge was dubbed “KringleCon.” WUIT personnel banded together to join the challenge in 2019. Working in their spare time, they ventured deep into the mystery of KringleCon. Alas, they did not make it to the end. This year, the […]

Protect Yourself Online This Holiday Season

The holiday season is upon us! As many of us prepare our homes, pantries, and gift lists for the approaching season, cybercriminals are simultaneously preparing to exploit security vulnerabilities to their advantage. According to the Cybersecurity & Infrastructure Security Agency(CISA), these bad actors target online shoppers by using the following tactics: Creating fraudulent websites, emails, […]
E-Waste Recycling and Light Bulb Swap

E-Waste Recycling and Light Bulb Swap

The Office of Sustainability and the Office of Information Security are planning an e-waste recycling and light bulb swap event for Cybersecurity Awareness Month (October 2020). All hard drives collected in this drive will be securely and safely recycled by certified vendors. On the last Thursday of October (10/29) and first Thursday of November (11/5), the Office of […]

Introducing Interim Chief Information Security Officer, Chris Shull

In September, Chris Shull assumed the role of Interim Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to us from Huron Consulting Group, which is working on several other projects at WashU. Kevin Hardcastle has stepped back from the CISO role, and is working diligently with Chris to advance the […]

Welcome to Cybersecurity Awareness Month from CISO Kevin Hardcastle

Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online.  Now in its 17th year, Cybersecurity Awareness Month is observed around […]

Revised and Updated Policies 2020

The Washington University Office of Information Security maintains a sustainable information security program supporting the vital work of education, research, and clinical care while also protecting our systems and users’ security. We can only achieve strong information security for all if we each take personal responsibility for ensuring our systems’ security. We continuously improve our […]

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The overarching theme for the month is, “Do Your Part, #BeCyberSmart.” The Office of Information Security is proud to be a Cybersecurity Awareness Month Champion, supporting online safety throughout the year. We’re here […]

Information Security Manager Brian Allen to Speak at Virtual Zeek Week 2020

Information Security Manager Brian Allen will deliver a presentation entitled “Zeek, and Splunk, and Alertus, oh My” during Virtual Zeek Week 2020. This is a single session of a larger event that includes many opportunities to learn about technical aspects of the work being done by information security professionals. Details for registering for Virtual Zeek […]

Cybersecurity Awareness Month Is Right Around the Corner

October is Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched as National Cybersecurity Awareness Month in October 2004 as a joint effort between the National Cyber Security Alliance and the U.S. Department of Homeland Security. The objective of National Cybersecurity Awareness Month was to raise awareness of the importance of cybersecurity and offer resources to […]

Working Safely and Securely in a Remote Environment

Original post by Zarmeena Waseem for EDUCAUSE Here are some helpful tips and effective practices for working safely and securely in a remote environment, whether it’s a temporary situation or a permanent transition. Use a VPN Make use of the corporate VPN at your university for an extra layer of security any time you find […]

Find Useful Resources on the InfoSec Website

The Office of Information Security strives to provide a comprehensive set of tools, services, and information to empower members of our community to protect themselves and their data. These priorities are evident in our stated mission, “to build a sustainable information security program that balances the need to protect with the need to support the […]

Protect Yourself from Social Engineering

The Office of Information Security continuously works to protect our community from a wide variety of phishing activity and other security threats. Currently, the majority of the phishing threats we see involve some form of social engineering. What is social engineering? Social engineering attempts to manipulate people by exploiting psychology and emotions such as fear, […]

Tax Deadline Extension and Phishing Scams

As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]

Better Protection with Encryption

Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices. Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that […]

INFOGRAPHIC: 22 Social Engineering Red Flags

Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust in order to convince the unsuspecting victim […]

INFOGRAPHIC: 20 Ways to Stop Mobile Attacks

Mobile devices have become an ever-present component of the way we interact with our peers and colleagues. We have desktops and laptops to do the heavy lifting, but the vast majority of us are using some sort of mobile device to access our work during times when we don’t have access to our computers. With […]

Profile: Betsy Ball, Information Security Architect

Please join us in welcoming Betsy Ball to the Office of Information Security’s team! Betsy comes to us with more than 30 years of IT experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she will serve as an Information Security Architect, working with the […]

Avoiding Exposure to Ransomware

adapted from original post by Trisha Clay, EDUCAUSE Ransomware is scary. Such an attack could make it impossible for you to retrieve documents on your computer. So, how do you protect yourself from ransomware? One of the best ways to protect yourself is to create a good backup of your critical data. These backups should […]

Social Engineering and the “Gift-Card Scam”

adapted from original post by Trisha Clay, EDUCAUSE Social engineering begins with research, whereby an attacker reaches out to a target to gain information and resources. When someone you don’t know contacts you and asks you open-ended questions, this may be the first step of a social-engineering attack. After the attacker reaches out to you, […]

COVID-19: Fake Online Coronavirus Map Delivers Malware

A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with a Trojan, an information-stealing program. It is likely being spread via infected email attachments, malicious online […]

POSTPONED: Shred IT, Secure E-Waste Recycling Event

This event has been postponed. We will do our best to reschedule for a later date. Please stay tuned for updates about this event. The Office of Sustainability and the Office of Information Security will be hosting an e-waste recycling and confidential paper shredding event. All are welcome to bring accepted items to the collection […]

VIDEO: Gil the Phish Drops the Bait

Gil is always coming up with new ways to trick unsuspecting users with his phishy emails. You can avoid becoming a victim of one of Gil’s scams by learning the signs of a phishing email and reporting anything suspicious to phishing@wustl.edu. For more information about how to avoid being a victim of phishing, follow the […]

Photo Gallery: Gil and InfoSec at WUSM Heath Happening Fair

The Office of Information Security hosted a table at the WUSM Health Happening Fair on February 21, 2020. We had a great turn out, distributing mic and camera blockers, phone grips, and valuable information to hundreds of our colleagues at the School of Medicine. Gil the Phish made an appearance at the table, to the […]

Tax Time is Open Season for Phishing Scams

Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]

Ask The Experts: Password Management

According to the U.S. Department of Homeland Security (DHS), strong passwords and multi-factor authentication are key to maintaining information security. The strongest passwords are composed of upper- and lower-case letters, special characters, and numbers. Long and unpredictable passwords are ideal, and according to DHS, these passwords should not include any words that “can be found […]

Get Smart! Mitigating Risks in Connected Devices

original post by Kim Milford, EDUCAUSE   Smart/IoT devices may be the panacea for consumer convenience. Do you want to know and change the temperature of your house or even your fridge remotely? There’s an app for that. Such devices also raise extreme privacy concerns about the data collected about you. Devices can track or […]

External Email Notification Helps Identify Phishes

In the coming weeks, we will introduce a new feature in our email system that will notify users of emails originating from outside of the university. This change is being made to make it easier for everyone at our institution to identify phishing emails. Phishing attacks are on the rise, and often employ multiple methods […]

NCSAM Retrospective

The Office of Information Security recently wrapped up a month of exciting activities and events across Washington University campuses for National Cybersecurity Awareness Month. We are grateful to everyone who took the time to participate in this year’s events, and we are already looking forward to next year’s program. During October 2019, the Office of […]

How Can Higher Ed Better Prepare Cybersecurity Students for a Hot Job Market?

original post by Tom Humbarger, EDUCAUSE   Behind every new report of a data breach, data leak, or computer hack is a company scrambling to put out the fire, which is great news for job seekers or soon-to-graduate students with cybersecurity skills. Unfortunately, this is bad news for most companies because there is currently an […]