Letter from the CISO, Vol 4 Issue 9 WashU Community: For every season, there is a scam Our theme for February is “Securing information, promoting innovation, supporting tech – IT is a labor of love.” This sets me up nicely to provide dire warnings about romance scams, tax scams, and deepfakes. “Nearly 59,000 Americans lost […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this February. The Inside Man is a soap opera-style training that covers critical […]
In October 2024, the Wall Street Journal reported a large cyberattack against U.S. telecommunications companies. The FBI, NSA, and the Cybersecurity and Infrastructure Security Agency released new guidelines for protecting communications infrastructure in the United States. Despite the government’s efforts, the Chinese hackers continue their hacking of US telecom networks. If the most valuable items on your […]
The Office of Information Security has observed a trend in which criminals impersonate Dean David Perlmutter over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]
The Office of Information Security (OIS) at WashU has recently grown with the addition of Dana Waddell. As a cloud security architect, Dana will provide cloud security solutions, work with cloud-optimized architectures, contribute to WashU Architecture governance, and support the implementation of secure cloud platforms through cloud architecture documentation. Dana will use her knowledge and […]
Did you know that all hard drives and any permanent storage must contain disk encryption if they stored PHI in the past, present or future? Why is this important? Sensitive and/or regulated data on encrypted drives in a computer that is lost, stolen, or improperly disposed of cannot be viewed without a special “key” only available […]
Letter from the CISO, Vol 4 Issue 8 WashU Community: A New Year of Opportunities and Approaches Our theme for January is “Celebrating the New Year – from new tech to new approaches, what’s new?” Unfortunately, while we keep deploying better tools to keep everybody safe and secure, cybercriminals are also developing new tricks and […]
Ringing in 2025 is the perfect time to organize our online lives and reflect on our current cybersecurity habits. With cyber threats constantly evolving, conducting a health check on devices, accounts, and habits is essential. The WashU Awareness, Behavior, and Culture (ABC) team has identified five key areas to help us take the first steps […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this January. The Inside Man is a soap opera-style training that covers critical […]
According to the Duane Morris Class Action Review 2025, class action lawsuits “broke the $40 billion mark for the third year in a row.” Large companies like Apple, Meta, and Disney each found themselves paying millions in settlements. Whether the payments are big or small, how should you react to a settlement notice? The notices […]
Nate Tate, information security analyst, is a valued member of the InfoSec team at WashU. In his role, he performs third-party risk assessments and manages all matters related to policy exceptions. His work is integral to maintaining the university’s strong security posture and ensuring compliance across our various domains. Nate’s favorite part of his job […]
The Office of Information Security (OIS) recently completed a major revision and expansion of the OIS policy and standards library. The goal of the project is to foster a strong security culture at WashU through clear and comprehensive coverage of all recommendations in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). All […]
WashU IT will introduce an external email banner for Microsoft Outlook to boost security and prevent account compromises by highlighting emails from outside the university. The external email banner will go into production on February 8th, with changes visible within 48 hours. This update affects Microsoft Outlook on Windows, MacOS, iOS, Android, and Web. Other […]
To enhance our computing environment security, WashU IT has implemented a streamlined strategy for Windows software updates for third-party software. Each month, alongside Microsoft’s security updates for Windows 10 and Windows 11, WashU IT will also update other installed applications such as Chrome, Firefox, and Zoom. This method aims to reduce security vulnerabilities found in […]
Letter from the CISO, Vol 4 Issue 7 WashU Community: Your mission for the holidays… The Mission Impossible TV series and movies often begin with “Your mission, should you choose to accept it…” As we approach the winter break and holidays, I propose you accept the mission of helping your family and friends improve their […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this December. The Inside Man is a soap opera-style training that covers critical […]
The holiday season can be a whirlwind of activity—travel, holiday events, and, for WashU students, wrapping up final exams. Amid the hustle and bustle, many in the WashU Community find themselves working or studying outside their typical environments. To help you stay secure while enjoying the season’s festivities, WashU’s Awareness, Behavior, and Culture (ABC) team […]
The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are: According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses. Click with caution Don’t click any suspicious links […]
Provide consent to receive electronic delivery of your tax documents by December 31, 2024. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and refer to […]
The Cleveland Clinic Foundation (CCF) recently agreed to pay $7,600,000 to resolve allegations that it violated the False Claims Act (FCA) by submitting to the National Institutes of Health (NIH) federal grant applications and progress reports in which CCF failed to disclose that a key employee involved in administering the grants had pending and/or active […]
Letter from the CISO, Vol 4 Issue 6 WashU Community: Over the past year, malicious actors have increasingly sought to compromise your accounts by impersonating you and trying to get customer service people to give them access to your accounts. We have seen this repeatedly at WashU, too. In response, we have improved our processes […]
Last month, I presented at the EDUCAUSE annual conference in San Antonio, Texas, with two of my Office of Information Security (OIS) colleagues—David Puzder and Madeline Quigley. Our talk, “Encouraging Security Culture through a Participatory Policy Project” focused on the OIS’ multi-year policy revision project. Specifically, we wanted to tell the EDUCAUSE audience about 1) […]
Cybersecurity Awareness Month 2024 has come to a close, but our competition is still open! This is the last call to play ‘The Inside Man: New Recruits Game’ in KnowBe4. You must complete the game by November 22nd to be entered into the drawing for our Cybersecurity Awareness Month prizes: Find the directions to access this […]
Many feel compelled to give in times of crisis. Charitable donations play a crucial role in providing aid after natural disasters and humanitarian emergencies. However, scammers often take advantage of this generosity, preying on good intentions. The WashU community can protect our contributions by recognizing legitimate charities and spotting the characteristics of scams. Above is […]
Roselyn Rozario, Security Policy Advocate, will play a vital role on the InfoSec team by analyzing information security data to assess the impact of the Awareness, Behavior, and Culture (ABC) team’s initiatives and help shape strategies to better serve the WashU Community. In her role, Roselyn will also partner with members of the InfoSec team […]
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Letter from the CISO, Vol 4 Issue 5 WashU Community: I recently attended an executive education program on “Cyber Resilience” with Chief Information Security Officers (CISOs) from many large organizations, some even global enterprises, and it was amazing how similar our challenges are. Cyber resilience is ensuring things keep working despite adverse cyber incidents The […]
Cybersecurity Awareness Month 2024 is coming to a close. This year, we hosted two webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of content authored by the Office of Information Security. Below, you will find a recap of some of the key events […]
As the holidays approach, many of us will be snapping photos and sharing our celebration recaps through various applications on our devices. While this connectivity can enhance our experience, it also exposes us to potential security risks. Understanding how our metadata—such as location, photos, and app-sharing permissions—can be compromised is crucial for maintaining our privacy […]
The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please […]
With the highly technical appearance of information security, entering the field may seem daunting. What does it actually take to work in information security? In this series, we’ll cover WashU’s information security professionals and how they got to where they are now. Let me introduce you to my boss, Quint Smith. What is your current […]
Allison Webster, our Information Security Policy Advocate, is one of the newest members of the InfoSec team at WashU. In her role, she supports the Awareness, Behavior, and Culture (ABC) program by collaborating on strategies to raise security awareness and communicating InfoSec policies, standards, and guidelines to the WashU community. At Washington University, Allison is […]
Watch this on-demand webinar (1:06:11) where Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, spotlights how criminals weaponize artificial intelligence.
Device security is essential for protecting your privacy and data. Top-notch device security involves tweaking built-in features. Protect your devices and data using the strategies in the how-to guides below.
Artificial intelligence art generators are trained on billions of existing images. When you enter a prompt, the AI art generator builds an image by combining aspects of its training data into a single image. Meanwhile, deepfakes are trained on photographs and videos of one subject to replicate that subject. Deepfake technology can depict a person […]
QR codes (quick-response codes) were originally designed to label automobile parts, but today, we can find them in advertisements, restaurants, museums, mobile ticketing, and many other areas. Since both Androids and iPhones can scan QR codes in the camera app, QR codes provide faster access to a website than manually typing a URL. While convenient, the […]
Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation. Can you spot all of the differences? To make this more challenging, we’ve cropped out the URL from each login screenshot. Seeing the […]
Multifactor authentication provides another layer of security for online accounts. The first “factor” for an account is usually a password, and any additional authentication step makes it harder for a hacker to access your account. Common multifactor authentication offerings are codes sent via text or email, dedicated authenticator apps like Duo, and fingerprint or facial […]
Using strong passwords with the help of a password manager is one of the easiest ways to protect your accounts and keep our information safe. Let a password manager do the work A password manager creates, stores, and fills passwords for us automatically. This way, we only have to remember one strong password—for the password […]
The onboarding process creates a unique set of security risks. As new employees, we’re often eager to make a good impression, but we have little institutional knowledge. These factors make new employees valuable targets for hackers. Due to unfamiliarity with WashU’s processes and security protocols, a new employee might not know how to recognize an email […]
Google’s Jigsaw unit published a quiz that tests the taker’s ability to identify phishing emails. The quiz tests you on eight emails to see if you can distinguish between legitimate emails and phishing scams. Many of the examples come from real events, such as the massive phishing attempt that hit Google Doc users in 2017 and an email that Russian […]
Phishing is an illegal tactic where criminals send fraudulent emails to trick victims into sharing their personal information or compromise their system. The good news is at WashU we can use the Phish Alert Button whenever we’re unsure about an email’s authenticity. Step 1: Recognize the common signs Step 2: When in doubt, report it! […]
With many kinds of cybercrime come many different ways to report it. Most of us will encounter cybercrime, so here are resources on where to report it. Hacked Account Report your hacked account to theplatform’s support team. Below are reporting guides for popular platforms: WUSTL Key, Facebook, Google, Instagram, PayPal, Snap, TikTok, YouTube Ransomware If […]
Giving children uninhibited access to the internet can put your child, computer, and personal data at risk. With some precautions, you can set your children up to become upstanding digital citizens who will lead the future. Parental Controls Most devices these days have parental controls that allow parents to restrict access to certain content for […]
The WashU Office of Information Security (OIS) is dedicated to supporting our community by ensuring that our information security policies keep pace with the evolving digital landscape. As part of this effort, we’re excited to introduce our 2024 Policy Update, which launches the new WashU OIS Guide series. This series will guide you through our […]
Letter from the CISO, Vol 4 Issue 4 WashU Community: Whether you are a leading-edge user of online financial payment apps or a traditionalist who loves a signature on a paper check, malicious actors are out to separate you from your money. In the September 12, 2024 issue of Hacking Humans, “Baked goods and bad […]
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage you, our WashU community, […]
The Office of Information Security is running a competition throughout October for Cybersecurity Awareness Month! WashU staff, faculty, and students can enter to win up to $1,000 in BearBucks. On September 26th, we released an Inside Man-themed game in KnowBe4, ‘The Inside Man: New Recruits Game’. Complete the game to earn an entry into our […]