Letter from the CISO, Vol 4 Issue 11 WashU Community: Confession time I have two confessions to share. First, I have failed phishing tests. Not the ones I’ve seen and approved for use (thank goodness), but ones that caught me at the wrong time in the right way. It can happen to anyone. As I […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this April. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security observes a trend in which criminals send fraudulent invoices, hoping that victims will click a malicious link, open the attachment, or call the given number. If you see a message like the one below, please do not interact with the sender, phone number, or attachment. Do not follow any special […]
The Office of Information Security’s (OIS) Awareness, Behavior, and Culture (ABC) team is focused on infusing good cybersecurity practices into everything we do here at WashU. We work to provide the WashU community with the tools we all need to safely navigate the cyberspace. That landscape is full of would-be scammers and bad actors who […]
All WashU community members who handle PHI are responsible for maintaining a secure environment and patient privacy. This includes faculty, staff, volunteers, trainees, and students. WashU’s core technology systems are designed to safely store and transmit PHI for safety and compliance with HIPAA. Before using external websites or cloud services to store, create, or transmit WashU Confidential […]
Letter from the CISO, Vol 4 Issue 10 WashU Community: Taking care of ourselves and everyone around us WashU IT’s theme for the month of March is “Employee appreciation: Every day is a day to recognize your time and talent,” and I think one of the most important things for everyone to do is to […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this March. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security has observed a trend in which criminals create fake CAPTCHA pages to trick users into copying malicious code into their computer. To protect yourself, do not paste material into your computer. When a victim clicks the ‘I’m not a robot’ box, verification steps are presented. Completing these steps triggers a […]
Tax Day is April 15, and internet scammers will capitalize on the moment. The Internal Revenue Service initiates most contact through regular mail delivered by the United States Postal Service. To verify the IRS sent the letter, you can search for it on IRS.gov. Sometimes, they will call or visit, but other than that, the Internal Revenue Service […]
The Office of Information Security (OIS) has recently welcomed Una McGarry to the team. In her role as Information Security Analyst I, Una is part of the Vulnerability Management team’s efforts to protect WashU’s data and systems from bad actors. This includes assessing daily vulnerabilities, communicating risks to stakeholders, and coordinating with business partners to […]
What if you are still running Windows XP or 7 on some of your computers? Extended support for Windows 7 ended on January 14, 2020, over 10 years after the release of Windows 7. Now the operating system no longer receives security updates. Some versions of Windows 10 and 11 are already unsupported. Devices with an […]
WashU IT has installed the external email banner for Microsoft Outlook to boost security and prevent account compromises by highlighting emails from outside the university. The purpose of having an external banner is to alert faculty, staff, and students when an email comes from outside the university, urging them to proceed with caution. If you […]
Letter from the CISO, Vol 4 Issue 9 WashU Community: For every season, there is a scam Our theme for February is “Securing information, promoting innovation, supporting tech – IT is a labor of love.” This sets me up nicely to provide dire warnings about romance scams, tax scams, and deepfakes. “Nearly 59,000 Americans lost […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this February. The Inside Man is a soap opera-style training that covers critical […]
In October 2024, the Wall Street Journal reported a large cyberattack against U.S. telecommunications companies. The FBI, NSA, and the Cybersecurity and Infrastructure Security Agency released new guidelines for protecting communications infrastructure in the United States. Despite the government’s efforts, the Chinese hackers continue their hacking of US telecom networks. If the most valuable items on your […]
The Office of Information Security has observed a trend in which criminals impersonate Dean David Perlmutter over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]
The Office of Information Security (OIS) at WashU has recently grown with the addition of Dana Waddell. As a cloud security architect, Dana will provide cloud security solutions, work with cloud-optimized architectures, contribute to WashU Architecture governance, and support the implementation of secure cloud platforms through cloud architecture documentation. Dana will use her knowledge and […]
Did you know that all hard drives and any permanent storage must contain disk encryption if they stored PHI in the past, present or future? Why is this important? Sensitive and/or regulated data on encrypted drives in a computer that is lost, stolen, or improperly disposed of cannot be viewed without a special “key” only available […]
Letter from the CISO, Vol 4 Issue 8 WashU Community: A New Year of Opportunities and Approaches Our theme for January is “Celebrating the New Year – from new tech to new approaches, what’s new?” Unfortunately, while we keep deploying better tools to keep everybody safe and secure, cybercriminals are also developing new tricks and […]
Ringing in 2025 is the perfect time to organize our online lives and reflect on our current cybersecurity habits. With cyber threats constantly evolving, conducting a health check on devices, accounts, and habits is essential. The WashU Awareness, Behavior, and Culture (ABC) team has identified five key areas to help us take the first steps […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this January. The Inside Man is a soap opera-style training that covers critical […]
According to the Duane Morris Class Action Review 2025, class action lawsuits “broke the $40 billion mark for the third year in a row.” Large companies like Apple, Meta, and Disney each found themselves paying millions in settlements. Whether the payments are big or small, how should you react to a settlement notice? The notices […]
Nate Tate, information security analyst, is a valued member of the InfoSec team at WashU. In his role, he performs third-party risk assessments and manages all matters related to policy exceptions. His work is integral to maintaining the university’s strong security posture and ensuring compliance across our various domains. Nate’s favorite part of his job […]
The Office of Information Security (OIS) recently completed a major revision and expansion of the OIS policy and standards library. The goal of the project is to foster a strong security culture at WashU through clear and comprehensive coverage of all recommendations in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). All […]
WashU IT will introduce an external email banner for Microsoft Outlook to boost security and prevent account compromises by highlighting emails from outside the university. The external email banner will go into production on February 8th, with changes visible within 48 hours. This update affects Microsoft Outlook on Windows, MacOS, iOS, Android, and Web. Other […]
To enhance our computing environment security, WashU IT has implemented a streamlined strategy for Windows software updates for third-party software. Each month, alongside Microsoft’s security updates for Windows 10 and Windows 11, WashU IT will also update other installed applications such as Chrome, Firefox, and Zoom. This method aims to reduce security vulnerabilities found in […]
Letter from the CISO, Vol 4 Issue 7 WashU Community: Your mission for the holidays… The Mission Impossible TV series and movies often begin with “Your mission, should you choose to accept it…” As we approach the winter break and holidays, I propose you accept the mission of helping your family and friends improve their […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this December. The Inside Man is a soap opera-style training that covers critical […]
The holiday season can be a whirlwind of activity—travel, holiday events, and, for WashU students, wrapping up final exams. Amid the hustle and bustle, many in the WashU Community find themselves working or studying outside their typical environments. To help you stay secure while enjoying the season’s festivities, WashU’s Awareness, Behavior, and Culture (ABC) team […]
The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are: According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses. Click with caution Don’t click any suspicious links […]
Provide consent to receive electronic delivery of your tax documents by December 31, 2024. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and refer to […]
The Cleveland Clinic Foundation (CCF) recently agreed to pay $7,600,000 to resolve allegations that it violated the False Claims Act (FCA) by submitting to the National Institutes of Health (NIH) federal grant applications and progress reports in which CCF failed to disclose that a key employee involved in administering the grants had pending and/or active […]
Letter from the CISO, Vol 4 Issue 6 WashU Community: Over the past year, malicious actors have increasingly sought to compromise your accounts by impersonating you and trying to get customer service people to give them access to your accounts. We have seen this repeatedly at WashU, too. In response, we have improved our processes […]
Last month, I presented at the EDUCAUSE annual conference in San Antonio, Texas, with two of my Office of Information Security (OIS) colleagues—David Puzder and Madeline Quigley. Our talk, “Encouraging Security Culture through a Participatory Policy Project” focused on the OIS’ multi-year policy revision project. Specifically, we wanted to tell the EDUCAUSE audience about 1) […]
Cybersecurity Awareness Month 2024 has come to a close, but our competition is still open! This is the last call to play ‘The Inside Man: New Recruits Game’ in KnowBe4. You must complete the game by November 22nd to be entered into the drawing for our Cybersecurity Awareness Month prizes: Find the directions to access this […]
Many feel compelled to give in times of crisis. Charitable donations play a crucial role in providing aid after natural disasters and humanitarian emergencies. However, scammers often take advantage of this generosity, preying on good intentions. The WashU community can protect our contributions by recognizing legitimate charities and spotting the characteristics of scams. Above is […]
Roselyn Rozario, Security Policy Advocate, will play a vital role on the InfoSec team by analyzing information security data to assess the impact of the Awareness, Behavior, and Culture (ABC) team’s initiatives and help shape strategies to better serve the WashU Community. In her role, Roselyn will also partner with members of the InfoSec team […]
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Letter from the CISO, Vol 4 Issue 5 WashU Community: I recently attended an executive education program on “Cyber Resilience” with Chief Information Security Officers (CISOs) from many large organizations, some even global enterprises, and it was amazing how similar our challenges are. Cyber resilience is ensuring things keep working despite adverse cyber incidents The […]
Cybersecurity Awareness Month 2024 is coming to a close. This year, we hosted two webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of content authored by the Office of Information Security. Below, you will find a recap of some of the key events […]
As the holidays approach, many of us will be snapping photos and sharing our celebration recaps through various applications on our devices. While this connectivity can enhance our experience, it also exposes us to potential security risks. Understanding how our metadata—such as location, photos, and app-sharing permissions—can be compromised is crucial for maintaining our privacy […]
The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please […]
With the highly technical appearance of information security, entering the field may seem daunting. What does it actually take to work in information security? In this series, we’ll cover WashU’s information security professionals and how they got to where they are now. Let me introduce you to my boss, Quint Smith. What is your current […]
Allison Webster, our Information Security Policy Advocate, is one of the newest members of the InfoSec team at WashU. In her role, she supports the Awareness, Behavior, and Culture (ABC) program by collaborating on strategies to raise security awareness and communicating InfoSec policies, standards, and guidelines to the WashU community. At Washington University, Allison is […]
Watch this on-demand webinar (1:06:11) where Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, spotlights how criminals weaponize artificial intelligence.
Device security is essential for protecting your privacy and data. Top-notch device security involves tweaking built-in features. Protect your devices and data using the strategies in the how-to guides below.
Artificial intelligence art generators are trained on billions of existing images. When you enter a prompt, the AI art generator builds an image by combining aspects of its training data into a single image. Meanwhile, deepfakes are trained on photographs and videos of one subject to replicate that subject. Deepfake technology can depict a person […]
QR codes (quick-response codes) were originally designed to label automobile parts, but today, we can find them in advertisements, restaurants, museums, mobile ticketing, and many other areas. Since both Androids and iPhones can scan QR codes in the camera app, QR codes provide faster access to a website than manually typing a URL. While convenient, the […]
Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation. Can you spot all of the differences? To make this more challenging, we’ve cropped out the URL from each login screenshot. Seeing the […]