Letter from the CISO, Vol 4 Issue 7 WashU Community: Your mission for the holidays… The Mission Impossible TV series and movies often begin with “Your mission, should you choose to accept it…” As we approach the winter break and holidays, I propose you accept the mission of helping your family and friends improve their […]
Category: Newsletter
Chance to Win $100 in Our Monthly Challenge
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this December. The Inside Man is a soap opera-style training that covers critical […]
Home for the Holidays? Five Tips for Remote Work and Study
The holiday season can be a whirlwind of activity—travel, holiday events, and, for WashU students, wrapping up final exams. Amid the hustle and bustle, many in the WashU Community find themselves working or studying outside their typical environments. To help you stay secure while enjoying the season’s festivities, WashU’s Awareness, Behavior, and Culture (ABC) team […]
Scam of the Month: Holiday Scams
The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are: According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses. Click with caution Don’t click any suspicious links […]
Elect to Receive Your Tax Documents Electronically
Provide consent to receive electronic delivery of your tax documents by December 31, 2024. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and refer to […]
7.6 million reasons to not share logins or passwords
The Cleveland Clinic Foundation (CCF) recently agreed to pay $7,600,000 to resolve allegations that it violated the False Claims Act (FCA) by submitting to the National Institutes of Health (NIH) federal grant applications and progress reports in which CCF failed to disclose that a key employee involved in administering the grants had pending and/or active […]
Keeping Information Security Simple – Who are you? The importance of identity verification
Letter from the CISO, Vol 4 Issue 6 WashU Community: Over the past year, malicious actors have increasingly sought to compromise your accounts by impersonating you and trying to get customer service people to give them access to your accounts. We have seen this repeatedly at WashU, too. In response, we have improved our processes […]
We Came, We Presented, We Networked: Notes from EDUCAUSE First-Timers
Last month, I presented at the EDUCAUSE annual conference in San Antonio, Texas, with two of my Office of Information Security (OIS) colleagues—David Puzder and Madeline Quigley. Our talk, “Encouraging Security Culture through a Participatory Policy Project” focused on the OIS’ multi-year policy revision project. Specifically, we wanted to tell the EDUCAUSE audience about 1) […]
Last Call: Learn About Cybersecurity and Win Big
Cybersecurity Awareness Month 2024 has come to a close, but our competition is still open! This is the last call to play ‘The Inside Man: New Recruits Game’ in KnowBe4. You must complete the game by November 22nd to be entered into the drawing for our Cybersecurity Awareness Month prizes: Find the directions to access this […]
Scam of the Month: Detecting, Avoiding, and Reporting Charity Scams
Many feel compelled to give in times of crisis. Charitable donations play a crucial role in providing aid after natural disasters and humanitarian emergencies. However, scammers often take advantage of this generosity, preying on good intentions. The WashU community can protect our contributions by recognizing legitimate charities and spotting the characteristics of scams. Above is […]
Meet Your InfoSec Team: Roselyn Rozario, Security Policy Advocate
Roselyn Rozario, Security Policy Advocate, will play a vital role on the InfoSec team by analyzing information security data to assess the impact of the Awareness, Behavior, and Culture (ABC) team’s initiatives and help shape strategies to better serve the WashU Community. In her role, Roselyn will also partner with members of the InfoSec team […]
Information Security Policy Library Update
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Keeping Information Security Simple – Are you cyber-resilient?
Letter from the CISO, Vol 4 Issue 5 WashU Community: I recently attended an executive education program on “Cyber Resilience” with Chief Information Security Officers (CISOs) from many large organizations, some even global enterprises, and it was amazing how similar our challenges are. Cyber resilience is ensuring things keep working despite adverse cyber incidents The […]
Cybersecurity Awareness Month 2024 Recap
Cybersecurity Awareness Month 2024 is coming to a close. This year, we hosted two webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of content authored by the Office of Information Security. Below, you will find a recap of some of the key events […]
Season of Sharing: Metadata Safety Tips for the Holidays
As the holidays approach, many of us will be snapping photos and sharing our celebration recaps through various applications on our devices. While this connectivity can enhance our experience, it also exposes us to potential security risks. Understanding how our metadata—such as location, photos, and app-sharing permissions—can be compromised is crucial for maintaining our privacy […]
Scam of the Month: VITAL ALERT! READ N0W!
The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please […]
Careers in InfoSec: From Media Development to Building Security Culture
With the highly technical appearance of information security, entering the field may seem daunting. What does it actually take to work in information security? In this series, we’ll cover WashU’s information security professionals and how they got to where they are now. Let me introduce you to my boss, Quint Smith. What is your current […]
Meet Your InfoSec Team: Allison Webster, Information Security Policy Advocate
Allison Webster, our Information Security Policy Advocate, is one of the newest members of the InfoSec team at WashU. In her role, she supports the Awareness, Behavior, and Culture (ABC) program by collaborating on strategies to raise security awareness and communicating InfoSec policies, standards, and guidelines to the WashU community. At Washington University, Allison is […]
Reality Hijacked: Deepfakes, GenAI, and the Emergent Threat of Synthetic Media
Watch this on-demand webinar (1:06:11) where Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, spotlights how criminals weaponize artificial intelligence.
Email Safety Tips
Securing Mobile Devices
Device security is essential for protecting your privacy and data. Top-notch device security involves tweaking built-in features. Protect your devices and data using the strategies in the how-to guides below.
The Dangers of AI Art and Deepfakes
Artificial intelligence art generators are trained on billions of existing images. When you enter a prompt, the AI art generator builds an image by combining aspects of its training data into a single image. Meanwhile, deepfakes are trained on photographs and videos of one subject to replicate that subject. Deepfake technology can depict a person […]
QR Code Safety
QR codes (quick-response codes) were originally designed to label automobile parts, but today, we can find them in advertisements, restaurants, museums, mobile ticketing, and many other areas. Since both Androids and iPhones can scan QR codes in the camera app, QR codes provide faster access to a website than manually typing a URL. While convenient, the […]
Spot the Fake Login
Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation. Can you spot all of the differences? To make this more challenging, we’ve cropped out the URL from each login screenshot. Seeing the […]
Stay Safer with Multifactor Authentication
Multifactor authentication provides another layer of security for online accounts. The first “factor” for an account is usually a password, and any additional authentication step makes it harder for a hacker to access your account. Common multifactor authentication offerings are codes sent via text or email, dedicated authenticator apps like Duo, and fingerprint or facial […]
Managing Passwords
Using strong passwords with the help of a password manager is one of the easiest ways to protect your accounts and keep our information safe. Let a password manager do the work A password manager creates, stores, and fills passwords for us automatically. This way, we only have to remember one strong password—for the password […]
Cyber Risks at a New Job
The onboarding process creates a unique set of security risks. As new employees, we’re often eager to make a good impression, but we have little institutional knowledge. These factors make new employees valuable targets for hackers. Due to unfamiliarity with WashU’s processes and security protocols, a new employee might not know how to recognize an email […]
Google’s Phishing Quiz Game
Google’s Jigsaw unit published a quiz that tests the taker’s ability to identify phishing emails. The quiz tests you on eight emails to see if you can distinguish between legitimate emails and phishing scams. Many of the examples come from real events, such as the massive phishing attempt that hit Google Doc users in 2017 and an email that Russian […]
Outsmart Online Outlaws
Phishing is an illegal tactic where criminals send fraudulent emails to trick victims into sharing their personal information or compromise their system. The good news is at WashU we can use the Phish Alert Button whenever we’re unsure about an email’s authenticity. Step 1: Recognize the common signs Step 2: When in doubt, report it! […]
Where to Report Cybercrime
With many kinds of cybercrime come many different ways to report it. Most of us will encounter cybercrime, so here are resources on where to report it. Hacked Account Report your hacked account to theplatform’s support team. Below are reporting guides for popular platforms: WUSTL Key, Facebook, Google, Instagram, PayPal, Snap, TikTok, YouTube Ransomware If […]
Raising Digital Citizens
Giving children uninhibited access to the internet can put your child, computer, and personal data at risk. With some precautions, you can set your children up to become upstanding digital citizens who will lead the future. Parental Controls Most devices these days have parental controls that allow parents to restrict access to certain content for […]
How to Stay Safe Online
Policy Update 2024
The WashU Office of Information Security (OIS) is dedicated to supporting our community by ensuring that our information security policies keep pace with the evolving digital landscape. As part of this effort, we’re excited to introduce our 2024 Policy Update, which launches the new WashU OIS Guide series. This series will guide you through our […]
Keeping Information Security Simple – New and Old School Financial Fraud – Dangers of Payment Apps and Paper Checks
Letter from the CISO, Vol 4 Issue 4 WashU Community: Whether you are a leading-edge user of online financial payment apps or a traditionalist who loves a signature on a paper check, malicious actors are out to separate you from your money. In the September 12, 2024 issue of Hacking Humans, “Baked goods and bad […]
October is Cybersecurity Awareness Month
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage you, our WashU community, […]
Learn About Cybersecurity and Win Big this October
The Office of Information Security is running a competition throughout October for Cybersecurity Awareness Month! WashU staff, faculty, and students can enter to win up to $1,000 in BearBucks. On September 26th, we released an Inside Man-themed game in KnowBe4, ‘The Inside Man: New Recruits Game’. Complete the game to earn an entry into our […]
Scam of the Month: Voter Registration Scams
With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]
Protect yourself from Identity Theft
National Public Data, a background check company, confirmed in August that it suffered a data breach leaking names, email addresses, phone numbers, social security numbers, and mailing addresses. Fortunately, there are many free and accessible steps you can take to defend against identity theft: Indicators of Identity Theft What to do if your information is […]
Meet Your InfoSec Team: Dean Boenzi, Information Security Analyst III
Dean Boenzi, Information Security Analyst III, is one of the newest InfoSec team members. Dean’s primary duties on the InfoSec team revolve around “ensuring data security and compliance.” He supports the Data Loss Prevention (DLP) program by “developing policies, conducting risk assessments, monitoring alerts, and investigating HIPAA violations to maintain patient privacy and to protect […]
Keeping Information Security Simple – Securing the most important account you have
Letter from the CISO, Vol 4 Issue 3 WashU Community: As we all return to school and the fall semester, I wanted to emphasize the criticality of securing the most important online account you have. No, not your WashU account! (Although that is important, too.) Rather, it is your humble and largely taken-for-granted personal email […]
Inside ABC: Microlearning, Macroimpact
Cybersecurity threats continuously evolve, becoming more sophisticated, relentless, and hard to detect with each attempt. Helping the WashU Community learn how to recognize, avoid, and report these threats is crucial to protecting our institution, our research, and our people from bad actors who seek to steal and hold ransom the information and resources on which […]
Information Security Resources for Students
Welcome back, students! We understand that starting a new semester will be hectic, so we’ve assembled key resources to assist with your security needs. Check out our curated list of advice and guidance to get you started. Device security is essential for protecting your privacy and data. Top-notch device security involves using features built into […]
Chance to Win $100 in Our Monthly Challenge
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this August. The Inside Man is a soap opera-style training that covers critical […]
Scam of the Month: Remote/Part-Time Intern for a Virtual Assistant
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
New Homepage Coming Soon
The Office of Information Security is always looking for new ways to improve our website to provide the best experience for the WashU community! Our homepage is going through a design overhaul to make accessing the critical security information you need easier. Our Current Homepage Our New Homepage Below is how the new homepage will […]
Keeping Information Security Simple – CrowdStrike’s big goof and the importance of Cyber Hygiene
Letter from the CISO, Vol 4 Issue 2 Washington University Community: Last Friday, all the news was about the millions of Windows computers around the world that had been taken down by a flawed CrowdStrike file update. Starting in the wee hours of Friday morning, systems administrators and computer users everywhere were struggling to boot […]
Inside ABC: Our Monthly Newsletter
In this series we are exploring key aspects of our Information Security Awareness, Behavior, and Culture program. If you are a regular reader of this newsletter, you may have read our first article in this series entitled Inside ABC: Awareness, Behavior, and Culture. If you missed that one, you may want to read it first […]
Chance to Win $100 in Our Monthly Challenge
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this July. The Inside Man is a soap opera-style training that covers critical […]
Scam of the Month: Washington University – internship and management Programs – PAID
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
Meet Your InfoSec Team: Jeremy Howard, Security Analyst III
Jeremy Howard, security analyst III, is one of the newest members of our InfoSec team. Jeremy’s primary responsibilities as a Security Analyst III are to “manage and review events and increase the organization’s security posture by using our Data Loss Prevention program.” He also “provides guidance regarding information security pertaining to clinical workflows.” Jeremy notes […]