Keeping Information Security Simple – Winter Break Cyber Security Mission

Open Letter

Letter from the CISO, Vol 4 Issue 7 WashU Community: Your mission for the holidays… The Mission Impossible TV series and movies often begin with “Your mission, should you choose to accept it…” As we approach the winter break and holidays, I propose you accept the mission of helping your family and friends improve their […]

Chance to Win $100 in Our Monthly Challenge 

Trophy with five stars

The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this December. The Inside Man is a soap opera-style training that covers critical […]

Home for the Holidays? Five Tips for Remote Work and Study

"Home for the Holidays? Five tips for remote work and Study"

The holiday season can be a whirlwind of activity—travel, holiday events, and, for WashU students, wrapping up final exams. Amid the hustle and bustle, many in the WashU Community find themselves working or studying outside their typical environments. To help you stay secure while enjoying the season’s festivities, WashU’s Awareness, Behavior, and Culture (ABC) team […]

Scam of the Month: Holiday Scams 

One woman with Santa Hat lost her money to a credit card scam.

The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are:  According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses.  Click with caution Don’t click any suspicious links […]

Elect to Receive Your Tax Documents Electronically 

Form W-2 Wage and Tax Statement phrase on the page.

Provide consent to receive electronic delivery of your tax documents by December 31, 2024. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and refer to […]

7.6 million reasons to not share logins or passwords 

passwords written on sticky notes

The Cleveland Clinic Foundation (CCF) recently agreed to pay $7,600,000 to resolve allegations that it violated the False Claims Act (FCA) by submitting to the National Institutes of Health (NIH) federal grant applications and progress reports in which CCF failed to disclose that a key employee involved in administering the grants had pending and/or active […]

Keeping Information Security Simple – Who are you? The importance of identity verification

Letter from the CISO, Vol 4 Issue 6 WashU Community: Over the past year, malicious actors have increasingly sought to compromise your accounts by impersonating you and trying to get customer service people to give them access to your accounts. We have seen this repeatedly at WashU, too. In response, we have improved our processes […]

We Came, We Presented, We Networked: Notes from EDUCAUSE First-Timers

Last month, I presented at the EDUCAUSE annual conference in San Antonio, Texas, with two of my Office of Information Security (OIS) colleagues—David Puzder and Madeline Quigley. Our talk, “Encouraging Security Culture through a Participatory Policy Project” focused on the OIS’ multi-year policy revision project.   Specifically, we wanted to tell the EDUCAUSE audience about 1) […]

Last Call: Learn About Cybersecurity and Win Big

Trophy with five stars

Cybersecurity Awareness Month 2024 has come to a close, but our competition is still open! This is the last call to play ‘The Inside Man: New Recruits Game’ in KnowBe4. You must complete the game by November 22nd to be entered into the drawing for our Cybersecurity Awareness Month prizes:  Find the directions to access this […]

Scam of the Month: Detecting, Avoiding, and Reporting Charity Scams

Many feel compelled to give in times of crisis. Charitable donations play a crucial role in providing aid after natural disasters and humanitarian emergencies. However, scammers often take advantage of this generosity, preying on good intentions. The WashU community can protect our contributions by recognizing legitimate charities and spotting the characteristics of scams.     Above is […]

Meet Your InfoSec Team: Roselyn Rozario, Security Policy Advocate

A Team Of Workers Put Hands Together

Roselyn Rozario, Security Policy Advocate, will play a vital role on the InfoSec team by analyzing information security data to assess the impact of the Awareness, Behavior, and Culture (ABC) team’s initiatives and help shape strategies to better serve the WashU Community. In her role, Roselyn will also partner with members of the InfoSec team […]

Information Security Policy Library Update

In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]

Keeping Information Security Simple – Are you cyber-resilient?

Open Letter

Letter from the CISO, Vol 4 Issue 5  WashU Community:  I recently attended an executive education program on “Cyber Resilience” with Chief Information Security Officers (CISOs) from many large organizations, some even global enterprises, and it was amazing how similar our challenges are.  Cyber resilience is ensuring things keep working despite adverse cyber incidents  The […]

Cybersecurity Awareness Month 2024 Recap

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month 2024 is coming to a close. This year, we hosted two webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of content authored by the Office of Information Security.  Below, you will find a recap of some of the key events […]

Season of Sharing: Metadata Safety Tips for the Holidays 

As the holidays approach, many of us will be snapping photos and sharing our celebration recaps through various applications on our devices. While this connectivity can enhance our experience, it also exposes us to potential security risks. Understanding how our metadata—such as location, photos, and app-sharing permissions—can be compromised is crucial for maintaining our privacy […]

Scam of the Month: VITAL ALERT! READ N0W! 

The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment.  If you see a message like the one below, please […]

Careers in InfoSec: From Media Development to Building Security Culture

Business mentor helps to improve career and holding stairs steps vector illustration.

With the highly technical appearance of information security, entering the field may seem daunting. What does it actually take to work in information security? In this series, we’ll cover WashU’s information security professionals and how they got to where they are now. Let me introduce you to my boss, Quint Smith.  What is your current […]

Meet Your InfoSec Team: Allison Webster, Information Security Policy Advocate 

Allison Webster, our Information Security Policy Advocate, is one of the newest members of the InfoSec team at WashU. In her role, she supports the Awareness, Behavior, and Culture (ABC) program by collaborating on strategies to raise security awareness and communicating InfoSec policies, standards, and guidelines to the WashU community.  At Washington University, Allison is […]

Securing Mobile Devices

Device security is essential for protecting your privacy and data. Top-notch device security involves tweaking built-in features. Protect your devices and data using the strategies in the how-to guides below.

The Dangers of AI Art and Deepfakes

Deepfake visualization

Artificial intelligence art generators are trained on billions of existing images. When you enter a prompt, the AI art generator builds an image by combining aspects of its training data into a single image. Meanwhile, deepfakes are trained on photographs and videos of one subject to replicate that subject. Deepfake technology can depict a person […]

QR Code Safety

QR codes (quick-response codes) were originally designed to label automobile parts, but today, we can find them in advertisements, restaurants, museums, mobile ticketing, and many other areas. Since both Androids and iPhones can scan QR codes in the camera app, QR codes provide faster access to a website than manually typing a URL. While convenient, the […]

Spot the Fake Login

Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation. Can you spot all of the differences? To make this more challenging, we’ve cropped out the URL from each login screenshot. Seeing the […]

Stay Safer with Multifactor Authentication

Multifactor authentication provides another layer of security for online accounts. The first “factor” for an account is usually a password, and any additional authentication step makes it harder for a hacker to access your account. Common multifactor authentication offerings are codes sent via text or email, dedicated authenticator apps like Duo, and fingerprint or facial […]

Managing Passwords

1 Make them long. At least 16 characters - longer is stronger! 2 Make them random. Two ways to do this are: Use a random string of letters (capitals and lower case), numbers and symbols (the strongest!): cXmnZK65rf*&DaaD Create a memorable passphrase of 5-7 unrelated words: HorsPerpleHatRunBayconShoos Get creative with the spelling to make it even stronger. 3 Make them unique. Use a different password for each account: k8dfh8c@Pfv0gB2 LmvF%swVR56s2mW e246gs%mFs#3tv6. Tip! Use a password manager to remember them.

Using strong passwords with the help of a password manager is one of the easiest ways to protect your accounts and keep our information safe. Let a password manager do the work A password manager creates, stores, and fills passwords for us automatically. This way, we only have to remember one strong password—for the password […]

Cyber Risks at a New Job

ONBOARDING text graphics and illustration on a white background.

The onboarding process creates a unique set of security risks. As new employees, we’re often eager to make a good impression, but we have little institutional knowledge. These factors make new employees valuable targets for hackers. Due to unfamiliarity with WashU’s processes and security protocols, a new employee might not know how to recognize an email […]

Google’s Phishing Quiz Game

Google’s Jigsaw unit published a quiz that tests the taker’s ability to identify phishing emails. The quiz tests you on eight emails to see if you can distinguish between legitimate emails and phishing scams. Many of the examples come from real events, such as the massive phishing attempt that hit Google Doc users in 2017 and an email that Russian […]

Outsmart Online Outlaws

Phishing is an illegal tactic where criminals send fraudulent emails to trick victims into sharing their personal information or compromise their system. The good news is at WashU we can use the Phish Alert Button whenever we’re unsure about an email’s authenticity. Step 1: Recognize the common signs Step 2: When in doubt, report it! […]

Where to Report Cybercrime

Woman on the phone in front of a computer

With many kinds of cybercrime come many different ways to report it. Most of us will encounter cybercrime, so here are resources on where to report it. Hacked Account Report your hacked account to theplatform’s support team. Below are reporting guides for popular platforms: WUSTL Key, Facebook, Google, Instagram, PayPal, Snap, TikTok, YouTube  Ransomware If […]

Raising Digital Citizens

School kids using computer in classroom at elementary school.

Giving children uninhibited access to the internet can put your child, computer, and personal data at risk. With some precautions, you can set your children up to become upstanding digital citizens who will lead the future. Parental Controls Most devices these days have parental controls that allow parents to restrict access to certain content for […]

Policy Update 2024

The WashU Office of Information Security (OIS) is dedicated to supporting our community by ensuring that our information security policies keep pace with the evolving digital landscape. As part of this effort, we’re excited to introduce our 2024 Policy Update, which launches the new WashU OIS Guide series. This series will guide you through our […]

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month. Webinar: Detecting AI Voice Clones TBD TBD. Webinar: Review of a Security Incident 10/23 11:00am-11:45am. E-Waste Recycling 10/29 8:00am-10:30am.

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October.   All month long, we are promoting these key behaviors to encourage you, our WashU community, […]

Learn About Cybersecurity and Win Big this October

Trophy with five stars

The Office of Information Security is running a competition throughout October for Cybersecurity Awareness Month! WashU staff, faculty, and students can enter to win up to $1,000 in BearBucks. On September 26th, we released an Inside Man-themed game in KnowBe4, ‘The Inside Man: New Recruits Game’. Complete the game to earn an entry into our […]

Scam of the Month: Voter Registration Scams

Your vote matters

With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]

Protect yourself from Identity Theft

Identity Theft

National Public Data, a background check company, confirmed in August that it suffered a data breach leaking names, email addresses, phone numbers, social security numbers, and mailing addresses.   Fortunately, there are many free and accessible steps you can take to defend against identity theft:  Indicators of Identity Theft  What to do if your information is […]

Meet Your InfoSec Team: Dean Boenzi, Information Security Analyst III

Dean Boenzi

Dean Boenzi, Information Security Analyst III, is one of the newest InfoSec team members. Dean’s primary duties on the InfoSec team revolve around “ensuring data security and compliance.” He supports the Data Loss Prevention (DLP) program by “developing policies, conducting risk assessments, monitoring alerts, and investigating HIPAA violations to maintain patient privacy and to protect […]

Keeping Information Security Simple – Securing the most important account you have

Open Letter

Letter from the CISO, Vol 4 Issue 3 WashU Community:  As we all return to school and the fall semester, I wanted to emphasize the criticality of securing the most important online account you have.  No, not your WashU account! (Although that is important, too.)  Rather, it is your humble and largely taken-for-granted personal email […]

Inside ABC: Microlearning, Macroimpact

Cybersecurity threats continuously evolve, becoming more sophisticated, relentless, and hard to detect with each attempt. Helping the WashU Community learn how to recognize, avoid, and report these threats is crucial to protecting our institution, our research, and our people from bad actors who seek to steal and hold ransom the information and resources on which […]

Information Security Resources for Students

An undergrad student with sign "First day of college!".

Welcome back, students! We understand that starting a new semester will be hectic, so we’ve assembled key resources to assist with your security needs. Check out our curated list of advice and guidance to get you started. Device security is essential for protecting your privacy and data. Top-notch device security involves using features built into […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this August. The Inside Man is a soap opera-style training that covers critical […]

Scam of the Month: Remote/Part-Time Intern for a Virtual Assistant

Remote/Part-Time Intern for a Virtual Assistant. Melissa Lorenzo Torres . RMF Resume file.pdf

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment.    If you see a message like the one below, please do […]

New Homepage Coming Soon

The Office of Information Security is always looking for new ways to improve our website to provide the best experience for the WashU community! Our homepage is going through a design overhaul to make accessing the critical security information you need easier.  Our Current Homepage Our New Homepage Below is how the new homepage will […]

Inside ABC: Our Monthly Newsletter

In this series we are exploring key aspects of our Information Security Awareness, Behavior, and Culture program. If you are a regular reader of this newsletter, you may have read our first article in this series entitled Inside ABC: Awareness, Behavior, and Culture. If you missed that one, you may want to read it first […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this July. The Inside Man is a soap opera-style training that covers critical […]

Scam of the Month: Washington University – internship and management Programs – PAID

Washington University - internship and management Programs - PAID Laura Arroyo Martinez Human Resources Department.pdf

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment.   If you see a message like the one below, please do […]

Meet Your InfoSec Team: Jeremy Howard, Security Analyst III 

Jeremy Howard kneeling with a dog in the woods

Jeremy Howard, security analyst III, is one of the newest members of our InfoSec team. Jeremy’s primary responsibilities as a Security Analyst III are to “manage and review events and increase the organization’s security posture by using our Data Loss Prevention program.” He also “provides guidance regarding information security pertaining to clinical workflows.” Jeremy notes […]