The WashU Office of Information Security (OIS) takes a holistic approach to security training and awareness. Our goal goes way beyond raising awareness through a required annual training. The Awareness, Behavior, and Culture (ABC) team aims to foster a resilient and adaptable security culture so WashU Community members know what to look out for, how […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this May. The Inside Man is a soap opera-style training that covers critical […]
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Peter L. Jones, information security analyst, monitors for security vulnerabilities on the tens of thousands of devices in the WashU environment. Peter and the vulnerability management team keep track of everything from simple devices like phones to critical systems and servers by using regular scans and monitoring. His role involves problem-solving and decision-making, including determining […]
Letter from the CISO, Vol 3 Issue 11 Washington University Community: Failing to be smart is easy… Writing to the Washington University in St. Louis community, I don’t expect disagreement that it is better to be smart than the opposite. However, even the smartest people can have moments of stupidity. In a recent interview with […]
Are you tired of trying to create and remember every password? Are you worried that you might lose your password? Do you feel overwhelmed by the number of password managers to choose from? If so, there is good news on the horizon. The FIDO Alliance created a passwordless sign-in system that addresses these problems, and […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this April. The Inside Man is a soap opera-style training that covers critical cyber security […]
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]
Summer break is right around the corner, and many in the WashU community will be traveling or looking for a summer job. Unfortunately, the devices we rely on for managing travel have also become targets for theft and cybercrime. Whether you are searching for a job or taking a trip, please protect yourself and the […]
Joey Smith, Information Security Analyst III, works in the OIS Clinical Operations team, focusing on the School of Medicine and the Medical Campus. Joey uses tools to identify and monitor unmanaged devices on the WashU network. This effort assists in ongoing projects like asset management and network asset control (NAC). Joey enjoys IT and security […]
Letter from the CISO, Vol 3 Issue 10 Washington University Community: Criminals keep inventing new con attacks I recently saw a news report about a Mexican drug cartel that has gotten into the business of helping elderly Americans get out of the timeshare vacation contracts. This sounds like a good thing. Unfortunately, it is just […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this March. The Inside Man is a soap opera-style training that covers critical cyber security themes in all its episodes. Watch […]
The Phish Alert Button (PAB) is one of our team’s most valuable tools for keeping the WashU community safe. When you report a phishing email using the PAB, our office will investigate the threat and take any necessary action, such as removing all similar messages from systems and notifying our community of the danger. If […]
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information. In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]
In the digital age where a lot of our private information is on the internet – in public and supposedly in private storage – ensuring online privacy has become even more integral to protecting your online activity and identity. According to Cobalt’s Top Cybersecurity Statistics for 2024, there are over 2,200 cyberattacks a day (a […]
Back in his federal law enforcement days, WUSM’s Assistant Director of Investigations and Crime Prevention, Steve Manley, came upon an advance fee scam. An informant who operated a corner store in East St. Louis called him one afternoon. He told Manley a customer was sending large sums of money to Nigeria via Western Union. The caller […]
On Tuesday, March 26th, the Office of Sustainability and Office of Information Security hosted their biannual electronic waste recycling and secure paper shredding event on the Danforth campus. Thank you to all who supported sustainability by securely recycling their electronic waste and confidential documents. The event was a huge success. In just two and a […]
Letter from the CISO, Vol 3 Issue 9 Washington University Community: Artificial Intelligence is a tool Artificial Intelligence, or AI, has received a lot of attention and interest over the past year, primarily due to the great advances in productivity and quality it seems to promise. WashU IT is excited to be helping the university […]
WashU IT, Information Security, and WUSM ITSS are introducing a new registration process for devices connecting to the wired network. This change will further protect patient, student, research, and academic data from bad actors. We will begin implementing this change in early 2024. It will be rolled out in a measured pace to minimize impact […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’d like to test your knowledge in a fun ‘Phish or Treat’ game. Phishing When navigating your email, always be on the lookout for red flags that may indicate that it is a phishing email. […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment. If you see a message like the one below, […]
Spring Break is right around the corner, and many in the WashU community will be traveling for conferences, studying away, researching elsewhere, visiting family, or just going somewhere relaxing. No matter where you go, your smartphone will undoubtedly be at your side. These handy devices have become our constant companions for just about anything you […]
Letter from the CISO, Vol 3 Issue 8 Washington University Community: New Year – New Password Discipline “Password Discipline” certainly sounds like the kind of New Year’s resolution that will be abandoned within 24 hours. But it truly needs to be on everyone’s list. Good password management is critical for protecting yourself, your family, and […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’d like to cover a phishing tactic that uses your phone as a medium for scammers. This scam is called ‘Vishing.’ Vishing Cybercriminals are continuously looking for new and unexpected ways to contact you. While […]
Tax season officially begins on January 29, and internet scammers will capitalize on the moment. The Internal Revenue Service initiates most contact through regular mail delivered by the United States Postal Service. Sometimes, they will call or visit, but other than that, “The IRS doesn’t initiate contact with taxpayers by email, text messages or social […]
![From: Wustl Health Care Center Subject: Emergency Notice: COVID-19 Variant Poses Risks in our University I trust this message finds you in good health. I am writing to share critical information that impacts the health and safety of our academic community. Regrettably, we have recently received confirmation of a positive COVID-19 variant test result for a member of our university staff. Despite a significant portion of our staff and faculty being vaccinated, it is crucial to acknowledge that certain variants may pose challenges even to those who have received the vaccine. As a precautionary measure, we are actively initiating contact tracing to identify and mitigate potential risks. To assist us in determining whether you have been in close proximity to the affected staff member, we have established a dedicated webpage for your convenience. Please click the following link: [Access Detailed Staff Information] to review specific details about the individual in question. Prompt reporting of any interactions or contact is crucial, as it greatly contributes to the overall safety and security of our community. We understand that this news may be concerning, but please rest assured that our medical team is available to address any questions and provide guidance. You can contact them at [Healthcare@wustl.edu], and they will offer the necessary assistance. Our commitment to your well-being and the creation of a secure working environment remains steadfast. We kindly ask for your cooperation in this matter, as it is vital for our collective efforts to contain the virus and uphold the safety of our community. Confidentiality Notice: This email and its attachments are confidential and intended solely for the recipient. In line with privacy guidelines, we kindly request that you refrain from sharing or forwarding this message. PLEASE AVOID SHARING THIS EMAIL WITH ANYONE. We sincerely appreciate your dedication to our university community, and together, we will navigate through this challenge and emerge stronger. Best regards, Washington University in St. Louis Health Care Center Contact: (616) 526-7052](https://informationsecurity.wustl.edu/files/2024/01/scam_covid-ae533c8153fb28b6-350x130.png)
The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]
The DUO Two-Factor Authentication upgrade was deployed on November 20, 2023, to enhance and secure WashU systems and applications access. A smartphone or tablet with the Duo Mobile app installed is required to use this new and preferred verified push method of multi-factor authentication. There are circumstances where you might not be able to download […]
Digital Guardian, the data loss prevention software, has been updated to detect and alert when sensitive information, such as Protected Health Information (PHI) or Personally Identifiable Information (PII), is shared to public websites, including Artificial Intelligence sites such as ChatGPT. We are tuning Digital Guardian to reduce the number of false alerts and enhance our […]
To simplify the critical messages you receive about information security at the university, the Office of Information Security is retiring the Secure WUSM Infosec bulletin. Instead, the content will now be published in this newsletter. That means there will be fewer university-wide emails! Additionally, we are folding Secure WUSM itself into the organization-wide CyBear Secure […]
Letter from the CISO, Vol 3 Issue 7 Washington University Community: Holidays and the joys of giving and receiving (safely)! As we are in the middle of the holiday season, it’s easy to get caught up in the joyous atmosphere and excitement of finding the perfect gift or the muted pain of receiving an ugly […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you during this holiday season. Be sure to read our article on […]
With Black Friday and Cyber Monday behind us, it can be tempting to impulse buy any remaining discounted items. Before getting caught up in a “while supplies last” frenzy, remember that scammers capitalize on hasty decisions involving payment information. According to the Internet Crime Complaint Center’s (IC3) 2022 report, non-payment and non-delivery scams cost people more […]
If You Sent Money to a Scammer Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]
Nick Fredrick, GRC Security Analyst I, is one of the newest additions to the Office of Information Security. After earning his bachelor’s degree in computer information systems from St. Louis University, Nick interned for our Governance Risk and Compliance (GRC) team, where he was eventually hired as a full-time analyst. Throughout his time at WashU, […]
WashU uses tools from the Microsoft 365 A5 security suite to detect and respond to cybersecurity threats. Most of the tools in the suite are designed to work behind the scenes so that students, faculty, and staff are not interrupted by the security features. Here is a brief overview of Microsoft 365 A5 tools and […]
Provide consent to receive electronic delivery of your tax documents by December 31, 2023. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and […]
Letter from the CISO, Vol 3 Issue 6 Washington University Community: Problems in WashU paradise Sometimes, I think working at WashU is a bit like being in paradise. November is a time to reflect on things we are grateful for, and this includes working in a safe and welcoming culture. But even the Garden of […]
The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]
As attackers figure out new ways to get around traditional multi-factor authentication, we must evolve to prevent fraudulent access to our accounts. The next wave of multi-factor authentication will fortify user accounts against phishing attacks. Unlike traditional multi-factor authentication, new approaches incorporate advanced techniques such as biometric authentication, hardware tokens, and push notifications to trusted […]
Many WashU community members create audio and video recordings in research, during meetings, while attending lectures, and in other circumstances. These recordings can be indispensable to a project because they document what was said with perfect fidelity for future reference and analysis. A transcript of the recording is even more helpful, making it easy to […]
Letter from the CISO, Vol 3 Issue 5 Washington University Community: It doesn’t seem fair… Last month I wrote about how the “right phish at the wrong time can catch anyone.” And this month, despite the fact it is Cybersecurity Awareness Month, we’ve had to deal with a wide range of innovative attacks against us […]
Cybersecurity Awareness Month 2023 is coming to a close. This year, we hosted three webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of original content authored by WashU’s Office of Information Security. Below, you will find a recap of some of the key […]
On WashU-supported Macs, you can now use firewall settings to turn on the firewall in macOS to prevent unwanted connections from the internet or other networks. To change these settings in the latest version of macOS, choose Apple menu > System Settings, click Network in the sidebar, then click firewall on the right. (You may need to scroll […]
When using social media platforms, it is wise to be careful about what you post. Cybercriminals can use what you post to entice you into clicking malicious links. Be Careful What You Post Any information you publicly post on social media could be used in a spear phishing attack. Spear phishing is when cybercriminals target […]
We encourage you to turn on multi-factor authentication for every online account or app that offers it. As time goes on, more websites and applications will offer multi-factor authentication, but it might not be turned on by default. Here are some guides on how to enable it for popular services:
Password managers are apps, browser plugins, or programs within your browser. They store your passwords in a vault and lock the vault behind a “master password.” It is safe to replace your password notebook Even though password managers are the best way to safeguard your passwords, you might worry that storing every password in an […]
Let a password manager do the work! A password manager creates, stores and fills passwords for us automatically. Then we each only have to remember one strong password—for the password manager itself. Search trusted sources for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options […]
When guessing passwords, hackers start with the most common passwords. According to research by NordPass, the top 10 passwords from 2022 are: Are any of your passwords on this list? Creating, storing, and remembering passwords can be an inconvenience for all of us online. Still, the truth is that passwords are your first line of […]