The Office of Information Security (OIS) is Your Ally in the Cybercrime Arms Race

Educational institutions such as WashU are prime targets for cybercriminals who use ever-evolving tactics to infiltrate systems, steal data, block access, and demand ransoms under the threat that they will publish sensitive data online. Universities operating medical centers are especially vulnerable, as they manage large amounts of sensitive patient health data. According to the Ponemon Institute, […]

Social Engineering Red Flags

Phishing, the practice of sending fraudulent emails in order to induce recipients into surrendering private information and login credentials, is the single most common type of cybercrime today. According to a recent report by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), nearly one-third of complaints received in 2020 were about various forms […]

Letter from the CISO – Everyone is in InfoSec

Washington University Community: I welcome you to this inaugural edition of our new Information Security Bulletin. My primary goal for the bulletin is to empower every member of our community to do their part in protecting us from cybersecurity attacks. A few years ago, the CISO for a health system was asked how many people […]

Updated Device Security Guidance and Best Practices

Device security is essential for protecting your privacy and data. Sound device security involves using features built into your devices, such as setting a passcode or adjusting privacy settings and protecting the physical security of the device itself. Devices are valuable and are enticing to opportunistic passersby, whether they are after the device itself or […]

The Magical World of Password Managers

Adapted from Tara Schaufler/EDUCAUSE I admit it. I was hesitant and fearful of using a password manager. But then my employer purchased password management software and asked me to introduce it to our organization. What a conundrum! I had avoided using the software up until this time. But why? Honestly, I did not trust that […]

Security Guides for iOS/macOS Posted, WIN and Android Coming Soon

Most of us rely heavily on our computers and personal devices to do our jobs, shop for our households, navigate unfamiliar roads, communicate with others, and myriad other tasks. Today, we may take this continuous access to the Internet as a given, hopping on and off networks as we move through the world, allowing location […]

Keep Your Information Secure This Tax Season

Tax season is here again, and as always, that means internet scammers are looking for openings to take advantage of heightened online traffic. According to IRS Commissioner Chuck Rettig, “This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert” […]

INFOSEC ALERT: Social Security Vishing on Campus

Our office received a report of a vishing (fraudulent phone call) attack targeting a WashU student. In the attack, the caller claimed that the student’s social security number had been associated with overseas drug-trafficking activity.  Another popular Vishing campaign involves impersonating support personnel from companies like Apple or Amazon. In this scam, the attackers call […]

Seminar – Securing Research Data Compliance CMMC/NIST 800-171

This free, one-day seminar will bring you up-to-speed on the new, government-mandated research data (Controlled Unclassified Information – CUI) cybersecurity requirements. The new requirements reach beyond IT cybersecurity by requiring processes, procedures, and documentation throughout any part of our organization that provides resources for the regulated Department of Defense (DoD) research. Follow this link to […]

The Importance of Risk Assessment When Reading Terms and Conditions

Adapted from Ken Ries (CISO UW-River Falls) for EDUCAUSE. Did you buy new tech for the holidays? Read the terms and conditions. As the chief information security officer for the University of Wisconsin (UW)-River Falls and UW-Stout, I have been asked to review an increasing number of web and mobile applications (from an information security […]

Device Security for the Entire Family

The holiday season is here! As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic […]

Top Phishing Threats Last Year: Impersonation and Credential Phishing

The Office of Information Security works diligently to protect our institution from phishing threats. Ultimately, however, our shared security depends on your vigilance. You can protect yourself by avoiding engagement with phishing attempts, and you can help protect all of us by swiftly reporting these threats to our office. When you report a phishing attempt, […]

KringleCon Holiday Hack Challenge 2020

For more than a decade, SANS has offered a free Holiday Hacking Challenge. In 2018, the challenge was dubbed “KringleCon.” WUIT personnel banded together to join the challenge in 2019. Working in their spare time, they ventured deep into the mystery of KringleCon. Alas, they did not make it to the end. This year, the […]

Thank You for Participating in Cybersecurity Awareness Month 2020

The Office of Information Security extends its gratitude to the faculty, staff, and students who participated in the events and activities of Cybersecurity Awareness Month 2020! During the month of October, we hosted a slate of webinars and presentations to help our community stay informed and empowered in the digital era. This year, our program […]

Protect Yourself Online This Holiday Season

The holiday season is upon us! As many of us prepare our homes, pantries, and gift lists for the approaching season, cybercriminals are simultaneously preparing to exploit security vulnerabilities to their advantage. According to the Cybersecurity & Infrastructure Security Agency(CISA), these bad actors target online shoppers by using the following tactics: Creating fraudulent websites, emails, […]

E-Waste Recycling and Light Bulb Swap

E-waste and bulb swap event promotional flyer.

The Office of Sustainability and the Office of Information Security are planning an e-waste recycling and light bulb swap event for Cybersecurity Awareness Month (October 2020). All hard drives collected in this drive will be securely and safely recycled by certified vendors. On the last Thursday of October (10/29) and first Thursday of November (11/5), the Office of […]

Introducing Interim Chief Information Security Officer, Chris Shull

In September, Chris Shull assumed the role of Interim Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to us from Huron Consulting Group, which is working on several other projects at WashU. Kevin Hardcastle has stepped back from the CISO role, and is working diligently with Chris to advance the […]

Welcome to Cybersecurity Awareness Month from CISO Kevin Hardcastle

Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online.  Now in its 17th year, Cybersecurity Awareness Month is observed around […]

WEBINAR: Topics in Security with Brian Allen

Information Security Manager Brian Allen will deliver a presentation on some of the most important topics in information security today. Brian will discuss the latest incidents and vulnerabilities detected on the WashU network during the last year and look at some new tools we have available to detect and remediate threats. We will be releasing […]

Revised and Updated Policies 2020

The Washington University Office of Information Security maintains a sustainable information security program supporting the vital work of education, research, and clinical care while also protecting our systems and users’ security. We can only achieve strong information security for all if we each take personal responsibility for ensuring our systems’ security. We continuously improve our […]

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The overarching theme for the month is, “Do Your Part, #BeCyberSmart.” The Office of Information Security is proud to be a Cybersecurity Awareness Month Champion, supporting online safety throughout the year. We’re here […]

Information Security Manager Brian Allen to Speak at Virtual Zeek Week 2020

Information Security Manager Brian Allen will deliver a presentation entitled “Zeek, and Splunk, and Alertus, oh My” during Virtual Zeek Week 2020. This is a single session of a larger event that includes many opportunities to learn about technical aspects of the work being done by information security professionals. Details for registering for Virtual Zeek […]

Meet Joe Susai, WUSM Chief Information Security Officer

The Office of Information Security will host a webinar featuring one of our newest IT leaders on the School of Medicine campus, Joe Susai, WUSM chief information security officer (CISO). Susai will share remarks about his new role at the medical school and how he will work with WashU CISO, Kevin Hardcastle, to provide strong […]

Cybersecurity Awareness Month Is Right Around the Corner

October is Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched as National Cybersecurity Awareness Month in October 2004 as a joint effort between the National Cyber Security Alliance and the U.S. Department of Homeland Security. The objective of National Cybersecurity Awareness Month was to raise awareness of the importance of cybersecurity and offer resources to […]

Working Safely and Securely in a Remote Environment

Original post by Zarmeena Waseem for EDUCAUSE Here are some helpful tips and effective practices for working safely and securely in a remote environment, whether it’s a temporary situation or a permanent transition. Use a VPN Make use of the corporate VPN at your university for an extra layer of security any time you find […]

National Cybersecurity Awareness Month (NCSAM) is Coming!

WashU InfoSec is honored to be among institutions named NCSAM Champions. We champion the cause of information security in our community by offering information, resources, and events throughout the year with special offerings during NCSAM every October. Stay tuned for our schedule of October events to help you #BeCyberSmart. To see a complete list of […]

Find Useful Resources on the InfoSec Website

The Office of Information Security strives to provide a comprehensive set of tools, services, and information to empower members of our community to protect themselves and their data. These priorities are evident in our stated mission, “to build a sustainable information security program that balances the need to protect with the need to support the […]

Protect Yourself from Social Engineering

The Office of Information Security continuously works to protect our community from a wide variety of phishing activity and other security threats. Currently, the majority of the phishing threats we see involve some form of social engineering. What is social engineering? Social engineering attempts to manipulate people by exploiting psychology and emotions such as fear, […]

Tax Deadline Extension and Phishing Scams

As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]

Better Protection with Encryption

Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices. Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that […]

INFOGRAPHIC: 22 Social Engineering Red Flags

Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust in order to convince the unsuspecting victim […]

INFOGRAPHIC: 20 Ways to Stop Mobile Attacks

Mobile devices have become an ever-present component of the way we interact with our peers and colleagues. We have desktops and laptops to do the heavy lifting, but the vast majority of us are using some sort of mobile device to access our work during times when we don’t have access to our computers. With […]

Profile: Betsy Ball, Information Security Architect

Please join us in welcoming Betsy Ball to the Office of Information Security’s team! Betsy comes to us with more than 30 years of IT experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she will serve as an Information Security Architect, working with the […]

Avoiding Exposure to Ransomware

adapted from original post by Trisha Clay, EDUCAUSE Ransomware is scary. Such an attack could make it impossible for you to retrieve documents on your computer. So, how do you protect yourself from ransomware? One of the best ways to protect yourself is to create a good backup of your critical data. These backups should […]

Social Engineering and the “Gift-Card Scam”

adapted from original post by Trisha Clay, EDUCAUSE Social engineering begins with research, whereby an attacker reaches out to a target to gain information and resources. When someone you don’t know contacts you and asks you open-ended questions, this may be the first step of a social-engineering attack. After the attacker reaches out to you, […]

UPDATED: Cyber Attackers Exploit Vulnerabilities amid Surge in Remote Work

As we transition to remote work in response to the coronavirus pandemic, cyber attackers seek new opportunities to exploit unsuspecting users. Reports of ransomware attacks, phishing attempts, and scam websites are on the rise around the world, especially targeting those who work at universities and medical institutions. While we take our work to our home […]

COVID-19: Fake Online Coronavirus Map Delivers Malware

A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with a Trojan, an information-stealing program. It is likely being spread via infected email attachments, malicious online […]

COVID-19: UPDATED Criminal Scams Seek to Exploit COVID-19 Fears

Multiple organizations, including the World Health Organization (WHO), have issued warnings that scammers are seeking to use the current outbreak of COVID-19 for personal gain. The Office of Information Security has compiled the following resources and information to assist anyone who fears they may fall victim to one of these scams. It is important to […]

POSTPONED: Shred IT, Secure E-Waste Recycling Event

This event has been postponed. We will do our best to reschedule for a later date. Please stay tuned for updates about this event. The Office of Sustainability and the Office of Information Security will be hosting an e-waste recycling and confidential paper shredding event. All are welcome to bring accepted items to the collection […]

VIDEO: Gil the Phish Drops the Bait

Gil is always coming up with new ways to trick unsuspecting users with his phishy emails. You can avoid becoming a victim of one of Gil’s scams by learning the signs of a phishing email and reporting anything suspicious to phishing@wustl.edu. For more information about how to avoid being a victim of phishing, follow the […]

Photo Gallery: Gil and InfoSec at WUSM Heath Happening Fair

The Office of Information Security hosted a table at the WUSM Health Happening Fair on February 21, 2020. We had a great turn out, distributing mic and camera blockers, phone grips, and valuable information to hundreds of our colleagues at the School of Medicine. Gil the Phish made an appearance at the table, to the […]

Tax Time is Open Season for Phishing Scams

Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]

Ask The Experts: Password Management

According to the U.S. Department of Homeland Security (DHS), strong passwords and multi-factor authentication are key to maintaining information security. The strongest passwords are composed of upper- and lower-case letters, special characters, and numbers. Long and unpredictable passwords are ideal, and according to DHS, these passwords should not include any words that “can be found […]

Get Smart! Mitigating Risks in Connected Devices

original post by Kim Milford, EDUCAUSE   Smart/IoT devices may be the panacea for consumer convenience. Do you want to know and change the temperature of your house or even your fridge remotely? There’s an app for that. Such devices also raise extreme privacy concerns about the data collected about you. Devices can track or […]

External Email Notification Helps Identify Phishes

In the coming weeks, we will introduce a new feature in our email system that will notify users of emails originating from outside of the university. This change is being made to make it easier for everyone at our institution to identify phishing emails. Phishing attacks are on the rise, and often employ multiple methods […]

NCSAM Retrospective

The Office of Information Security recently wrapped up a month of exciting activities and events across Washington University campuses for National Cybersecurity Awareness Month. We are grateful to everyone who took the time to participate in this year’s events, and we are already looking forward to next year’s program. During October 2019, the Office of […]

How Can Higher Ed Better Prepare Cybersecurity Students for a Hot Job Market?

original post by Tom Humbarger, EDUCAUSE   Behind every new report of a data breach, data leak, or computer hack is a company scrambling to put out the fire, which is great news for job seekers or soon-to-graduate students with cybersecurity skills. Unfortunately, this is bad news for most companies because there is currently an […]