If You Sent Money to a Scammer Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]
Category: Newsletter
Meet Your InfoSec Team: Nick Fredrick, GRC Security Analyst
Nick Fredrick, GRC Security Analyst I, is one of the newest additions to the Office of Information Security. After earning his bachelor’s degree in computer information systems from St. Louis University, Nick interned for our Governance Risk and Compliance (GRC) team, where he was eventually hired as a full-time analyst. Throughout his time at WashU, […]
Protecting against cybersecurity risks with Microsoft 365 A5 security
WashU uses tools from the Microsoft 365 A5 security suite to detect and respond to cybersecurity threats. Most of the tools in the suite are designed to work behind the scenes so that students, faculty, and staff are not interrupted by the security features. Here is a brief overview of Microsoft 365 A5 tools and […]
Elect to Receive Your Tax Documents Electronically
Provide consent to receive electronic delivery of your tax documents by December 31, 2023. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and […]
Keeping Information Security Simple – “The Preparedness Paradox”
Letter from the CISO, Vol 3 Issue 6 Washington University Community: Problems in WashU paradise Sometimes, I think working at WashU is a bit like being in paradise. November is a time to reflect on things we are grateful for, and this includes working in a safe and welcoming culture. But even the Garden of […]
Scam of the Month: Process has begun by our administrator
The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]
Phishing Resistant Multi-Factor Authentication
As attackers figure out new ways to get around traditional multi-factor authentication, we must evolve to prevent fraudulent access to our accounts. The next wave of multi-factor authentication will fortify user accounts against phishing attacks. Unlike traditional multi-factor authentication, new approaches incorporate advanced techniques such as biometric authentication, hardware tokens, and push notifications to trusted […]
Security Guidance for Automatic Transcription Services
Many WashU community members create audio and video recordings in research, during meetings, while attending lectures, and in other circumstances. These recordings can be indispensable to a project because they document what was said with perfect fidelity for future reference and analysis. A transcript of the recording is even more helpful, making it easy to […]
Keeping Information Security Simple – “They Keep Raising the Bar”
Letter from the CISO, Vol 3 Issue 5 Washington University Community: It doesn’t seem fair… Last month I wrote about how the “right phish at the wrong time can catch anyone.” And this month, despite the fact it is Cybersecurity Awareness Month, we’ve had to deal with a wide range of innovative attacks against us […]
Cybersecurity Awareness Month 2023 Recap
Cybersecurity Awareness Month 2023 is coming to a close. This year, we hosted three webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of original content authored by WashU’s Office of Information Security. Below, you will find a recap of some of the key […]
Firewall in macOS is available on WashU Macs
On WashU-supported Macs, you can now use firewall settings to turn on the firewall in macOS to prevent unwanted connections from the internet or other networks. To change these settings in the latest version of macOS, choose Apple menu > System Settings, click Network in the sidebar, then click firewall on the right. (You may need to scroll […]
Follow these Top Tips to Stay Safe Online
Stay Safe on Social Media
When using social media platforms, it is wise to be careful about what you post. Cybercriminals can use what you post to entice you into clicking malicious links. Be Careful What You Post Any information you publicly post on social media could be used in a spear phishing attack. Spear phishing is when cybercriminals target […]
Stay Safer with Multi-Factor Authentication
We encourage you to turn on multi-factor authentication for every online account or app that offers it. As time goes on, more websites and applications will offer multi-factor authentication, but it might not be turned on by default. Here are some guides on how to enable it for popular services:
Password Managers
Password managers are apps, browser plugins, or programs within your browser. They store your passwords in a vault and lock the vault behind a “master password.” It is safe to replace your password notebook Even though password managers are the best way to safeguard your passwords, you might worry that storing every password in an […]
Weak Passwords
Let a password manager do the work! A password manager creates, stores and fills passwords for us automatically. Then we each only have to remember one strong password—for the password manager itself. Search trusted sources for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options […]
Creating Strong Passwords
When guessing passwords, hackers start with the most common passwords. According to research by NordPass, the top 10 passwords from 2022 are: Are any of your passwords on this list? Creating, storing, and remembering passwords can be an inconvenience for all of us online. Still, the truth is that passwords are your first line of […]
October 20: Microsoft applications may require users to reauthenticate
Mark your calendar Microsoft applications may require users to reauthenticate On the evening of October 20, WashU IT will enhance the university’s cloud-based Microsoft services. As a result, users may see authentication (login) prompts on Microsoft applications such as Teams, Outlook, Office, and OneDrive on their devices. These prompts are expected. Completing the WUSTL Key […]
Install Software Updates to Fix Security Risks
Why it’s so important to update promptly If a criminal gets into a device through a security flaw, they will look for personal information and sensitive data to exploit. Technology providers issue software updates to “patch” security weak spots as quickly as possible. If we don’t install them, they can’t protect us!Software updates can also […]
Unexpected Emails
Many of us receive a steady flow of emails every day, including bank statements, order confirmations, or sales promotions. To keep up, you may look through your inbox as quickly as possible—but do not forget to stay vigilant. Cybercriminals take advantage of haste and send dangerous, unexpected emails. Unusual Account Activity Detected One of the […]
Spot the Fake Login
Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation from a real scam. Can you spot the difference? To make this more challenging, we’ve cropped out the URL from each login screenshot. […]
Unsafe Email Attachments
In addition to using WashU email for work, most people use email in their personal lives, too. You can get an email from your aunt with her stew recipe or an email from your boss about an office party. But what if the email isn’t actually from your aunt or boss? Cybercriminals often pretend to […]
What are AI Chatbots?
For more information about using generative AI at WashU, please visit Generative Artificial Intelligence (AI) – Information Technology (wustl.edu).
Google Yourself
With the internet and social media, it can be difficult to avoid sharing personal information online. Having an online presence can be valuable, but sometimes sharing personal information is risky. If you want to know what information about you is online, Google yourself. Your Search Results If you Google your name, you may find public […]
Revised and Updated Policies 2023
The Washington University in St. Louis Office of Information Security supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems and […]
Keeping Information Security Simple – “The Right Phish at the Wrong Time Can Catch Anyone”
Letter from the CISO, Vol 3 Issue 4 Washington University Community: How likely are you to click? A few years ago, I advised a company to conduct its first email phishing simulation, otherwise known as a “phish test.” The systems administrator enthusiastically crafted a test message that used a logo from the company’s website, included […]
October is Cybersecurity Awareness Month
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage every employee to take […]
Learn About Cybersecurity and Win Big This October
The Office of Information Security is running a competition throughout October for Cybersecurity Awareness Month! WashU staff, faculty, and students can submit several entries to win up to $1,000 in BearBucks. Beginning September 28th, we will release three episodes of “The Inside Man,” a soap opera-style training that covers critical cybersecurity themes. Every Friday until […]
Scam of the Month: Document Shared with You
The Office of Information Security has identified a trend in which criminals send members of our community a Google Document containing a malicious link, in hopes that a victim may give up their credentials. In this more elaborate scam, hackers posed as Adis Avila, who is not an individual who works at our university, sending […]
Meet Your InfoSec Team: Steve Bochte, Information Security Architect
Steve Bochte, Information Security Architect, brings a wealth of experience and enthusiasm to the InfoSec team. Steve remembers being interested in IT and security as a grade-schooler, and these fields still appeal to his love for fixing things and improving processes today. After taking the CISSP exam in 2007, he started exploring the world of […]
Keeping Information Security Simple – Who’s your cyber security buddy?
Letter from the CISO, Vol 3 Issue 3 Washington University Community: Welcome (back) to school! A friend recently shared that her son was assigned a roommate with whom he seems to have nothing in common. They’ve recognized and embraced their differences and are enjoying better, richer experiences because of it. This made me think that […]
Chance to Win $100 in Our Monthly Challenge
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish Alert Button? […]
Back to School Resources
Welcome back! We know you will be busy as the semester begins, so we have pulled together resources to help you with a variety of common security needs. See below for our roundup of guidance to help you get in the swing of the semester! Devices Device security is essential for protecting your privacy and […]
Scam of the Month: Geek Squad Customer Service
The Office of Information Security observes a trend in which criminals send a fraudulent order confirmation claiming the recipient will be charged almost $500. The criminals hope victims will call a phone number to refute the “purchase” and disclose their banking information. If you see a message like the one below, please do not interact […]
Meet Your InfoSec Team: Shane Powell, Information Security Architect
Shane Powell, Information Security Architect, is one of the newest members of the InfoSec team here at WashU. Originally, Shane is from Texas, but after many years of visiting St. Louis with his wife, they decided to move here in 2016. In his day-to-day work here, Shane “communicates with various groups throughout the university and […]
Keeping Information Security Simple – Game On: Spear Phishing and Pre-Texting – our best against the ‘best’ from malicious actors
Letter from the CISO, Vol 3 Issue 2 Washington University Community: Is our best good enough? In the battle against malicious cyber actors, we are constantly challenged by more clever and sophisticated attacks. For example, for several years after we implemented DUO 2-Factor Authentication (2FA), the number of successful account-compromise attacks dropped to almost zero. […]
Chance to Win $100 in Our Monthly Challenge
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish Alert Button? […]
Scam of the Month: Compromised Email
The Office of Information Security observes a trend in which criminals use a compromised email account to trick victims into divulging their WUSTL Key password. In this scam, criminals took over a legitimate email address from UT Health San Antonio and used it to send phishing emails. Victims who click on the phishing link are […]
Meet Your Infosec Team: GRC Analyst Trainees
Our Governance, Risk, and Compliance (GRC) team is fortunate to have three GRC Analyst Trainees this summer who are assisting with various InfoSec efforts. We are excited to have them on our team and would like to introduce you to each of them. Lindsey Wichman Lindsey Wichman is currently majoring in Computer Science with a […]
We Are Improving Our Website
Our office is continually searching for the best ways we can serve you and help you secure your work and WashU’s resources. We regularly update our information security website (https://informationsecurity.wustl.edu) with the latest information and resources to help you navigate the increasingly complicated digital landscape. In addition to the great original content we post on […]
Keeping Information Security Simple – Chocolate v. Kale and the Importance of Reporting Information Security Mistakes
Letter from the CISO, Vol 3 Issue 1 Washington University Community: Do you like chocolate more than kale? Of course! In a recent keynote presentation at the Gartner Security and Risk Management Summit, Mary Mesaglio, a Managing Vice President who leads Gartner’s Executive Leadership Dynamics team, discussed the importance of getting people to care about […]
Chance to Win $100 in Our Monthly Challenge
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish Alert Button? […]
Scam of the Month: Sheriff Impersonation
The Office of Information Security observes a trend in which criminals impersonate the sheriff’s office over the telephone. These scammers claim you signed for a subpoena, are an expert witness, or are a juror and never showed up for court and then demand payment. Along with a false accusation, scammers may list your personal information […]
Policies, Standards, and Guidelines
With the new design of our Policies page, visitors can conveniently locate, search, and preview our office’s policies, standards, and guidelines. Along with a contemporary design, the three terms each include a brief definition. Understanding their differences can prevent confusion and help you find the information you need to carry out your work securely. So, […]
Meet Your InfoSec Team: Hannu Turri, Cloud Security Architect
Hannu Turri, cloud security architect, is an integral part of the InfoSec team at WashU. Hannu comes to us from Finland, where he first served in the military and transitioned into IT, working as a CISO. After attending an AWS re:Invent event in Las Vegas, where he met his future wife a few years ago, […]
Keeping Information Security Simple – InfoSec Requires Advanced Preparation
Letter from the CISO, Vol 2 Issue 12 Washington University Community: Are cyber threats like pop quizzes? I was recently asked, “How are cyber threats like pop quizzes?” I’ve realized this is an interesting question, but not in the way I originally thought. Initially, I thought of reasons they were similar. They are unexpected, test […]
Chance to Win $100 in Our Monthly Challenge
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish Alert Button? […]
SECURED is Getting a New Look
Starting with our June edition, SECURED will have a new look. Information Security is a big part of the future of IT at WashU, so we are aligning our published content with the rest of the great information and news coming from WashU IT. You can learn more about WashU IT’s strategic plan on the […]
Business Associate Agreement (BAA) Explained
If you work with Protected Health Information (PHI), you have probably heard mention of a business associate agreement. At WashU, it is essentially a contract between WashU and a business associate concerning the handling of PHI. Who is a Business Associate? It is a person or entity outside of WashU who creates, receives, maintains, or […]
Scam of the Month: DEA Impersonation
The Drug Enforcement Administration (DEA) is warning the public of a widespread fraud scheme where scammers impersonate DEA agents to extort money or steal personally identifiable information. DEA personnel will never contact members of the public to demand payment or sensitive information. No legitimate federal law enforcement officer will request cash or gift cards from […]