Multifactor authentication provides another layer of security for online accounts. The first “factor” for an account is usually a password, and any additional authentication step makes it harder for a hacker to access your account. Common multifactor authentication offerings are codes sent via text or email, dedicated authenticator apps like Duo, and fingerprint or facial […]
Using strong passwords with the help of a password manager is one of the easiest ways to protect your accounts and keep our information safe. Let a password manager do the work A password manager creates, stores, and fills passwords for us automatically. This way, we only have to remember one strong password—for the password […]
The onboarding process creates a unique set of security risks. As new employees, we’re often eager to make a good impression, but we have little institutional knowledge. These factors make new employees valuable targets for hackers. Due to unfamiliarity with WashU’s processes and security protocols, a new employee might not know how to recognize an email […]
Google’s Jigsaw unit published a quiz that tests the taker’s ability to identify phishing emails. The quiz tests you on eight emails to see if you can distinguish between legitimate emails and phishing scams. Many of the examples come from real events, such as the massive phishing attempt that hit Google Doc users in 2017 and an email that Russian […]
Phishing is an illegal tactic where criminals send fraudulent emails to trick victims into sharing their personal information or compromise their system. The good news is at WashU we can use the Phish Alert Button whenever we’re unsure about an email’s authenticity. Step 1: Recognize the common signs Step 2: When in doubt, report it! […]
With many kinds of cybercrime come many different ways to report it. Most of us will encounter cybercrime, so here are resources on where to report it. Hacked Account Report your hacked account to theplatform’s support team. Below are reporting guides for popular platforms: WUSTL Key, Facebook, Google, Instagram, PayPal, Snap, TikTok, YouTube Ransomware If […]
Giving children uninhibited access to the internet can put your child, computer, and personal data at risk. With some precautions, you can set your children up to become upstanding digital citizens who will lead the future. Parental Controls Most devices these days have parental controls that allow parents to restrict access to certain content for […]
The WashU Office of Information Security (OIS) is dedicated to supporting our community by ensuring that our information security policies keep pace with the evolving digital landscape. As part of this effort, we’re excited to introduce our 2024 Policy Update, which launches the new WashU OIS Guide series. This series will guide you through our […]
Letter from the CISO, Vol 4 Issue 4 WashU Community: Whether you are a leading-edge user of online financial payment apps or a traditionalist who loves a signature on a paper check, malicious actors are out to separate you from your money. In the September 12, 2024 issue of Hacking Humans, “Baked goods and bad […]
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage you, our WashU community, […]
The Office of Information Security is running a competition throughout October for Cybersecurity Awareness Month! WashU staff, faculty, and students can enter to win up to $1,000 in BearBucks. On September 26th, we released an Inside Man-themed game in KnowBe4, ‘The Inside Man: New Recruits Game’. Complete the game to earn an entry into our […]
With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]
National Public Data, a background check company, confirmed in August that it suffered a data breach leaking names, email addresses, phone numbers, social security numbers, and mailing addresses. Fortunately, there are many free and accessible steps you can take to defend against identity theft: Indicators of Identity Theft What to do if your information is […]
Dean Boenzi, Information Security Analyst III, is one of the newest InfoSec team members. Dean’s primary duties on the InfoSec team revolve around “ensuring data security and compliance.” He supports the Data Loss Prevention (DLP) program by “developing policies, conducting risk assessments, monitoring alerts, and investigating HIPAA violations to maintain patient privacy and to protect […]
Letter from the CISO, Vol 4 Issue 3 WashU Community: As we all return to school and the fall semester, I wanted to emphasize the criticality of securing the most important online account you have. No, not your WashU account! (Although that is important, too.) Rather, it is your humble and largely taken-for-granted personal email […]
Cybersecurity threats continuously evolve, becoming more sophisticated, relentless, and hard to detect with each attempt. Helping the WashU Community learn how to recognize, avoid, and report these threats is crucial to protecting our institution, our research, and our people from bad actors who seek to steal and hold ransom the information and resources on which […]
Welcome back, students! We understand that starting a new semester will be hectic, so we’ve assembled key resources to assist with your security needs. Check out our curated list of advice and guidance to get you started. Device security is essential for protecting your privacy and data. Top-notch device security involves using features built into […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this August. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
The Office of Information Security is always looking for new ways to improve our website to provide the best experience for the WashU community! Our homepage is going through a design overhaul to make accessing the critical security information you need easier. Our Current Homepage Our New Homepage Below is how the new homepage will […]
Letter from the CISO, Vol 4 Issue 2 Washington University Community: Last Friday, all the news was about the millions of Windows computers around the world that had been taken down by a flawed CrowdStrike file update. Starting in the wee hours of Friday morning, systems administrators and computer users everywhere were struggling to boot […]
In this series we are exploring key aspects of our Information Security Awareness, Behavior, and Culture program. If you are a regular reader of this newsletter, you may have read our first article in this series entitled Inside ABC: Awareness, Behavior, and Culture. If you missed that one, you may want to read it first […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this July. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
Jeremy Howard, security analyst III, is one of the newest members of our InfoSec team. Jeremy’s primary responsibilities as a Security Analyst III are to “manage and review events and increase the organization’s security posture by using our Data Loss Prevention program.” He also “provides guidance regarding information security pertaining to clinical workflows.” Jeremy notes […]
Letter from the CISO, Vol 4 Issue 1 Washington University Community: An enormous amount of fraud is still being perpetuated via phone calls even though many people don’t use telephones very much. Cybercriminals seek your credit card or bank account numbers, access to your online bank accounts, and to install malware on your computer. But […]
As more data, identities, and services move to the cloud, they are increasingly targets of threat actors with potentially life-altering consequences. In 2017, a breach of Equifax leaked the Social Security Numbers (SSNs) of 143 million Americans. While writing this article, Ticketmaster and its vendor, Snowflake, suffered a major data breach. Those are just two […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this June. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]
Pete Nowikow, information security analyst III, is one of the newest InfoSec team members. In his day-to-day role, Pete aids in designing and deploying Network Access Control (NAC, e.g., Cisco Identity Services Engine, or ISE). He also partners closely with the WUIT Network Engineering team and BJC. Pete will often work with several other departments, […]
Letter from the CISO, Vol 3 Issue 12 Washington University Community: I sometimes fear that all the scary cybercrime stories I share will lose their motivating impact. And then I hear something even scarier. The scariest attack yet… The scariest attack I’ve heard to date is one in which people appear to receive a call […]
The WashU Office of Information Security (OIS) takes a holistic approach to security training and awareness. Our goal goes way beyond raising awareness through a required annual training. The Awareness, Behavior, and Culture (ABC) team aims to foster a resilient and adaptable security culture so WashU Community members know what to look out for, how […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this May. The Inside Man is a soap opera-style training that covers critical […]
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Peter L. Jones, information security analyst, monitors for security vulnerabilities on the tens of thousands of devices in the WashU environment. Peter and the vulnerability management team keep track of everything from simple devices like phones to critical systems and servers by using regular scans and monitoring. His role involves problem-solving and decision-making, including determining […]
Letter from the CISO, Vol 3 Issue 11 Washington University Community: Failing to be smart is easy… Writing to the Washington University in St. Louis community, I don’t expect disagreement that it is better to be smart than the opposite. However, even the smartest people can have moments of stupidity. In a recent interview with […]
Are you tired of trying to create and remember every password? Are you worried that you might lose your password? Do you feel overwhelmed by the number of password managers to choose from? If so, there is good news on the horizon. The FIDO Alliance created a passwordless sign-in system that addresses these problems, and […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this April. The Inside Man is a soap opera-style training that covers critical cyber security […]
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]
Summer break is right around the corner, and many in the WashU community will be traveling or looking for a summer job. Unfortunately, the devices we rely on for managing travel have also become targets for theft and cybercrime. Whether you are searching for a job or taking a trip, please protect yourself and the […]
Joey Smith, Information Security Analyst III, works in the OIS Clinical Operations team, focusing on the School of Medicine and the Medical Campus. Joey uses tools to identify and monitor unmanaged devices on the WashU network. This effort assists in ongoing projects like asset management and network asset control (NAC). Joey enjoys IT and security […]
Letter from the CISO, Vol 3 Issue 10 Washington University Community: Criminals keep inventing new con attacks I recently saw a news report about a Mexican drug cartel that has gotten into the business of helping elderly Americans get out of the timeshare vacation contracts. This sounds like a good thing. Unfortunately, it is just […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this March. The Inside Man is a soap opera-style training that covers critical cyber security themes in all its episodes. Watch […]
The Phish Alert Button (PAB) is one of our team’s most valuable tools for keeping the WashU community safe. When you report a phishing email using the PAB, our office will investigate the threat and take any necessary action, such as removing all similar messages from systems and notifying our community of the danger. If […]
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information. In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]
In the digital age where a lot of our private information is on the internet – in public and supposedly in private storage – ensuring online privacy has become even more integral to protecting your online activity and identity. According to Cobalt’s Top Cybersecurity Statistics for 2024, there are over 2,200 cyberattacks a day (a […]
Back in his federal law enforcement days, WUSM’s Assistant Director of Investigations and Crime Prevention, Steve Manley, came upon an advance fee scam. An informant who operated a corner store in East St. Louis called him one afternoon. He told Manley a customer was sending large sums of money to Nigeria via Western Union. The caller […]
On Tuesday, March 26th, the Office of Sustainability and Office of Information Security hosted their biannual electronic waste recycling and secure paper shredding event on the Danforth campus. Thank you to all who supported sustainability by securely recycling their electronic waste and confidential documents. The event was a huge success. In just two and a […]