In the last two months, we covered password-based authentication and token-based authentication. When properly implemented and used, both methods can provide secure user authentication. Still, passwords and tokens each have their shortcomings: Complex—and therefore secure—passwords are hard to remember. A token can be lost. Either can be stolen. Meanwhile, biometric authentication uses personal data that […]
A recent market forecast predicted that the average volume of electronics per person in the Consumer Electronics market will increase to 2.8 pieces in 2022 (Consumer Electronics – US: Statista market forecast). With gift-giving season approaching, you or someone you know will likely receive some tech. Follow the strategies below to keep your shiny new […]
The Office of Information Security observes a trend in which criminals send fraudulent job requests, hoping that victims will click a malicious link. If you see a message like the one below, please do not interact with the sender or phone number, and don’t follow any special instructions. Simply report the email using the Phish Alert […]
Since Richard Edwards IV, Governance Risk and Compliance Security Analyst II, began working in IT, security has been his top interest. For one, he enjoys how information security challenges him to keep learning. He also noticed a trend: As technology becomes more incorporated into everyday life, so too do threats and vulnerabilities to our technology. […]
Letter from the CISO, Vol 2 Issue 6 Washington University Community: High School Bodyguard? When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you to a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. We’d like to thank our challenge and giveaways participants. […]
By: David Puzder Last month, we covered password-based authentication explaining how to authenticate a user based on something they know. Another means to authenticate a user’s identity is through something they possess – a token. A common instance of token-based authentication is a house key. Ideally, only the person who possesses the proper key can […]
With Black Friday, Small Business Saturday, and Cyber Monday around the corner, it can be tempting to buy discounted items on impulse. Before getting caught up in a “while supplies last” frenzy, remember that scammers capitalize on hasty decisions involving payment information. According to the Federal Trade Commission’s Consumer Sentinel Network data, online shopping scams […]
The Office of Information Security has observed a trend where criminals send fraudulent delivery notifications in hopes that victims will scan a QR code. If you see a message like the one below, please do not interact with the sender and do not follow any special instructions. Simply report the email using the Phish Alert […]
Victor Tinsley, Governance Risk and Compliance Security Analyst I, has always been curious about how malicious actors manipulate a target environment. How do they devise new ways to exploit a system? Following his interest, he pursued a Bachelor of Science with a focus on information security. Aside from having interest in the field, Victor believes […]
Letter from the CISO, Vol 2 Issue 5 Washington University Community: Everyone loves to hear how smart they are! Right? I don’t know anyone who doesn’t like hearing how they are “smart,” “bright,” “clever,” “hard-working,” “correct,” and best of all, “you’re right; I was wrong.” Today I have good news, better news, bad news, and […]
By David Puzder Virtually every online account requires a password. Many account providers require additional authentication steps, like the Duo push alert, to increase security. As for password-based authentication, the principle is relatively straightforward: the user provides an account name or identifier (ID) plus a password, and the system compares the given password to the […]
Cybersecurity Awareness Month 2022 is coming to a close. This year, we hosted four webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published a newsletter full of original content authored by WashU’s office of Information Security. Competition Our Cybersecurity Awareness Month competitions are always popular. In 2021, […]
The Office of Information Security has observed a trend where criminals send fraudulent job requests in hopes that victims will text a phone number with their personal information. If you see a message like the one below, please do not interact with the sender, phone number, or follow any special instructions. Simply report the email […]
Brian Allen, Certified Information Systems Security Professional (CISSP) and Information Security Director, “plays defense for WashU” by overseeing the Incident Response* and Vulnerability Management teams. Throughout his career, he has fostered connections at WashU and in the InfoSec community at large. Dependable working relationships are essential to Brian because he sees “InfoSec as a department […]
WashU’s multi-factor authentication provider is Duo, an industry leader in cybersecurity services. You can improve the strength of multi-factor authentication by opting for multi-factor authentication exclusively via an app. Here is a link that helps you set this up for WashU MFA Where can I change my device’s default authentication method? (duo.com). Did You Log […]
The Washington University in St. Louis Office of Information Security (OIS) supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems […]
The term “data breach” has dominated the tech world the last 24 months. From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, headlines of cybersecurity mishaps saturated news in the last two years. Yet, despite the prevalence of the breach-centric news cycle, many […]
You can control when your WashU computer updates using the Updates section in Software Center. Most updates require your computer to restart, so please save all work beforehand. You can configure automatic updates to run outside of your business hours using these steps: Navigate to Software Center. Select Options. Work Information section: Enter your Business Hours. […]
Ransomware is malicious software that renders data and systems unusable until the targeted individual or organization pays a ransom. Find out more at Ransomware | Office of Information Security | Washington University in St. Louis (wustl.edu). Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our […]
Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a […]
For tips on how to strengthen your passwords, visit How can I make my password secure? – Information Technology (wustl.edu). If you see fit to change your WUSTL key password, you can read the guide at How do I Change my WUSTL Key Password – Information Technology. Cybersecurity Awareness Month Test Your Knowledge Competition We […]
When you receive a suspicious email, please report it using the Phish Alert Button (PAB) from your Outlook account. Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our Test Your Knowledge: Cybersecurity Awareness Month edition. Complete this activity to test what you know and receive an entry […]
The COVID-19 pandemic forced millions of Americans to embrace working from their own home – a concept most had limited or no experience with at the time. And while many employees have returned to the office, a recent University of Chicago study found that 72% of those surveyed would like to continue working from home […]
Phishing is the most common tool used by cybercriminals to steal login credentials, personal information, data, and intellectual property. If you receive a “phishy” email (i.e., an email that demands unexpected quick action, comes from an unknown sender, asks you to supply login credentials or other personal information, etc.), please protect yourself and others at […]
Letter from the CISO, Vol 2 Issue 4 Washington University Community: What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches? The simple answer is all of us working together. And “The Hook.” Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most […]
Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]
The Office of Information Security (OIS) supports WashU’s mission of excellence in teaching, research, and patient care by assessing the security of the tools our community uses every day to do our work. Faculty and researchers often have specific needs for secure storage and communication services and unique needs for tools that aid student engagement, […]
Devices like smart thermostats, speakers, and doorbells might be more functional than their non-internet-enabled designs, but are they smart enough to protect themselves or the network they are on? According to a survey released in August of 2022, there were about 8.6 billion smart devices – or Internet of Things (IoT) devices – connected to […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in our efforts. For this year’s Cybersecurity Awareness Month, we broadened the range of topics covered by our knowledge test, and we increased our prize amounts accordingly. We hope that taking this quiz and playing the […]
By Matt Lang Deeply integrated into our daily lives, laptops and cell phones are well-known targets for hackers. A less-obvious target that we also use almost every day has recently emerged—the car. Today’s cars are like big computers on wheels, and the consequences of a hack could be deadly. To hack your car, all a […]
The Office of Information Security has observed a trend where criminals send fraudulent password expiration notices in hopes that victims will disclose their WUSTL Key on a fake login page. If you see a message like the one below, please do not interact with any links or follow any special instructions regarding authentication methods. Simply […]
Andrew Duba, Information Security Analyst III, is a member of the Digital Forensics and Incident Response Team. During conversations about his job, “most people think of what they see in movies and TV.” These depictions often embellish what the job is like, so “it can be tough to demystify and make it more accessible.” Realistically, […]
Letter from the CISO, Vol 2 Issue 3 Washington University Community: Want to know how to be “enough” of an information security expert? In “Outliers,” Malcolm Gladwell popularized the idea of needing 10,000 hours of practice to become an expert. I studied karate for many years, and one of my sensei’s (instructor’s) expectations was that […]
Welcome back! We know you’ll be busy as the semester begins, so we’ve pulled together resources to help you with a variety of common security needs. See below for our roundup of guidance to help you get in the swing of the semester! Devices Device security is essential for protecting your privacy and data. Sound […]
University Registrar Keri Disch is serious about securing student data in the digital era. Disch moved to St. Louis in July 2020 to join the WashU community after twenty years at Northwestern University, where she first became interested in central registrar work. The University Registrar serves as a central hub for many university functions. Her […]
As school begins on campuses nationwide, criminals turn their attention to scams targeting students who are busy preparing for the upcoming semester. Criminals frequently rely on timely topics and strategies to exploit their victims. Below, you will find examples of real scam emails reported to our team within the last month. As we all gear […]
Greg Whipple, Information Security Analyst III, is new to the Digital Forensics and Incident Response Team. In his role, Greg will perform forensic analysis of log data to further investigations into potential system compromises. Greg will also recommend ways to improve our processes and tools. Greg started his journey in information security with the US […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish […]
CIS WorkBench is a resource where IT staff at Washington University in St. Louis can view CIS Benchmarks (Center for Information Security Benchmarks). These benchmarks are configuration standards and best practices for hardening digital assets; therefore, they help determine how to harden legacy systems.Here is how you can create your account with CIS WorkBench: 3. […]
Letter from the CISO, Vol 2 Issue 2 Washington University Community: Why Do Cars Have Brakes? Why do cars have brakes? The obvious answer is that it helps them slow down and stop. The “real” counter-intuitive reason is that brakes let cars go fast. Imagine the panic and fear of being in a car that […]
Identity theft is nothing new. The term itself dates back to 1964 – a time exclusive to physical theft of documents like social security cards, credit cards, and driver’s licenses. These days, much of our personal information is on the internet. Due to the pandemic’s restrictions, more people used the internet for activities they would […]
The Information Security Governance, Risk, and Compliance (GRC) team, led by Assistant Director, Denise Woodward, handles many types of security-related requests from the WashU community. When researchers need a security review of the tools they’re using for a study, when a department wants to adopt new technology, or when someone requires a specialized solution for […]
Quick Response Codes (QR codes) are increasingly popular, especially since most people no longer need a third-party app to scan them. During the Super Bowl last year, cryptocurrency company Coinbase spent millions of dollars on an ad that simply featured a QR code displayed on the screen. That ad became one of the most talked […]
Overview The WashU Information Security team is actively engaged in keeping our network and data safe. Through the Security Vulnerabilities Project, one of the team’s main objectives is to expand server protection throughout WashU. Why A recent serious security incident was detected early because a server had the WashU Falcon CrowdStrike sensor installed. Due to […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish […]
Over the next several months, the Office of Information Security will conduct a Business Impact Analysis (BIA) and Risk Assessments (RA) on 24 important and critical applications. The BIA is essential to building an effective framework for a Business Continuity Plan. The goal of the BIA is to identify critical functions of the organization and […]
The Office of Information Security has observed a trend where criminals are sending fraudulent invoices to unsuspecting victims in hopes that they will be paid without the recipient noting that they are part of a scam. The tricky part of this particular scam is that the invoices are actually generated by payment handlers like PayPal. […]
Brett McFadden, Information Security Analyst II, originally wanted to be a website designer. After taking a few classes in web development, he concluded that CSS – a style sheet language used by effective web developers – can only be understood by “wizards.” After consulting with a friend, Brett decided to investigate the cybersecurity program at […]
Letter from the CISO, Vol 2 Issue 1 Washington University Community: Who’s responsible for Information Security at WashU? It seems like an odd question for me to ask since I’m the Chief Information Security Officer, but I ask it anyway. I know information security is my responsibility. Or, at least, it’s usually the person in […]