Keeping Information Security Simple – “How to be a Telephone Fraud Prevention Hero”
Letter from the CISO, Vol 4 Issue 1 Washington University Community: An enormous amount of fraud is still being perpetuated via phone calls even though many people don’t use telephones very much. Cybercriminals seek your credit card or bank account numbers, access to your online bank accounts, and to install malware on your computer. But […]
Cloud Threats, Opportunities, and Safety
As more data, identities, and services move to the cloud, they are increasingly targets of threat actors with potentially life-altering consequences. In 2017, a breach of Equifax leaked the Social Security Numbers (SSNs) of 143 million Americans. While writing this article, Ticketmaster and its vendor, Snowflake, suffered a major data breach. Those are just two […]
Chance to Win $100 in Our Monthly Challenge
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this June. The Inside Man is a soap opera-style training that covers critical […]
Scam of the Month: Direct deposit bank account changed
The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]
Meet Your InfoSec Team: Pete Nowikow, Information Security Analyst III
Pete Nowikow, information security analyst III, is one of the newest InfoSec team members. In his day-to-day role, Pete aids in designing and deploying Network Access Control (NAC, e.g., Cisco Identity Services Engine, or ISE). He also partners closely with the WUIT Network Engineering team and BJC. Pete will often work with several other departments, […]
Keeping Information Security Simple – “The Scariest Story and the 3 ‘U’-Word Indicators of a Cyber Con”
Letter from the CISO, Vol 3 Issue 12 Washington University Community: I sometimes fear that all the scary cybercrime stories I share will lose their motivating impact. And then I hear something even scarier. The scariest attack yet… The scariest attack I’ve heard to date is one in which people appear to receive a call […]
Inside ABC: Awareness, Behavior, and Culture
The WashU Office of Information Security (OIS) takes a holistic approach to security training and awareness. Our goal goes way beyond raising awareness through a required annual training. The Awareness, Behavior, and Culture (ABC) team aims to foster a resilient and adaptable security culture so WashU Community members know what to look out for, how […]
Chance to Win $100 in Our Monthly Challenge
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this May. The Inside Man is a soap opera-style training that covers critical […]
Scam of the Month: Duo Verification Code Text Phishing
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
WashU IT’s Office of Information Security is fostering a strong security culture through policy updates
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Meet Your InfoSec Team: Peter L. Jones, Information Security Analyst
Peter L. Jones, information security analyst, monitors for security vulnerabilities on the tens of thousands of devices in the WashU environment. Peter and the vulnerability management team keep track of everything from simple devices like phones to critical systems and servers by using regular scans and monitoring. His role involves problem-solving and decision-making, including determining […]
Keeping Information Security Simple – “It’s Much Too Easy to Be Stupid”
Letter from the CISO, Vol 3 Issue 11 Washington University Community: Failing to be smart is easy… Writing to the Washington University in St. Louis community, I don’t expect disagreement that it is better to be smart than the opposite. However, even the smartest people can have moments of stupidity. In a recent interview with […]
Passkeys Over Passwords
Are you tired of trying to create and remember every password? Are you worried that you might lose your password? Do you feel overwhelmed by the number of password managers to choose from? If so, there is good news on the horizon. The FIDO Alliance created a passwordless sign-in system that addresses these problems, and […]
Chance to Win $100 in Our Monthly Challenge
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this April. The Inside Man is a soap opera-style training that covers critical cyber security […]
Scam of the Month: Outstanding Toll Amount
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]