News

WashU Community: WashU IT’s theme for November is “Elevating the customer experience,” which we always take as a high-priority goal; especially when we’re asking people to take on an additional role in amplifying their information security. While Information Security can do a lot of good behind the scenes without anyone being aware of it, sometimes […]

The Office of Information Security caught fake Punchbowl invitations that download malicious software when clicking on the graphic or preview link. Instead of going to Punchbowl’s website, the fake invitation links to an external domain and downloads a remote access trojan tool.  If you see an invitation or card like the one below, please do […]

If you become aware of or suspect a HIPAA privacy or security incident, it must be reported immediately. WashU is subject to stringent regulatory requirements that necessitate the prompt investigation of any alleged incidents in order to assess their impact and to take appropriate corrective actions. How Do You Report a HIPAA Incident? Report HIPAA […]

KnowBe4 is updating their logo and improving the design, but everything else will work exactly the same. Your login credentials and all microlearning progress will remain unchanged. Simply log in as usual and complete your microlearning when these updates go live. This will be the new login experience:

Letter from the CISO, Vol 5 Issue 5 WashU Community: In recognition of Cybersecurity Awareness Month, WashU IT’s theme for October is “Take Action and Reduce Online Risk.” But that’s what I always write about so, full speed ahead. Occam’s razor Many of you might be familiar with Occam’s razor, also known as the law […]

We reviewed the scams hitting the WashU community and chose the ones that fooled your colleagues and classmates the most. Don’t be the next one!  Fake CAPTCHA – Verify You’re a Human Criminals create fake CAPTCHA pages to trick users into copying malicious code into their computer. To protect yourself, do not paste material into […]

Some of our most important information is stored on electronic devices. It’s critical that they’re safeguarded (and responsibly disposed of) when they’ve reached their end-of-life or are no longer needed. Improperly offloading your device makes your data vulnerable, creating opportunities for a breach. At WashU and around your area, there are services that you can […]

Storing important information on paper is a key part of our everyday lives. The need for safekeeping documents is essential while they’re in use and when it’s time for their disposal. Improper handling of documents can result in security threats, including bad actors gaining access to your information, the university’s, or our community’s data. Any […]

Cybersecurity Awareness Month 2025 is coming to a close. This year, we hosted a webinar, securely collected e-waste with the Office of Sustainability, held a banking security workshop with the Office of Financial Well-being, heard from industry experts at the BJC Cybersecurity Conference, and published weekly comics authored by the Office of Information Security.  Below, […]

On October 15, Senior Director Information Security Operations and Engineering, Jason Murray, discussed previous security incidents on the WashU network and answered questions about cybersecurity. Those who could not attend or wish to revisit the presentation can watch a recording of the webinar on Microsoft Stream. Access to the recording is limited to the WashU community. 

The HIPAA Privacy and Security Rules require entities, including WashU, to implement certain safeguards when communicating Protected Health Information electronically (ePHI).  Consequently, WashU workforce members must ensure the confidentiality and integrity of ePHI by following the university-approved best practices and safeguards for electronic communications.    For Patient Communications:  For Provider-to-Provider Communications:   For Email Communications Containing PHI:  […]

Generative AI is unleashing deepfakes so dangerously convincing they can manipulate even the most vigilant defenders. They’re the latest weapon in the cybercriminal’s arsenal. Perry Carpenter, KnowBe4’s Chief Human Risk Management Strategist, exposes the alarming rise of AI-powered social engineering in this on-demand webinar. Perry’s list of deepfake resources mentioned in the video (PDF)

Letter from the CISO, Vol 5 Issue 4 WashU Community: Introducing the OODA loop concept The OODA loop, developed by U.S. Air Force Colonel John Boyd, explains how people take in and respond to new information, especially in competitive environments. Its stages are: What does this have to do with information security? Competition. We are […]