Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]
Security Resources for Faculty and Researchers
The Office of Information Security (OIS) supports WashU’s mission of excellence in teaching, research, and patient care by assessing the security of the tools our community uses every day to do our work. Faculty and researchers often have specific needs for secure storage and communication services and unique needs for tools that aid student engagement, […]
Win Up To $1,000 in Our Cybersecurity Awareness Month Test Your Knowledge Competition
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in our efforts. For this year’s Cybersecurity Awareness Month, we broadened the range of topics covered by our knowledge test, and we increased our prize amounts accordingly. We hope that taking this quiz and playing the […]
WEBINAR: Security in Research with Michael Mayer
Do you want to know how security plays into research at WashU? Please join Michael Mayer, Information Security Analyst III, with the Office of Information Security, and bring your questions about how to secure your research. Mark your calendars and join us via Zoom on October 11 at 12 pm CST. This webinar is exclusively […]
Meet Your InfoSec Team: Greg Whipple, Information Security Analyst III
Greg Whipple, Information Security Analyst III, is new to the Digital Forensics and Incident Response Team. In his role, Greg will perform forensic analysis of log data to further investigations into potential system compromises. Greg will also recommend ways to improve our processes and tools. Greg started his journey in information security with the US […]
InfoSec Alert: Critical Security Updates for Apple Devices (iOS, macOS)
Apple recently released a critical software update for all iOS (iPhones and iPads) and macOS devices designated iOS 15.6.1 and macOS 12.5.1. With the launch of these updates, Apple took the increasingly common step of alerting users that these updates patch vulnerabilities that criminals may actively exploit. Please update your iOS and macOS devices as […]
Keeping Information Security Simple – Why Do Cars Have Brakes?
Letter from the CISO, Vol 2 Issue 2 Washington University Community: Why Do Cars Have Brakes? Why do cars have brakes? The obvious answer is that it helps them slow down and stop. The “real” counter-intuitive reason is that brakes let cars go fast. Imagine the panic and fear of being in a car that […]
Keeping Information Security Simple – Who’s Responsible for Information Security?
Letter from the CISO, Vol 2 Issue 1 Washington University Community: Who’s responsible for Information Security at WashU? It seems like an odd question for me to ask since I’m the Chief Information Security Officer, but I ask it anyway. I know information security is my responsibility. Or, at least, it’s usually the person in […]
Top Ten Travel Tips for Better Information Security
Many in the WashU community will travel this summer, visiting friends and family, taking vacations, attending classes and summer programs, staking out new study abroad opportunities, conducting research, or meeting with colleagues. The long days of summer ahead provide time to rest, relax, and recharge while also renewing professional and academic pursuits through research, collaboration, […]
SECURED Special Bulletin: SMiSh Attack, Last Call for $250, Windows Vulnerability, and Improved Account Security
Website Scavenger Hunt Ends Soon (Win $250) Please take some time to visit our website scavenger hunt for a chance to win $250 in Bear Bucks if you haven’t already. This competition ends tomorrow at midnight, so get your entry in soon to learn about some key resources and secure your chance to win. Chance […]
Website Scavenger Hunt with $250 prize and New Protections in Office 365
The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]
InfoSec Allies: Office of Resource Management
The Office of Resource Management (ORM) plays an essential part in our day-to-day lives and operations at WashU. The office, home to more than 20 staff members, encompasses the departments of Purchasing Services, Furniture and Design, and Supplier Diversity and Mail Services. People from every department and role in the university community interact with the […]
Keeping Information Security Simple – The Only Constant in Life is Change
Letter from the CISO, Vol 1 Issue 11 Washington University Community: There are only two things to worry about—that things will never get back to normal, or . . . that they already have. In other words, the only constant in life is change, and Information Security is no exception. I sometimes worry that I […]
Security Spring Cleaning Top Five
Spring has arrived, and with it, the age-old tradition of spring cleaning. Getting organized, cleaning up your computer, and checking on your security hygiene will make your life easier as you approach the end-of-semester push toward summer adventures! As you clear away the cobwebs and shake off the dust of winter, also remember to clean […]
Another Chance to Win and New Defender Features Coming to Office 365
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’re introducing new security features in Office 365 and running another prize competition! March Prize Giveaway We had a great turnout for our February Information Security prize giveaway, so we’re doing it again this month! […]
Meet Your InfoSec Team: Quint Smith, Information Security Training and Communications Manager
For the past three years, Quint Smith, Information Security Training and Communications Manager, has been building and managing the InfoSec marketing, communications, and culture program. He aims to encourage an informed, aware, and empowered user community, resilient to the continually evolving cyber threat landscape. He says, “information security is an arms race, and technical defenses […]
IRB Security Review
In the IRB Security Review process, our team works with research coordinators to evaluate security risks involved in the research process.
10 Security Tips for Spring-Break Travelers
Spring Break is on the horizon, and many in the WashU community plan to travel for conferences, study away, research opportunities, and maybe even a little rest and relaxation! Smartphones and other digital devices are an integral part of our everyday lives, and they can make travel seem like a blissful dream. Helpful capabilities—your digital […]
Security Tips for Working From Home
By now, we’re all intimately familiar with the benefits and drawbacks of working from home. You may have been working from home for most of the pandemic, are a hybrid employee, or simply take your work or devices home for breaks and weekends. Whatever your unique situation, you probably have direct experience walking the increasingly […]
What are the Security Expectations of Your Research Sponsor?
Increasingly, research sponsors require grantees meet strict security requirements to protect the data and systems used in funded projects.
Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!
Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]
Guiding Information Security Questions for Researchers
There are many reasons to care about research security. Researchers depend on the availability and integrity of their research data to continue the vital work of innovation, discovery, and improvement. Research participants rely on researchers and their teams to protect their information and privacy at every stage of the research process. These responsibilities are core […]
Keeping Information Security Simple – Automagically update everything!
Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]
Research Data Security
The first step in developing a security strategy for your research is to know how your data are classified. Data classification, the process of categorizing data according to risk level, empowers you to select the right tools and services to protect your research.
Information Security for Researchers
WashU faculty, staff, and students regularly generate data through research. Safeguarding these data is crucial to protecting the privacy of research participants, the intellectual property of WashU researchers, the security of WashU systems, and the public’s trust in WashU. The Office of Information Security works with researchers, offering tools, services, and guidance to protect research, […]
Last Chance for Prizes and Cybersecurity Awareness Month 2021 Recap
Cybersecurity Awareness Month 2021 is in the rearview mirror! This year, we set out on the Road to Cybersecurity together. We hosted several events, sent out weekly security tips, and published a great newsletter full of original content authored by WashU’s information security staff. Competitions Our Cybersecurity Awareness Month competitions are always popular. In 2020, […]
Meet Your InfoSec Team: Michael Mayer, Information Security Analyst
Michael Mayer is an Information Security Analyst II working in Governance, Risk, and Compliance. This part of our office is a critical component of our information security posture. Michael cooperates with researchers and other university offices in support of safe and ethical research. He works with the Institutional Review Board to evaluate security requirements for […]
WEBINAR: Careers in Cybersecurity and Student Prize Competition
Did you know that there are more than three million open positions in cybersecurity today? There is a huge demand for cybersecurity professionals today, and the Bureau of Labor Statistics predicts that this trend will continue for the next decade and beyond. This high demand means opportunity, competitive salaries, and job security. Effective cybersecurity requires […]
Keeping Information Security Simple – Physical Security Comes First
Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools […]
Meet Your InfoSec Team: Denise Woodward, Information Security Manager
Denise Woodward is an Information Security Manager in Governance, Risk, and Compliance for our Office of Information Security. She has 27 years of experience in IT, 22 of which are in information security. She got her start in information security working on the Help Desk of A.G. Edwards & Sons and has enjoyed solving problems […]
Cybersecurity Awareness Month
2023 marks 20 Years of Cybersecurity Awareness Month! The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools to be safe online. All month long, we are promoting key behaviors to encourage […]
InfoSec Alert: Critical Security Updates for Apple Devices
Apple recently released a critical software update for all Apple devices designated iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. Apple issued these emergency updates in response to reports that “zero-click” spyware has been discovered on their devices. Users can update their own devices using the following steps (please note that download times may […]
Keeping Information Security Simple – Be Skeptical and a Little Paranoid
Letter from the CISO, Vol 1 Issue 3 Washington University Community: “Keep Information Security Simple” has been my motto for nearly a decade. This month, I’d like to share an important thing that everyone can do to improve our security—slow down, just a little bit because haste makes good people fall for bad tricks. In the first […]
Keeping Information Security Simple – Multi-Factor Authentication
Washington University Community: Thank you for the positive feedback on June’s first issue of our new Information Security Bulletin, “Secured!” If you missed it, you can read it and other articles of interest at https://informationsecurity.wustl.edu/blog/. For almost a decade, I’ve been trying to “Keep Information Security Simple” (KISS) for my clients, employers, and friends. KISS is […]
Workday Security
Washington University recently adopted Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU. WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive information such […]
Controlled Unclassified Information (CUI) in Sponsored Research
These pages provide a general overview of capabilities to appropriately safeguard controlled unclassified information (CUI) at Washington University in St. Louis. Overview The federal government requires minimum security requirements for certain federal information and systems that house or transmit sensitive information defined as Controlled Unclassified Information (CUI). These security standards are set forth by the National […]
Updated Device Security Guidance and Best Practices
Device security is essential for protecting your privacy and data. Sound device security involves using features built into your devices, such as setting a passcode or adjusting privacy settings and protecting the physical security of the device itself. Devices are valuable and are enticing to opportunistic passersby, whether they are after the device itself or […]
Security Guides for iOS/macOS Posted, WIN and Android Coming Soon
Most of us rely heavily on our computers and personal devices to do our jobs, shop for our households, navigate unfamiliar roads, communicate with others, and myriad other tasks. Today, we may take this continuous access to the Internet as a given, hopping on and off networks as we move through the world, allowing location […]
Keep Your Information Secure This Tax Season
Tax season is here again, and as always, that means internet scammers are looking for openings to take advantage of heightened online traffic. According to IRS Commissioner Chuck Rettig, “This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert” […]
InfoSec Alert: Social Security Vishing on Campus
Our office received a report of a vishing (fraudulent phone call) attack targeting a WashU student. In the attack, the caller claimed that the student’s social security number had been associated with overseas drug-trafficking activity. Another popular Vishing campaign involves impersonating support personnel from companies like Apple or Amazon. In this scam, the attackers call […]
Device Security for the Entire Family
The holiday season is here! As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic […]
Thank You for Participating in Cybersecurity Awareness Month 2020
The Office of Information Security extends its gratitude to the faculty, staff, and students who participated in the events and activities of Cybersecurity Awareness Month 2020! During the month of October, we hosted a slate of webinars and presentations to help our community stay informed and empowered in the digital era. This year, our program […]
InfoSec Alert: Cybersecurity Attacks Targeting US Healthcare Systems
During the week of October 26, multiple federal agencies notified Washington University of a credible cybersecurity threat to US health care providers. This threat has impacted several hospitals across the country within the last few days, and intelligence officials suggest several hundred more may be targeted in the near future. Washington University has a dedicated […]
Welcome to Cybersecurity Awareness Month from CISO Kevin Hardcastle
Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online. Now in its 17th year, Cybersecurity Awareness Month is observed around […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The overarching theme for the month is, “Do Your Part, #BeCyberSmart.” The Office of Information Security is proud to be a Cybersecurity Awareness Month Champion, supporting online safety throughout the year. We’re here […]
Cybersecurity Awareness Month Is Right Around the Corner
October is Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched as National Cybersecurity Awareness Month in October 2004 as a joint effort between the National Cyber Security Alliance and the U.S. Department of Homeland Security. The objective of National Cybersecurity Awareness Month was to raise awareness of the importance of cybersecurity and offer resources to […]
WEBINAR: Securely Managing Protected Information
The HIPAA Privacy Office, WashU IT, and the Office of Information Security invite you to attend a one-hour discussion and Q&A about safely handling protected data and using WUSTLBox to develop a secure workflow. Hosts will include Christine Schorb, HIPAA Privacy Officer, Eric Suiter, Systems Engineer with expertise in WUSTLBox, and Kevin Hardcastle, Chief Information […]
National Cybersecurity Awareness Month (NCSAM) is Coming!
WashU InfoSec is honored to be among institutions named NCSAM Champions. We champion the cause of information security in our community by offering information, resources, and events throughout the year with special offerings during NCSAM every October. Stay tuned for our schedule of October events to help you #BeCyberSmart. To see a complete list of […]
UPDATED: Security Threats Targeting COVID-19 Researchers
Law enforcement and government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), have issued warnings about criminal activity targeting COVID research. Below, you will find links to relevant guidance and announcements about this threat. FBI director says China seeks to compromise U.S. firms researching coronavirus – WaPo […]