Like institutions worldwide, WashU made a rapid transition to a largely remote workforce in the wake of the COVID-19 pandemic. This quick transition created an urgent demand for digital capabilities in communications, teaching, research, and patient care. The move toward digital workflows reveals security vulnerabilities that impact our systems, users, and data. Criminal opportunists seize moments of uncertainty and rapid change to exploit gaps in security strategies of institutions and gaps in the knowledge of employees suddenly working remotely. Specifically, these bad actors play upon fears in phishing and social engineering campaigns related to the pandemic and associated instabilities. For example, the Google Threat Analysis Group (TAG) reports that their systems saw 18 million COVID-related malicious emails and 240 million COVID-related spam messages each day in the month of April. Further, TAG identified over a dozen government-backed attacker groups employing COVID-19 as part of phishing and social engineering campaigns attempting to lure victims into clicking malicious links and downloading malware (Huntley 2020).
The move toward remote work during the pandemic illustrates the importance of good information security across the institution and the vital role that each user plays in securing their devices, data, and personal information. WashU InfoSec continuously works to ensure our systems’ security and empower our community members in the digital sphere. Below, please find a number of our resources to help remote workers stay safe online: