Alerts COVID-19 Encryption Phishing

UPDATED: Security Threats Targeting COVID-19 Researchers

Law enforcement and government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), have issued warnings about criminal activity targeting COVID research. Below, you will find links to relevant guidance and announcements about this threat.

The Office of Information Security offers the following general guidelines for securing your data and sensitive personal information. These guidelines are perpetually useful and are especially important safeguards against the heightened security threats of the COVID era.

  • Strong and unique passwords or pass-phrases should be used on all accounts. A password manager (e.g., 1Password or LastPass) can be a valuable tool for keeping all of your accounts and passwords safely managed. Find more information about password management here: Ask The Experts: Password Management | Office of Information Security | Washington University in St. Louis
  • Control access to your data. Researchers should build and maintain an inventory of anyone who has access to sensitive data. Access should be immediately removed for anyone who doesn’t currently need it.
  • Use Multi-Factor Authentication. Multi-factor authentication (MFA or 2FA) should be enabled on all accounts that support it. Enterprise systems that support the secure storage of data will already be protected by WashU 2FA. The same level of protection can be enabled on many personal systems as well via user account settings.
  • Educate your collaborators about what to do if they identify a potential threat. Be certain that everyone with access to sensitive information knows what to do and who to tell if they believe they have identified some unusual behavior. Notify the Office of Information Security so we can conduct a prompt and thorough investigation into any reported unusual activity. Foster an environment that rewards vigilance and doesn’t punish those who are attempting to help by reporting malicious behavior.

If you think you are being targeted by a malicious actor, please reach out to our office by emailing infosec@wustl.edu. If you receive an email that you believe to be a phishing attempt, please forward the email to phishing@wustl.edu and delete it from your inbox.

We appreciate all that you do to help keep our institution secure.