Cybersecurity Awareness Month 2023 is coming to a close. This year, we hosted three webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of original content authored by WashU’s Office of Information Security. Below, you will find a recap of some of the key […]
On WashU-supported Macs, you can now use firewall settings to turn on the firewall in macOS to prevent unwanted connections from the internet or other networks. To change these settings in the latest version of macOS, choose Apple menu > System Settings, click Network in the sidebar, then click firewall on the right. (You may need to scroll […]
When using social media platforms, it is wise to be careful about what you post. Cybercriminals can use what you post to entice you into clicking malicious links. Be Careful What You Post Any information you publicly post on social media could be used in a spear phishing attack. Spear phishing is when cybercriminals target […]
We encourage you to turn on multi-factor authentication for every online account or app that offers it. As time goes on, more websites and applications will offer multi-factor authentication, but it might not be turned on by default. Here are some guides on how to enable it for popular services:
Password managers are apps, browser plugins, or programs within your browser. They store your passwords in a vault and lock the vault behind a “master password.” It is safe to replace your password notebook Even though password managers are the best way to safeguard your passwords, you might worry that storing every password in an […]
Let a password manager do the work! A password manager creates, stores and fills passwords for us automatically. Then we each only have to remember one strong password—for the password manager itself. Search trusted sources for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options […]
When guessing passwords, hackers start with the most common passwords. According to research by NordPass, the top 10 passwords from 2022 are: Are any of your passwords on this list? Creating, storing, and remembering passwords can be an inconvenience for all of us online. Still, the truth is that passwords are your first line of […]
Why it’s so important to update promptly If a criminal gets into a device through a security flaw, they will look for personal information and sensitive data to exploit. Technology providers issue software updates to “patch” security weak spots as quickly as possible. If we don’t install them, they can’t protect us!Software updates can also […]
Many of us receive a steady flow of emails every day, including bank statements, order confirmations, or sales promotions. To keep up, you may look through your inbox as quickly as possible—but do not forget to stay vigilant. Cybercriminals take advantage of haste and send dangerous, unexpected emails. Unusual Account Activity Detected One of the […]
Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation from a real scam. Can you spot the difference? To make this more challenging, we’ve cropped out the URL from each login screenshot. […]
In addition to using WashU email for work, most people use email in their personal lives, too. You can get an email from your aunt with her stew recipe or an email from your boss about an office party. But what if the email isn’t actually from your aunt or boss? Cybercriminals often pretend to […]
For more information about using generative AI at WashU, please visit Generative Artificial Intelligence (AI) – Information Technology (wustl.edu).
With the internet and social media, it can be difficult to avoid sharing personal information online. Having an online presence can be valuable, but sometimes sharing personal information is risky. If you want to know what information about you is online, Google yourself. Your Search Results If you Google your name, you may find public […]
The Washington University in St. Louis Office of Information Security supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems and […]
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage every employee to take […]
Cybersecurity Awareness Month 2022 is coming to a close. This year, we hosted four webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published a newsletter full of original content authored by WashU’s office of Information Security. Competition Our Cybersecurity Awareness Month competitions are always popular. In 2021, […]
WashU’s multi-factor authentication provider is Duo, an industry leader in cybersecurity services. You can improve the strength of multi-factor authentication by opting for multi-factor authentication exclusively via an app. Here is a link that helps you set this up for WashU MFA Where can I change my device’s default authentication method? (duo.com). Did You Log […]
The Washington University in St. Louis Office of Information Security (OIS) supports education, research, and clinical care by protecting systems and data for everyone at our institution. Information security is essential to every member of our community, and we all share personal responsibility for ensuring the security of our systems. We continuously improve our systems […]
The term “data breach” has dominated the tech world the last 24 months. From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, headlines of cybersecurity mishaps saturated news in the last two years. Yet, despite the prevalence of the breach-centric news cycle, many […]
You can control when your WashU computer updates using the Updates section in Software Center. Most updates require your computer to restart, so please save all work beforehand. You can configure automatic updates to run outside of your business hours using these steps: Navigate to Software Center. Select Options. Work Information section: Enter your Business Hours. […]
Ransomware is malicious software that renders data and systems unusable until the targeted individual or organization pays a ransom. Find out more at Ransomware | Office of Information Security | Washington University in St. Louis (wustl.edu). Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our […]
Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a […]
For tips on how to strengthen your passwords, visit How can I make my password secure? – Information Technology (wustl.edu). If you see fit to change your WUSTL key password, you can read the guide at How do I Change my WUSTL Key Password – Information Technology. Cybersecurity Awareness Month Test Your Knowledge Competition We […]
When you receive a suspicious email, please report it using the Phish Alert Button (PAB) from your Outlook account. Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our Test Your Knowledge: Cybersecurity Awareness Month edition. Complete this activity to test what you know and receive an entry […]
The COVID-19 pandemic forced millions of Americans to embrace working from their own home – a concept most had limited or no experience with at the time. And while many employees have returned to the office, a recent University of Chicago study found that 72% of those surveyed would like to continue working from home […]
Phishing is the most common tool used by cybercriminals to steal login credentials, personal information, data, and intellectual property. If you receive a “phishy” email (i.e., an email that demands unexpected quick action, comes from an unknown sender, asks you to supply login credentials or other personal information, etc.), please protect yourself and others at […]
Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]
Cybersecurity Awareness Month 2021 is in the rearview mirror! This year, we set out on the Road to Cybersecurity together. We hosted several events, sent out weekly security tips, and published a great newsletter full of original content authored by WashU’s information security staff. Competitions Our Cybersecurity Awareness Month competitions are always popular. In 2020, […]
Letter from the CISO, Vol 1 Issue 5 Washington University Community: Many years ago, a respected colleague told me that for her, the ultimate security was knowing that she could get her data back if something bad happened. This was a bit of a shock to me, as I was young and inexperienced enough to […]
We’re on the last leg of our road trip, but our cybersecurity adventure is far from over. The WashU Office of Information Security will always be your trusty navigator and loyal travel companion on the Road to Cybersecurity. We’ll help you steer through the twists and turns of the road ahead and give you a […]
A little before 5 a.m. on May 7th, 2021, an employee at the Colonial Pipeline noticed a ransom note on their computer demanding cryptocurrency. This employee followed the company’s policies and procedures and immediately reported the situation. The Colonial Pipeline attack might be one of the largest and most impactful cyberattacks in history. It started when […]
To wrap up another successful Cybersecurity Awareness Month, we invite you to show us what you know by entering our Test Your Knowledge Competition. Complete this activity to test what you know and receive an entry for one of several Bear Bucks awards. Prizes Grand Prize: $500 BearBucks credit. Additonal Prizes: $250 BearBucks credits. Don’t […]
On October 20th, CISO Chris Shull and WashU Computer Science Major Skylar Fong cooperated to run a webinar discussing Careers in Cybersecurity. Dozens of students participated in the evening event. Chris Shull offered valuable insights about the interdisciplinary nature of cybersecurity and the qualities that he looks for in a prospective new hire. Skylar shared […]
Attackers continuously adjust their tactics to circumvent our defensive strategies, using new methods to access our systems, data, and personal information. Even as attackers develop new scams, one element seems to carry on—impersonation. Our office frequently publishes about impersonation because it forms the basis of most phishing attempts. Often, attackers impersonate a high-ranking employee in […]
Betsy Ball is a highly experienced IT professional with more than 30 years of experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she serves as an Information Security Architect, working with the Risk Assessment team on IT infrastructure assessment and supporting the Cybersecurity Maturity […]
This week, read about how the employees of FireEye and SolarWinds responded to a hack and where a timely verification would have changed the outcome. The SolarWinds hack was first spotted by someone at FireEye, a cybersecurity company. A staff member noticed that an employee signed in using their username and password but a new […]
Thank you for your interest in our student prize competition! Use the Phish Alert Button (PAB) to report phishing attempts for your chance to win! To participate, register here by November 3rd: https://wustl.az1.qualtrics.com/jfe/form/SV_7418aAb5ROape6i Additional Resources from Webinar Slide deck Event Recording Using the Phish Alert Button About the KnowBe4 Program
Ransomware is a specific category of malware that causes harm to the computer and the computer system. The U.S. Cybersecurity and Infrastructure Security Agency defines ransomware as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” The threat actors (hackers) behind […]
Organizations have been a driving force behind cybersecurity awareness and training. It’s more important than ever to be up to date with cybersecurity knowledge so that attacks don’t happen on your watch. In these special edition Cybersecurity Awareness Month articles, you’ll read about damaging attacks that happened in 2021 — and how employee actions changed […]
Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]
To defend ourselves against cybercrime, we cannot rely on technology alone. Cybercriminals constantly try different attack strategies, attempting to confuse, surprise, and manipulate their targets. Phishing emails are the most common attack strategy, and these messages are subject to the limitless creativity of their criminal authors. As a result, even state-of-the-art technology cannot perfectly detect […]
Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools […]
On Tuesday, October 19 and Tuesday, October 26, Operations & Facilities Management Department, the Office of Sustainability, WashU Office of Information Security, and BJC Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard drives […]
The Washington University Office of Information Security (OIS) supports education, research, and clinical care by protecting systems and data for everyone at our institution. Security threats today are constantly changing as cybercriminals try new tactics to steal and hold ransom user and institutional data. To adapt to changes in the information security landscape, the OIS […]
The Office of Information Security extends its gratitude to the faculty, staff, and students who participated in the events and activities of Cybersecurity Awareness Month 2020! During the month of October, we hosted a slate of webinars and presentations to help our community stay informed and empowered in the digital era. This year, our program […]
Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online. Now in its 17th year, Cybersecurity Awareness Month is observed around […]