Meet Your Infosec Team: GRC Analyst Trainees 

Our Governance, Risk, and Compliance (GRC) team is fortunate to have three GRC Analyst Trainees this summer who are assisting with various InfoSec efforts. We are excited to have them on our team and would like to introduce you to each of them.   Lindsey Wichman  Lindsey Wichman is currently majoring in Computer Science with a […]

We Are Improving Our Website

Our office is continually searching for the best ways we can serve you and help you secure your work and WashU’s resources. We regularly update our information security website (https://informationsecurity.wustl.edu) with the latest information and resources to help you navigate the increasingly complicated digital landscape.   In addition to the great original content we post on […]

Keeping Information Security Simple – Top Ten Social Engineering Techniques

Letter from the CISO, Vol 2 Issue 10 Washington University Community: I often encourage everyone to “be vigilant, skeptical, and a little paranoid,” and I usually provide a few pointers on things to watch out for and what to do when (if) you see them. Which Half Are You In? A recent report concluded that […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish Alert Button? […]

Job Posting Scam

A man holds Phone with LinkedIn application on the screen.

Job scams that target students are on the rise. As you may already know from reading our Scam of the Month posts, hackers can and will target you by impersonating a university employee looking to hire a student worker. Often, these scams will reach you via email or your cell phone number. When the hacker […]

Scam of the Month: Windows Defender Pop-ups

Windows Defender Security Center pop-up scam screenshot.

The Office of Information Security has observed a trend in which criminals send a fake error message on a website, saying there is a virus on your computer. These fake error messages aim to scare you into calling their “technical support hotline,” and they will likely ask you to install applications that give them remote […]

InfoSec Allies: Craig Pohl, Senior Director of Research Infrastructure Services

Many hands touching a speech bubble.

WashU researchers must persevere through myriad challenges in the quest for knowledge. Among these challenges is developing a comprehensive security plan for their data, applications, and research results. Increasingly, research sponsors require these plans as a condition of funding. Our researchers are pioneers, bringing their expertise to the frontiers of discovery, but they aren’t always […]

Serving you better through ServiceNow integration

The Office of Information Security is changing how we manage emails sent to infosec@wustl.edu. Starting 2/27/2023, every email that reaches our inbox will automatically be assigned to a ticket in ServiceNow. Tickets are how the rest of WashU IT handles work and requests, and we intend to align with this standard. Apart from solidarity, the […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish Alert Button? […]

Protect Yourself When Using Peer-to-Peer Money Exchange Apps

Assorted apps for payment .

You’ve all heard the phrases, “just Venmo me”, “do you have Zelle?”, and “can I send you Apple Cash?”. In the blink of an eye and a tap of a finger, your money can be sent to whomever you choose. However, without considering some basic protections, this convenience could come at a cost. As quickly […]

Scam of the Month: Available Cell Phone? Quick response?

The Office of Information Security observes a trend in which criminals send an email impersonating a Professor of Mathematics, hoping that victims will share their phone number and eventually purchase gift cards for them. If you see a message like the one below, please do not interact with the sender or phone number, and do […]

Meet Your InfoSec Team: Adam Coyle, Information Security Analyst I

A Team Of Workers Put Hands Together

Adam Coyle, Information Security Analyst I, believes that information security is becoming one of the most critical roles in any organization. Over the first nine years at WashU on the Deskside Support team, Adam became fascinated with information security and the strides the university takes to become more secure. His current role as a security […]

Multi-Factor Authentication

Most of the time, using an online service – checking email, shopping, and using social media – requires users to log into an account with a password. As we covered in the Password-based Authentication article, passwords are “something known,” so they can be leaked. And security breaches happen often. Recently, LastPass had its second security […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish […]

Advanced Data Protection for iCloud

With the release of iOS 16.2, Apple offers Advanced Data Protection for iCloud as an optional setting to adult US users. For those who enable the feature, iCloud will provide end-to-end encryption for Photos, Notes, iCloud Backup, and more. As a result, nobody else – not even Apple – can access your end-to-end encrypted data. […]

Scam of the Month: Invoice from PayPal LLC

The Office of Information Security observes a trend in which criminals send a convincing fraudulent PayPal invoice, hoping that victims will click a malicious link. If you see a message like the one below, please do not interact with the sender or phone number, and do not follow any special instructions. Simply report the email […]

Meet Your InfoSec Team: Madeline Quigley, Cybersecurity Awareness and Culture Specialist

Madeline Quigley, Cybersecurity Awareness and Culture Specialist, is the newest member of the Cybersecurity Awareness, Behavior, and Culture team. Madeline spent her childhood in Rhode Island and moved to St. Louis to attend Maryville University from 2018 – 2021, earning a bachelor’s degree in Cybersecurity with a minor in Creative Writing. Madeline has resided in […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. Guidance for Reporting Phishing Have you seen the Phish […]

Biometric-based Authentication

In the last two months, we covered password-based authentication and token-based authentication. When properly implemented and used, both methods can provide secure user authentication. Still, passwords and tokens each have their shortcomings: Complex—and therefore secure—passwords are hard to remember. A token can be lost. Either can be stolen. Meanwhile, biometric authentication uses personal data that […]

Securing New Devices

A recent market forecast predicted that the average volume of electronics per person in the Consumer Electronics market will increase to 2.8 pieces in 2022 (Consumer Electronics – US: Statista market forecast). With gift-giving season approaching, you or someone you know will likely receive some tech. Follow the strategies below to keep your shiny new […]

Scam of the Month: Job/Employment Offer

The Office of Information Security observes a trend in which criminals send fraudulent job requests, hoping that victims will click a malicious link. If you see a message like the one below, please do not interact with the sender or phone number, and don’t follow any special instructions. Simply report the email using the Phish Alert […]

Meet Your InfoSec Team: Richard Edwards IV, GRC Analyst II

Since Richard Edwards IV, Governance Risk and Compliance Security Analyst II, began working in IT, security has been his top interest. For one, he enjoys how information security challenges him to keep learning. He also noticed a trend: As technology becomes more incorporated into everyday life, so too do threats and vulnerabilities to our technology. […]

Keeping Information Security Simple – Your Internet Bodyguard

Letter from the CISO, Vol 2 Issue 6 Washington University Community: High School Bodyguard? When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when […]

Chance to Win $100 in Our Monthly Challenge

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you to a couple of resources that will help you protect yourself from cybercrime and understand how our office can support you. We’d like to thank our challenge and giveaways participants. […]

Token-based Authentication

By: David Puzder Last month, we covered password-based authentication explaining how to authenticate a user based on something they know. Another means to authenticate a user’s identity is through something they possess – a token. A common instance of token-based authentication is a house key. Ideally, only the person who possesses the proper key can […]

Tips for Traveling and Shopping Safely This Holiday Season

Thanksgiving message with autumn leaves and an orange pumpkin

With Black Friday, Small Business Saturday, and Cyber Monday around the corner, it can be tempting to buy discounted items on impulse. Before getting caught up in a “while supplies last” frenzy, remember that scammers capitalize on hasty decisions involving payment information. According to the Federal Trade Commission’s Consumer Sentinel Network data, online shopping scams […]

Scam of the Month: Package Scheduled for Delivery Today

The Office of Information Security has observed a trend where criminals send fraudulent delivery notifications in hopes that victims will scan a QR code. If you see a message like the one below, please do not interact with the sender and do not follow any special instructions. Simply report the email using the Phish Alert […]

Meet Your InfoSec Team: Victor Tinsley, GRC Security Analyst

Victor Tinsley

Victor Tinsley, Governance Risk and Compliance Security Analyst I, has always been curious about how malicious actors manipulate a target environment. How do they devise new ways to exploit a system? Following his interest, he pursued a Bachelor of Science with a focus on information security. Aside from having interest in the field, Victor believes […]

Keeping Information Security Simple – You’re smart and getting smarter, but…

Letter from the CISO, Vol 2 Issue 5 Washington University Community: Everyone loves to hear how smart they are! Right? I don’t know anyone who doesn’t like hearing how they are “smart,” “bright,” “clever,” “hard-working,” “correct,” and best of all, “you’re right; I was wrong.” Today I have good news, better news, bad news, and […]

Password-based Authentication

By David Puzder Virtually every online account requires a password. Many account providers require additional authentication steps, like the Duo push alert, to increase security. As for password-based authentication, the principle is relatively straightforward: the user provides an account name or identifier (ID) plus a password, and the system compares the given password to the […]

Cybersecurity Awareness Month 2022 Recap

Cybersecurity Awareness Month 2022 is coming to a close. This year, we hosted four webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published a newsletter full of original content authored by WashU’s office of Information Security. Competition Our Cybersecurity Awareness Month competitions are always popular. In 2021, […]

Scam of the Month: Assistant Job Posting

The Office of Information Security has observed a trend where criminals send fraudulent job requests in hopes that victims will text a phone number with their personal information. If you see a message like the one below, please do not interact with the sender, phone number, or follow any special instructions. Simply report the email […]

Meet Your InfoSec Team: Brian Allen, Information Security Director

Brian Allen, Certified Information Systems Security Professional (CISSP) and Information Security Director, “plays defense for WashU” by overseeing the Incident Response* and Vulnerability Management teams. Throughout his career, he has fostered connections at WashU and in the InfoSec community at large. Dependable working relationships are essential to Brian because he sees “InfoSec as a department […]

The Anatomy of a Data Breach: What to do When You Spot One

It's easy to stay safe online

The term “data breach” has dominated the tech world the last 24 months. From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, headlines of cybersecurity mishaps saturated news in the last two years. Yet, despite the prevalence of the breach-centric news cycle, many […]

4 Easy Steps for Staying Secure in 2022

It's easy to stay safe online

Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a […]

Cybersecurity In The Home: 3 Steps Households Can Take

Cyber security is everyone's job. Including yours

The COVID-19 pandemic forced millions of Americans to embrace working from their own home – a concept most had limited or no experience with at the time. And while many employees have returned to the office, a recent University of Chicago study found that 72% of those surveyed would like to continue working from home […]

Keeping Information Security Simple – It’s All About “The Hook”

Letter from the CISO, Vol 2 Issue 4 Washington University Community: What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches? The simple answer is all of us working together. And “The Hook.” Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most […]

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]

Security Resources for Faculty and Researchers

Research Security

The Office of Information Security (OIS) supports WashU’s mission of excellence in teaching, research, and patient care by assessing the security of the tools our community uses every day to do our work. Faculty and researchers often have specific needs for secure storage and communication services and unique needs for tools that aid student engagement, […]

Smart Gadgets Are Mostly Insecure

Internet of Things

Devices like smart thermostats, speakers, and doorbells might be more functional than their non-internet-enabled designs, but are they smart enough to protect themselves or the network they are on? According to a survey released in August of 2022, there were about 8.6 billion smart devices – or Internet of Things (IoT) devices – connected to […]

Win Up To $1,000 in Our Cybersecurity Awareness Month Test Your Knowledge Competition

Trophy with five stars

The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in our efforts. For this year’s Cybersecurity Awareness Month, we broadened the range of topics covered by our knowledge test, and we increased our prize amounts accordingly. We hope that taking this quiz and playing the […]

Information Security for your Car

Automobile Information Security

By Matt Lang Deeply integrated into our daily lives, laptops and cell phones are well-known targets for hackers. A less-obvious target that we also use almost every day has recently emerged—the car. Today’s cars are like big computers on wheels, and the consequences of a hack could be deadly. To hack your car, all a […]

Scam of the Month: Fake Password Expiration

The Office of Information Security has observed a trend where criminals send fraudulent password expiration notices in hopes that victims will disclose their WUSTL Key on a fake login page. If you see a message like the one below, please do not interact with any links or follow any special instructions regarding authentication methods. Simply […]

Meet Your InfoSec Team: Andrew Duba, Information Security Analyst III

Andrew Duba

Andrew Duba, Information Security Analyst III, is a member of the Digital Forensics and Incident Response Team. During conversations about his job, “most people think of what they see in movies and TV.” These depictions often embellish what the job is like, so “it can be tough to demystify and make it more accessible.” Realistically, […]

Keeping Information Security Simple – Help Yourself by Helping Others

Letter from the CISO, Vol 2 Issue 3 Washington University Community: Want to know how to be “enough” of an information security expert? In “Outliers,” Malcolm Gladwell popularized the idea of needing 10,000 hours of practice to become an expert. I studied karate for many years, and one of my sensei’s (instructor’s) expectations was that […]

Helpful Resources for Students (and Everyone Else)

Return to College

Welcome back! We know you’ll be busy as the semester begins, so we’ve pulled together resources to help you with a variety of common security needs. See below for our roundup of guidance to help you get in the swing of the semester! Devices Device security is essential for protecting your privacy and data. Sound […]

InfoSec Ally: University Registrar, Keri Disch

Many hands touching a speech bubble.

University Registrar Keri Disch is serious about securing student data in the digital era. Disch moved to St. Louis in July 2020 to join the WashU community after twenty years at Northwestern University, where she first became interested in central registrar work. The University Registrar serves as a central hub for many university functions. Her […]