Keeping Information Security Simple – The Only Constant in Life is Change

Letter from the CISO, Vol 1 Issue 11 Washington University Community: There are only two things to worry about—that things will never get back to normal, or . . . that they already have. In other words, the only constant in life is change, and Information Security is no exception. I sometimes worry that I […]

Cybersecurity and the Supply Chain

Supply Chain

By Christina Pomianek-Smith You’ve undoubtedly heard the term “supply chain disruption” more times than you can count lately. The past few years have been fraught with disruptions—labor shortages caused by COVID-19, warfare, tropical storms and wildfires, factory fires, railroad transportation disruptions, and the six-day blockage of the Suez Canal. We’ve endured incredible upheavals, and many […]

Advice from a Graduating Student: Things to do as You Leave WashU

Woman moving with boxes

By Harrison Stites As members of our community graduate or otherwise move on from their time at WashU, it can be tempting to ignore or put off the things you need to do here as you look forward to the path ahead. WashU’s Office of Information Security offers you some tips and tricks to help […]

Avoid Phishing and Another Chance to Win $100 in Bear Bucks

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you towards a couple of resources that will help us identify and report potential phishing attacks. Have you seen the Phish Alert Button? It’s the easiest way for you to report […]

Scam of the Month: Important Payroll Message

Example of Important Payroll Message Phish

This month, we’re focusing on a particularly tricky scam. This one isn’t tricky because it’s complex on its surface; it actually relies on simplicity and brevity to lure in its victims. This scam mimics an important notification to trick recipients into handing over sensitive login information. It contains many hallmarks of a typical phish, but […]

Meet Your InfoSec Team: Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response

Jason Murray - Assistant Director and Architect of Digital Forensics and Incident Response

Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response, describes his role as the leader of “a team of talented Security Analysts who defend the university from cyber villains.” Throughout his career, he’s subscribed to the design principle, “build it secure,” considering the methods hackers might use to exploit flaws and access […]

Keeping Information Security Simple – Device Management – March 2022

Letter from the CISO, Vol 1 Issue 10 Washington University Community: This month I’m going to bore you with another really basic idea: that everyone needs to manage their devices. I can almost hear you yawning when I write those words, but it’s essential and not quite as easy as you might think. Step 1: […]

Security Spring Cleaning Top Five

Spring Flowers

By Christina Pomianek-Smith  Spring has arrived, and with it, the age-old tradition of spring cleaning. Getting organized, cleaning up your computer, and checking on your security hygiene will make your life easier as you approach the end-of-semester push toward summer adventures! As you clear away the cobwebs and shake off the dust of winter, also […]

Another Chance to Win and New Defender Features Coming to Office 365

Trophy with five stars

The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’re introducing new security features in Office 365 and running another prize competition! March Prize Giveaway We had a great turnout for our February Information Security prize giveaway, so we’re doing it again this month! […]

Scam of the Month: Ukraine Donation Scam

This month, we’re focusing on another scam that preys on your emotions and altruistic intentions. This time, it involves cybercriminals taking advantage of fundraising for Ukraine. In just one week, legitimate fundraising for Ukraine mobilized more than $50 million in cryptocurrency. That kind of success always attracts opportunists who want their cut. This time, they’re […]

Meet Your InfoSec Team: Quint Smith, Information Security Training and Communications Manager

For the past three years, Quint Smith, Information Security Training and Communications Manager, has been building and managing the InfoSec marketing, communications, and culture program. He aims to encourage an informed, aware, and empowered user community, resilient to the continually evolving cyber threat landscape. He says, “information security is an arms race, and technical defenses […]

Electronic Waste & Paper Shredding Drives this March

E-Waste Recycling Event Flyer

On Tuesday, March 22 and Tuesday, March 29, the Operations & Facilities Management Department, the Office of Sustainability, and WashU’s Office of Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard […]

Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine

Illustration of anonymous cyberattacker

The threat of state-sponsored cyberattacks increasingly accompanies international relations. Russia has developed and demonstrated its capacity to attack and inflict damage using cyber-warfare tactics. With news of Russia’s invasion of Ukraine, many cybersecurity professionals are recommending increased vigilance during this period of unrest. While much of the responsibility for anticipating and preventing cyberattacks of this […]

Keeping Information Security Simple – Isn’t there an App for that?

Letter from the CISO, Vol 1 Issue 9 Washington University Community: This month I’d like to warn you about dangerous applications and Internet services, and four things you can do to avoid problems. Many experts focus on iPhone/iPad/iOS and Android devices, but PC and Macs are also vulnerable to malicious applications, so I’ll speak about […]

10 Security Tips for Spring-Break Travelers

Dog on beach

By Christina Pomianek-Smith Spring Break is on the horizon, and many in the WashU community plan to travel for conferences, study away, research opportunities, and maybe even a little rest and relaxation! Smartphones and other digital devices are an integral part of our everyday lives, and they can make travel seem like a blissful dream. […]

Security Tips for Working From Home

Woman working form home desk

By now, we’re all intimately familiar with the benefits and drawbacks of working from home. You may have been working from home for most of the pandemic, are a hybrid employee, or simply take your work or devices home for breaks and weekends. Whatever your unique situation, you probably have direct experience walking the increasingly […]

Seven Lucky Winners and More Chances to Win Prizes!

Trophy with five stars

The results of our 2021 Cybersecurity Awareness Month competitions are in! Our office has selected seven lucky winners. If you’re a winner, we will contact you at your WUSTL email address to request the information we need to deliver your award. If you didn’t win this time, don’t despair! Read on for information about future […]

Scam of the Month: Fake Norton or Geek Squad Call Scam

Geek Squad scam attempt

Attackers are using criminal Gmail accounts to target members of our institution with a phishing scam that involves requesting the recipient call a phone number for additional information. The attackers use dozens of Gmail accounts, using each account to target only one or a few users and modifying minor details to avoid detection. As a […]

Meet Your InfoSec Team: Bob Therina, Information Security Analyst II

Bob Therina with plane

Bob Therina, Information Security Analyst II, came to Information Security after training and working in Computer Technology and the IT-sphere more broadly. He humbly reports that he sees himself as a generalist rather than an expert, capable of working across the IT space, building bridges between colleagues with deep expertise in a variety of areas. […]

Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!

Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]

Threats to Your Research Data and Intellectual Property

World intellectual property day and education concept

By Christina Pomianek-Smith Your research data and intellectual property are valuable, not only in the pursuit of knowledge for the betterment of society but also to cybercriminals who seek to steal it or hold it for ransom. According to the Federal Bureau of Investigation , intellectual property theft is a growing threat in the digital […]

Phishing Awareness Phase II: Competition Winners to be Notified

WIn 10 PAB (Report Phish)

The Office of Information Security recently added several layers of phishing protection for our institution. We hope you have located, and perhaps even used, the new Phish Alert Button (PAB). Last week, our office distributed our first university-wide message from the KnowBe4 platform, asking users to report it as a phish using the PAB to […]

Security Advice from a Busy Student

Fingerprint and padlock on digital screen

By Jack Ballenger (Class of 2024) During these two weeks of virtual classes, students will need to use Duo Mobile, an app for two-factor authentication (2FA), to access Canvas, Outlook, WebStac, and other WashU resources since they are not connected to campus WiFi. Two-factor authentication, also called multi-factor authentication (MFA) or two-step authentication, supplements your […]

How to Take Back Control of Your Data This Data Privacy Week

Are you airing your dirty laundry?

Adapted from The National Cybersecurity Alliance, January 2022 From social media to online shopping, our lives and the digital world become more intertwined every day. The digital world affords us a new level of convenience and access to information, but there may be a hidden cost to your privacy associated with these conveniences. Consumers must […]

Data Privacy Fast Facts

Keep not Private

Adapted from National Cybersecurity Alliance 67% of internet users in the US are not aware of their country’s privacy and data protection rules. (LegalJobsIO) 47 U.S. states have nonexistent or consumer-data privacy laws only. Bills are pending in 16 states, six states have study committees or task forces, and just three states have modern data-privacy […]

Scam of the Month: SMiShing and 3 Viruses Detected Scam

Example SMiSh with 3 Viruses Scam

The Office of Information Security has received reports of a SMiShing campaign targeting people at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to their unsuspecting victim. The reported scam (pictured below) is a text-based version of a common and long-running scam that is […]

Meet Your InfoSec Team: Christina Pomianek-Smith, Policy and Risk Analyst

Photo of InfoSec Analyst Christina Pomianek-Smith

Information security involves solving complex problems, incorporating diverse perspectives to address the technical, legal, social, and behavioral dimensions of the digital era. Christina Pomianek-Smith’s recent move into information security demonstrates the multidisciplinary demands of the field. She is a cultural anthropologist by training (PhD, University of Missouri—Columbia, 2012), with research interests in trust, cooperation, and […]

Keeping Information Security Simple – Automagically update everything!

Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]

It’s the Scam, Scamiest Season of All!

Dog Shopping Image

The holidays have arrived! These final weeks of the year are extremely busy for many of us. People are traveling, shopping, awaiting packages, making end-of-year-donations, and trying to put a pin in 2021. Cybercriminals know and await these frenzied times. They especially like seasons of heightened online shopping and financial transactions because impersonating a bank, […]

Protecting the World’s Most Valuable Resource

Woman with data in brain

By: Christina Pomianek-Smith, Information Security Analyst The refrain “knowledge is power” has been repeated around the world for centuries, from ancient Sanskrit proverbs to the theme song of the animated American educational series, School House Rock. The pursuit of knowledge is central to our university mission. The objective—use knowledge to empower individuals and communities for […]

Best of: A Lookback at 2021

2022 Loading Image

What a year! We’ve continued to adapt to new working environments, a return to campus, new technologies, and novel cyberthreats. The Office Information Security launched a monthly newsletter, ran university-wide competitions, and engaged the WashU community with a slate of events and communications for Cybersecurity Awareness Month. Once again, we are proud to be among […]

The Realities of Ransomware

Ransomware is scary

By: Harrison Stites (class of 2022) Ransomware accounted for over 80 percent of the cybersecurity attacks in the education sector in 2020, according to the Verizon Data Breach Investigation Report. Healthcare organizations such as BJC (and, by extension, WashU) are significant targets for ransomware attacks because they work with Personal Health Information (PHI) and other […]

Scam of the Month: COVID Omicron Phishing

Security researchers are warning of an uptick in phishing attacks targeting universities themed around COVID, Omicron, and testing information. These attackers seek to steal valuable information and often have the goal of tricking users into handing over their university (or other) log-in credentials. Below, you will find an example of a phishing message using Omicron […]

Meet Your InfoSec Team: James Gagliarducci, Information Security Director

James Photo

James Gagliarducci, Director of Information Security, an electrical engineer by training and a security whiz by experience and certification, started out designing radar systems for the Department of Defense. He joined WashU IT as a network engineer in the 90s. Remembering those days, James says, “I loved it.” When the Health Insurance Portability and Accountability […]

Have a Happy (and Secure) Thanksgiving

Turkeys Photo

People across America are preparing to travel over the river and through the wood, visiting friends and family for Thanksgiving. The American Automobile Association predicts more than 53 million people will travel for Thanksgiving this year, an increase of 13% from 2020 and the most significant single-year increase since 2005. Many of us are eager […]

Online Holiday Shopping Scams

Black Friday Shopping Dog

Winter-holiday shopping of yesteryear kicked off with the deep discounts and early-bird specials of Black Friday, a retail frenzy on the day after Thanksgiving. Traditionally, shoppers forwent their post-feast dreams, waking early to await doorbuster sales at their favorite retailers. Today, shoppers avoid the crowd, line, and occasional brawl by shopping online. The move to […]

Last Chance for Prizes and Cybersecurity Awareness Month 2021 Recap

Bear Bucks Logo

Cybersecurity Awareness Month 2021 is in the rearview mirror! This year, we set out on the Road to Cybersecurity together. We hosted several events, sent out weekly security tips, and published a great newsletter full of original content authored by WashU’s information security staff. Competitions Our Cybersecurity Awareness Month competitions are always popular. In 2020, […]

Easy Security with WUSTL ONE and WashU’s DocuSign

DocuSign Email

Last month, we published an article about a common tactic that uses fake DocuSign emails to trick users into handing over personal information. This month, we take a closer look at the process using WashU’s enterprise (i.e., university-provided) DocuSign service. When you receive a DocuSign request from a WashU sender, you will receive an email […]

Bonus Scam of the Month: Emotet Attachment Scam

Emotet Macro Image

The Information Security Office recently became aware of the reemergence of a malware distribution network previously taken down by law enforcement. This phishing email may look like a reply from a previous familiar email chain. This malicious phishing email uses three types of email attachments to install malware. These attachments include: Microsoft Excel spreadsheets Microsoft […]

Meet Your InfoSec Team: Michael Mayer, Information Security Analyst

Michael Mayer InfoSec Analyst

Michael Mayer is an Information Security Analyst II working in Governance, Risk, and Compliance. This part of our office is a critical component of our information security posture. Michael cooperates with researchers and other university offices in support of safe and ethical research. He works with the Institutional Review Board to evaluate security requirements for […]

Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership

Chanc Impersonation Direct Deposit Phish

Members of the WashU community are receiving phishing emails impersonating university leadership, including Chancellor Martin and Dean Perlmutter. These messages request changes to direct deposit information due to suspicious activity.  Phishing scams often impersonate people in leadership positions to encourage a heightened sense of urgency in the recipient. Additionally, information about leaders is publicly available […]

Keeping Information Security Simple – Backup, Backup, Backup

Letter from the CISO, Vol 1 Issue 5 Washington University Community: Many years ago, a respected colleague told me that for her, the ultimate security was knowing that she could get her data back if something bad happened. This was a bit of a shock to me, as I was young and inexperienced enough to […]

Know the Rules of the Road

Reporting Graphic

We’re on the last leg of our road trip, but our cybersecurity adventure is far from over. The WashU Office of Information Security will always be your trusty navigator and loyal travel companion on the Road to Cybersecurity. We’ll help you steer through the twists and turns of the road ahead and give you a […]

Test Your Knowledge Competition

Bear Bucks Logo

To wrap up another successful Cybersecurity Awareness Month, we invite you to show us what you know by entering our Test Your Knowledge Competition.  Complete this activity to test what you know and receive an entry for one of several Bear Bucks awards.  Prizes Grand Prize: $500 BearBucks credit. Additonal Prizes: $250 BearBucks credits. Don’t […]

Enter Our Student Prize Competition

On October 20th, CISO Chris Shull and WashU Computer Science Major Skylar Fong cooperated to run a webinar discussing Careers in Cybersecurity. Dozens of students participated in the evening event. Chris Shull offered valuable insights about the interdisciplinary nature of cybersecurity and the qualities that he looks for in a prospective new hire. Skylar shared […]

He Held Her Hostage with His Words

Bonus Scam of the Month  On Father’s Day, 2021, Jaime Bardacke, a licensed clinical social worker in San Fransisco, received a phone call from a man who identified himself as Lt. Timothy Reid of the San Mateo County Sheriff’s Office. Initially, Bardacke was not surprised by the call. She had dealt with legal issues involving […]

Scam of the Month: DocuSign Phishing

Example of DocuSign Phish

Attackers continuously adjust their tactics to circumvent our defensive strategies, using new methods to access our systems, data, and personal information. Even as attackers develop new scams, one element seems to carry on—impersonation. Our office frequently publishes about impersonation because it forms the basis of most phishing attempts. Often, attackers impersonate a high-ranking employee in […]

Meet Your InfoSec Team: Betsy Ball, Information Security Architect

Betsy Ball InfoSec Architect Headshot

Betsy Ball is a highly experienced IT professional with more than 30 years of experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she serves as an Information Security Architect, working with the Risk Assessment team on IT infrastructure assessment and supporting the Cybersecurity Maturity […]

Keeping Information Security Simple – Physical Security Comes First

Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]