Skip to main content Skip to navigation
Security at WSU News

October Cyber Awareness News from Sasi Pillay

  2016 WSU #CyberAware Day Summit
and National Cyber Security Awareness Month
 
 

I am excited to share an event Information Technology Services (ITS) will be hosting on the Pullman campus October 12th in support of October being the National Cyber Security Awareness Month.

ITS is hosting its first ever WSU #CyberAware Day Summit. This event will take place at the Compton Union Building’s Jr. Ballroom beginning at 8:50 am, and ending at roughly 4:00 pm, following our last panel Q&A session.

During the morning, FireEye and Proofpoint, both critical partners with WSU’s technology security efforts, will present information regarding today’s technology threat landscape and will be available for follow up questions after each of their sessions. During a break in presentations from 12:00 pm to 2:00 pm, you can join us at demonstration tables to talk with ITS security team members. Our afternoon sessions will begin with a guest FBI speaker at 2:00 pm, and wrap up with our ITS security panel hosting a Q&A discussion.

There is no pre-registration for the summit, all are welcome to attend as your schedule allows throughout the day. For a full agenda with times, visit our security.wsu.edu website homepage. Video streaming will be available in the following locations outside of Pullman:

WSU Spokane(SNRS 317E)
WSU Vancouver(VMMC 102Q)
WSU Tri-Cities(TWST 260)
University Centers -North Puget Sound WSU (Everett)(GWH-365 )

***

Cyber security education is a national focus for October and along with joining our summit, we encourage you to explore resources both at our security.wsu.edu site as well as at staysafeonline.org. The more educated you are, the better online experience you will have. As always, our ITS security team is diligently working to support your technology security and will continue to do so.

Remember if you receive emails with links, exercise caution. Forward all suspicious emails to abuse@wsu.edu. If you believe you may have already clicked on a malicious link or attachment in a phishing email, please report the situation to abuse@wsu.edu immediately and contact CougTech at (509) 335-4357. Please do not continue to use your computer until you have communicated with CougTech.

Thanks again for your patience and partnership in the technology security journey.

Best regards and Go Cougs!

Sasi K. Pillay, Ph.D.
Vice President & CIO
Information Technology Services

180 days since you last changed your password?

An important component of enhancing security at WSU is password rotation on a regular basis. As a reminder, and as described in the existing WSU Executive Policy 18, passwords will be required to be reset every 180 days, starting at the date of your most recent password change. The common login page for many WSU web applications (such as myWSU and Blackboard) and many WSU-owned Windows systems (if you login using your Network ID)   will automatically issue warnings and provide instructions and/or mechanisms to perform the reset. Some people may be seeing these warnings already.

Password 180 days

To view your password expiration date at any time you may open a browser and navigate to reset.wsu.edu. You will also find step-by-step instructions there on how to reset your password

February 16th will mark 180 days since August 20th, when President Bernardo strongly encouraged all to change the password associated with their WSU account. April 24th will mark 180 days from October 27th, when Information Technology Services (ITS) began a two week process of enforced password resets.  This means that sometime between February 17th and May 6th you will need to reset your password again in order to access WSU accounts.

Do remember, once you have reset your password, you will need to update your account information for wireless internet access on-campus and applications on your mobile devices, such as email and calendar applications. Failure to do so may result in your account being locked out due to these applications failing to connect with your account multiple times using your old password.

Strong passwords are fundamental to information system security and are often the first line of defense against unauthorized access to network resources. Please visit security.wsu.edu for more information and the latest security news and tips.

For additional information and assistance contact Coug Tech at 509-335-4357 or cougtech@wsu.edu.

Thank you!

Thank you all!  54,725 people have changed their NID password since Aug. 20th 2015.  Though there were occasional issues that arose on a minimal number of accounts, the overall effort was highly successful.  A huge thank you to the WSU community of account holders for your support and patience throughout the process.

An important component of enhancing security at WSU includes password rotation on a regular basis. As a reminder and as described in existing Executive Policy 18 , passwords will be required to be reset every 180 days going forward, starting at the date of your most recent password change. Strong passwords are fundamental to information system security and are often the first line of defense against unauthorized access to network resources. Please visit security.wsu.edu for more information and the latest security news and tips.

We would love to hear your feedback. Please take a short survey to help our efforts in the future.

https://wsu.co1.qualtrics.com/jfe/form/SV_23I73OpBRhINhKB

Cyber Monday Tips

1. Black Friday/Cyber Monday Specials

This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a “special offer” is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.

2. Complimentary Vouchers or Gift Cards

A popular holiday scam is big discounts on gift cards. Don’t fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and “Think Before You Click” on offers or attachments with any gift cards or vouchers!

3. Bogus Shipping Notices From UPS and FedEx

You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered. Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware which holds all your files hostage until you pay 500 dollars in ransom.

4. Holiday Refund Scams

These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there’s a “wrong transaction” and prompt you to click the refund link. However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? if the debit card gets compromised, the bad guys can empty your bank account quickly.

5. Phishing on the Dark Side

A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, “Star Wars: The Force Awakens,” due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam. Stay safe online!

 

BONUS TIP: Never use an insecure public Wi-Fi to shop with your credit card. Only shop with a secure connection at home.

Pssst! Change your password. Pass it on.

In response to recent attacks on major research universities including WSU, all WSU faculty, staff and students are reminded to reset the password for their WSU Network ID as soon as possible if they have not already done so since Aug. 20, 2015. This will help insure that their system access is secure and prevent potential service interruptions when password resets are enforced.

Open any browser and navigate to https://reset.wsu.edu for step by step instructions on how to reset your password.

Do remember, once you have reset your password, you will need to update your account information for wireless Internet access and applications on your mobile devices. Failure to do so may result in your account being locked out due to multiple failed attempts to connect with your account.

If you need assistance please contact your local department or area IT administrator first. For additional information and assistance contact Coug Tech at 509-335-4357 or cougtech@wsu.edu

Dear WSU faculty, staff and students,

As you may know, several major, research-intensive universities across the country have been under cyber attack for the past several months. Washington State University is among them. Fortunately, to date, there has been no indication that any personal information – such as Social Security numbers and banking information has been lost. The forensic investigation has found no evidence that student or research data has been accessed.

I am finally in a position to share what has happened with you without jeopardizing our resolution. It was important that we keep our attackers unaware of our course of action until initial counter measures were underway.

Here is what we have been dealing with: On July 8, 2015, Washington State University became aware of suspicious activity in our system. We immediately reached out to external information security experts and federal law enforcement to investigate the activity. Those teams confirmed that sophisticated attackers had illegally accessed portions of the university’s email and directory systems.

With that confirmation and partnering with our external cyber security experts, we developed a plan for a series of initial countermeasures to protect our data and the integrity of our systems and strengthen security measures within IT environments across the university. Yesterday, WSU began enacting the first phase of that plan, which was designed to disrupt and evict the intruder to our systems and simultaneously strengthen our security to protect against future attacks. While these actions have and may continue to cause some service interruptions over the next few days, it was critical that these changes be put in place before we start the new academic year.

An important component of the initial plan entails strengthening passwords. I strongly encourage every member of our university community – faculty, staff, students, and administrators – to change the password associated with your WSU account. Please follow the instructions outlined in the frequently asked questions.

We take any threat to university information and that of our students, faculty, and staff very seriously. We continue to monitor this situation closely and will keep you abreast of any new details.

Thank you in advance for your patience and cooperation.

Sincerely,

Dan Bernardo