Many employees shifted to working from home over the last two months in response to the COVID-19 pandemic, creating dramatic changes to Washington State’s information technology environment. The information security threat landscape has also changed across many industries, including higher ed, as threat actors are heavily leveraging the COVID-19 crisis.
Cyber threat actors are sending emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19. — Cybersecurity and Infrastructure Security Agency (CISA) » More …
Delayed from its original March 16 implementation, multi-factor authentication (MFA) for more WSU applications including Office 365, Blackboard, Adobe, Cougar Card, and more, is now rescheduled for the evening of August 4.
Why MFA? Why Now?
With more than 80% of all data breaches being due to compromised individual login credentials, MFA is the reigning security standard across many industries including higher education, healthcare, defense, and finance.
Universities such as WSU are a prime target for cyber criminals due to the collaborative access provided between user accounts. A single university account holder might have direct access to sensitive information across multiple academic and business departments including research, payroll, student data, and more.
As if security concerns were not substantial enough with the usual bad characters, the introduction of CoVid-19 brought even more determined malicious actors. These criminals are looking to capitalize on weakly guarded personal and organizational data, hoping to benefit from individuals working remotely without institutional network security. However, WSU’s Information Security team is ready with implementation of MFA across more than 90 additional university applications. The full list of applications can be found on the ITS website at its.wsu.edu/mfa. » More …
To address the growing disruption due to Zoombombing, Information Technology Services (ITS) has implemented the following changes shown below. More information may be shared as we go forward, however ITS wants to allow time for everyone to review and address these needs prior to next week’s scheduled classes and meetings.
Increased Security in WSU’s Zoom Environment
The following security changes are now in place:
Removed all user access via web browsers and require access via Zoom’s desktop or mobile application only
Required authentication for all Zoom users to access WSU Zoom resources
Embedded password protection by default for new meetings that will be scheduled going forward
Zoom-generated URL includes an embedded password. Meeting attendees require no extra steps to join a meeting, they can simply click the link as usual.
Users can opt out of this default setting, however they will reduce security protections of any future scheduled Zoom meetings.
Effective immediately, Microsoft has implemented a temporary change to accommodate new growth and demand during these unprecedented times. Affecting all students, staff and faculty using Teams, this change is a temporary adjustment to Office document behavior within Microsoft Teams. See below for more information: » More …
With the necessary shift to Zoom instruction during CoVid-19 containment resulting in almost 7,000 Zoom meetings and close to 53,000 participants on the first day of classes yesterday, we are seeing instances of Zoombombing, or individuals joining an open meeting and disrupting the class by sharing their screens.
While support teams explore options to resolve this with the least interruption to teaching and learning needs, course instructors and schedulers can follow one of the two simple steps in the Knowledge Base article linked below to disable screen sharing for participants during Zoom sessions. » More …
Washington State University is experiencing increased risk of information security threats due to malicious actors taking advantage of the CoVid-19 situation. Washington State Chief Information Officer James Weaver shared the following information regarding a new phishing email threat that is based on people’s fears surrounding the coronavirus.
Please share this information with fellow WSU staff, faculty, and students in your areas. Also, please forward any instances of emails received that reference the coronavirus to firstname.lastname@example.org. Standard security practices should continue to be followed, including never clicking on links within emails from unknown sources.
In consideration of the burden our university community is experiencing with recently announced changes due to CoVid-19, Information Technology Services (ITS) has shifted its entire focus to supporting continued university functions for all of our students, faculty, and staff. » More …