WSU cuts phishing bait with fresh passwords

From staff reports

WSU administrators and IT professionals have made a significant amount of progress in enhancing the university’s IT security profile, according to an email sent by the Office of the Provost Monday morning to student emails.

As a result, WSU will begin requiring password rotation for system users. The rotation is in accordance with the existing Executive Policy 18. Users who have not reset their passwords since Aug. 20 will be required to make the change.

The email was signed by interim co-provosts Erica Austin and Ron Mittelhammer, and interim chief information officer Matt Skinner.

After gaining information from an initial forensic investigation, a series of tactical activities were deployed, they wrote. These activities were designed to disrupt and evict intruders, eliminate compromised communication channels, and strengthen WSU’s security profile through its ability to detect and protect against future attacks.

Changes include new technology tools that assist in the detection and prevention of threats against the university’s system.

“To date, these efforts have proven effective in isolating and eliminating the current threat from our systems,” the email read.

The Office of the Provost stated that security processes will continue to expand and grow so that the university can keep up with threats.

In spite of preventative efforts by the university, reports of cyberattacks have increased in recent months. As a result, a number of federal agencies have begun to tighten their internal protocols for sending and receiving emails, according to the email. Higher education partners are included in these agencies.

Some of these agencies have blocked email communication with WSU, and faculty and staff performing research activities are being impacted.

Because of this, the university is working to educate those agencies on what work IT officials have accomplished in regards to strengthening security protocols.

The Office of the Provost expects full email communications to be restored soon. As a result, office administration suggests making a phone call to federal partners to ensure any information has been received.

A temporary, secure cloud email service for faculty and staff with research-related email correspondences associated with federal and other outside organizations has been established.

Individuals who suspect their emails are being blocked should contact their area technology officer. If necessary, the officer will provide access to the temporary system.

The university will continue to work with IT professionals within the next few weeks to make the new security tools and protocols fully operational. As this work is done, the Office of the Provost encourages users to click intelligently.

When the validity of an email’s source is in question, a local IT professional should be contacted before the attachment or hyperlink is accessed. Clicking suspicious links puts the user and the university at immediate risk for cyber-theft.

Reporting by Lance Lijewski