An Information Security publication for the WPI community.
In this issue:
- Meet Our New CISO
- Phishing Exercise for Employees
- Privacy for M365 Teams and Groups - ACTION NEEDED
- Security and Architecture Consultations
- Beware Tax Scams
- AUP Explained
Meet LeeAnn LeClerc, CISO
LeeAnn LeClerc has recently been named our new Chief Information Security Officer (CISO). Leading the Information Security and Architecture teams, LeeAnn is an advocate for the institution’s total information security needs. She is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the university, as well as day-to-day protection and monitoring of WPI's identity and access management, network, and data. She also works with Vijay Menta, VP for IT & CIO, and the Technology Committee to develop strategic initiatives that strengthen our security posture and support university goals. LeeAnn has over 25 years working in Information Technology and holds a CISSP. She joined WPI in 2019 as an Identity and Access Management Security Engineer and has served as interim CISO since August 2022.
Phishing Exercise for Employees
Phishing schemes are getting more sophisticated! Not all are as obvious and riddled with errors as were typical past attempts. Reinforcing training with simulated real-life examples helps strengthen phishing recognition. This, in turn, helps to protect WPI's accounts and data.
Last November, Information Security launched the first phishing exercise to employees' WPI inboxes. Recipients were able to practice skills to avoid phishing in real time! We plan to continue phishing exercises for the community. This is not meant to “catch” you, but to create a hands-on experience to head off a phishing attempt. If you do fall for the fake phishing, it will not cause any harm, and you'll be directed to resources to help recognize phishing attempts.
At any time you can report a suspicious email message by forwarding it to firstname.lastname@example.org or using the recently implemented report phishing button in Outlook. Thank you for your cooperation as we work to improve security awareness at WPI!Report Phishing
Are Your Teams and Groups Private or Public?
Microsoft 365 Teams sites and Groups mailing lists are popular here at WPI, with over 1,000 in use. It is important to consider what information you are sharing through these tools, and set to private where appropriate. Only unrestricted data can be included in Public Teams and Groups, which are accessible by any @wpi.edu account. For more details and instructions, please visit this February news item:Check Privacy for Microsoft Teams and Groups
New Product + Security Consultation = Success!
As FY 23 winds down, are you preparing an end of year purchase that requires WPI login, network connection, or other IT support? Please consult with us on security and architecture prior to purchasing for a successful implementation.Contact Information Security
Beware Tax Scams
It's the time of year when cybercriminals pose as the Internal Revenue Service (IRS) to try to acquire critical personal information such as your social security or bank account numbers. Learn about legitimate IRS communications and more in Tax Time Security offered by staysafeonline.org.Tax Time Security
AUP Explained: No Cryptocurrency Mining
Wonder why cryptocurrency mining is prohibited on the WPI network? It is because the WPI network and connected devices may not be used for commercial use or personal gain. Likewise, users may not resell WPI computing or networking resources. Following these provisions in the Acceptable Use Policy (AUP) protects our academic licensing and contributes to network security. If you have AUP questions, please consult with us!WPI Acceptable Use Policy