Skip to content

Category: GW Community

Cyber Monday Tips for Staying Secure

Following the excitement of Black Friday, Cyber Monday continues the holiday shopping spree. However, with the surge in online transactions, individuals must remain vigilant against shopping fraud and scams  (7 MIN READ besecurityaware.com) – especially if you’re using your work computer. No one wants to be the one who infected their workplace with a computer virus while doing online shopping on their work computer. Continue to watch out for these common holiday shopping scams which involve fake delivery notifications and deals that are too good to be true. (Video content from besecurityaware.com)

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

2026 EDUCAUSE Top 10 - #1 Collaborative Cybersecurity

Cybersecurity is no stranger to the EDUCAUSE Top 10, but this year, technology and cybersecurity leaders are zooming in on the partnerships they're building with institutional stakeholders as the focal point of their efforts. Collaborative Cybersecurity is issue #1 in the 2026 EDUCAUSE Top 10.  You can explore the Collaborative Cybersecurity item at the EDUCAUSE site

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Link

November and December Cyber Talk Schedule

Please follow the links below to view event details including description and registration links.

Cyber Talk – Phishing / Social Engineering @ GW

Holiday Deals or Steals? Avoiding Online Shopping Scams (externally provided webinar) November 19, 2025 at 2:00 PM

Cyber Talk – CyberSafe Travel

Cyber Talk – Creating and Managing Secure Passwords December 11, 2025 at 11:00 AM

Cyber Talk – Lock It Down – Mobile Device Security December 16, 2025 at 1:00 PM

We hope to see you at one or more of our events.

GW IT Security Hippo mascot holding a lock This content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

Published on

🚨 Watch for Malicious Google Calendar Invites

GW users reporting suspicious calendar invitations from people they do not know. For more information see this blog post for more details Watch for Malicious Google Calendar Invites

GW IT Security Hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

Link

CyberSafe Tips for GW's extended community - #SecuretheGenerations

Please checkout our Cyber Talks and other events throughout Cybersecurity Month!  

Take a look at the tips for your own and other generations - each tip sheet has generalizations (admittedly) as well as 'Fun Facts'. Most importantly, each tip sheet highlights risks faced, common security threats, and recommendations. Supporting our shared role in creating a CyberSafe GW there are suggestions on how each generation can support the other generations in being more secure.

The attached 1-pager highlights items from each of the detailed tip sheets above. These materials were provided by the SANS Institute 

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Link

National Cybersecurity Alliance Post: Meet the Core 4+: Cybersecurity Practices

(7 MIN READ)

1. Use long, unique, and complex passwords (and a password manager!) 

Your passwords are the first line of defense between a criminal and your sensitive information.   Here’s how to have amazing passwords

  • Every password must be long, unique, and complex. Nowadays, every password should be at least 16 characters long, which significantly overwhelms password-cracking programs. Use a random mix of letters, numbers, and symbols. And every account needs a unique password.      
  • Don't reuse passwords! Every account needs a unique password. Unfortunately, making little changes, like adding numbers or switching out an S with a $, doesn't count as a unique password. 
  • Use a password manager to store and generate strong passwords. If you're wondering how to manage so many unique, long passwords, the answer is a password manager! There are many free, secure options. Password managers are the safest way to store your passwords. If you prefer to keep a password notebook, treat it like cash. 

2. Enable multifactor authentication (MFA)

Multifactor authentication (sometimes called 2FA) adds an extra security layer by requiring something more than just your password to log in. Think of it as using two locks on your digital door instead of only one. This could be:

  • A one-time code sent to your phone
  • A biometric scan like a fingerprint scan or FaceID
  • A physical security key

Enable MFA on your accounts – especially email, banking, and social media. It’s a simple way to supercharge the security on your accounts. Also, never share MFA codes with anyone – this includes not sharing them over the phone, through texts, or via email. Only scammers will ask for MFA codes.

3. Keep software updated 

Software updates don’t just bring new features. They often fix security flaws that criminals exploit.   It usually takes a few minutes, but updates are worth it. Here are some tips:

  • Turn on automatic updates when possible for your devices and apps – you can usually find these options in your Settings menu. 
  • Install updates promptly for your operating systems, browsers, antivirus tools, and apps.
  • Don't click Remind Me Later – the security is worth it. 
  • Remember your phones, smartwatches, and tablets are computers – keep these devices updated as well!

4. Watch out for phishing and scams 

Phishing remains the most common online threat. Criminals send fake emails, texts, or social media messages to trick you into revealing sensitive information or clicking malicious links. These messages aim to get you to click before you think by playing your emotions. Scammers will even call you! Here's how to look out for phishing and scams

  • Be highly skeptical of unexpected messages, especially those urging immediate action or asking for personal details.
  • Phishing emails can light up positive emotions ("You've won our sweepstakes!") or negative ones ("You've been hacked!"). 
  • Don’t click suspicious links or download unexpected attachments. 
  • Report phishing attempts to your email provider, social media platform, or IT department. 
  • If you're unsure if a message is legit, ask a friend, coworker, or family member. A second set of eyes can be invaluable in spotting scams.  
  • The full online article includes 6 additional tips

Content Originally Published July 22, 2025 by: National Cybersecurity Alliance Logohttps://www.staysafeonline.org/

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Link

Huzzah - October is Cybersecurity Awareness Month

GW Information Technology (GW IT) invites you to celebrate Cybersecurity Awareness Month with us and the National Cybersecurity Alliance (NCA). This year’s theme, CyberSafe GW, highlights the shared responsibility we all have to protect ourselves and the university from online threats. Small actions like using unique and strong passwords, updating software, and staying vigilant can make a difference.

During the month of October, GW IT will host a series of virtual and in-person events for the GW community at various technical levels. Cybersecurity Awareness Month events will provide you with valuable insights and skills to implement best practices, reducing the risk of data breaches and cyberattacks. In person events will feature question and answer sessions, giveaways, and games. There are also several external events, including games, being sponsored by NCA. Together, we can build a safer, more secure digital community.

A full Listing of our events is on our Event Details page.  Highlighted events include:

We hope to see you at one or more of our events.

https://www.staysafeonline.org/

GW IT Security Hippo mascot holding a lock This content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Published on

Campus Safety Magazine highlights the threats posed by malicious QR codes in the article: What is Quishing and How Can Schools Defend Against it?

“Quishing” is phishing using a QR code, and it is slipping through the defenses of companies and K-12 schools alike. Campus Safety
example QR code image
 

Most people are familiar with phishing, which involves scammers sending targeted emails with malicious links to an unsuspecting individual. The average cost a data breach has been rising by 10% worldwide in recent years, and it now stands at $4.9 million in 2024 for one breach. Phishing, in particular, is the second most common attack vector with 15% of all breaches attributed to it. Now, a newer type of scam is gaining traction, which is born out of phishing. “Quishing” is phishing using a QR code, and it is slipping through the defenses of companies and K-12 schools alike, making customers inadvertently give up their financial information. Some huge banks worldwide, such as HSBC and Santander, have joined forces with the U.S. Federal Trade Commission and National Cyber Security Centre to raise concerns about the rise of these attacks.

(Campus Safety January 3, 2025 Charlie Sander)

unofficial GW hippo mascot holding a lock

This content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

Link

Sophos - State of Ransomware in Education 2025 - White Paper Released

EDScoop summarizes an August 2025 Sophos report on Education sector ransomware and suggests "Education sector improving on ransomware, but IT teams are stressed, report shows" (article link on edscoop.com)

The article notes that “Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” Alexandra Rose, Director, CTU threat research at Sophos, said in a press release. 

The Sophos white paper State of Ransomware in Education 2025 is available to the GW Community Sophos Whitepaper  (linked PDF file). 

The impacts of ransomware the report notes go beyond services interruptions and potential financial payments.  The report notes the Human impact of ransomware on IT/cybersecurity teams:

  • 41% of education sector-based IT/cybersecurity teams reported increased anxiety or stress about future attacks.
  • 40% reported increased pressure from senior leaders, while 31% reported increased recognition.
  • 38% cited both a change of team priorities/focus and an ongoing increase in workload as impacts on their IT/cybersecurity team.
  • 37% reported changes to the team/organizational structure because of the incident.
  • One third (34%) said the team experienced feelings of guilt that the attack was not stopped in time.
  • 31% of teams experienced staff absence due to stress/mental health issues related to the attack.
  • In one quarter of cases, the team’s leadership was replaced as a consequence of the attack.

The Sophos report also notes attackers are interested in data theft in addition to encrypting it "19% of all [higher education] victims, and 33% of those with encrypted data, reporting data theft,".  Interestingly the report also notes: "97% of education providers [sector wide] that had data encrypted were able to recover it." either through backups or ransom payment.

  • Among higher education providers, only 47% used backups to restore data, a sharp drop from 78% in 2024, placing the sector among the bottom three for backup use. This may be due to the decentralized IT infrastructure, complex data environments, legacy systems, and inconsistent backup practices often seen across higher education institutions.
  • 54% of higher education providers paid the ransom and got their data back — slightly above the 49% cross-sector average, but a welcome decrease from the 78% recorded in 2024.

The Sophos white paper reports the "median ransom demanded dropped in 2025 (right column below) compared to 2024 (left column below)

The report also notes that the median payments are decreased from 2024 (left column to 2025 right column)

The data analysis also suggests payments were lower than the initial demand for several reasons. "39 higher education providers that paid less than the initial demand explained how they were able to lower their payment:"

  • 59%: We negotiated a lower amount with the attackers (the highest percentage recorded against this factor in this year’s survey).
  • 46%: We paid the ransom quickly, so we got a discount.
  • 44%: The attackers reduced their demand to encourage us to pay.
  • 41%: A third party negotiated a lower amount with the attackers.
  • 38%: The attackers reduced their demand due to external pressures (e.g., from the media or law enforcement).

Recovery times for higher education institutions impacted by a ransomware attack have improved, with 59% of higher education institutions reporting being "fully recovered" in under 1 week.

 
 
Finally, the Sophos white paper State of Ransomware in Education 2025 provides several recommendations.  GW IT Security is continuing to work through each of these focus areas with several new initiatives underway.  Everyone at GW can assist by being informed (see our events listing as well as our awareness guides and learning resources), coordinating with GW IT on service design including disaster recovery planning that includes plans, exercises, and specific backup and recovery strategies. 
 

Recommendations

Although education providers have experienced several changes in their encounters with ransomware over the last year, it remains a significant threat. As adversaries continue to iterate and evolve their attacks, it’s essential that defenders and their cyber defenses keep pace with ransomware and other threats. Leverage the insights in this report to fortify your defenses, sharpen your threat response, and limit ransomware’s impact on your business and people. Focus on these four key areas to stay ahead of attacks:

Prevention. The most successful defense against ransomware is one where the attack never happens because adversaries couldn’t breach your organization. Take steps to eliminate the technical and organizational root causes highlighted in this report.

Protection. Strong foundational security is a must. Endpoints (including servers) are the primary destination for ransomware actors, so ensure that they are well defended, including dedicated anti-ransomware protection to stop and roll back malicious encryption.

Detection and response. The sooner you stop an attack, the better your outcomes. Around-the-clock threat detection and response is now an essential layer of defense. If you lack the resources or skills to deliver this in-house, look to work with a trusted managed detection and response (MDR) provider.

Planning and preparation. Having an incident response plan that you are well versed in deploying will greatly improve your outcomes if the worst happens and you experience a major attack. Be sure to make quality backups and regularly practice restoring data from them to accelerate recovery if you do get hit.

 

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.  This information is provided for reference and awareness purposes.  References to external organizations, products, and reports do not constitute endorsement or validation of the views, conclusions, or recommendations they contain.

 

 

Link

7 Mobile Security Threats

With increased mobile usage comes increased security threats. Recent statistics show that more than 60% of digital fraud cases are initiated via a mobile device. An unsecured mobile device can become an access point for countless malicious attacks.  Learn more at our Cyber Talk – Lock It Down – Easy Steps to Secure Your Mobile Device Cyber Talk on September 18, 2025 at 10:00.  Register Now for the  Zoom Session

Malicious applications and websites

Just downloading a malicious application or visiting a malicious website may be enough to infect your device and the network it is connected to. The website or application may attempt to install malware on your device, or they may prompt you to allow an install that looks legit but is in truth malicious.

Applications with weak security

Apps with weak security put your data at risk. They do not offer adequate encryption for stored data or data in transit. This can result in identity theft, intellectual property theft, or loss of GW or personal data.

 Data leakage

Data leakage is a slow data breach that can happen in two ways:

  • Physical leakage via sharing or theft of portable storage devices, such as USB drives or external hard drives
  • Electronic leakage when connecting to public WiFi or other malicious or compromised network. With mobile devices, this can be a result of giving apps too many permissions. Review our Device Security Learning resources for more information.

Mobile ransomware

Mobile ransomware does what it sounds like. It will hold your device at ransom, requiring you to pay money or information in exchange for unlocking either the device, certain features, or specific data. You can protect yourself with frequent backups and updates.   

Phishing

Phishing attacks most commonly target mobile devices because people seem more inclined to open emails and messages on a mobile device than on a desktop. Part of the reason is that the smaller screen only shows a partial sender name or subject line, making it harder to identify suspect emails.  See our Phishing – Learning resources for more information.

Unsecured, Public and Spoofed WiFi

Using public Wi-Fi networks presents a risk, as they are often unsecured. This can allow hackers to intercept the data transmitted between your device and the Wi-Fi access point, potentially gaining access to critical personal and business information.  Network spoofing happens when malicious parties set up fake access points that look like a legitimate Wi-Fi network that users can connect to. These traps are set up in high-traffic areas frequented by employees using their mobile devices to connect to work-related applications or systems. A common trick is to offer "free" Wi-Fi if users set up an account first. The goal is to access passwords and other personal data.  See our CyberSafe Travel Resource Page  for information on network security as well as other security tips while traveling around DC or in far away place. 

Identity theft

Since mobile devices often carry personal and financial data, a compromised device can lead to identity theft. Malicious third parties can steal this data electronically or by physically stealing your device.  See our Compromise Recovery – Guide for information on what to do if you think your identity has been stolen.

Quick Tips to Improve Mobile Security

  • Lock screen with PIN/password/biometrics * **
  • Use Strong Passwords and a Password Manager
  • Keeps Apps and Devices Up-to-Date - Enable automatic software updates *
  • Use Two-Factor Authentication (2FA) - Everywhere its available
  • Double-Check That Link Before You Click
  • Review and manage app permissions - read privacy policies *
  • Turn off Wi-Fi/Bluetooth when not in use **
  • Avoid When On Public Wi-Fi - Use VPN if you must access public WiFi **
  • Don't Jailbreak Your iPhone - Install apps only from official stores - read reviews and privacy policies
  • Use secure messaging apps
  • Enable SIM card lock
  • Don't Store Sensitive Info on Your Phone - Especially while traveling and always Use a Passcode
  • Enable Find My Device

 

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.