When the WashU Information Security Office and Shared Infrastructure staff noticed suspicious activity on WashU servers last month, IT leadership elevated the situation to ‘high alert’ status. It became an all-hands-on-deck incident management event with staff representing teams across WashU IT and the OCIO joining together to secure the WashU environment with minimal impact to users.
Within the first few hours of the alert being issued, staff had gathered in two conference rooms in the 4480 building. Teams simultaneously investigated the impact of the incident, identified solutions to fix the vulnerability, notified and updated School of Medicine IT directors and devised a communication plan for change management and campus awareness. In a matter of days, the team had installed a new VPN service and implemented a two-factor authentication requirement for access. This included coordinating with School of Medicine IT directors in notifying 15,000 School of Medicine students, faculty and staff about the new requirement in the week before a holiday.
The cross-functional incident management team worked around the clock, many well past midnight and over the holiday weekend, to secure the University’s systems and manage service calls about WashU 2FA enrollment. Project Manager Alesya Bernatskaya opened an around-the-clock call line for members of the incident management team and School of Medicine IT directors and the team also communicated on Microsoft Teams throughout the ordeal.
It was a shining example of the IT@WashU value ‘The Power of WE’.
This week, WashU IT and OCIO staff continue to serve users by providing on-site walk up WashU 2FA assistance with a WashU IT tech table in the Link on the School of Medicine Campus.