Letter from the CISO, Vol 2 Issue 6
Washington University Community:
High School Bodyguard?
When a friend’s daughter was in high school, she had written to a German exchange student who was coming to the US, writing about her kickboxing class and her job as a lifeguard at the neighborhood summer swim club. Unfortunately, when she translated “lifeguard” into German, she accidentally used the word for “bodyguard” instead (“Leibwächterin” instead of “Rettungsschwimmerin,” literally “life guardian” instead of “rescue swimmer”).
The exchange student arrived wondering how crazy American parents allow their teenage daughters to work as bodyguards and how fierce the daughter was going to be. She was very relieved to find that there was a mistranslation about the job. Although I’m pretty sure the daughter’s relative fierceness wasn’t changed very much.
Your Internet Bodyguard
In a recent issue of the CyberWire Daily Podcast, guest Jenny Brinkley of Amazon Security asserted that “you are your own best internet bodyguard.” She was talking about a new and highly entertaining set of short videos developed by the National Cybersecurity Alliance and Amazon called “Protect and Connect” (see www.protectconnect.com). I heartily recommend it! I just watched all four videos in less than ten minutes and repeatedly smiled broadly.
No One Wants to Worry About Self-Protection
While nobody wants to worry about self-protection, you are the only person who is always in a position to protect yourself from malicious actors trying to steal your personal information, passwords, money, and even your identity.
My elderly mother, who suffers from mild cognitive impairment in the form of terrible unassisted short-term memory, called me Saturday evening to say she had just received a call from a man who wanted to help her with her new Social Security Number (SSN). After chatting with him for some time, she wrote down what he told her was her new SSN and called me.
It took a little doing, but I was able to convince her that this was a scam – even though I don’t know exactly how it works. A few of the clues are:
- The IRS never calls anyone.
- The IRS certainly never calls anyone on a Saturday afternoon.
- If they wanted to issue someone a new SSN, it would be done via very official-looking U.S. Postal Service-delivered mail, with lots of references to the local SSA office, www.ssa.gov, and ways to ask questions.
So, even my mother – whom I can’t convince to ignore phone calls when she doesn’t recognize the caller ID – was suspicious enough not to fall for a pretty good con artist.
Looking Out for Number One
So, whether or not you’re a fan of BTOs (Bachman-Turner Overdrive’s) 1975 hit “Looking Out For #1,” you are certainly your own best Internet Bodyguard.
There are lots of bad guys trying to take advantage of all of us all the time, so take a few extra milliseconds to look for the tell-tale signs of phishing emails, especially if they try to grab your attention and hijack your amygdala with a sense of imminent loss and urgent need for action.
Update on my Friend’s Daughter
She is still smart, hard-working, tough as nails, and now happily working as an FBI Agent. Her parents are very proud of her.
Thank you for reading and being smart, tough members of the University’s Information Security team!
Good luck, and be careful out there!
-Chris Shull, CISO