Keeping Information Security Simple – Who’s your cyber security buddy?

Letter from the CISO, Vol 3 Issue 3

Washington University Community:

Welcome (back) to school!

A friend recently shared that her son was assigned a roommate with whom he seems to have nothing in common. They’ve recognized and embraced their differences and are enjoying better, richer experiences because of it.

This made me think that we all need friends to thrive in life and that Information Security would benefit from a Cyber Security Buddy system.

There are many technological defenses modeled after real-world ones. Today, I’m proposing something new – having a cyber security buddy or wing person.

Safety nets are all around

If you look, you will see there are safety nets all around us, both in the real world and online, with online models often emulating real world ones. Some of these safety nets include:

  1. Introductions by friends: The real and online worlds thrive on introductions from friends and colleagues we trust. These introductions serve as safe bridges between strangers and friends. In the online world, many dating services try to provide a similar service. By verifying identities and addressing complaints of abuse and misuse, dating services create a safer space for romantic connections to blossom. (Note that the rigor of the validation varies.)
  2. Strength in numbers: Once introduced, friends watch out for one another. In social outings friends make sure there is a designated driver, participants interact nicely, and everyone gets home safely. In online environments, reporting abusive, spam and phishing messages allow service providers to block them in mass and ban repeat offenders.
  3. Caring bosses and co-workers: At work, we can have bosses, co-workers, mentors, coaches, and accountability partners, all of whom help us achieve the group’s goals and avoid mistakes. In recruiting new employees, existing employees are often called up to vet the capabilities and behaviors of job candidates.
  4. Background Checks: Volunteer/professional coaches and youth activity leaders regularly undergo checks and training, reassuring parents that their children are in capable, responsible hands. At the intersection of the real and online worlds, ride- and accommodation-sharing services set a commendable example by conducting background checks on drivers and those who host rooms.

The list is short, but I don’t hear people talking about a wing person or buddy system in the cyber security world.

Regular “cyber buddies” refers to your friends over the Internet, via social media services like Facebook, email, or messaging service.

We need to blend these ideas together and make sure we all have cyber security buddies to talk to about cyber security safety and hygiene.

What is a cyber security buddy?

The idea of cyber security buddies or cyber wing people builds on the buddy system. It’s like how summer camps assign buddies to keep swimmers and hikers safe, or how fighter pilots have wing people to protect their flank. In short, a cyber security buddy serves as:

  • A wing person – Someone who helps ensure you aren’t taken advantage of. For example, I am the wing person for my elderly mother. The scammers who call her four times-a-day are frustrated when she refers them to me.
  • A cyber hygiene checker – Someone you can consult with to make sure your cyber hygiene is up to standards. (It isn’t polite to stink!) I’ve discussed the primary concerns in previous columns. Here they are in order of priority:
  1. Using 2-Factor Authentication everywhere you can, but especially for email accounts, Apple iTunes or Google accounts, bank accounts, cell phone service accounts – July 2021
  2. Using pass phrases & password managers – July 2021
  3. Being vigilant, skeptical and a little paranoid – August 2021
  4. Protecting physical security – September 2021
  5. Backing up important files – October 2021
  6. Enabling find my device service – November 2021
  7. Turning on automatic updates for everything – December 2021
  8. Privacy and security – January 2022
  9. Only using App Store & Play Store apps – February 2022
  10. Managing devices, including replacing them when they are no longer supported – March 2022

At WashU, we all benefit from a professional IT and InfoSec organization who serve as our wing person. It’s effectively an entire wing team! But just like in our private lives, we’re all better and stronger when we help one another and work together.

Call to action:

Please reach out to friends and family and create your own network of cyber security buddies!

If you need help with any of these ideas, please contact the Office of Information Security.

Thank you for reading, and being members of the university’s Information Security team, as well as a cyber security buddy!

Good luck, and be careful out there!

-Chris Shull, CISO