Keeping Information Security Simple – The Only Constant in Life is Change

Letter from the CISO, Vol 1 Issue 11 Washington University Community: There are only two things to worry about—that things will never get back to normal, or . . . that they already have. In other words, the only constant in life is change, and Information Security is no exception. I sometimes worry that I […]

Keeping Information Security Simple – Device Management – March 2022

Letter from the CISO, Vol 1 Issue 10 Washington University Community: This month I’m going to bore you with another really basic idea: that everyone needs to manage their devices. I can almost hear you yawning when I write those words, but it’s essential and not quite as easy as you might think. Step 1: […]

Keeping Information Security Simple – Isn’t there an App for that?

Letter from the CISO, Vol 1 Issue 9 Washington University Community: This month I’d like to warn you about dangerous applications and Internet services, and four things you can do to avoid problems. Many experts focus on iPhone/iPad/iOS and Android devices, but PC and Macs are also vulnerable to malicious applications, so I’ll speak about […]

Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!

Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]

Keeping Information Security Simple – Automagically update everything!

Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]

Keeping Information Security Simple – Backup, Backup, Backup

Letter from the CISO, Vol 1 Issue 5 Washington University Community: Many years ago, a respected colleague told me that for her, the ultimate security was knowing that she could get her data back if something bad happened. This was a bit of a shock to me, as I was young and inexperienced enough to […]

Keeping Information Security Simple – Physical Security Comes First

Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]

Keeping Information Security Simple – Be Skeptical and a Little Paranoid

Letter from the CISO, Vol 1 Issue 3 Washington University Community: “Keep Information Security Simple” has been my motto for nearly a decade. This month, I’d like to share an important thing that everyone can do to improve our security—slow down, just a little bit because haste makes good people fall for bad tricks. In the first […]

Keeping Information Security Simple – Multi-Factor Authentication

Washington University Community: Thank you for the positive feedback on June’s first issue of our new Information Security Bulletin, “Secured!” If you missed it, you can read it and other articles of interest at https://informationsecurity.wustl.edu/blog/. For almost a decade, I’ve been trying to “Keep Information Security Simple” (KISS) for my clients, employers, and friends. KISS is […]

Letter from the CISO – Everyone is in InfoSec

Washington University Community: I welcome you to this inaugural edition of our new Information Security Bulletin. My primary goal for the bulletin is to empower every member of our community to do their part in protecting us from cybersecurity attacks. A few years ago, the CISO for a health system was asked how many people […]

Welcome to Cybersecurity Awareness Month from CISO Kevin Hardcastle

Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online.  Now in its 17th year, Cybersecurity Awareness Month is observed around […]