As the Chief Information Security Officer (CISO) for Chapman University, I’d like to share a compelling tale of two employees with contrasting approaches to their work and cybersecurity practices. In the ever-evolving cybersecurity landscape, the story of the turtle and the hare takes on a new meaning. This story highlights the importance of diligence and caution in safeguarding digital assets and serves as a reminder that sometimes slow and steady indeed does win the race.

This is a story of two workers at a busy university in a coastal state. They were peers in the same department and did similar jobs. However, their approach to their work was quite different. One was fast and brash, and the other was steady and meticulous. A new management position had opened at the university, and both had applied and interviewed for the job.

Shelby Tortoise was an exemplary employee. Her coworkers and managers described her as reliable, dependable, and effective. Shelby took pride in doing an excellent job, and she took her cyber hygiene seriously. She used a unique password based on a passphrase for each of her account logins and MFA/2FA for all her accounts. Being safe was more important than being fast.

Bugsy Hare liked to get things done fast, even if it meant cutting corners. This included his approach to cybersecurity. Instead of following best practices for password management, like not using the same password for different logins, he used the same simple password for all his accounts, both at work and in his personal life. He figured it was easier and faster to get his work done this way, and besides, who’d want his identity? MFA/2FA, why bother? It added a few more seconds to logging in, which was too slow for Bugsy. On a few accounts like his work ones, he used SMS text messaging because it was faster than the authenticator app on his phone.

As we wrap up this first part of our story, remember that the choices we make in our daily routines can have significant impacts on our cybersecurity. The tale of Shelby Tortoise and Bugsy Hare is just the beginning. Stay tuned for Part 2, where we’ll dive deeper into their journeys and uncover more valuable lessons on protecting our digital assets effectively. Don’t miss out on the next chapter of this compelling story—visit IS&T’s blog space for the continuation!

Next part: Check out IS&T’s blog space for part two (coming soon).

As always, if you suspect something, report it to abuse@chapman.edu.

 

Stay safe, stay vigilant!

Keith Barros

Chief Information Security Officer (CISO)

Chapman University