Privacy and Security
Use the tabs to navigate between different topics.
-
Privacy and Security
-
Keeping Your Computer Safe
-
Privacy
-
Phishing and Internet Scams
-
Password Protection
Privacy, Security, & Internet Safety
From strong passwords to sharing private information online, students need to learn how to interact with various online accounts and websites. It is important to teach and reteach the idea that whatever is posted or even texted is not private. You may have your settings set to private, but someone, somewhere, can get into your account.
Privacy & Security
"The privacy and security level of personal data published via the Internet. It is a broad term that refers to a variety of factors, techniques and technologies used to protect sensitive and private data, communications, and preferences" (http://www.techopedia.com/definition/24954/internet-privacy Links to an external site.).
Internet Safety
"Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general" (http://en.wikipedia.org/wiki/Internet_safety Links to an external site.).
View the following lesson to gain ideas for teaching students about privacy and security:
.
Keeping your Computer Safe
A Brief History of the Computer Virus
The first computer virus was written in 1971 and was spread on ARPANET, the predecessor to the Internet.1 The virus, known as "the Creeper", was experimental, but not malicious in nature. It didn't damage data, but displayed the playful message "I'm the creeper: catch me if you can".2
Canyons District IT Department Approach
Malware has come a long way since the Creeper. How does the Canyons District IT Department keep your computer safe? It depends on whether you are running a Mac or PC.
The Windows machines in the district have Microsoft Endpoint Protection, which provides virus and malware protection that is centrally managed.
According to Thomas Bailey, Canyon's system engineering team lead, "The Macs that are configured with district standards report various information back to a central location while they are on our network. Part of this information involves indicators of compromise, Adware, Malware etc. We then use this information to remotely cleanup bad files, programs or extensions in many cases.
"So, while this does not prevent infections in and of itself, since [August 29, 2017] I have removed well over a hundred instances of Adware/Malware that [employees] installed on their devices over the summer. So, the short answer is yes, the district takes both proactive and reactive measures to try and keep the Macs safe or remove Adware/Malware etc as we become aware of it. At times this may mean a Field Tech has run [anti-malware software]. In extreme cases, it may mean they need to re-image the machine. We also have teachers and staff self-report problems, at which point a Field Tech looks into it."
The First Line of Defense: YOU!
The human element of the equation is critical. Be cautious while on the Internet. With over a billion websites4 online, one cannot know if every website they visit is "reputable." It takes a bit of savviness, that we will explore in the following pages. First of all, avoid downloading anything unless you are sure of the source. All of the "download" buttons on this page came from the same website. There was a "real" download button on the page, but do you think all the extra download buttons might fool someone?
Free photo Helmets Spears Medieval Soldiers Defence Armour - Max Pixel3
Additional Information
Why don't we have anti-virus software on my Mac? Here's why Links to an external site..
1 "Computer virus - Wikipedia." https://en.wikipedia.org/wiki/Computer_virus
Links to an external site.. Accessed 31 Oct. 2017.
3 "Creeper (program) - Wikipedia." https://en.wikipedia.org/wiki/Creeper_(program)
Links to an external site.. Accessed 31 Oct. 2017.
3 Source: http://maxpixel.freegreatpicture.com/Helmets-Spears-Medieval-Soldiers-Defence-Armour-1125807 license: Copyright-Only Dedication (based on United States law)
Links to an external site.or Public Domain Certification
Links to an external site.
4 "Total number of Websites - Internet Live Stats." http://www.internetlivestats.com/total-number-of-websites/
Links to an external site.. Accessed 23 Oct. 2017.
Privacy
"We help make the Internet safer for everyone." - Google
"Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say." - Edward Snowden
Labeled for noncommercial reuse 1
Consider These Two Points of View
|
Derek 36 years old, holds a Master of Science in Finance. Married, father of two. Derek is not concerned about privacy. He says, "Look at what I get from Google, they store my photos for free. After a trip, they create a photo album of all the places I've been. I love it! I don't care if they are following me around, they are just making my life better! The ads I see online are exactly what I want to see, and it saves me time. They know what I want to buy! Why would I care or try to stop that? I'm not so important that I need to protect my privacy or hide from them. I don't have any secrets." |
|
|
Jennifer 42 years old, holds a Master of Science in Nursing. Married, mother of two. Jennifer is concerned about privacy. She says, "It bothers me that companies are collecting my data and following me around on the Internet and everywhere I go with cellular data." She adds, "what if these companies get hacked? Who gets my personal information then?" She says, "I find it a bit creepy when I look up something on Amazon, then I see adds for that everywhere else I go on the Internet." She also stated, "I gave up Facebook, because [among other things] I feel like there's privacy issues there too. They are always changing their privacy settings, I don't like their facial-recognition software, and I hate when people post pictures of my children." |
The "Right" to Privacy?
The Right to Privacy isn't specifically mentioned in the Constitution, but it is implied.2 Because of this, drawing clear lines and defining an American's right to privacy is complicated.
Many people use Derek's argument, known as the "nothing to hide" argument,3 to justify their point of view. Derek also recognizes that he is getting a benefit from companies for their "free" services, his personal data, but that doesn't bother him.
Jennifer, on the other hand, is uncomfortable with this trade-off. She wishes for more control over her privacy and has taken steps, like quitting Facebook.
What is Your Comfort Level?
Google is just one company, but here is what they collect about you:4
|
|
|
For more information about Google's data collection, read this article
Links to an external site. from CNN tech.
1 CCTV Cameras. Labeled for non-commercial re-use. http://newsfirst.lk/english/2017/07/steps-taken-install-cctv-cameras-garbage-dumped-areas/170768
Links to an external site. Accessed 10/27/2017
2 "Privacy - Legal Information Institute." https://www.law.cornell.edu/wex/privacy
Links to an external site.. Accessed 27 Oct. 2017.
3 "Nothing to hide argument - Wikipedia." https://en.wikipedia.org/wiki/Nothing_to_hide_argument
Links to an external site.. Accessed 27 Oct. 2017.
4 "Data Collection | How Google uses your personal ... - Google Privacy." https://privacy.google.com/your-data.html
Links to an external site.. Accessed 27 Oct. 2017.
Phishing & Internet Scams
Don't Be Fooled!
"Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money or your identity or both."2
Phishing1
You don't have to visit nefarious websites to encounter malicious content. Many sources of infection are delivered right to your inbox. Our district has multiple layers of protection from tainted email. Hover over a link in an email, and you might see something like this:
In this example, the link was rewritten and is being redirected to a "service where the URL and website is analyzed. If the URL is considered bad: The user will be shown a page informing them 'The website has Been Blocked!' If the URL is considered good: The user will be re-directed to the website."3 One cannot assume the link is not malicious, just because it has been scanned, but rather it did not register as a known "bad" site and did not get blocked (yet). The link may be perfectly fine.
This is where the human element comes into play. Is the actual sender known to you and did you expect this email? In any case, remember this:
We know there are known malicious sites, we know there are unknown malicious sites...
https://ed.ted.com/on/NKdm2e5Q
1 Phishing | Todos los meses se crean 1,4 millones de páginas … | Flickr : taken from - https://www.flickr.com/photos/135518748@N08/37003549720/in/photolist-YnSS9y-dCYJt9-ganU1-fHp5v-7KY2PW-4btXzV-fHp5H-6xKgdf-4rx7uM-67duw7-7FwPc-6NKr-f7CSv-7e8x8K-9PbNme-5Q3VH4-67duz7-72huXw-fBNnVQ-7VBCxR-juHAH-67duEL-4GXKK-T6igTd-5SLDqJ-kBg1F2-2qcjb-qDmC9-3KyVBv-ezkEfV-4bxZVJ-azJzRG-8X9jwv-ganU4-8kvtRM-g3PiW-pbHZ8-bt7w8C-56zgjE-aR2VV-RJytDa-7jJsv-x9zYUh-22JyBg-64Aii3-f2jqb5-7uYNdB-bYAFo-5JN61-7CbZKw
Links to an external site. Author: portal gda https://creativecommons.org/licenses/by-nc-sa/2.0/
Links to an external site.
2 "Phishing | Consumer Information - Consumer.FTC.gov - Federal Trade ...." https://www.consumer.ftc.gov/articles/0003-phishing
Links to an external site.. Accessed 31 Oct. 2017.
3 "URL Defense FAQ's - Proofpoint Essentials Support." 16 Sep. 2015, http://support.proofpointessentials.com/index.php?/Knowledgebase/Article/View/170/34/url-defense-faqs
Links to an external site.. Accessed 23 Oct. 2017.
.
Password Protection
Is Your Password '123456'?
If it is, you are not alone. According to an analysis of 10 million passwords publicly released from data breaches in 2016, about 17% of accounts were "protected" by this password.2 In 2016, there were a record-setting 4,149 data breaches exposing more than 4.2 billion records.3 Hackers will hack, so what can you do about it?
1 Title : File:Steal password.jpg - Wikimedia Commons
Unfortunately, you can't stop the hackers. You also can't stop companies from irresponsibly storing your account information (like Experian, for example). In fact, up to 90% of last year's hacks were preventable!3 Here's an interactive list Links to an external site. of the world's biggest data breaches. What you can do is protect your data with a strong and unique password.
Manage Your Passwords
In an informal survey of friends, family, and colleagues, almost all respondents re-use passwords. Most have about five "go to" passwords, and they all believe their passwords are secure. The reality of this scenario is if your password is exposed on one site, it is vulnerable on EVERY site where it was re-used - even if you have a 64-character password that is full of random characters. To be safe we need unique, strong passwords for every account we have. For the record, a "strong" password is as long as allowed, and made up of a mixture of upper and lower-case characters, as well as numbers and special characters (~!@#%...).
Safe, Vault, Lockbox, Safekeeping4
How does one manage to remember dozens and dozens of unique passwords? A password manager. But wait, why should you "put all your eggs in one basket"? What if the password manager gets hacked? Here's why...
|
They think about, read about, talk about, and tell jokes about password security. These are really one of the LAST places you need to worry about getting hacked.5
Password Managers
There are lots of password managers out there for you to consider, but here are a few popular ones to get you started.
*Bias Alert! I put my favorite at the top of this list because I use it, it's free, and it's open source.
| Tool | Cost | Open Source* |
| free | Yes | |
| free, no syncing after 1 month or $3.33/mo | No | |
| 30-day trial, $2.99/mo after that | No | |
| free | No |
*Open Source means that the code is publicly shared on platforms like GitHub Links to an external site.. While this may seem like a security risk, it actually improves security because anyone can review, audit, and contribute to the codebase of open source software. This makes it possible for someone to "spot and correct errors or omissions that a program's original authors might have missed."6
1 Title : File:Steal password.jpg - Wikimedia Commons. Source: https://commons.wikimedia.org/wiki/File:Steal_password.jpg, license : Attribution-ShareAlike 3.0 Unported
Links to an external site.
2 "What the Most Common Passwords of 2016 List ... - Keeper Blog." 13 Jan. 2017, https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
Links to an external site.. Accessed 1 Nov. 2017.
3 "Data Breaches Exposed 4.2 Billion Records In 2016 | Investor ...." 30 Jan. 2017, http://investordiscussionboard.com/boards/wavxq/data-breaches-exposed-42-billion-records-2016. Accessed 1 Nov. 2017.
4 Title : Free vector graphic: Safe, Vault, Lockbox, Safekeeping - Free Image on Pixabay - 30110. Source: https://pixabay.com/en/safe-vault-lockbox-safekeeping-30110/, license: Copyright-Only Dedication (based on United States law)
or Public Domain Certification
Links to an external site.
5 Full disclosure: It has happened. Read about it here: "How secure are password managers? - CBS News." 22 Jun. 2015, https://www.cbsnews.com/news/in-wake-of-lastpass-hack-how-safe-are-password-managers/
Links to an external site.. Accessed 1 Nov. 2017.
6 "What is open source software? | Opensource.com." https://opensource.com/resources/what-open-source
Links to an external site.. Accessed 2 Nov. 2017.