Within schools we have a wide range of programmes designed at preparing students for the increasing technological and digital world in which they both already live, and will live in the future. E-Safety, digital citizenship or digital leader are just some of the terms used in schools. But what exactly should we be covering? The below represents my thoughts on the areas and discussions we should be having with students. My focus has been on older students in their A-Level years however I would envisage that content would be embedded throughout a student’s schooling building up to the more complex concepts which require the greater cognitive ability and maturity of their mid to late teens.
Before I move on I think it is worth considering the term, digital citizen, which is often used, including by myself. I saw a posting from Matthew Lynch (2018) on The Edvocate website which suggested we should refer to students as digital leaders as opposed to digital citizens. I acknowledge the benefit in suggesting students have the opportunity to be leaders when dealing with technology, to create content rather than just consume, however I now wonder about the “digital” distinction. Is it possible to be part of our current world without interacting with technology? Other than retiring to the forest, living as a hermit in a tent and making a living from arts and crafts, I am not sure it is, and I suspect less than 1% of the student population would ever consider this a viable option. As such, if technology is simply now part of life, are our students not just citizens? Is discussion, training and teaching in relation to technology now simply part of preparations for day to day life? And if so, where does this fit into the curriculum? Does it sit inside IT or computing lessons, in citizenship or PSHE, in a separate distinct subject or across all subjects? My belief is that it fits into all of the above. I believe it is best taught distinctly as well as across all subjects. It should be part of the whole school experience.
This has been around as a topic area of IT curricula for some years. Generally, the focus is on basic IT security such as passwords as well as remaining safe online by setting privacy settings and taking care as to what data about yourself you make available online. Students are also introduced to the concept of viruses, malware and phishing among other areas.
I find it interesting that when students are individually surveyed a very large proportion, 90% plus, identify themselves as confident in their knowledge relating to remaining safe online. In smaller group sessions focussed on digital citizenship I found them to be less confident. I suspect in the smaller sessions they are more self-conscious and therefore answer cautiously. Either way I find their confidence concerning especially around IT security.
When introducing students to HaveIBeenPwned I repeatedly found around a third of students have had details leaked as part of a data breach they weren’t even aware of. When asking about the number of students who use common passwords across services, most agree that this is something they do. Even on passwords, the students acknowledge they use letters and special characters, however only for basic substitution, something a computer can easily work out.
I feel there is a lot still which needs to be done here. Students should be encouraged to use passphrases and to the importance of password length over other techniques in relation to password security. Simply put a long password is always better than one where an ‘$’ has been used to replace an ‘S’ and a ‘1’ to replace an ‘i’. Remembering the first verse of their favourite song is easy therefore a password based on this would be easy to remember plus long. Password managers could be demonstrated as a solution to having large number of password which need to be different.
On another aspect of security, that of phishing, I find it useful to keep a library of phishing attempts which have been received by the school, which I then go on to share with students. This is useful in it shows how the attempts have evolved over time from the easily identifiable emails with spelling and grammar errors to the much more professional emails which mirror an Apple, Samsung or other vendor email perfectly in style, formatting and language. We spend time considering why a user might fall for such a scam such as where at first glance it appears to come from an email address of someone else at school, albeit the domain name is very slightly incorrect or where the email is received at the end of the day and the user is in rush to leave for home. We also consider what steps to take in the event that a student falls for a scam. The Verizon Data Breach Investigations 2018 report indicated that 1 in 5 breaches resulted from human error while also identifying that on average 5% of users receiving a phishing email would open it. Given the increasing volume and the sophistication of attempts it is likely that students will at some point fall victim and therefore it is also important they are prepared to react appropriately when they realise this has happened.
As our students interact with more technology and more online services we need to build an increased level of caution into them, making them a little more cautious than I currently believe they are.
Internet connected devices and the Internet of Things (IoT)
Another security question I ask students is if they know if the default password on their internet router at home has been changed or if they have done the same with their wireless printer. The response I usually get is a no. This is against a backdrop of more and more internet connected devices being used at home from internet connected toys, central heating and lighting solutions, Amazon Echo’s and similar devices from other vendors, front door security systems and web based CCTV to name but a few. As we bring more and more internet connected devices into our homes we need to take more and more care regarding the security of such devices. A software flaw identified in December 2017 (Cimpanu. C, 2017) was reported to have affected “Hundreds of thousands of IoT devices”. The security of our home networks is only as strong as the weakest device on that network and therefore a vulnerable IoT device impacts the security of every device and all our data at home. Before purchasing students should be considering how much effort a vendor puts into securing their product. Do they make updates or patches available and are these easy to apply? Students also need to make sure that they change default passwords and set available security and privacy settings to match their needs. For example, if their media server is for use at home does it need to have internet access enabled? If the answer is “no” then internet access should be disabled. Vendors and our students, the consumers, need to give increasing thought to the security of internet connected devices.
The fact we have eSafety, digital citizenship or similar programmes in our schools goes to indicate that we have identified the importance of this area to the futures of our students. As I hope the above makes clear I think we still have some way to go. I haven’t so far discussed the implications around Big Data, as the recent Cambridge Analytica scandal may have made all the more evident. Nor have I addressed some of the ethical concerns around new technologies such as AI or the impact of technology on our habits and behaviours. I will deal with those in a future posting.
As educators we are key in preparing our students to deal with the opportunities and challenges of technology. Technology is constantly changing and adapting, so we to must therefore be doing the same. I suspect we will always have some way to go.
Cimpanu. C, 25th Dec 2017, Vulnerability Affects Hundreds of Thousands of IoT Devices, Retrieved from https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundreds-of-thousands-of-iot-devices , downloaded on 15-04-2018
Lynch. M, 8th Jan 2018, Students should be taught to be digital leaders instead of digital citizens, Retrieved from http://www.theedadvocate.org/students-taught-digital-leaders-instead-digital-citizens/Matthew , downloaded on 15-04-2018
Verizon, 2018, 2018 Data breach investigations report, Retrieved from https://www.verizonenterprise.com/verizon-insights-lab/dbir/ , downloaded on 15-04-2018