# Week 17: Safety, Privacy, and Security **Hours:** 2 (1 lecture) --- ## Learning Objectives - Identify common cybersecurity threats (malware, phishing, social engineering) - Create and manage strong passwords - Explain the importance of software updates and backups - Describe strategies for protecting personal privacy online - Recognize ethical and legal issues in computing (intellectual property, digital footprint) --- ## Key Concepts ### The Threat Landscape **Malware (Malicious Software)** Software designed to harm, exploit, or infiltrate. | Type | What It Does | How It Spreads | |------|-------------|----------------| | **Virus** | Attaches to files; activates when file is opened | Email attachments, downloads | | **Worm** | Self-replicates across networks without user action | Network vulnerabilities | | **Trojan** | Disguises as legitimate software | Downloads, fake apps | | **Ransomware** | Encrypts your files; demands payment for the key | Phishing emails, exploit kits | | **Spyware** | Secretly monitors your activity | Bundled with free software | | **Adware** | Displays unwanted advertisements | Free software, browser extensions | | **Keylogger** | Records everything you type (passwords, messages) | Trojans, physical access | > 💡 **Real-world example:** Show a news story about a recent ransomware attack (hospital, school, city government). Make it concrete — "This happened to a community college just like Gavilan." **Phishing & Social Engineering** - **Phishing:** Fake emails/websites that trick you into revealing information - "Your account has been compromised! Click here to verify your password." - Look for: urgency, generic greeting, suspicious sender, bad grammar, mismatched URLs - **Spear Phishing:** Targeted phishing using personal information about you - **Smishing:** Phishing via SMS/text messages - **Vishing:** Phishing via voice calls - **Social Engineering:** Manipulating people (not computers) to bypass security - Impersonating IT support: "I need your password to fix your account" - Tailgating: Following someone through a secure door > 💡 **Activity:** Show 5 emails — some legitimate, some phishing. Students identify which are real and explain the red flags. ### Protecting Yourself **Passwords** - **Bad passwords:** `123456`, `password`, `qwerty`, your name, your birthday - **Good passwords:** Long (12+ characters), mix of upper/lowercase, numbers, symbols - **Passphrases:** Even better — `Correct-Horse-Battery-Staple` is stronger than `P@ssw0rd!` and easier to remember - **Password managers:** Generate and store unique passwords for every account (Bitwarden, 1Password, LastPass) - **Never reuse passwords** — if one site is breached, all your accounts are exposed **Multi-Factor Authentication (MFA / 2FA)** - Something you **know** (password) + something you **have** (phone, security key) + something you **are** (fingerprint, face) - Even if your password is stolen, the attacker can't get in without the second factor - Enable MFA on email, banking, and social media — at minimum > 💡 **Demo:** If possible, show the MFA setup process for a service (Google, Microsoft). Students see it's quick and easy. **Software Updates** - Updates patch security vulnerabilities - Delaying updates = leaving known doors unlocked - Enable automatic updates on OS, browser, and apps - "But the update is annoying!" → "A ransomware attack is more annoying." **Antivirus / Anti-malware** - Windows Defender (built into Windows) is decent for most users - Keep it updated and running - Don't install multiple antivirus programs (they conflict) - No antivirus is 100% — your behavior is the best defense **Backups: The 3-2-1 Rule** - **3** copies of your data - **2** different types of media (local drive + cloud, for example) - **1** copy offsite (cloud storage or a drive at another location) - If ransomware hits and you have backups, you can recover without paying **Safe Browsing Habits** - Check for HTTPS (padlock) before entering sensitive info - Don't click links in unsolicited emails — go directly to the website - Be cautious with public Wi-Fi (use VPN if possible) - Review app permissions — does a flashlight app need access to your contacts? - Log out of shared computers ### Privacy **Your Digital Footprint** - Everything you do online leaves traces - **Active footprint:** Things you intentionally post (social media, comments, reviews) - **Passive footprint:** Data collected about you (browsing history, location, cookies) - Employers, colleges, and others DO search for you online **Who's Collecting Your Data?** - Social media companies (Facebook, Instagram, TikTok) - Search engines (Google) - Advertisers (tracking cookies, targeted ads) - Apps (location, contacts, camera access) - ISPs (can see your browsing activity) - Government (varies by jurisdiction and legal authority) **Protecting Privacy** - Review privacy settings on social media regularly - Use private/incognito browsing (limits local tracking, not ISP/network tracking) - Clear cookies periodically - Use a VPN for encrypted browsing (especially on public Wi-Fi) - Read permissions before installing apps - Think before posting: "Would I be comfortable if this were public forever?" ### Ethics & Legal Issues **Intellectual Property** - **Copyright:** Automatic protection for creative works. You can't copy someone's work without permission. - **Fair Use:** Limited use for education, commentary, criticism, news (has limits) - **Creative Commons:** Licenses that let creators share work with specific permissions - **Plagiarism:** Presenting someone else's work as your own — academic dishonesty **Software Licensing** - **Commercial:** Pay to use (Microsoft Office, Adobe CC) - **Freeware:** Free to use, but not open source (Zoom, Acrobat Reader) - **Open Source:** Free, source code available (LibreOffice, Firefox) - **Piracy:** Using software without proper licensing — illegal **Digital Citizenship** - Treat others with respect online (cyberbullying is real and harmful) - Verify before sharing (misinformation spreads fast) - Protect others' privacy (don't share their photos/info without consent) --- ## Diagram Ideas 1. **Types of Malware** — Icon grid: each malware type with a simple icon and one-line description. 2. **Phishing Red Flags** — Annotated fake phishing email with callouts: suspicious sender, generic greeting, urgency, bad URL, grammar errors. 3. **Password Strength Spectrum** — Visual scale from "Terrible" (123456) → "Weak" (Password1) → "Good" (Tr0ub4dor&3) → "Great" (Correct-Horse-Battery-Staple) with estimated crack times. 4. **3-2-1 Backup Rule** — Simple visual: 3 copies, 2 media types, 1 offsite. 5. **Digital Footprint** — Footprints leading across platforms: Google search, social media post, online purchase, email, app download. 6. **MFA Explained** — Three locks: Know (password) + Have (phone) + Are (fingerprint). --- ## Slide Concepts | Slide | Content | |-------|---------| | 1 | Title: "Staying Safe in a Digital World" | | 2 | Malware Types — icon grid overview | | 3 | Ransomware — real-world case + how it works | | 4 | Phishing — annotated example email | | 5 | "Spot the Phish" — interactive: real vs fake | | 6 | Passwords — bad vs good, passphrases, managers | | 7 | Multi-Factor Authentication — what it is, enable it today | | 8 | Updates & Antivirus — why they matter | | 9 | The 3-2-1 Backup Rule | | 10 | Your Digital Footprint — who's watching | | 11 | Privacy Settings — quick wins | | 12 | Ethics: Copyright, Fair Use, Plagiarism | --- ## Vocabulary | Term | Definition | |------|-----------| | **Malware** | Malicious software designed to harm, exploit, or infiltrate computer systems | | **Virus** | Malware that attaches to files and spreads when those files are opened | | **Worm** | Self-replicating malware that spreads across networks without user action | | **Trojan** | Malware disguised as legitimate software | | **Ransomware** | Malware that encrypts files and demands payment for decryption | | **Spyware** | Software that secretly monitors user activity | | **Phishing** | Fraudulent attempt to obtain sensitive information by disguising as a trustworthy source | | **Social Engineering** | Manipulating people into revealing confidential information or performing actions | | **Multi-Factor Authentication (MFA)** | Security requiring two or more forms of verification | | **Password Manager** | Software that generates, stores, and fills in unique passwords | | **Passphrase** | A longer password made of multiple words, easier to remember and harder to crack | | **Encryption** | Converting data into a coded form that can only be read with a key | | **VPN (Virtual Private Network)** | Encrypted tunnel between your device and the Internet, hiding your activity | | **Firewall** | Software or hardware that monitors and controls network traffic based on rules | | **Antivirus** | Software that detects and removes malware | | **Backup** | A copy of data stored separately in case the original is lost or damaged | | **3-2-1 Rule** | Backup strategy: 3 copies, 2 media types, 1 offsite | | **Digital Footprint** | The trail of data you leave behind from online activity | | **Cookie** | Small data file stored by a website on your computer to track activity or preferences | | **Copyright** | Legal protection giving creators exclusive rights to their work | | **Fair Use** | Limited use of copyrighted material without permission for education, criticism, etc. | | **Creative Commons** | Licenses that allow creators to specify how others may use their work | | **Plagiarism** | Presenting someone else's work or ideas as your own | | **Software Piracy** | Using, copying, or distributing software without proper authorization | --- ## Activities & Assignments ### In-Class 1. **Spot the Phish:** Show 5-8 emails (mix of real and phishing). Students vote real/fake and identify the red flags. 2. **Password Audit:** Students check one of their passwords at [haveibeenpwned.com](https://haveibeenpwned.com) (email only, not password). Discuss what a breach means and what to do. 3. **Privacy Settings Walkthrough:** Guide students through checking privacy settings on one platform (Google, Instagram, or phone settings). They screenshot their changes. ### Homework 1. **Security Action Plan (1 page):** Based on what they learned, students create a personal action plan with 5 specific steps they'll take to improve their digital security (e.g., enable MFA on email, start using a password manager, set up backups). 2. **Phishing Analysis:** Find or create a phishing email example. Write a paragraph identifying every red flag and explaining how a victim could be tricked. 3. **Digital Footprint Audit:** Google yourself. What comes up? Write a reflection on what's public, whether you're comfortable with it, and what you'd change. --- ## Discussion Questions 1. "I have nothing to hide, so I don't need to worry about privacy." Do you agree or disagree? Why? 2. Should companies be required to tell you exactly what data they collect about you? Should you be able to delete it? 3. Your friend sends you a link to download a popular $60 software for free. What do you do? 4. A hospital is hit by ransomware. Should they pay? What are the arguments for and against? 5. Is it possible to be completely anonymous online? What would it take?