11 KiB
11 KiB
Week 17: Safety, Privacy, and Security
Hours: 2 (1 lecture)
Learning Objectives
- Identify common cybersecurity threats (malware, phishing, social engineering)
- Create and manage strong passwords
- Explain the importance of software updates and backups
- Describe strategies for protecting personal privacy online
- Recognize ethical and legal issues in computing (intellectual property, digital footprint)
Key Concepts
The Threat Landscape
Malware (Malicious Software) Software designed to harm, exploit, or infiltrate.
| Type | What It Does | How It Spreads |
|---|---|---|
| Virus | Attaches to files; activates when file is opened | Email attachments, downloads |
| Worm | Self-replicates across networks without user action | Network vulnerabilities |
| Trojan | Disguises as legitimate software | Downloads, fake apps |
| Ransomware | Encrypts your files; demands payment for the key | Phishing emails, exploit kits |
| Spyware | Secretly monitors your activity | Bundled with free software |
| Adware | Displays unwanted advertisements | Free software, browser extensions |
| Keylogger | Records everything you type (passwords, messages) | Trojans, physical access |
💡 Real-world example: Show a news story about a recent ransomware attack (hospital, school, city government). Make it concrete — "This happened to a community college just like Gavilan."
Phishing & Social Engineering
- Phishing: Fake emails/websites that trick you into revealing information
- "Your account has been compromised! Click here to verify your password."
- Look for: urgency, generic greeting, suspicious sender, bad grammar, mismatched URLs
- Spear Phishing: Targeted phishing using personal information about you
- Smishing: Phishing via SMS/text messages
- Vishing: Phishing via voice calls
- Social Engineering: Manipulating people (not computers) to bypass security
- Impersonating IT support: "I need your password to fix your account"
- Tailgating: Following someone through a secure door
💡 Activity: Show 5 emails — some legitimate, some phishing. Students identify which are real and explain the red flags.
Protecting Yourself
Passwords
- Bad passwords:
123456,password,qwerty, your name, your birthday - Good passwords: Long (12+ characters), mix of upper/lowercase, numbers, symbols
- Passphrases: Even better —
Correct-Horse-Battery-Stapleis stronger thanP@ssw0rd!and easier to remember - Password managers: Generate and store unique passwords for every account (Bitwarden, 1Password, LastPass)
- Never reuse passwords — if one site is breached, all your accounts are exposed
Multi-Factor Authentication (MFA / 2FA)
- Something you know (password) + something you have (phone, security key) + something you are (fingerprint, face)
- Even if your password is stolen, the attacker can't get in without the second factor
- Enable MFA on email, banking, and social media — at minimum
💡 Demo: If possible, show the MFA setup process for a service (Google, Microsoft). Students see it's quick and easy.
Software Updates
- Updates patch security vulnerabilities
- Delaying updates = leaving known doors unlocked
- Enable automatic updates on OS, browser, and apps
- "But the update is annoying!" → "A ransomware attack is more annoying."
Antivirus / Anti-malware
- Windows Defender (built into Windows) is decent for most users
- Keep it updated and running
- Don't install multiple antivirus programs (they conflict)
- No antivirus is 100% — your behavior is the best defense
Backups: The 3-2-1 Rule
- 3 copies of your data
- 2 different types of media (local drive + cloud, for example)
- 1 copy offsite (cloud storage or a drive at another location)
- If ransomware hits and you have backups, you can recover without paying
Safe Browsing Habits
- Check for HTTPS (padlock) before entering sensitive info
- Don't click links in unsolicited emails — go directly to the website
- Be cautious with public Wi-Fi (use VPN if possible)
- Review app permissions — does a flashlight app need access to your contacts?
- Log out of shared computers
Privacy
Your Digital Footprint
- Everything you do online leaves traces
- Active footprint: Things you intentionally post (social media, comments, reviews)
- Passive footprint: Data collected about you (browsing history, location, cookies)
- Employers, colleges, and others DO search for you online
Who's Collecting Your Data?
- Social media companies (Facebook, Instagram, TikTok)
- Search engines (Google)
- Advertisers (tracking cookies, targeted ads)
- Apps (location, contacts, camera access)
- ISPs (can see your browsing activity)
- Government (varies by jurisdiction and legal authority)
Protecting Privacy
- Review privacy settings on social media regularly
- Use private/incognito browsing (limits local tracking, not ISP/network tracking)
- Clear cookies periodically
- Use a VPN for encrypted browsing (especially on public Wi-Fi)
- Read permissions before installing apps
- Think before posting: "Would I be comfortable if this were public forever?"
Ethics & Legal Issues
Intellectual Property
- Copyright: Automatic protection for creative works. You can't copy someone's work without permission.
- Fair Use: Limited use for education, commentary, criticism, news (has limits)
- Creative Commons: Licenses that let creators share work with specific permissions
- Plagiarism: Presenting someone else's work as your own — academic dishonesty
Software Licensing
- Commercial: Pay to use (Microsoft Office, Adobe CC)
- Freeware: Free to use, but not open source (Zoom, Acrobat Reader)
- Open Source: Free, source code available (LibreOffice, Firefox)
- Piracy: Using software without proper licensing — illegal
Digital Citizenship
- Treat others with respect online (cyberbullying is real and harmful)
- Verify before sharing (misinformation spreads fast)
- Protect others' privacy (don't share their photos/info without consent)
Diagram Ideas
- Types of Malware — Icon grid: each malware type with a simple icon and one-line description.
- Phishing Red Flags — Annotated fake phishing email with callouts: suspicious sender, generic greeting, urgency, bad URL, grammar errors.
- Password Strength Spectrum — Visual scale from "Terrible" (123456) → "Weak" (Password1) → "Good" (Tr0ub4dor&3) → "Great" (Correct-Horse-Battery-Staple) with estimated crack times.
- 3-2-1 Backup Rule — Simple visual: 3 copies, 2 media types, 1 offsite.
- Digital Footprint — Footprints leading across platforms: Google search, social media post, online purchase, email, app download.
- MFA Explained — Three locks: Know (password) + Have (phone) + Are (fingerprint).
Slide Concepts
| Slide | Content |
|---|---|
| 1 | Title: "Staying Safe in a Digital World" |
| 2 | Malware Types — icon grid overview |
| 3 | Ransomware — real-world case + how it works |
| 4 | Phishing — annotated example email |
| 5 | "Spot the Phish" — interactive: real vs fake |
| 6 | Passwords — bad vs good, passphrases, managers |
| 7 | Multi-Factor Authentication — what it is, enable it today |
| 8 | Updates & Antivirus — why they matter |
| 9 | The 3-2-1 Backup Rule |
| 10 | Your Digital Footprint — who's watching |
| 11 | Privacy Settings — quick wins |
| 12 | Ethics: Copyright, Fair Use, Plagiarism |
Vocabulary
| Term | Definition |
|---|---|
| Malware | Malicious software designed to harm, exploit, or infiltrate computer systems |
| Virus | Malware that attaches to files and spreads when those files are opened |
| Worm | Self-replicating malware that spreads across networks without user action |
| Trojan | Malware disguised as legitimate software |
| Ransomware | Malware that encrypts files and demands payment for decryption |
| Spyware | Software that secretly monitors user activity |
| Phishing | Fraudulent attempt to obtain sensitive information by disguising as a trustworthy source |
| Social Engineering | Manipulating people into revealing confidential information or performing actions |
| Multi-Factor Authentication (MFA) | Security requiring two or more forms of verification |
| Password Manager | Software that generates, stores, and fills in unique passwords |
| Passphrase | A longer password made of multiple words, easier to remember and harder to crack |
| Encryption | Converting data into a coded form that can only be read with a key |
| VPN (Virtual Private Network) | Encrypted tunnel between your device and the Internet, hiding your activity |
| Firewall | Software or hardware that monitors and controls network traffic based on rules |
| Antivirus | Software that detects and removes malware |
| Backup | A copy of data stored separately in case the original is lost or damaged |
| 3-2-1 Rule | Backup strategy: 3 copies, 2 media types, 1 offsite |
| Digital Footprint | The trail of data you leave behind from online activity |
| Cookie | Small data file stored by a website on your computer to track activity or preferences |
| Copyright | Legal protection giving creators exclusive rights to their work |
| Fair Use | Limited use of copyrighted material without permission for education, criticism, etc. |
| Creative Commons | Licenses that allow creators to specify how others may use their work |
| Plagiarism | Presenting someone else's work or ideas as your own |
| Software Piracy | Using, copying, or distributing software without proper authorization |
Activities & Assignments
In-Class
- Spot the Phish: Show 5-8 emails (mix of real and phishing). Students vote real/fake and identify the red flags.
- Password Audit: Students check one of their passwords at haveibeenpwned.com (email only, not password). Discuss what a breach means and what to do.
- Privacy Settings Walkthrough: Guide students through checking privacy settings on one platform (Google, Instagram, or phone settings). They screenshot their changes.
Homework
- Security Action Plan (1 page): Based on what they learned, students create a personal action plan with 5 specific steps they'll take to improve their digital security (e.g., enable MFA on email, start using a password manager, set up backups).
- Phishing Analysis: Find or create a phishing email example. Write a paragraph identifying every red flag and explaining how a victim could be tricked.
- Digital Footprint Audit: Google yourself. What comes up? Write a reflection on what's public, whether you're comfortable with it, and what you'd change.
Discussion Questions
- "I have nothing to hide, so I don't need to worry about privacy." Do you agree or disagree? Why?
- Should companies be required to tell you exactly what data they collect about you? Should you be able to delete it?
- Your friend sends you a link to download a popular $60 software for free. What do you do?
- A hospital is hit by ransomware. Should they pay? What are the arguments for and against?
- Is it possible to be completely anonymous online? What would it take?