Teaching About Online Security

I’m a strong advocate of students getting in the habit of storing their work securely online through free services like Google Docs, Evernote, and DropBox. At minimum, it means I don’t have to hear the “my hard drive died” excuse. But any method of storing information entails risks, whether it’s paper or the cloud. Here’s an example of how to teach students about minimizing those risks from Julie Swierczek, the university archivist and special collections librarian at Salve Regina University . . .

If you use Evernote, you probably received an email about the recent hacking of the company that compromised about 50 million passwords. While it appears doubtful that any data was lost, Evernote is asking people to reset their passwords.

This is a great lesson to share with students, for two reasons:

• Evernote, Google, etc. are money-making, professional IT companies, and they still get hacked.  This is why people should never store valuable (to hackers) personally identifiable information, like tax information or social security numbers, through these services.
• People should not use the same password for all of their online stuff, and they should especially avoid using the same passwords for logins to applications (like Evernote) that they use for banking or any other online financial transactions.  That way, if these applications get hacked, you don’t have to worry that the hacker will try hitting thousands of other sites online – which is exactly what they do – to see if they can login to any other accounts with the same information. A person’s best bet is to use a different password on every website he or she uses.  (Can’t figure out how to keep track of passwords?  Look into something like LastPass or Roboform.  These services not only manage your passwords, they generate random passwords if that’s what a user wants.)

Students who think this is not something they need to worry about should read about the hacking of Mat Honan, who lost everything he had online. Hackers not only can steal a person’s identity; they have ways of deleting all of someone’s stuff.  While the particular vulnerability mentioned in that article has been fixed, hackers are adept at finding new ways of creating mischief.