Cybersecurity - Lesson 7: Security Risks Part 2
Overview
The lesson begins with a review of security risks by watching a video on Cybersecurity & Crime. Following this, the class does an investigation into the Equifax breach, and what went wrong. The class ends with a Kahoot quiz to review security risks.
Purpose
How was Equifax hacked? Why should students care about this? What can we do to protect data in the future? These questions are the focus of this lesson as students consider the reality of security risks that led to millions of people having their private information hacked.
Goals
Students will be able to:
- Confidently explain security risks and their impact on society.
- Describe the role human error played in the Equifax breach.
Preparation
- Listen to the podcast segments and practice starting and stopping at the marked places.
- Get the Kahoot quiz set up and ready to go for the Wrap Up.
Resources
For the Students
Supplemental Code.org material
Getting Started (5 minutes)
The last lesson we investigated a few security risks. Let's watch a video together to review some of those security risks.
Video: The Internet: Cybersecurity & CrimeActivity (35 mins)
When we think about security, we often think about mistakes that we personally have made - like clicking on a link in a text message from someone we don't know. But what about companies? Security is a major concern for companies, and sometimes human errors can have massive consequences.
Today we are going to take a look at the credit reporting bureau Equifax. In 2017, Equifax was hacked and the private information of around 145 million people was comprimised. But what is Equifax and what data was stolen?
We are going to listen to two segments of two different podcasts. In the first, we will hear the history of credit bureaus leading up to Equifax. In the second, we will hear how Equifax was hacked.
Do This: Use this link to play the podcast. Stop the podcast at 13:30Do This: Use this link to play the podcast. Start the podcast at 6:05. Stop the podcast at 11:13. Note: There is a swear word that occurs around a minute after we are stopping the podcast, so please make sure to stop early.Prompt: What information does Equifax store? Why should I care?
Prompt: As a computing innovation what are the benefits of Equifax? What are the potential harms?
Prompt: What are the security risks?
Teaching Tip
Transcripts are provided in the Activity Guide for this lesson. You may want to have students follow along as they listen.
In this lesson, we only scratch the surface of the Equifax breach. You may want to listen further to the podcasts yourself, to be more informed of the issues. For example, after the breach was found and reported, Equifax tried to direct users to their own website to check if they had been affected. However, they ended up linking to a fake website!
If students don't understand how this applies to their own lives, you can make connections to their ability to buy a car in the future, or get a loan for an apartment.
Remarks
Equifax was a real-world system which was compromised by a software error and a human error. In this case, the software update would have prevented the hack.
One of the issue brought up with the Equifax Breach is that private data was stored, but there were no terms of service that users signed allowing that data to be collected. Equifax's customers are businesses who want to use that data to make decisions about people. Private citizens' data was and is constantly being collected - and potentially hacked. To summarize, Equifax sells information about private data that individual consumers did not sign terms of service to allow.
Discuss: What rules or regulations would you recommend be put in place to control how data is collected and shared? What role (if any) should the government play?
As a citizen, you have the power to bring about change. As more and more private information is knowingly or unknowingly collected and security risks continue to be a factor it's important to think about protecting what's ours and speaking to those who are in authority to strengthen protections. And someday, you yourself may be the person making these decisions and putting new laws in place!
Discussion Goal
Prompt #1: Equifax stores information on everyone who has a credit score. This information includes private data like social security numbers and whether or not you pay your bills on time. This information is often used when consumers want to make purchases and determines whether or not they are eligible and how high interest rates will be for loans. This can affect your family's ability to buy a house or a car.
Prompt #2: Benefits: companies are able to use data to make decisions when deciding who to lend money to or how much a person can be trusted to pay back a loan. With this system, we can purchase large items on loan like cars or houses, which would be out of reach for many people if they had to pay outright. Harms: Decisions made are not always fair or equitable. In addition, sometimes information is incorrect and difficult to get changed. A lot of trust is put in a small number of companies who are making a profit making these decisions.
Prompt #3: Data that Equifax stores can be hacked and distributed for malicious purposes. With the personal information that Equifax stores, hackers can commit identity theft and make purchases, drain bank accounts, or ruin people's financial history.
Teaching Tip
This discussion is open ended. There is no right or wrong answer here - prompt student be thoughtful in the types of change they would like to see in how companies like Equifax are regulated.
Wrap up (5 Minutes)
Do This: Run a quick Kahoot quiz to review Security RisksAssessment: Check for Understanding
For Teachers
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
For Students
Open a word doc or google doc and copy/paste the following question.
Question
How does human error relate to security risks?
Standards Alignment
- CSTA K-12 Computer Science Standards (2017): 3A-NI-05
- CSP2021: IOC-2.B, IOC-2.C
Next Tutorial
In the next tutorial, we will discuss Code.Org Unit 10 Lesson 8, which describes Students to complete their innovation 1-pagers..