Ah, summer. The season of sunburns, sandy toes, and… cybersecurity threats? If that last one caught you off guard, you’re not alone. As we bid farewell to final exams and hit the road to paradise, many of us have a one-track mind: relaxation. But in our zest to share every picturesque sunset and poolside selfie on social media, we might be unknowingly inviting some unsavory digital dangers.
Now, I’m not suggesting you shelve your phone for the season – where’s the fun in that? However, a dash of caution can ensure your posts don’t unwittingly play into the hands of cyber miscreants.
Check-in Wisely: Sure, tagging yourself at that luxurious beachside resort or bustling local restaurant is enticing. But announcing your every move to the world also signals you’re not home, making your empty house a potential target for burglars.
Picture Perfect Precautions: That boarding pass photo looks stylish, but did you know the barcode often contains personal information that can be decoded? The same goes for close-ups of event tickets or keycards. A little crop goes a long way!
Privacy First: Adjust your account settings so that only friends or approved followers can see your posts. And while we’re on the topic, be discerning about accepting new followers or friend requests, especially if your profile is a treasure trove of personal snaps.
The Devil’s in the Details: Sharing anecdotes is one thing but avoid giving specifics. Rather than saying, “Staying at the Grandiose Hotel on 5th Street for two weeks!” perhaps try, “Loving the vibes of this city!” It’s vague, it’s mysterious, and it’s safe.
Delayed Gratification: Post your adventures after you return. This way, you’re not providing real-time updates of your whereabouts, and it gives you a chance to relive your vacation all over again.
Beware of Bots and Scammers: Received a comment from a ‘travel agency’ promising discounted trips? Or a message from a ‘fellow traveler’ wanting to meet up? Approach with caution. These could be bots or individuals with nefarious intentions.
In the end, though, remember there’s more to vacation than just the ‘Gram. As tempting as it might be to capture every moment, sometimes the best memories are the ones where you’re fully present, soaking in the sights and sounds unfiltered.
So, while I wholly endorse your efforts to make your friends a tad jealous with those sun-kissed photos, remember to sprinkle in a bit of digital wisdom. Your peace of mind will thank you. And hey, once you’ve ensured your online safety, there’s nothing stopping you from diving deep into the ocean or your novel, away from the persistent pings of notifications. Happy travels and even happier posting!
April is here, and besides the burst of springtime flowers and occasional showers, there’s another cloud looming on the horizon for many: Tax Day. As we hustle and bustle to get our financial ducks in a row before April 15th, it’s important to remember that tax season is also open season for cyber threats.
Imagine this: you’re sitting at your computer, sipping your morning coffee, when an email pings into your inbox. It’s from the IRS! Or, at least, it seems to be. The logo looks right, and the language is pretty official. But hold on. Is the IRS really emailing you about a “tax refund error”? Spoiler: they’re not. This is a classic example of a phishing attempt.
Phishing, for those unfamiliar with the term (or perhaps more acquainted with the hobby involving a rod and reel), is when scam artists try to trick you into providing sensitive information. In the tech world, this typically happens over email, but it can also occur via phone calls or text messages.
In tax season, these scams skyrocket. The bait? Emails masquerading as official communications, promising refunds, or threatening audits. The objective? To get you to click on a malicious link or download an infected attachment.
But fear not, fellow taxpayers! Here’s how you can tread these treacherous waters safely:
Don’t Trust, Always Verify: Remember, the IRS will never initiate contact with taxpayers via email about a tax bill, refund, or economic impact payment. If in doubt, don’t click on anything. Instead, go directly to the IRS website or contact them by phone.
Use Secure Connections: If you’re working with digital tax documents, make sure your internet connection is secure. That quaint coffee shop with free Wi-Fi might be tempting, but unsecured networks can expose your data to prying eyes.
Backup and Store Safely: Once you’ve filed your taxes, ensure you have digital copies stored safely. Using an encrypted USB drive or a secure cloud storage solution is a good idea.
Embrace Multi-Factor Authentication: If your online tax platform offers it, enable multi-factor authentication. This adds an additional layer of security, requiring you to confirm your identity through two or more verification methods.
Update Regularly: Ensure your computer, browser, and any tax software you use are up-to-date. Cybersecurity patches are released for a reason!
But let’s end on a lighter note. Yes, tax season can be stressful, both for our wallets and our digital peace of mind. However, think of it this way: while you’re safeguarding your finances from both the taxman and cyber scammers, you’re also gaining invaluable skills to protect your digital self year-round. It’s like spring cleaning for your cyber home!
And, if all else fails, just remember: only a few more weeks until you can put all this tax business behind you. Then it’s back to regular programming, like deciphering those cryptic error messages Windows loves to throw our way.
March winds are gusting, heralding the start of another stormy season. As the skies rumble and weather forecasts become the center of our daily conversations, another kind of storm brews in the background – the digital tempest, where cunning scammers lie in wait.
Now, if your idea of a scammer is someone in a dark room filled with glowing computer screens, you’re not entirely off mark. But, much like our increasingly unpredictable weather, their strategies evolve, often shadowing current events. The stormy season provides the perfect cover for their malicious endeavors. They know, in moments of distress, we humans can be both incredibly compassionate and a tad bit gullible.
Let’s navigate these digital tempests together.
1. The Pseudo-Charity Drive.
After a particularly devastating storm, our inboxes are bombarded with messages pleading for donations for those affected. Some tug at your heartstrings with stories of families torn apart, homes destroyed, and lives forever altered. And many of these are genuine. But mixed among the real pleas are the scam artists seeking to exploit your kindness. They set up fake charity websites that look eerily genuine, siphoning off donations meant for real victims.
Pro-tip: Never click on unsolicited links. Always do your homework. Verify the charity through trusted channels, and consider donating directly on their official website or through established platforms.
2. Weather Alerts Gone Rogue.
Imagine receiving a text or email warning of a severe weather alert, complete with a link that promises up-to-the-minute updates. Only, upon clicking, malware is injected into your device, with the potential to harvest personal information.
Pro-tip: Official alerts rarely, if ever, come with links. Install a trusted weather app or bookmark legitimate weather sites for updates. Stay wary of unsolicited warnings.
3. “Too Good to Be True” Repair Services.
Post-storm damage can be a nightmare. Enter the scam artist, posing as a contractor or repair service, often offering deals that sound too good to be true. Once paid, they either do a shoddy job or simply vanish with your money.
Pro-tip: Seek out reputable service providers. Ask for recommendations, check for genuine reviews, and always, ALWAYS, get everything in writing.
Now, imagine this scenario: Amidst the whirling digital storms, our scammer sits, frustrated, unable to breach your fortified defenses. Quite a satisfying image, isn’t it?
While the aforementioned scams are some of the common ones, it’s essential to remember that scammers continually evolve. The mantra? Stay alert and always double-check.
Stay safe out there, both from the storms above and the ones on your screens. As the old adage goes, it’s better to be safe than sorry. And in this digital age, a touch of skepticism might just be the umbrella you need.
February, often dubbed the “month of love”, is upon us, bringing with it heart-shaped chocolates, romantic dinners, and warm sentiments exchanged between loved ones. As Cupid readies his arrows for Valentine’s Day, many individuals are already immersed in the digital realm, hoping to make connections and perhaps even find love.
Yet, as with many things in the digital age, love isn’t without its complications.
Imagine this: You’ve found someone interesting on a dating app. Their profile pictures look too good to be true (because sometimes they are). The conversation flows effortlessly, and soon, plans to meet are in the works. Only, when the time comes, they seem to have one emergency after another, preventing a face-to-face encounter. Sounds familiar? You might be brushing with a catfisher.
The realm of online dating, much like other parts of the internet, is ripe for exploitation. Scammers, donning the disguise of potential mates, often engage in social media exploitation, targeting unsuspecting individuals to extort money or personal data. Their tactics can range from invoking sympathy with sob stories to blackmail using intimate photos.
Now, as dreamy as the thought of meeting someone online might be, it’s worth noting that not every story of digital love ends in a fairy-tale manner. Some tales conclude with a compromised bank account or, worse, a broken heart coupled with stolen identity.
In the backdrop of such threats, it’s crucial to be both emotionally and digitally savvy. Here are a few precautions for those looking to keep their love life online:
Verify, then Trust: If a profile appears too polished or their stories sound too rehearsed, do a quick reverse image search of their photos. This could help ascertain if the pictures are lifted from another source.
Keep Intimate Details Private: While sharing might seem like caring, be wary of giving out too much personal information upfront. Hold off on sharing intimate photos or videos, especially if you’re not sure about the other person’s intentions.
Financial Red Flags: Be skeptical if your new online love interest suddenly finds themselves in a financial crunch, seeking your assistance. Many scammers spin tales of woe to play on their victims’ emotions and wallets.
Take It Slow: While the digital age is all about instant gratifications, taking things slow in the world of online dating can save you a lot of grief. Get to know the person, consider video calls before meeting in person, and trust your instincts.
Up Your Privacy Game: Ensure that your own social media profiles aren’t giving away too much about you. Regularly update your privacy settings, and be cautious about whom you accept as friends or followers.
In the spirit of Valentine’s, let’s sprinkle in a bit of humor. Remember, if you’re feeling particularly vulnerable this season, chocolates, unlike potential online scammers, are rarely deceptive (unless we’re talking about that mystery box where half of them are flavors nobody likes).
In conclusion, while the age of the internet offers unprecedented opportunities to meet and connect with people worldwide, it also demands an unprecedented level of caution. As you embark on your digital love journey this February, remember to safeguard both your heart and your data. After all, the best matches are built on trust, and nothing says “I trust you” like ensuring your mutual digital safety.
As the year’s first rays dawned, many of us uncorked the champagne, reflected on the past, and scribbled down those classic New Year’s resolutions. From hitting the gym (or at least stretching once in a while) to finally reading that book gathering dust on the shelf – the New Year has always been a beacon of fresh starts and renewed commitments. But why not add a resolution that can protect something incredibly valuable yet often overlooked? Your digital well-being.
Given that more of our lives are entwined with the digital realm, ensuring your cyber hygiene is as refreshed and revitalized as your new workout plan becomes crucial. Let’s dive into the top 10 cyber resolutions you should consider adopting this 2023:
Password Perfect: No, “password123” is not a secure choice. Commit to strengthening and diversifying your passwords. Consider using a password manager, so you only need to remember one master password. With cyberattacks on the rise, this is akin to changing the locks on your front door.
Two Steps Ahead: If you’re not using two-factor authentication (2FA) on your crucial accounts, it’s time to embrace it. Yes, it’s an extra step, but it’s also an extra layer between your data and potential hackers.
Update and Elevate: Remember that pesky notification you’ve been swiping away for months? Updates aren’t just about introducing fancy new features; they often patch security vulnerabilities. Regular updates can be the difference between a smoothly running device and a malware-riddled one.
Declutter Digital Desks: Much like that closet you’re vowing to clean, your digital space likely needs some tidying. Delete apps you no longer use, especially if they have permissions that access your personal data. A leaner device is often a safer device.
Back It Up: Imagine spilling coffee on your device and realizing you’ve lost everything? Nightmare-ish, right? Regularly back up essential files to an external hard drive or cloud storage. If disaster strikes, you’ll have a digital safety net.
Wi-Fi Wisdom: Free public Wi-Fi is tempting, especially when you’re sipping a latte and browsing. However, they’re also a playground for snoopers. If you must use one, avoid accessing sensitive accounts or use a VPN to cloak your activities.
Email Enlightenment: Phishing scams are ever-evolving, but a touch of skepticism can go a long way. Questionable sender? Unsolicited attachments? When in doubt, don’t click. Think of it as digital stranger danger.
Social Media Savviness: We love sharing, but oversharing can be perilous. From vacation plans to your pet’s name (often used as security answers), be wary of what you post. And while we’re on the topic, review those privacy settings.
Educate and Advocate: Keep abreast of the latest in cyber threats and safety measures. Consider subscribing to a cybersecurity news outlet, the one you’re one is a good start. The more you know, the better you can protect yourself. And share the knowledge; after all, caring is sharing.
E-Commerce Caution: Online shopping is a delight, but not when your credit card details end up in the wrong hands. Use trusted websites, always look for the ‘https’ in the URL, and consider using a credit card over a debit card for better fraud protection.
Tying it up with a bit of cheer – while cyber threats might sound like the plot of a sci-fi thriller, with proactive steps and awareness, they don’t stand a chance against you. Let’s raise our glasses (or coffee mugs) to not just a year of personal growth and achievements but also to a year of robust digital health and fortified cyber barriers.
So, go on, adjust those New Year’s resolutions. Slide in a few from the list above. Here’s to making 2023 not just prosperous and fulfilling, but cyber safe!
Stay updated, stay secure, and remember – a moment of prevention in the cyber world can save hours of digital heartbreak. Cheers to a cyber-smart 2023!
Ah, December – a month where carolers sing, lights twinkle, and folks eagerly tear into gift-wrapped boxes to discover the latest and greatest in tech. From Grandma’s new smartphone (Go, Granny!) to your cousin’s shiny smartwatch, the season of gadget gifting is upon us. But with great gifts come great responsibility, particularly in ensuring these devices don’t become the technological equivalent of tangled Christmas lights.
First Stop: Unboxing Joy (and Cables)
Remember the Christmas movie where the dad spends hours trying to untangle strands of lights? That’s you with your new device’s cables if you don’t approach this systematically. Lay out all components, and for the love of all that’s merry and bright, read the manual. Yes, I said it. It might seem as old-fashioned as fruitcake, but sometimes, those booklets do come in handy.
Securing Your Sleigh…I Mean, Device
After powering on, your immediate priority should be security. After all, you wouldn’t leave your Christmas cookies out for anyone but Santa, right?
Password-Protect: Choose strong passwords and avoid obvious choices like “password123” or “letmein.” If your reindeer can guess it, it’s not strong enough.
Software Updates: These are like the elves of the tech world. They work behind the scenes to ensure everything runs smoothly. Install any pending software updates as they often contain critical security patches.
Two-Factor Authentication: Like the double bolt on Santa’s workshop. It requires an additional step to access your device, making it harder for any Grinches to breach your accounts.
Connectivity: Making Sure Your Gadgets Play Nice
Ah, the joy of getting devices to talk to each other. It’s like trying to organize a reindeer game without Rudolph feeling left out.
Wi-Fi Woes: Ensure your home Wi-Fi is secure. Rename your network to something nondescript. “FBI Surveillance Van” might give your neighbors a chuckle, but it also gives away the brand and model of your router. Opt for something generic and boring.
Bluetooth Pairing: Keep Bluetooth off when not in use. You don’t want any unexpected guests connecting to your devices, much like how you might feel about that one distant relative dropping by unannounced.
App Management: Not Every App Deserves a Place on Santa’s Nice List
Be cautious of what apps you install. Some might be more interested in your data than in making your life easier. Think of them as the mischievous elves of the app world.
Some Final (Jingle) Bells and Whistles
Back-Up: Set up automatic backups. Because even Santa checks his list twice.
Limit Permissions: Not every app needs access to your camera, contacts, and location. Be stingy with permissions, like a Grinch with his roast beast.
Stay Informed: Subscribe to a trusted tech news site. It’s like getting weather updates from the North Pole, ensuring you’re always in the loop.
In Conclusion:
Sure, the holiday season might be about festivities and family, but it’s also an opportune time to show off our shiny new gadgets. Just remember, amidst the caroling and cocoa-sipping, that while your devices might come with some assembly (and frustration) required, a little patience and humor can go a long way. After all, if Santa can travel the globe in a single night, you can certainly set up your new tech in an afternoon.
So, as you plug in, set up, and dive into your new devices, may your Wi-Fi be strong, your passwords be complex, and your tech-related headaches be minimal. Happy Holidays and tech the halls safely!
Welcome, tech enthusiasts and discerning shoppers! With November’s Black Friday and Cyber Monday deals storming the horizon, who can resist the siren call of sparkling new gadgets at prices that make our wallets weep with joy? But, my fellow adventurers, in our pursuit of these shiny treasures, we must also be wary of the lurking sea monsters – dubious deals and too-good-to-be-true tech traps.
Remember that time when cousin Eddie bragged about getting the latest smartphone for a steal from “Discount Dave’s Digital Den”? Only to discover it was just a plastic replica that played ‘Jingle Bells’ when turned on? A cautionary tale for us all. But fear not! I’ve crafted a trusty map to guide us safely through these treacherous shopping seas.
Beware the Phantom Ship of Phantom Shops: As you set sail on the vast online ocean, be wary of mysterious virtual ships (websites) that appear out of the mist. These websites may dazzle with alluring deals but often vanish into the ether once they’ve plundered your gold (and personal data). Stick to well-known, reputable tech havens. If a site’s name sounds like it was crafted by a pirate on grog – “Ye Olde Techy Treasure Trove” – it’s probably best to steer clear.
The Mythical “70% Off” Siren: While a significant discount can be legitimate during the major shopping days, be cautious of year-round extreme markdowns. If a brand-new gaming console is advertised at 70% off on a random Tuesday in mid-November, you might be diving straight into the tentacles of a tech trap.
The Curse of the No-Return: This fiendish curse can strike when you least expect it, especially with tech treasures. Always inspect the return policy of your chosen store. If you spy words like “All sales final!” or “No returns, no regrets!” – be warned. No one wants to be stuck with a ‘smart’ toaster that thinks burning toast is its primary function.
Beware of Bootleg Buccaneers: Aye, these pesky pirates are masters of deception. They’ll sell you a “genuine” product that’s as genuine as a three-dollar bill. Always check for certification, warranty details, and product reviews. If the new tablet you bought starts singing “Yo ho, yo ho, a pirate’s life for me,” you’ve likely been bamboozled.
The Hidden Treasure of Research: Before you embark on your shopping quest, arm yourself with the most powerful weapon of all – knowledge! A little research on product specs, reviews, and price comparisons can help you discern a genuine treasure from a dud.
Protect Your Galleon: In the heat of battle (or shopping spree), it’s easy to forget about the safety of our ship. Ensure your computer, smartphone, or tablet is fortified with updated security software. And never, I repeat, never, share your treasure map (personal and credit card information) with suspicious sites or unsolicited callers.
In the end, my fellow shoppers, as the November winds carry whispers of tech deals and discounts, remember that every great adventurer needs both courage and caution. While there’s plenty of treasure out there waiting to be claimed, make sure you don’t end up marooned on the isle of regret.
Happy hunting and may your tech treasures bring you joy and not jingles!
If you use a Windows-based computer, you are aware of Patch Tuesday and also the dark side of Windows patching. To say Microsoft’s patching process is riddled with issues would be a kind gesture.
The last several Windows 10 updates were buggy, and, in some instances catastrophic if installed. I often envision the Microsoft patching process as a game of whack-a-mole: one issue is addressed, another bursts onto the scene and the cycle seems to loop continuously.
In October 2019, Microsoft released a new update that was designed to remedy a printer driver issue from the previous update. However, many users encountered the nightmare for all Windows users: The Blue Screen of Death. If you’re not familiar with the Blue Screen, I’ll summarize. Your PC stops functioning completely.
In October, those who encountered the dreaded Blue Screen had to roll back their machines to a previous version of Windows, if they did so within ten days of installing the update. As usual, miscellaneous applications and settings had to be restored, but at least you could resurrect your PC.
Fast forward a few months and Microsoft did it again; an update is causing major problems for some.
The February Windows 10 update, KB4532693, contains almost 100 different bug fixes and some enhancements to improve user interaction, but there’s another problem lurking among the update.
Your data is deleted.
Yeah, you read that correctly, not a Blue Screen of Death, arguably, something worse. Reports from many Windows forums reveal that Windows 10 will sometimes fail to load user profiles correctly following the installation of the February update. As a result, personal files and settings disappear. Some researchers suggest the issue is related to the mechanism Windows uses to install the update. A temporary user profile is created by the update process and the profile isn’t waived, rather, Windows gets “stuck” in the temporary profile, resulting in loss of data to your other profiles.
In the forums that I reviewed, users who experienced the issue didn’t lose all data; however, in all instances when the error occurred, all files saved to the Desktop, custom wallpapers and icons vanish.
Microsoft hasn’t issued a response to the complaints, yet. However, Windows 10’s rollback feature appears to address the problem.
If you observe the issue, I suggest rolling back to the most previous working version of Windows 10. The steps follow.
Click the Start button and select settings. Go to “Update & Security”, then select Recovery. Under “Go back to the previous version of Windows 10”, choose “Get started”. Follow the instructions. Eventually the PC will prompt for a restart, and, your device should revert.
But, please note, Windows 10 can only rollback within a ten-day window following an update – if you miss the timeframe, the rollback option is no longer available.
For me, I advocate for keeping devices updated. It’s a solid method for securing a device against known vulnerabilities and ensures that you have the latest features and functionality. Microsoft’s poor history with updates is disconcerting. Many people are afraid to enable auto-updates due to the continued failures, more strikingly, large organizations fear Microsoft patches – the looming concern of “breaking” the business is a palpable anxiety.
I don’t know how Microsoft tests and manages quality for the patches. I recognize that their software is wildly popular and testing every permutation and application isn’t a reasonable expectation; however, exposing users to a seemingly incompetent process only erodes confidence and instills a reticence to staying current. In fact, Windows users often litter discussion forums with questions of “who’s done it”, hoping to find the poor soul who jumped before looking.
Let’s hope Microsoft recognizes that new features don’t outweigh reliable, safe operations.
Shifting gears, a bit, MGM Resorts recently announced a data breach. The breach occurred in July 2019, resulting in data compromise of nearly 11 million guests.
MGM didn’t specifically express the number of affected guests; however, a cybercrime monitoring firm offered that 10.6 million people had their information breached.
According to a statement from MGM Resorts, they discovered the breach last summer. The stolen data was stored in a cloud server. Among the data were basic “phone book information”. Apparently, names, email addresses, phone numbers and physical addresses were the main items stored in the cloud server. A much smaller number of guests’ driver license, military ID and passport information were exposed.
ZDNet revealed the personal information theft, indicating that it was accessible on a hacking forum. After the ZDNet report, MGM Resorts published a statement in which they acknowledged the event. The statement indicated that they hired two cybersecurity companies to assist in the investigation and pledged to upgrade the security systems.
MGM Resorts further stated, “We are confident that no financial, payment card or password data was involved in this matter.” MGM indicated they notified guests according to state data breach laws. Law enforcement is also working the incident, no indication of the cybercriminal was offered, and, no one has overtly issued claim to the breach.
Given that most state data breach notification laws do not require victims to be notified when the stolen information is limited to basic data, such as directory information, it’s likely that many of those affected have no idea their information exists among the breached data.
If you’ve stayed at an MGM Resort property recently, I suggest you follow basic fraud monitoring techniques; even though no financial data seems to exist among the data, we only know what has been released and stated. Taking a few precautions isn’t a bad idea.
Check your financial accounts for fraudulent activity. If you observe something odd, contact your financial services provider and seek a review. If you employ credit monitoring, check your credit reports. If you don’t, request a free report. Again, if you notice something peculiar, report it.
And lastly, consider changing your passwords. Despite the relatively low quality of the data, password guessing success increases as the volume of pertinent data increases.
Watch those patches and check your financial records. Be safe.
As a computer technologist, an innate bias envelops the word “technology”; whenever I hear the word, I immediately think of computers, software. Similarly, when a reference to security arises, instantly I think of cybersecurity.
Our modern-day society is predicated on many forms of technology and a collective desire to progress is inextricably intertwined with the advancement of technologies. Among those technologies, undoubtedly, are computers, applications and a fascinating blend of things yet-to-be contemplated.
So, for these comments, please share my predilection that technology inherently suggests some form of computer technology.
Our schools are reliant on technology. The business of learning and fostering knowledge is deeply steeped in efficient, reliable technology.
Computers provide access to boundless resources; we no longer refer to libraries as libraries, rather, they are media centers. I haven’t seen a card catalog in two decades – the physical volumes of the media center are cataloged within a database. Student ID cards reveal identity and serve as a digital passport for access to food services, secured structures, sporting events, the media center. Classrooms exhibit smartboards, digital displays, interactive media and mobile devices.
The hallways are guarded by closed-circuit television. Textbooks are often paperless. Computer labs are an anachronism – some schools issue tablets, laptops to students. With the proliferation of high-speed wireless networks, the students and faculty are always “plugged” in.
I doubt any of these comments are shocking to anyone.
How are these technologies sustained?
A new version of my cellphone appears every fall, every three weeks my software provider announces a new update, every day my computer installs new antivirus and anti-malware defenses, new firmware for my home router arrives, my wireless cameras exceed storage space, and on and on and on.
Take those individual pieces and multiply them by a few thousand, by several thousand. The annoying becomes overwhelming.
Yet, technology is easy, right?
Developers march forward, seeking greater expansion and application of the newer and the better. Vendors offer their wares as the next generation of the latest and greatest. Rapid development techniques and intuitive user interfaces suggest greater advancement coincides with simpler management, lowered costs and ease-of-use.
But, don’t be fooled.
Today’s technology is incredibly complex. The digital architectures upon which our devices operate, and information flows require constant observation and maintenance. The rapid development of software results in flawed, error prone products. Our penchant for chasing the connection of all things creates an awkward mash-up of inter-connected devices.
The requirements to manage thousands of digital devices and software and users requires resources.
Most organizations, including educational entities, do not have adequate information technology resources.
As Frankenstein networks emerge, combined with increasingly fragile software and high-speed cyber highways, the opportunity for security risks rise significantly.
Every school hasn’t replaced textbooks with tablets; every classroom isn’t equipped with a smartboard and digital display. Without a doubt, variability in the use of, and adoption of, technology exists among our schools. However, the single thing that exists among all entities is security concern.
Technology adoption will increase. With the growth, security concerns will flourish. Inadequate support resources coupled with frightening risk is a recipe for disaster.
And the bad guys know it.
Why do would-be bad actors target education?
Opportunity is abundant and the environment is ripe with desirable goods.
Educational organizations house treasure troves of personal information: employee and student biographical data, health data, financial data, performance data.
Data is the new currency. With data, a bad actor can buy, sell, trade for practically anything. With data, a bad actor can embarrass, attack, impersonate another.
Technology presents fabulous opportunity for students and teachers. Similarly, technology presents opportunity through unmanaged risk for exploitation and manipulation by those who endeavor to cause harm.
Recent events underscore the value of adequately addressing cybersecurity needs in our schools. Ransomware has crippled school systems, phishing scams resulted in lost funds, hijacked credentials ended in reputation ruin, and the list goes on.
In a recent discussion about computer resources being held hostage, a participant stated to the group that “we can teach without the computers.” I agree to an extent. We can also teach in temporary shelters following a natural disaster, but should we?
Technology isn’t going away; we must increase our awareness to the threats presented by technology and work to safeguard our students and employees from the effects of cyberthreats.
In order to close the gap in our defenses, the community must commit to supporting educational technologies comprehensively.
If you employ technology, you have risk. If you collect student and employee data, you possess a commodity desirable by those who have the knowledge and means to do “evil”.
What should we do?
Support is needed. A structured, pragmatic approach to managing and mitigating the cyber risk is here. Prescribing awareness and best practices are a solid foot forward. However, to achieve maximum effectiveness, we must provide the proper resources and guidance to ensure that adequate controls are in place.
Additionally, we need to expect and request more from our technology developers and integrators – we’re not alone in this voyage.
A simple definition of technology follows: the application of resources to achieve a goal. Often, the goal is a scientific endeavor, other times, it’s an efficiency objective, and let’s not forget a more obvious desire: solve a problem.
We live in a world littered with fascinating technology, ripe with seemingly constant change. If you take a few moments and ponder the major changes that have occurred in your life over the past few years, it’s likely that technology can be found among those events.
As a technologist, I will testify that technology is often imperfect. In fact, I worked in design for many years and the process of developing a new “computer” technology isn’t immaculate. I’m certain you’re familiar with the old saying, “you don’t want to see how the sausage is made”.
Technology development can follow the scientific method. Careful review, testing and analysis are the hallmarks of pragmatic development. However, nowadays, the desire to reach a goal, such as a new app, frequently requires abandoning rigorous testing. As a result, poorly designed software has become a normal for many of us.
We have become the testers, the evaluators, the frustrated audience for the rapid development of new software technologies. If enough of us complain and allow error logs to be whisked away, patches will arrive. Well, maybe patches will arrive.
Are there bad consequences of these approaches?
No doubt. Crashed apps are common, frustrated users are normal, and technologists fear moving away from stable software platforms.
Just this week, we were reminded of the real-world consequences of poor software development. The Iowa Democratic caucus was Monday night. It’s election year, 2020.
What does that mean? An app of course.
As the nation held its breath and waited with anticipation of the results from a crowded Democratic field, the new technology didn’t fare well.
Last month, the Iowa Democratic Party announced that it planned to use a mobile app to report precinct results. Despite requests by many, the Party refused to reveal much about the app. Independent security companies asked to review the app’s source code (the underlying instructions that constitute the app), those requests were denied. Some sought the testing process and those results; denied. Who developed the app? No comment.
According to the Wall Street Journal, elected officials asked for details about the app; those were met with the same refusal from the Democratic Party. In the aftermath, we know what happened, at least we made observations and have notions of what happened.
The Iowa precinct chairs could not get the app to work properly. It crashed repeatedly. The app was built hastily, and testing was woefully inadequate.
What are some lessons learned from the Iowa Democratic app debacle?
As a starting point, let’s appreciate the importance of an election. There are few things more personal and important than one’s right to cast a vote. In doing so, we place our confidences in the systems and people who manage the technologies that facilitate our desire to voice our choice. The process of voting should be transparent and devoid of obstacles.
Based on the responses to inquiry before the Iowa caucus and the aftermath of the event, one thing is certain, the notion of rapid software design failed.
It’s important to state that the app did not cast votes. Rather, it was designed to deliver quickly the results of precinct votes to the state party. So, based on our basic definition of technology, it appears that the problem that was being addressed was expediency: deliver the results quickly. After all, all eyes were on Iowa – who had the time for slow results reporting. We want what we want right now.
If you’re in the business of running an election, transparency of your technology is essential.
Whether you’re using pencils and paper ballots or computer-based voting machines, allowing inspection, review of the technology and explaining to the voters what’s being used builds voter confidence. If I asked for information on the pencils and paper ballots and the response is “you’ll see, don’t worry about it.” I’m instantly worried.
So what are you to do?
First, explain what’s going on. Mount an open campaign about the technology and explain the purposes and reasons for the approach.
Next, allow, require independent inspections. Consider the value of positive validation of your technology from someone not directly involved in the process.
Test, test, test. Inadequate testing of software is irresponsible, especially given the purpose behind an app assigned to a voting process. Proper, rigorous testing will reveal deficiencies and allow for mitigation efforts – hoping for success and accepting likely failures as part of the process is disingenuous.
Lastly, provide adequate resources for success. Technical support resources should be highly available. Planned contingency efforts are a must. And, without a doubt, realistic time for all of the above is mandatory. Reports suggest that the Iowa Democratic app process was executed within two months. That is a tight timeline.
Conspiracy theories are running wild in the aftermath of the caucus. Russians are a favorite, the app developer, Shadow, Inc. has been beaten up – but, in reality, the explanation is far simpler.
Rushed software and unrealistic expectations gave way to an unfortunate experience.
The bottom-line? Technology development should take into account the intended use for the enhancement and develop accordingly. For voting technology, the technology must be accurate and open.
Trust in our election processes is essential. Failed technology is always disappointing, but, in this case, the failure eroded confidence in existing voter technologies and brings their design into question.
Fabella Security 
You must be logged in to post a comment.