The internet is an ever-expanding entity in its breadth and depth, made complex by the rapid ascension of artificial intelligence and personal data collection. Despite using this technology constantly, students often joke about their lack of understanding of online security. It turns out that students may not even realize what aspects of the internet pose the most security risks.
For example, a common topic of conversation centers around the concept of whether or not to accept digital cookies.
“I don’t know what they are but I would rather just accept them anyway because I don’t want to be inconvenienced. When I don’t accept cookies they continue to pop up until I give in,” said senior Caroline Didden.
However, cookies are probably not a major concern for most students. Digital cookies, also known as HTTP cookies, are small text files that store information in the form of data. Sites utilize cookies to collect information on a user’s preferences and identity to improve their online experience. E-commerce sites in particular rely on cookies to understand the tendencies of their customers based on what they purchase along with the reasoning behind those purchases.
The option to accept digital cookies came into existence after the establishment of strict data privacy legislation (California Consumer Privacy Act, General Data Protection Regulation) designed to put online control back in the hands of the user. By asking you to accept cookies, sites give you the choice to decide whether your data is collected and how it is used. Allowing cookies to install on your browser grants the site permission to record your actions as you browse.
When a site’s cookies aren’t accepted it becomes a little more inconvenient for the user in terms of saved information. For example, if you were to add items to your cart and then leave a site, that information would not be saved the next time you return.
Though internet cookies are something to be aware of, they’re not necessarily a concern for Hackley’s technology department, which is tasked with mitigating online risks that threaten the school network.
“We are asked to be concerned about certain content, so our overall firewalls have deeper restrictions than most people have at home. So we’re restricting things like gambling, adult content, and those types of things, so you would be outright blocked from getting to those types of sites,” said Jed Dioguardi, Director of Information Technology.
Hackley’s network is mainly broken down into two channels of information funneled back and forth. Mr. Dioguardi stated, “There’s how our network operates internally and there’s how our network connects out to the internet.”
Similarly, cybersecurity at Hackley comprises two risks that the technology department monitors and works to prevent at all times. “The first concern is threats coming from outside our school network. Typically what we do is block not just content, but also ways in which the outside internet can connect to our network. Basically, traffic coming in should only be traffic that we’re asking for,” said Mr. Dioguardi.
“Internally we’re concerned about how people connect out to potentially dangerous external sites. Our web filter also actively blocks certain addresses that are known to be malicious. Those sites have malicious software that can be brought down to your computer and make a connection by leveraging how your computer connects out to the internet and brings in malware. The most common way that happens, because our network is so locked down, is through phishing.”
Phishing is a fraudulent practice that targets online users with emails that appear to be from a well-known corporation or figure (an internet service provider, a bank, a mortgage company, or a Hackley administrator). The phisher leverages their fake identity to ask the recipient of the email for personal identification; more specifically when it comes to Hackley, a user’s password.
The phisher uses the information to open new accounts or invade the user’s existing accounts. Though phishing can be dangerous and Hackley’s technology department actively works to prevent incidents within the community, there are several methods of effectively recognizing, avoiding, and reporting scams.
Potential signs of email scams include generic greetings, emails stating that your account is on hold because of a billing problem, or emails inviting you to click on a link to update your payment details. While legitimate companies might communicate with you via email, they won’t email with a link to update payment information.
In addition to learning how to recognize phishing scams, there are also preventative measures you can take to protect yourself and your inbox. By backing up the data on your computer to an external hard drive or in the cloud, you can effectively protect it from being lost to scams. Other measures of protection include account protection by using multi-factor authentication and security software. When software is set to update automatically, it will deal with any new security threats.
“Potentially clicking on some of the notifications that pop up on your computer or inadvertently going to the wrong website, could cause trouble. However, our biggest concern is phishing because your password can be collected and your personal information on your account can be accessed,” said Mr. Dioguardi.
While digital cookies have their risks and potential inconveniences, phishing poses far more of a threat to Hackley’s overall cybersecurity and should prompt vigilance throughout the community.