Blog Post
Why we need better data security education in schools
A middle schooler in Florida has been charged with offense against a computer system and unauthorized access (a felony charge).
What the middle schooler did sounds akin to a hacker infiltrating his school’s extremely secure network by executing a high-level brute force attack. Following that, he conducted an ideologically driven cyberattack designed to inflict trauma on his victim.
However, in reality, the kid used a weak system password to log on to a teacher’s computer. He then changed its desktop background to an image of two men kissing. He reportedly did so because he wanted to annoy the teacher, whom he didn’t like.
School of hard knocks
This story sparked a huge internet-wide debate over the weekend. One Reddit thread hit almost 2,000 comments, with users discussing the apparent disproportion of the charge against the crime committed.
While the computers he accessed had sensitive data like FCAT exam questions stored on it, he didn’t view or tamper with those files.
What seems to irk most people is this statement made by the town’s sheriff: "Even though some might say this is just a teenage prank, who knows what this teenager might have done."
Based on that logic, shouldn't every single one of us be behind bars? It's absurd to even imagine arresting people based on the potential of what they could do, when they haven't actually done anything.
But let’s forget about who’s right and wrong for a second and look at this story from a data security perspective.
Protecting sensitive data is the responsibility of any organization, regardless of whether you’re a bank, a retailer, or even a school.
There were huge security flaws in Paul R. Smith Middle School’s network.
For starters, the teacher used last name as a password.
Secondly, according to the report, many students had previously gained access into the school computer systems using the same password, and the faculty members were aware of the flaw. Yet, even after multiple breaches, the passwords were not changed.
Given the amount of sensitive data in the school’s network, if a real hacker had wanted to do some real damage, the school would have been in some serious trouble.
A nationwide problem
It’s quite certain that Paul R. Smith Middle School is not the only school in America with shoddy data security practices. Going even further, it’s not a stretch to say that many organizations still have gaping vulnerabilities in their systems.
Fundamentally, it was the middle school’s job to secure their systems. Ironically, it was also their job to educate their students on the importance of data security, such as what constitutes unauthorized access.
What the student did was of course incorrect, but in all likelihood he did not understand the gravity of the situation. And given how he was merely slapped on the wrist for previous infractions, neither did any of school’s regular faculty (he was reported by a substitute teacher).
And it’s not just them, either- there is an epidemic of obliviousness to the threat of data breaches all across the world.
Learning is fun
This is why data security education is so important. There is no point setting up a million-dollar security system if an employee who doesn’t know any better lets hackers in through the front door.
Technology is growing at a rapid pace, and we’re getting more interconnected by the minute. However, unless we learn to deal with the responsibility that comes along with all of the power, we’re going to find ourselves charging more 14 year-olds with felonies.