Lesson 7: Security Risks Part 2
Overview
The lesson begins with a review of security risks by watching a video on Cybersecurity & Crime. Following this, the class does an investigation into the Equifax breach, and what went wrong. The class ends with a Kahoot quiz to review security risks.
Purpose
How was Equifax hacked? Why should students care about this? What can we do to protect data in the future? These questions are the focus of this lesson as students consider the reality of security risks that led to millions of people having their private information hacked.
Agenda
Lesson Modifications
Warm Up (5 mins)
Activity (35 mins)
Wrap Up (5 mins)
View on Code Studio
Objectives
Students will be able to:
- Confidently explain security risks and their impact on society
- Describe the role human error played in the Equifax breach
Preparation
- Listen to the podcast segments and practice starting and stopping at the marked places
- Get the Kahoot quiz set up and ready to go for the Wrap Up
Links
Heads Up! Please make a copy of any documents you plan to share with students.
For the Teachers
- CSP Unit 10 - Cybersecurity and Global Impacts - Presentation
For the Students
- Planet Money: Bad Credit Bureau - Podcast
- CSP U10L07 - Optional Podcast Transcripts - Activity Guide
- Equifax Data Breach: What Went Wrong - Podcast
- The Internet: Cybersecurity and Crime - Video (download)
Teaching Guide
Lesson Modifications
Attention, teachers! If you are teaching virtually or in a socially-distanced classroom, please read the full lesson plan below, then click here to access the modifications.
Warm Up (5 mins)
Remarks
Yesterday we investigated a few security risks. Let's watch a video together to review some of those security risks.
Video: The Internet: Cybersecurity & Crime
Activity (35 mins)
Remarks
When we think about security, we often think about mistakes that we personally have made - like clicking on a link in a text message from someone we don't know. But what about companies? Security is a major concern for companies, and sometimes human errors can have massive consequences.
Today we are going to take a look at the credit reporting bureau Equifax. In 2017, Equifax was hacked and the private information of around 145 million people was comprimised. But what is Equifax and what data was stolen?
We are going to listen to two segments of two different podcasts. In the first, we will hear the history of credit bureaus leading up to Equifax. In the second, we will hear how Equifax was hacked.
Teaching Tip
Transcripts are provided in the Activity Guide for this lesson. You may want to have students follow along as they listen.
In this lesson, we only scratch the surface of the Equifax breach. You may want to listen further to the podcasts yourself, to be more informed of the issues. For example, after the breach was found and reported, Equifax tried to direct users to their own website to check if they had been affected. However, they ended up linking to a fake website!
If students don't understand how this applies to their own lives, you can make connections to their ability to buy a car in the future, or get a loan for an apartment.
Do This: Click the audio symbol to play the podcast. Stop the podcast at 13:30.
Do This: Click the audio symbol to play the podcast. Start the podcast at 6:05 and end at 11:13. Note: There is a swear word that occurs around a minute after we are stopping the podcast, so please make sure to stop early.
Discussion Goal
Prompt #1: Equifax stores information on everyone who has a credit score. This information includes private data like social security numbers and whether or not you pay your bills on time. This information is often used when consumers want to make purchases and determines whether or not they are eligible and how high interest rates will be for loans. This can affect your family's ability to buy a house or a car.
Prompt #2: Benefits: companies are able to use data to make decisions when deciding who to lend money to or how much a person can be trusted to pay back a loan. With this system, we can purchase large items on loan like cars or houses, which would be out of reach for many people if they had to pay outright. Harms: Decisions made are not always fair or equitable. In addition, sometimes information is incorrect and difficult to get changed. A lot of trust is put in a small number of companies who are making a profit making these decisions.
Prompt #3: Data that Equifax stores can be hacked and distributed for malicious purposes. With the personal information that Equifax stores, hackers can commit identity theft and make purchases, drain bank accounts, or ruin people's financial history.
Prompt: What information does Equifax store? Why should I care?
Prompt: As a computing innovation what are the benefits of Equifax? What are the potential harms?
Prompt: What are the security risks?
Remarks
Equifax was a real-world system which was compromised by a software error and a human error. In this case, the software update would have prevented the hack.
One of the issue brought up with the Equifax Breach is that private data was stored, but there were no terms of service that users signed allowing that data to be collected. Equifax's customers are businesses who want to use that data to make decisions about people. Private citizens' data was and is constantly being collected - and potentially hacked. To summarize, Equifax sells information about private data that individual consumers did not sign terms of service to allow.
Teaching Tip
This discussion is open ended. There is no right or wrong answer here - prompt student be thoughtful in the types of change they would like to see in how companies like Equifax are regulated.
Discuss: What rules or regulations would you recommend be put in place to control how data is collected and shared? What role (if any) should the government play?
Remarks
As a citizen, you have the power to bring about change. As more and more private information is knowingly or unknowingly collected and security risks continue to be a factor it's important to think about protecting what's ours and speaking to those who are in authority to strengthen protections. And someday, you yourself may be the person making these decisions and putting new laws in place!
Wrap Up (5 mins)
Do This: Run a quick Kahoot quiz to review Security Risks.
Assessment: Check For Understanding
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
Question: How does human error relate to security risks?
Standards Alignment
View full course alignment
CSTA K-12 Computer Science Standards (2017)
NI - Networks & the Internet
- 3A-NI-05 - Give examples to illustrate how sensitive data can be affected by malware and other attacks.
CSP2021
IOC-2 - The use of computing innovations may involve risks to your personal safety and identity
IOC-2.B - Explain how computing resources can be protected and can be misused.
- IOC-2.B.7 - Computer virus and malware scanning software can help protect a computing system against infection.
- IOC-2.B.8 - A computer virus is a malicious program that can copy itself and gain access to a computer in an unauthorized way. Computer viruses often attach themselves to legitimate programs and start running independently on a computer.
IOC-2.C - Explain how unauthorized access to computing resources is gained.
- IOC-2.C.5 - A malicious link can be disguised on a web page or in an email message.
- IOC-2.C.6 - Unsolicited emails, attachments, links, and forms in emails can be used to compromise the security of a computing system. These can come from unknown senders or from known senders whose security has been compromised.