An Education for a Cyber Safe Life Posted on Thursday 29 September 2022 An Education for a Cyber Safe Life The Internet is arguably the most disruptive technology ever. The planet has billions of Internet users. In Australia the vast majority of people are online – adult and child alike. In fact, there are more mobile device subscriptions in Australia than there are people(1). We shop online, we are entertained online, we work online, we date online, we order food online, and we learn online. Nearly everything we do has been affected by the Internet. And the lockdowns associated with COVID-19 have only served to increase this already profound disruption. Sadly, when billions of people are online there are also going to be bad people online. A recent report titled ‘Targeting Scams’ by the Australian Competition and Consumer Commission (ACCC) explained that scams cost Australians over $2 billion dollars in 2021(2). And frighteningly, that amount is expected to double in 2022! By far the most frequently complained about scams in 2021 were phishing and identity theft scams. And unfortunately, scammers continue to become more sophisticated. As such it is vital for us all, students included, to improve our skills in detecting digital scams. One of the top scams is the sending of phishing emails. Phishing is a type of social engineering where an attacker sends a fake message designed to trick a person into revealing sensitive information like passwords. As these are so common, and in an endeavour to continue to prepare our students for their future, we have started sending phishing test emails to all year 8 to 12 students as part of our cyber security education and awareness programs. The first phishing test email to students this year looked like the TikTok email in the image featured above. As staff at St Leonard’s College are also sent periodic phishing test emails, it is interesting to compare the results of the most recent staff versus student tests … In the above test, 20% of students tested clicked the link, or ‘fell for’ the phishing test. While this may sound like a lot, in a 2021 “Gone Phishing” global phishing test campaign which was run at a corporate level, 19.8% of recipients clicked the test link. So, our year 8 to 12 students are already doing about as well (or poorly) as the adult population. However, St Leonard’s College staff receive phishing tests quite regularly, and in their last test only 4.5% of staff clicked the test phishing link. Perhaps showing the benefit of lots of practise. Of course, this new phishing test initiative is but one educational tool amidst the myriad of cyber security educational opportunities our students are exposed to. Students in the Junior School explore online safety, not responding or being in contact with unknown people online, as well as looking at digital footprints and safeguarding personal data when studying digital citizenship. Students in years 5 and 6 explore the eSafety Commission Toolkit, respectful relationships and communication online, and safe use of social media and the laws surrounding this. Our year 7 family technology evening is always well received as families work together to navigate the online world. Senior School students also continue to explore the complexities of social media and cyber safety, including their legal responsibilities when turning 18. Each year we also bring in experts in the field of cyber safety to run sessions. And this year Sonia Karras presented to students in Middle and Senior School and subsequently their parents about personal safety for teenagers including online safety. Sonia’s key messages were to always lock down privacy settings as much as possible in social media apps, especially around location services. And do not over-share your information. Of course, underpinning her advice was the vital message to keep the lines of communication open with developing teenagers. They must know that they can come to their parents and teachers for help in any situation. Clearly our cyber safety education is vast, and so it should be… When providing ‘An Education for Life’ we must continue to provide an education for a Cyber Safe Life! PS. As scammers continue to become more sophisticated, it would be remiss of me not to remind us ALL to be on the lookout for phishing emails and not respond to them. Beware of Phishing Email (and Call and Message) Warning Signs Be vigilant if an unexpected email: – comes from an email address you are not familiar with – invites you to click on a link or button within the message – addresses you in a familiar tone or generic manner – asks for personal or financial information – urges you to take action, such as changing your password – informs you that you have won something Always remember: – Never open or download phishing email attachments – Check where a link will take you by hovering your cursor over it or touching and holding the link (and having link previews off) on iPhones and iPads! – Never click or tap on suspicious links or buttons in such messages Tim Barlow Director of Technology Innovation References 1. Roser, M., Ritchie, H. and Ortiz-Ospina, E., 2022. Internet. [online] Our World in Data. Available at: <https://ourworldindata.org/internet> 2. Targeting scams. [online] Available at: <https://www.accc.gov.au/system/files/Targeting%20scams%20-%20report%20of%20the%20ACCC%20on%20scams%20activity%202021.pdf> The above article was first published in our September 2022 Network magazine.