As mobile learning and remote teaching increase in popularity, so do concerns regarding personal safety and privacy. As you pilot mobile projects in your classes, are you considering how those projects impact both privacy and security?
During a recent webcast, Academic Impressions conversed with mobile learning veterans Stephen Baldridge, assistant professor and baccalaureate program director at Abilene Christian University, and Dale Pike, director of academic technologies at Boise State University. We polled the webcast participants to learn what they regarded as the greatest threats to the privacy and security of users of mobile devices at their institution. The options included device settings/glitches, end user license agreements, and malicious hacking, but nearly all participants selected users' "personal habits" as the #1 threat.
"You can have all the security in the world," Baldridge cautions, "but this doesn't take into account students who are unaware of or decide to disregard security precautions in using their devices, exposing their own data."
- According to the Ponemon Institute and Symantec June 2013 study "Cost of a Data Breach: Global Analysis," human error accounts for at least one third of all data breaches.
- 79% of data breach victims are "targets of opportunity," and 96% of attacks are rated "not highly difficult" to achieve.
In other words, mobile users often engage in behaviors that make it easy for their data to be compromised. Accordingly, it's possible that a little user education can go a long way.
HANDBOOK: SAFETY AND PRIVACY ISSUES IN MOBILE LEARNING
Order a recording of our recent webcast Mobile Learning: Safety and Privacy Considerations, and also receive with your order an electronic copy of our 20-page resource book titled Safety and Privacy Issues in Mobile Learning, which includes:
- Suggested syllabus wording
- A mobile device program agreement
- A policy on the responsible use of information and technology resources
- General information about FERPA
We asked Baldridge and Pike to identify specific risks that educators should be aware of -- especially relatively new risks. They noted 5 in particular.
Malicious QR Codes
QR (or Quick Response) codes are images that can be scanned by a mobile device in order to direct the device to a website. "It's a quick way to shortcut the entry of a really long URL to get to the content you need," Pike notes. "However, increasingly, there are QR codes that can take you to a malicious site and even run a script that could compromise your mobile device.
"Now, this doesn't mean that you don't use QR codes, but it does mean you and your students need to have discretion about the types of links you trust, and you don't blindly scan QR codes just because they're there."
The mobile version of phishing has been dubbed "SMiShing" (because Short Message Service (SMS) is the protocol behind text messaging). Dale Pike warns that there has been "just an explosion of phishing" in which scammers send text messages that appear to come from a trustworthy organization and that request the mobile user's password.
The reason this is a problem? Pike explains, "Statistics have shown that mobile users are 3 times more likely than desktop users to submit their login information in response to phishing scams. Mobile users are more trusting in a text messaging environment than they would be with their email."
Premium SMS Fraud
This is a variant of phishing, in which a user is invited to respond to a scam text message in the same way that they would respond to the Red Cross. "Only it's not the Red Cross that you're donating to," Pike notes.
"Jailbreaking" or "rooting" is a practice in which a user disables restrictions on their mobile device in order to increase their control and their ability to customize the features on the device. "But if this is done, it had better be done with eyes wide open," Pike warns. "A jailbroken or rooted phone is much more vulnerable in an open network than a device that contains the most recent software updates and restrictions on it."
A lost and unprotected mobile device can offer a gateway to many kinds of personal information.
Learn more about what educators can do to limit risk and liability in our recorded webcast Mobile Learning: Safety and Privacy Considerations and our 20-page resource book Safety and Privacy Issues in Mobile Learning (included with the webcast).