Officials are trying to persuade students to care about protecting their personal information with new information sessions.
The newly launched Office for Ethics, Compliance and Data Security will begin hosting “Privacy @ GW lunch-n-learn sessions” this spring, where students, faculty and staff can learn strategies to protect their personal information online. Data security experts said the sessions could help the GW community become more aware of digital scams and develop tactics to prevent University servers from getting hacked.
Dorinda Tucker, the assistant vice president for ethics, compliance and risk and a data privacy officer, said the first session will take place in March, and future events will be “scheduled periodically” over the year. She said the sessions will help students, faculty and staff understand basic principles of privacy and direct them to the virtual resources the University offers to help individuals keep their information secure.
“The lunch-n-learn setting is a way to provide a 45-minute, less formal training that may be more accessible to people’s schedules, while at the same time raising the level of awareness of the topic,” she said in an email.
She said the sessions will be open for anyone to attend, but she declined to say if there was an attendance cap. The lunches will be advertised through email and other venues “as appropriate,” Tucker said.
“Protecting personal information is a shared responsibility at GW,” Tucker said in an InfoMail announcing the lunches last week. “We must all do our part to protect this information, which is any information relating to an identified or identifiable person, and includes names, email addresses, mailing addresses, phone numbers and social security numbers.”
GW implemented two-factor authentication last year to protect students from having their emails hacked. Students received at least two emails from the Division of Information Technology warning them against phishing scams last semester.
Information security officers at other universities said getting students to take data security seriously is challenging because they often are not interested in the topic, but promoting education about common phishing scams and other threats can help avoid digital calamities.
Tom Davis, the associate vice president for information security at Indiana University, said his university hosts mandatory training for new faculty and staff on protecting personal information from phishing scams and keeping social media accounts secure.
He said students typically do not understand much about protecting their information online because they have never had to do it before. In-person sessions offer students a chance to ask questions and are often more engaging than emails, he said.
“Whenever you can, we love doing in-person training sessions,” Davis said. “People sit and think about it a little more.”
He added that dozens of people are put at risk when account information linked to a university falls into the wrong hands. If hackers break into university accounts, they will gain access to all of the data on the account, including email addresses and personal information about anyone who has interacted with the hacked person.
“These are the types of things we don’t realize – that my login is valuable,” Davis said.
Oscar Knight, a policy and compliance officer in the Office of Information Security at Appalachian State University, said the people who are most interested in learning about scams and protective techniques are those who have already been impacted by scams and want to learn how to avoid them in the future.
But he said people who have already been the victim of online scams are not universities’ target audience. He said information training sessions fight apathy – the biggest barrier to protecting personal information.
“There are pockets of people that are never going to get engaged with whatever programs are going on on campus,” he said. “It’s very difficult to get the word out.”