Group Members: Vitalii Nasikovskyi, Jasleen Kaur, David Ribeiro, May Khin, Sara Valnes, Lavina Tamang
(Click on the image, above, to move through the slides.)
In today’s fast-paced digital world, technology changes so quickly that it’s hard to keep up with everything. Threats like identity theft, phishing and data breaches are becoming more common among students. Tools like AI made it even easier by creating incredibly realistic scams. The biggest question is how can students protect their personal info and online presence?
The problem starts with common habits. Students often use weak passwords, skip two-factor authentication or even fall for fake “urgent” emails about tuition payments. Also, there is a social media aspect, when posting diplomas, sharing vacation locations, or bragging about internships gives hackers goldmines of info for social engineering attacks. New students are especially at risk, since they’re still learning to spot red flags.
Many people don’t know that an email appearing to be from their bank or credit card issuer could actually be a phishing attempt, and even fewer realize that merely going to an unknown web site could result in a “drive-by download” of malware. As Friedman and Hoffman (2008) discuss, different devices face numerous security threats, including phishing and malware attacks, which exploit users’ lack of awareness and vigilance. Building on this, study by Goel, Williams, and Dincelli (2017) investigates human vulnerability to phishing attacks by conducting an experiment, examining how factors like message framing, contextualization, and individual motives influence users’ likelihood of falling for phishing emails. “A total of 7,225 phishing emails were sent to students and registered as received. Records showed that 1,975 students opened the email that they received, resulting in an “open” rate of 27.3 percent. Further, 964 students clicked on the link embedded in the phishing message, resulting in a “click” rate of 13.3 percent. Thus, over a quarter of those students who received a phishing message opened it, and nearly a half (48.8 percent) of those who opened the email went further and clicked on the link embedded in the phishing message (Goel et al., 2017).”
The solution criteria for the Small Wins group project is that it must be the achievement of a goal or task consistent with the definition of a group from our text. That is, the project includes three or more persons interacting who both influence and are influenced by one another (Rothwell, 2019, p. 24). The Small Wins project must include a community service component, with our group determining what is both our “community” and who is being “served.” However, the project must have an actionable activity that is conducted by all the members.
Further, the project must be accomplished within the provided timeline of four weeks, along with required documentation and support as described in the assignment.
The main idea is to convey simple tips, suggestions, and practices that will help students build habits of being secure and not fall victim to online threats, scams, or malicious intruders. To achieve this, we brainstormed a variety of possible solutions from social media posts to security awareness events, where we could explain everything in detail and answer all possible questions. After creating some focused chaos, we organized all ideas by difficulty and time required. With this in mind, our goal was to develop a solution that could work autonomously, 24/7, even after the quarter ends and the groups are disbanded, so the project can continue to live on.
The best solution, selected by voting and satisfying all our requirements, was designing flyers, posters, and pamphlets and distributing them across the campus. We can place them on information boards, leave them in classrooms, or even hand them directly to students while answering questions and offering advice along the way. We agreed to create small pamphlets that include QR codes linking to popular services, such as NordPass to quickly check password strength (nordpass.com/secure-password) or Pwned to find out if any information tied to their email has been leaked (haveibeenpwned.com). This approach aligns with idea of constant reminders, as students can see our work while walking to class or share a pamphlet with a friend.
After researching what information to include, such as the most common threats and protection against them, we started the design and creation process. After two weeks of hard work, we completed functional prototypes. The next step was selecting a date and executing the sharing day. On March 4th, all group members met on campus and began interacting with everyone we saw, whether they were walking by or sitting in study areas. We distributed tasks among the members so everyone could take on some responsibility. More than 30 flyers and 30 pamphlets were successfully delivered to either students or information boards.
After our sharing day, placing flyers, distributing pamphlets to students, and having a lot of valuable conversations, we reflected on our efforts and felt confident that our work was not in vain, as many of those we spoke to were either surprised or immediately said that they would change their password right away. This became a clear indicator that we were making an impact! Maybe these are just small changes, but we are confident that by taking consistent steps and achieving small wins, we can create a meaningful difference.
Friedman, J., & Hoffman, D. V. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7(1/2), 159-180.
Goel, S., Williams, K., & Dincelli, E. (2017). Got phished? Internet security and human vulnerability. Journal of Association for Information Systems, 18(1), 22-44.
Rothwell, J.D. (2019). In mixed company: Communicating in small groups and teams (10th ed.). Oxford University Press.