Lesson video
In progress...Loading...
Hello, and welcome to Lesson 1 of Cybersecurity.
Now, I've got a question for you.
Have you ever stopped to think about what data companies collect about you? For example, what you've bought, what movies you've watched, what music you've listened to, maybe even what credentials you've logged into your account with.
But why the companies collect this data? Well, it's because it's valuable to them, and that's what captures the interest of cybercriminals.
So in this unit, we're going to go on an eye-opening journey about what techniques are used by cybercriminals to steal data, disrupt and infiltrate networks.
We'll also look at what laws are in place to deter those cyber criminals, and most importantly, what we can do to protect our data.
So I'm Ben, and this unit's going to be all about you and your data, so all you'll need is your computer, you'll need a web browser, and other than that, if you can clear away any distractions that you might have, turn off your mobile phone, and when you're ready, let's get started.
Okay, so in this lesson, we're going to be able to explain and look at the differences between data and information.
We're going to be able to critique online services in relation to data privacy.
We're going to be able to identify what happens to data once it's entered online, and finally, we're going to explore the Data Protection Act and understand why we need it.
But first of all, I wanted to show you this website.
I think it's really interesting.
So what we're looking at here is a threat map or a visualisation of all the different cyberattacks taking place globally right now, at the time of which I'm recording this.
So I'd like you to take a moment just to look at this visualisation and maybe just digest and understand the scale of, globally, of cyberattacks.
So hopefully by looking at this, we're getting an understanding of how important cybersecurity is, because attacks are taking place globally right now.
Okay, so I'm going to head over back over to the slides now, and I've got a question for you.
Okay, so my question is, what are the motives behind these cyberattacks? What might some of these attacks be trying to steal or gain access to? Well, the very simple answer is data.
All of these attacks are trying to get access to data.
So I thought a really good starting place for this lesson would be to look up the difference between data and information.
So you might have heard of the terms data and information before.
So data is raw facts and figures, whereas information is created when that data has been processed and becomes meaningful.
So let's look at some examples of that.
So here on the left-hand side, we can see this is all data.
Now, John: 28, Claire: 49, Jade: 40, Ahmed: 45, and Chloe: 38.
Now, we as human beings might try and determine some kind of meaning out of this, but we can't be sure unless we're told, so for example, can you kind of guess what these numbers might be in relation to the words on the left-hand side? Well, these words you can guess are names, and the numbers, you might have guessed maybe that they're, maybe John's age is 28.
Well, actually the answer is these are all scores from a test where the pass mark was 35.
Now, because we've given it that context, we can now process this and give it some meaning, and we can actually do something with that data.
So the context is that it's scores from a test, and we can process this by saying the pass mark was 35, so after we process this, we can find out that John didn't pass the test, so maybe John needs to resit the test, and the average score was 40.
That might be useful for maybe a teacher to work out whether or not that was a good score, whether or not there's things that the students missed out on.
Okay? So that's the difference between data and information.
So let's look at it now in different contexts.
Now, so why is customer data valuable to businesses? So imagine that you own a business that sells products online, okay? And you've got a customer that bought a tent, some dog toys, and a fitness tracker.
Now this at the moment is just data, but this data can be used to help build a profile of this customer, and therefore convert the data into information.
So put these, put all these purchases together, we can process it and form what you call a profile of our customer.
So that's maybe gaining some information about the customer more broadly than what they've bought.
So that's going to be our task straightaway.
So what assumptions can you reasonably make about this customer? That the fact they bought a tent, some dog toys, and fitness tracker? Probably already in your head, you're probably learning something a little bit about this customer already.
Okay, so what I'd like to do is pause the video.
I'd like to go over to Task 1, where I'd like to write down those assumptions, and maybe put yourselves in the shoes of that organisation and think what products would you recommend, what other products would you recommend to the customer? Okay? So head over to the worksheet, complete Task 1, and I'll be here when you get back.
Okay.
So how did you get on with that activity? Now, hopefully you're starting to get a sense of what these companies do with your data.
You're providing data to these companies by maybe the purchases that you make, and what they can do with is form a profile, and they're using that clearly to learn something about you.
So maybe they can improve the user experience or maybe recommend some products to you.
Now, another obvious example of a company or organisations that we are regularly submitting our data to freely are social media companies.
So what I'd like to do is to head over again to your worksheet and complete a mind map first to explore this a little bit more, and really think about what data are we giving to social media companies, to allow them to form that profile about us.
Okay? So for example, we've got personal information about you.
So the data collected by social media companies, the personal information might be name and date of birth.
That might be something we can add to that section there.
Okay? But also think about maybe other content that you provide to them, such as user behaviour.
So what are you doing whilst you're using their platform? Okay? Maybe what data you have on others that they're collecting, maybe content, other content that you're providing them with, okay? So head over to your Task 2 worksheet, your worksheet, sorry, and go to Task 2.
Complete the mind map template, and again, when you've done that, come back and we'll continue with the lesson.
Okay, so how did you get on with that activity? So what I've got, is I've got some example answers.
Now, it doesn't matter if you haven't got the exact same ones as me.
It may well be that you've got more than me.
So I've got some examples, but don't worry about it, because the chances are if you've got more, then they're probably correct as well.
Okay? So we talked about personal information.
Personal information might be name, date of birth.
Did you get any other, do you submit any other data to social media companies, such as your gender? Content, what images you upload, maybe what status updates you've put on, maybe what emojis you've used.
Does that maybe tell the social media company something about you? User behaviour, what pages you visited, what groups you're a member of, what you've liked, what kind of posts you've liked, and what kind of messages other people have put on that you've liked? What other images have you liked? And then data you have on others, such as names of your friends and their numbers.
So again, if you think about when you signed up for social media companies, did it come up with a message saying we need to access your contacts? And if you selected yes, then that's the social media companies are collecting data on your friends and their mobile phone numbers, too.
So the question is, how do you think social media companies make money if they're free to use, and what are they doing with your data? So if you can pause this video, and just process that question for a second, and if there's somebody available for you to talk the answer through at home, then please ask them as well, okay? And then unpause when you think you have an answer.
Well, hopefully you've thought about the fact that the answer is they're forming a profile about you, just like the company did where we looked at the shopping basket.
They're forming a profile.
Now, that company might be forming that profile so they can recommend other products to you, so maybe they can encourage you to spend more money at their store.
However, social media companies are free, and they're not trying to sell you something.
So the question is, why are they free? What are they doing with that profile information? Well, I think a very important lesson for us to learn about social media companies is that you are the product.
When you create an account for a social media company, they're collecting data about you so that they can pass it on and sell it.
Now, this might not be for malicious purposes.
It might be to marketing companies, to companies, so they can take your data and advertise their products, to make sure they're targeted at the right people, okay? So what I'd like to do is really look at what these companies are doing with your data, so that you can be informed about what information that you're giving them, or what data you're giving them, sorry, okay? So I'd like you to pick two companies on the right-hand side, which you might want to research.
They might be social media companies that you've got an account with, okay? So what I'd like to do is spend five minutes researching each one of the two and answer the question, what data do these companies collect about their users? Okay? And if you find anything out that's interesting, that maybe you didn't already have on your mind map for Task 2, then go back to your mind map for Task 2, and add them in, maybe in a different colour to highlight what you found out.
Okay? Now, I'd like to head back over to your worksheet.
Now, what's really important is that you've asked your parent or carer for permission before attempting this task.
Please ask them for permission to go and visit those privacy policies for those companies.
Okay? Because Oak National Academy are not responsible for any third party content, okay? So pause the video, head over if you're able to, then go and look at the security policies, and then unpause the video when you've done that.
Okay, so how did you get on with that activity? Did you find out any more categories of data that you hadn't thought about and surprised you that they're collecting? Now, right at the beginning of this lesson, we looked at, we talked about the fact that actually, these companies collect the data and it's valuable to them, and because it's valuable to them, it's also valuable to cybercriminals.
So I've got another question for you to think about.
Now we've thought about what data these companies collect about you, what would happen or what would be the consequences if cybercriminals successfully stole data from these companies? So who would suffer, and in what way? So pause the video and then think about that again, and unpause when you've got an answer.
Well, the answer here is that we would suffer.
If we've got an account with any one of these companies that are storing our data in good faith, and it doesn't necessarily have to be a social media company.
It might be somewhere that we purchase things online.
The cybercriminal stealing that data then gives them access to maybe our purchases, maybe the things that we've liked and things we haven't liked, maybe the things that are directly dangerous, for example, our bank details that might be stored online.
So the consequences are great, because these cybercriminals might also create a profile about you, and with that profile, think about the things they could do.
Maybe they could perform some kind of identity theft, pretend to be from a company that you are aware of and maybe phone you up and pretend to be that company.
Okay? So all of that becomes a bit dangerous.
Now, when we submit data to organisations, it's really important that we have trust in these organisations that they keep our data as secure as they possibly can.
Now, luckily, there's a law in place in the UK that is called the Data Protection Act of 2018, and that's there to protect you and make sure that companies are using your data responsibly.
So the Data Protection Act is there so that all organisations and people using and storing personal data must abide by the following principles.
So we're going to go through those now.
So the data must be used fairly, openly, and in accordance with the law.
They must only be used for a specific or stated reason, which means that when they're collecting it, they're being open and honest with you about what data they're collecting, and also they're only using it for the reason that they're saying they're going to use it for.
So hopefully you'll see them from the privacy policies that you can see, they are collecting the data, and with the privacy policy, they're being open and honest with you about what data they're collecting and what they're going to use it for.
So it must only be used in that way, too.
So it may only be used in a way that is necessary and sufficient for the purpose of which it was collected.
So once you've stated that you can only use it for that way, you're only collecting that data, and you're using it for the purpose that you stated you would do.
The data must be kept accurate and up-to-date, and it's the responsibility of the organisations to try and keep your data as up-to-date as possible.
Must only be kept for as long as it is needed for.
So for example, if you were to quit these companies or delete your account, then it's their responsibility to make sure they don't hold this data anymore, unless they've got a really good reason why they do need it.
For example, it may well be the companies hold your data for 30 days after you close your account because you might change your mind and come back.
And most importantly is they must protect against loss of damage and unauthorised access.
So that's a key one there for me, that it's their responsibility to make sure that they keep your data safe and secure, okay? So you are what you call a data subject.
So if you, if a company has your data, then you are the data subject to that company, and as the data subject, you have rights to find out what information the government and other organisations store about you, so these are your rights as well.
So any organisation that has your data, you have these rights, okay? You have the right to find out about how your data is being used by an organisation.
You have a right to access the data that the organisation has about you.
So you can request that data, if you wish.
You can request that that data is updated.
So if you think maybe they have out-of-date information about you, you can request that that is updated.
You can also request for your data to be deleted.
Now, that might have consequences with it.
For example, you can go to your social media company and demand that that data is deleted.
However, that means you also have to lose your account as well.
You can also stop the data, the organisation from processing your data in any way, so you have the rights for that, but you also have the right to transfer your data to a different organisation as well.
So if you want your exact data, maybe if you're moving bank accounts, for example, you can request that data is ported to a different organisation to save you having to give the same information again.
Now, interestingly, with things that are coming around in technology, such as artificial intelligence, you also have the right for your data not to be used for automated decision-making processes, as in without a human involvement.
So organisations might use your data and process it and form these profiles or make decisions based on some algorithm that they have, based on an artificial intelligence system.
You have the right to make sure that any decision made is made by a human.
And you also have some rights about how they use your data for profiling as well.
Okay, so that's the end of this lesson.
What I'd like you to do is there's an end-of-lesson quiz for you to do, which will test you on some of the things that we've learnt in this lesson, and also some of the things about the Data Protection Act that we've just learnt about.
Okay? So I really hope you enjoyed that lesson and we really hope that you share some of the work that you've done with this, maybe the mind map, or maybe something that you learnt about your social media company that you found surprising or concerning.
And if you'd like to do that, please ask your parent or carer to share your work on Instagram, Facebook, or Twitter, tagging @OakNational and #LearnwithOak.
So I really hope you enjoyed taking your first footsteps into cybersecurity, and understanding why data is important to cybercriminals.
Okay? So I'll look forward to seeing you next lesson, so I'll see you then.
Bye.
