Facebook data breach prompts new courses at Winnipeg college about cyber smarts
Q & A with global cyber security expert on what people need to understand about data shared online
Two new courses at Winnipeg's Booth University College seek to help people understand how to protect their personal privacy online.
The courses, which will be available in the fall, were created in the wake of the data-mining scandal involving Facebook and Cambridge Analytica.
The political consulting firm has come under scrutiny after it was revealed it had access to a database of roughly 50 million Facebook users' personal information, which may have been used to help politicians target voters and influence their behaviour in U.S. President Donald Trump's 2016 election campaign and the Brexit campaign in Great Britain.
Students at Booth will be able to enrol in cyber security and cyber intelligence courses after the college teamed up with specialists at Cybint Solutions, which trains people in business, education, and government on how to manage their online data.
Roy Zur is the CEO of Cybint Solutions and a global cyber security and cyber intelligence expert.
He spoke with CBC Manitoba's Information Radio. The following interview has been edited for clarity and length.
CBC News: Why did you see a need to develop a course like this?
Roy Zur: We always say that cyber security is the human aspect. It's about human errors, the understanding of privacy, the understanding of tools. And that's why we call it cyber literacy.
What we are doing with Booth Community College in Canada is about providing the knowledge and tools and understanding, deep understanding of cyber, to even non-technical audiences.
Why should the average Joe learn about this kind of thing?
In the past we talked about the importance of financial literacy. For example, in a world where money is so essential, you had to understand money.
In 2018 and, of course, in the near future, understanding cyber becomes an essential thing to work in the world — to work in finance, to be a business person, to work almost in every industry that is reached with data, which is most industries that we work today. Because when you don't understand it, first you have a bigger threat of losing your data, or becoming the weakest link in your organization.
And on the other hand, you also miss a lot of opportunities because you don't know how to handle data.
If someone has never at all ventured into cyber intelligence or security and maybe even feels intimidated, what is the first thing they can do to protect themselves?
I'll give you one specific. You can go online to a website called Have I been pwned. This website, for example, contains billions of records of data breaches and emails that have leaked through the dark web to a place where hackers sell your information.
Type your email and see if your email has been compromised. If it has, you need to change not only the password of your email, you need to change the password of all other platforms that you're using — LinkedIn, Facebook and others.
What important lessons do you think people can take from the Cambridge Analytica issue?
I think the main thing they need to understand is that we are giving up our data. Now, you can fight it. You can decide you want to minimize giving up data or minimize the exposure — but this is the world where this is just a trend that will become bigger, even though there is some backlash now.
What I would suggest is be aware of what you've shared. You can go right now to your settings in Facebook and ask Facebook to provide you all the information they have on you. It will be hundreds of megabytes of content.
We need to be in a position where, yes, we are sharing data, we can't prevent it, but we can a) minimize the risk and b) know what's out there.
What personally don't you do online because you know that's not safe?
Sometimes people think that when they upload, let's say private pictures or things that they don't want to share, they just put it in one folder, a private folder and nobody sees it. The key point is that if you upload something and you send something to someone, you should be aware that there is a chance that this thing will leak. So if you want it to be 100 per cent proof that it won't leak, don't upload it.
What do you think when we look at the different generations? Which age group needs the most education around this?
It's [more about] different types of education. Let's say the age group of 50-plus people that grew up without Internet, [for them] it's more about understanding how the Internet works and how to manage the Internet platform and understand what we can and can't do and what is private and not private. This is one level we cover.
With young people — and when I say young, I mean even kids — 10 to 20 or 25, … they live in the world where they always share their information. They are willingly giving up locations and pictures and videos and interactions and social interactions. They need to see in their own eyes how this data is being aggregated and how this data makes others target them, either as for commercial purposes or even for scam purposes, hacking purposes.