On Nov. 10, a Princeton database was breached by outside actors, potentially compromising personal data and records of University affiliates. Three days later, the Office of Information Technology (OIT) announced a biannual cybersecurity training offering to students via email, which will become mandatory in the Spring semester.
Especially in the wake of last month’s breach, cybersecurity should be a University priority. But if the 10-minute module that I completed over Thanksgiving break while playing a board game with my family is the extent of the University’s digital security education, we are no more informed or secure than we were on Nov. 10. OIT — and the University as a whole — should take more substantial measures to educate and protect Princetonians. It’s time for digital literacy, cybersecurity, and responsible technology usage to feature in our educational requirements.
The new cybersecurity program launched by OIT consists of a single video about phishing, risks for mobile devices, and public Wi-Fi networks. The video can be played on double-speed, and is followed by a brief quiz featuring perfunctory questions, like a true or false selection about devices that can be affected by phishing attempts. The quiz does not require extensive thought or even having watched the video. The training functions more as a meek reminder that digital threats exist than as an effective educational program. In fact, I retained so little that I had to re-access the platform through a friend’s account just two days after completing it to recall the topics addressed and write this article.
In an era of extensive digital activity and security threats, this training is far from adequate. Princeton students’ workload is primarily online. In fact, the Oct. 20 Canvas outage caused extensive disruptions to classes, homework, and midterm studying.
But this problem isn’t unique to Princeton. On Oct. 31, less than two weeks before the Princeton attack, a bigger security breach occurred at the University of Pennsylvania. Higher education has clearly become an enticing and vulnerable target for hackers. As we put our personal information and development in the hands of the University, we deserve to be confident in the University’s security and understand our role in cyber protection.
Princeton should be preparing its students to be responsible citizens in a rapidly digitizing society. At the very least, the University should incorporate digital safety into the repertoire of life skills presented to students in first-year orientation, alongside existing safety programs like AlcoholEDU.
But let’s face it. Online training modules are easy to ignore and largely ineffective. AlcoholEDU doesn’t stop students from visiting Frist Health Center after a night on the street, and a cybersecurity session is unlikely to stop a Princetonian from clicking on an unassumingly dangerous link.
A University-wide training protocol that cannot be ignored as easily as online modules may be a step in the right direction. But perhaps cybersecurity should be featured in Princeton’s curriculum requirements, too.
In justifying its curricular distribution requirements, the University cites the benefits of “a broad exposure to other kinds of knowledge” beyond a student’s intended major. Enhanced cybersecurity education serves that function and simultaneously helps Princetonians stay safe on campus. Just as the existing distribution requirements expose us to acquire knowledge in fields that may be relevant to our future careers, digital safety education exposes us to competencies that will certainly prove relevant to our personal and professional lives.
For example, a Princetonian who sees a future in any sort of corporate, government, or other office work, will benefit from a pre-existing knowledge of safe online behavior, such as identifying phishing attempts and how to keep passwords safe. Responsible technology use is not only a valuable skill but also a necessity for operating in industries that manage sensitive information.
Princeton could start by adding introductory cybersecurity classes to the course catalogue for interested students (only one class with the word “cybersecurity” in the description is offered next semester). Or, perhaps it’s on us — the students — to take ownership of our digital citizenship in a society and University faced with ever-growing cyber challenges.
Either way, it’s time for Princeton to reassess its approach to such crucial school-wide educational priorities. Ignored online training modules aren’t going to cut it in an environment that relies on technology for more and more aspects of our academic and personal lives.
Our digitized lifestyles aren’t going away; we must formalize our approach to digital literacy to ensure that we truly understand and are prepared for our digital world.
Ian Rosenzweig ’29 is a prospective SPIA major from Bryn Mawr, Pa. who wishes he knew something — anything — about cybersecurity. You can reach him at ir2411[at]princeton.edu.
Read More
Your professors aren’t out to get you
Charlie YaleWhen students assume that grading is ideologically motivated and in bad faith — and when they choose to take these concerns straight to reactionary publications that have it out for higher education instead of engaging in productive dialogue with the members of the University community — our ability to have academically fulfilling conversations begins to slip away.
When students assume that grading is ideologically motivated and in bad faith — and when they choose to take these concerns straight to reactionary publications that have it out for higher education instead of engaging in productive dialogue with the members of the University community — our ability to have academically fulfilling conversations begins to slip away.
If I wanted to steal that book, I would just throw it out the window
Josh StiefelGiven that some books in Firestone’s stacks are worth over $1,000, and that not all library visitors are members of the University community, it is understandable that the University takes some security measures. But the bag check as practiced isn’t a serious attempt to find contraband. Getting rid of the checks would emphasize a new level of trust between library administration and visitors.
Given that some books in Firestone’s stacks are worth over $1,000, and that not all library visitors are members of the University community, it is understandable that the University takes some security measures. But the bag check as practiced isn’t a serious attempt to find contraband. Getting rid of the checks would emphasize a new level of trust between library administration and visitors.
Terms of Respect defends student speech — but doesn’t respect it
Ava JohnsonEisgruber characterizes student speech as practice, not real engagement. His one-dimensional view of students fails to account for our simultaneous existence within and outside of the Orange Bubble. But our speech, like us, is not confined to the Princeton community, and attempting to shield or protect students from the real world can underrate our participation in it.
Eisgruber characterizes student speech as practice, not real engagement. His one-dimensional view of students fails to account for our simultaneous existence within and outside of the Orange Bubble. But our speech, like us, is not confined to the Princeton community, and attempting to shield or protect students from the real world can underrate our participation in it.