Kaido Kikkas

The Four Most-Used Passwords Are Love, Sex, Secret, and God: Password Security and Training in Different User Groups

Picking good passwords is a cornerstone of computer security. Yet already since the early days (e.g. The Stockings Were Hung by the Chimney with Care from 1973; we have also borrowed our title from the 1995 movie Hackers), insecure passwords have been a major liability. Ordinary users want simple and fast solutions – they either choose a trivial (to remember and to guess) password, or pick a good one, write it down and stick the paper under the mouse pad, inside the pocket book or to the monitor. They are also prone to reflecting their personal preferences in their password choices, providing telling hints online and giving them out on just a simple social engineering attack. Kevin Mitnick has said that security is not a product that can be purchased off the shelf, but consists of policies, people, processes, and technology. This applies fully to password security as well. We studied several different groups (students, educators, ICT specialists etc – more than 300 people in total) and their password usage. The methods included password practices survey, password training sessions, discussions and also simulated social engineering attacks (the victims were informed immediately about their mistakes).

A Model to Evaluate Digital Safety Concerns in School Environment

In cyber security of a modern information society, digital safety is becoming more and more important regarding governance and schools as well as well-being of common people, especially children. There are models to evaluate cyber-attacks and technical risks in institutions and ICT services, but there are no good models yet to help understanding the concerns and issues of everyday e-life of commoners, including students and teachers - especially the ones that can be encountered at schools (from primary to upper secondary). This makes digital safety an essential part of innovation and cooperation at schools as well as in teacher training. The aim of this paper is to propose a model that helps to build up internet security training and other activities that will improve children’s and teachers’ safety skills and resistance to security threats.

Impacting the Digital Divide on a Global Scale - Six Case Studies from Three Continents

This study represents findings from three continents (Asia, Africa and South America) regarding usage of ICT in six rural schools. Our goal was to analyze the current situation regarding digital technologies in these environments, describe similarities and differences relating to the digital divide, and provide a roadmap that could improve teaching and learning, maximizing the use of existing resources. Our case study was carried out with the help of innovative teachers who are supportive of technology integration in teaching, but have less options to utilize this knowledge in their classrooms because of various barriers. Our results show challenges, but also opportunities to embrace new ways of teaching; ways that might allow digital technologies to be employed in innovative ways to encourage student learning and community growth. Our study is based on participating teachers’ understanding of the issues and challenges within these countries and areas, relating to schooling.

If I Do Not Like Your Online Profile I Will Not Hire You

Today, both employees and employers are active online. A lot of people live their lives through personal online social networks. Online social networking sites are an easy tool to screen potential employees online profiles and for human resource management to use in recruitment processes. The screening process includes Internet and social networking site search that will provide not only professional but also personal information. Investigating personal information, however, may be considered violation of privacy. Our study goals are to find out how common it is to do background checks on possible future employees in Estonia, how students feel about such a practice and how they maintain their public profiles. Methods used to gather information were a survey among employees (n=34), pupils (n=117) from five high schools, students (n=91) from one university, and a case study that involved pupils (n=54) and students (n=38). Results reported in this paper will give an overview of our understanding of the accuracy of online profiles, common practices, unspoken risks, and maybe even frustration from the side of future employees. The results of this study can be applied to improve youth-related Internet safety training modules and programmes.

Exploring the Impact of School Culture on School’s Internet Safety Policy Development

This paper describes an exploratory study on school-level e-safety policy development. The research was based on the participatory design-based methodology, involving various stakeholders in a school-level policy development exercise. Our aim was to find out whether the schools with open and participatory culture would choose more flexible, emancipatory and participatory approach to e-safety policy development, while schools with rational-managerial organizational culture tend to rely on prescriptive approaches and technology-driven solutions in their e-safety policies. Regarding future research, we plan to continue the work to construct a new design and development platform to be used in a more flexible and bottom-up manner instead of strict prescriptive rule sets provided on the national level.

Challenges in Mobile Teaching and Safety - A Case Study

This paper is based on two studies about mobile learning in one secondary school in Estonia. The main question for this research was how should schools harness the increasing use of mobile phones, tablets at home in order to make it also beneficial for the schools? What are the emerging trends in mobile devices security that schools are facing when introducing m-learning to students? According to our findings, Estonian schools face various problems which must be addressed before any serious attempt at m-learning is made.

Digital Turn in the Schools of Estonia: Obstacles and Solutions

Schools from all over the world are moving into the direction of using more e-learning, digital gadgets and BYOD (Bring Your Own Device). In the Estonian Strategy for Lifelong Learning 2020, the switch to 1:1 computing in classroom is called “Digital Turn”. The strategy relies on expectations that smarter use of personal digital devices will improve not only digital literacy of pupils, but also their academic achievements in various subjects. The Estonian government plans to allocate 47 million Euros of national and EU structural funds until year 2020 for this purpose. There is also interest in improving digital skills of school-leavers on the side of the industry, as the Estonian ICT sector expects to double the turnover within the next 4–5 years. The sectoral analysis estimated the need for 8000 new employees in ICT companies. To achieve this, the industry has supported various educational programs like the Look@World Foundation’s Smart Lab project, Samsung Digital Turn project for schools, using Raspberry Pi-s at school supported by TransferWise, Microsoft’s Partners in Learning projects and so on.

File Formats Security – Proprietary vs. Open-Source

Privacy and confidentiality are important components of digital literacy. Yet nowadays documents can be found online, which apparently consist only of one or two pages yet have huge file size - even several megabytes. Such documents may contain sensitive data that has been deleted but actually is still there. Our study provides an analysis of such cases in public sector of Estonia. Based on experiments and public sector web page analysis we describe security threats and features of different file formats and offer suggestions for their use, e.g. we found that using open-source formats like OpenDocument may help prevention of accidental disclosure of data.

The Role of Educational Technologist in Implementing New Technologies at School

In 2005, a new profession called “educational technologist” was introduced in Estonian schools. At first, the idea was confusing for many school principals, because of the seeming overlap with the job descriptions of existing ICT support specialists or ICT managers. Other principals interpreted the role of the educational technologist as a technology-savvy teacher who could take responsibility for teaching with technology in some subject domains so that the rest of teachers would not have to bother them with constantly changing landscape of technology. According to the data from the Tiger Leap Foundation (2012), almost 7% of Estonian schools had hired an educational technologist by 2012 – in most of the cases by re-allocating the salary fund of IT support specialists. The position is usually funded by local municipalities, not from the state budget. This paper is reflecting upon the case study data collected from 13 Estonian schools where educational technologists had been employed, the focus group interviews were conducted with 29 persons working in the field of educational technology. The study gives an overview of the current situation by defining the emerging profession of educational technologist on the level of professional practice. We also describe the arguments for establishing such a new position in school and the main challenges of a new specialist starting his/her career in this dynamic field.