If you’re into educational technology, then you’re always thinking about security and privacy, right? Hmmm, maybe not. I, for one, used to poo-poo it regularly as the raised hand of the luddite and resistor to change. But try going a day these days without an important story about a security breach, privacy violation, or intentional data mining hitting the Mashables and Verges of the world. Alas, that free lunch we were so desperately hoping for in an ever-tightening world of education budgets seems to have led us a tad astray after all. This past week has been particularly devestating with the news of the #heartbleed bug (read and learn more here). I am by no means an expert in this complex field, so I called in a Twitter buddy, Jessy Irwin, to talk with me about the matter.

I always have a great time interacting with Jessy because of her insight and sense of humour. Jessy has a passion for all things education and technology, and has experience in the world of startups and social media. Increasingly, she is finding her passion in exploring and educating others on the privacy and security (#edsec) sides of #edtech. I wanted to speak with someone that has a unique vista on this topic.

Hey Jessy. So, to start off, tell us a little bit about your background in education and technology from a personal and professional level.

My passion for education technology started with a World Regions course taught by John Boyer (and run by the always brilliant Katie Pritchard) when I was a student at Virginia Tech. The class was an experiment in social media and self-guided learning for 3,000 students, and as an assistant I created social media assignments and guidelines while running a ton of the Twitter accounts that were part of the course.

I was so inspired by the group synergy I experienced and by what we accomplished as part of that classroom community that I eventually moved to the Silicon Valley to just be a part of whatever was going on in technology and to advocate for its to be thoughtful, creative, innovative and authentic integration in the classroom. Everything in my career can be traced back to the work I did in that course– I work in social media and community, and the job I have now was barely in its infancy when we started our grand experiment– and to this day, one of my favorite things on my professional resume is the Skype interview we landed with Nobel Peace Prize winner Aung Sung Suu Kyii of Burma.

How and why are you so interested in #edsec?

My fire for #edsec started few years ago, and was fueled by some of my closest friends who are security engineers. I’ve always been fascinated by the concepts of hacking and security, and I decided to go to Def Con in Las Vegas, which is one of the largest hacker conferences in the world. That first year, I understood almost nothing — but I was so inspired by what I saw that I had to learn everything I could about technological underpinnings and security holes of the web.

Eventually, I realized that most education technology companies failed to use common security practices– encrypting their sites, for example– to protect their users, and that some avoided collecting certain kinds of user data so that they didn’t have to worry about complying with laws like FERPA that protect student privacy. It made me sick to even think that despite being some of the biggest advocates of digital literacy, the earliest adopters of new technologies, and the guardians of student data, a vast majority of the educators I’ve engaged with had no idea how vulnerable their students’ information (and their own) was on the wild, wild web and had never really entertained the idea of what might happen to them, their classrooms, and their careers if an email or social media account was breached. A short time later, I began telling pretty much anyone who would listen why they should care about securing classroom information… and I haven’t really stopped talking about it since. ;)

If I’m an educator enthusiastic about employing social media and web 2.0 tools in my classroom or school, what should I be contemplating that I may not be in my zest for innovation?

Many educators are excited to try out new tools– but they’re not reading the fine print and don’t know anything about the terms that they’re agreeing to when they sign up for an account for a new product. It’s absolutely vital to read the Privacy Policy and the Terms of Service that come with the tools used in the classroom, and that you save copies of them if you’re using them in class. In some cases, the simple act of creating or uploading content to a site gives the site the ownership of that content. Even if you ask for your account to be deleted, your content may still be sitting around in a server somewhere as property of that company. Make sure that, alternately, that you’re aware of age regulations (for students) and the kinds of behaviors that may result in the termination of your account.

As always, it’s important to remember that if a product is free, then you are the product. A great example of this is Facebook– to over a billion people in the world, it’s a free social media tool… but to marketers and advertisers, it’s a ad distribution network. Think carefully about the time and energy you invest into a site or technology tool and what that may be worth to the company that build it.

What are some of your biggest concerns as it relates to #edsec?

We warn students about the permanence of things on the internet, and we encourage them to find their authentic voices through blogging and interaction on social media but we aren’t teaching them how to protect themselves and their digital identities that will follow them through the rest of their lives. How are students supposed to learn responsible security practices on the web if their teachers aren’t modelling this for them?

What are you optimistic about?

It’s happening at a glacial pace, but since the massive revelations about the NSA metadata collection and spying were made public, people are very slowly beginning to think about their privacy on the web. While many people have absolutely no idea how much of their personal data is tracked, captured and sold to advertisers, they are beginning to think twice about what they share, what they sign up for, and who they allow to access their accounts.

What are some simple things you would recommend #edtech educators do to make their online learning environments safer, more secure places?

First thing first: think about what your absolute biggest vulnerabilities are online — usually, your email account is the key to everything– and set up 2-factor authentication everywhere you can to protect them. This article and video are a good introduction to why 2-factor authentication is important, as is this cautionary tale from tech writer Mat Honan from Wired whose entire digital identity was wiped by a teenager who really, really wanted his Twitter handle.

In terms of technical practices, teachers should absolutely never ever ever ever never never never (did I emphasize that enough?) use the same password for all of their accounts. If one account goes down in a breach, then all accounts of your accounts can go down. I recommend using a password manager such as 1Password or LastPass to store, create, and audit passwords used for personal and classroom accounts and communications.

It’s important to avoid using public wifi because it’s incredibly vulnerable to snooping by anyone with access to that network. If you regularly connect to the internet on the go, consider investing in your own wifi hotspot or setting up a VPN (virtual private network) to connect to when you’re out. Alternately, I highly suggest using the browser plugin HTTPSEverywhere to encrypt communications with many major websites.

Are there any other issues or topics you think are important to bring forth?

Many people think that hacking is an internet problem that isn’t going to happen to them– but the behavior has been there all throughout human history (see: espionage). Technology is just making it easier than ever to compromise information and identities left and right. It’s important to note that the majority of hacks aren’t technical in nature at all, they’re “crimes” of opportunity where someone looks over a shoulder while a password is being typed, or gets unauthorized access to a mobile device or computer. For this reason, teachers should be sure to add passcodes and passwords to their machines and devices to protect them when they’re unattended– otherwise, all of the technical measures they’ve taken to secure their information will be for naught.

Thanks so much, Jessy, for talking with me today. I hope your next Taco Tuesday is a good one.

Thanks so much for letting me take over the Spicy Learning Blog and rant about security! I’m happy to answer questions about security for the classroom in the comments here or on Twitter.

You can follow Jessy on Twitter @jessysaurusrex and find out more about her on her Vizify page.