A version of this post originally appeared in the Cyber Saturday edition of Data Sheet, Fortuneâ€™s daily tech newsletter.
Enough is enough. This weekâ€™s giant Google Docs phishing attack, which led to the compromise of millions of Gmail accounts, is a wake-up call that we need a solution to the hacking epidemic. And I think I have one.
First, though, letâ€™s recap what happened: A canny hacker sent an email saying a contact wanted them to view a Google Docs document. People who clicked on a â€œOpen in Docsâ€ link were then asked for access to their account. The whole thing looked pretty convincing, and a lot of people fell for it (ThreatPost has a full breakdown of all the details). And while Google quickly took steps to mitigate the attack, the hackers were able to access a large number of accounts.
In the wake of this, itâ€™s tempting to do one of two things: blame Google for allowing this to happen, or shake your head at those poor fools who didnâ€™t know any better and clicked the link. Both responses are reasonable. As SwiftonSecurity notes, an oversight by Google helped the hacker make the scam look convincing. But at the same time, the attack was suspicious enough that those with a passing knowledge of phishing and computer security knew enough to stay away.
But such finger pointing wonâ€™t do anything to avoid the next big phishing attack, which will no doubt be zipping around the Internet before long. Instead, the solution I propose is a life-skills style education campaign aimed at high school students, and then at everyone else.
I asked my partner, who is an educator in a New York City school, if such a thing exists. To my surprise, she said no. Instead, computer education is aimed at those who already have a passion for computers (and would be the least likely to fall for a phishing scheme.) There is no computer safety course for the general student population. Nor, as far as I know, is there such a thing for colleges or entry level jobs.
And this is my point. Just as schools help young people to read maps or make a budget or cook or sew, itâ€™s time for them to explain the Internetâ€™s architecture and where the dangers lie. A decade ago, it was enough to warn kids about creeps on Craigslist. These days, the threats are infinitely more subtle, and the time has come to train kids to avoid them. Hacking is now a public safety issue. We should respond accordingly.
PS Good news: After publishing this, several people reached out to say there are some programs out there â€” including this one at Fordham Universityâ€”which aims to teach middle school kids about online safety and privacy.