6 Cybersecurity Basics to Include in a District Acceptable Use Policy

“Technology can become the “wings” that will allow the educational world to fly farther and faster than ever before—if we allow it.” ~ Jenny Arledge

Today’s K-12 students are all digital natives, accustomed to using technology as part of their daily lives. Teachers can and should encourage the use of technology while teaching students about internet security within the framework of their district’s Acceptable Use Policy (AUP).

Here at Alludo, we provide dynamic online learning environments for teacher professional development. Our Alludo K-12 CyberSmart Training program incorporates everything you need to understand online threats and how to mitigate risk, customized for your unique district's needs. With that in mind, here are six cybersecurity basics to include in your AUP.

Table of Contents

1. What Are the Elements of Cybersecurity and How Does it Work?
   1. Elements of Cybersecurity
   2. How Cybersecurity Works
2. What is a District Acceptable Use Policy?
3. 6 Cybersecurity Basics to Include in Your District Acceptable Use Policy
   1. #1: Online Use/Communication
   2. #2: Platforms
   3. #3: Internet Safety
   4. #4: Cyberbullying
   5. #5: Net Citizenship
   6. #6: Sunshine Laws
4. Alludo's Take
5. Are You Ready to Strengthen Your District Acceptable Use Policy with Alludo?

What Are the Elements of Cybersecurity and How Does It Work?

Creating an Acceptable Use Policy requires an understanding of what cybersecurity is and how it works.

Elements of Cybersecurity

Cybersecurity is a broad term that refers to the art of protecting computers and other electronic devices from cyber attacks or damage. It consists of two primary elements:

• Protecting data, devices, and networks from being accessed by unauthorized parties or used in unlawful or criminal ways.
• Maintaining the confidentiality, availability, and integrity of sensitive data.

The concept of cybersecurity is simple but its execution can be extremely complex. It requires IT staff to do what they can to educate users about cyber threats and put protections in place to minimize vulnerabilities. It also requires users to understand and use best practices to minimize the risks of a data breach.

How Cybersecurity Works

Cybersecurity typically has a lot of moving parts which include responsibilities for the IT team and for every user in a network. IT responsibilities include the following:

• Keeping software up to date
• Installing and running antivirus software on the server and all workstations
• Implementing multi-factor authentication
• Installing a firewall and keeping it up to date

For individual users, which in a school district may include administrators, educators, office staff, and students, best practices may include these things:

• Changing default usernames and passwords
• Using strong passwords and updating them regularly
• Running network security updates as soon as they become available
• Not opening unexpected emails
• Reporting unusual activity to IT

School districts get the best results and have the smallest chance of a breach when everybody understands their responsibilities and plays a role in keeping sensitive information and users safe.

What is a District Acceptable Use Policy?

Every school district must have an Acceptable Use Policy in place to protect the school and its data, as well as the privacy of students, teachers, and administrators. An AUP is a document that lays out the rights and privileges of using internet and digital technology within the school and on devices connected to the school computer network that may be used at home. It also lays out the responsibilities associated with such use and the penalties for violating the AUP.

Creating an AUP should be a process that is collaborative and consultative and involves school and district leaders, teachers, and even students should be involved with consideration of their ages and abilities.

The AUP for your district should accomplish these main things:

• Address the acceptable, responsible, and safe use of the internet and other digital technologies.
• Lay out the rights, privileges, responsibilities, and sanctions related to use of the internet on school-owned devices or any device connected to the school network.
• Maintain the safety, security, accountability, reliability, and data integrity of the district network and its technology resources.
• Promote best practices and the safe and responsible use of both the internet and digital technologies.

The purpose of an AUP is to provide the district’s educators, administrators, staff, students, and parents with information about the use of the internet and digital technologies, including both the benefits and the risks. It should also clearly identify the district and school strategy for promoting online safety while addressing cybersecurity threats and providing information on how to avoid them.

As you might imagine, an AUP is also designed to provide school districts and schools with protection from legal liability related to any issues arising from internet usage.

6 Cybersecurity Basics to Include in Your District Acceptable Use Policy

Here are six cybersecurity basics to include in your district’s Acceptable Use Policy.

#1: Online Use/Communication

Online use and communication is at the heart of cybersecurity, so it makes sense to include specific guidelines to help teachers, staff, and students communicate safely. Here are some specific things that should be included in this part of your AUP:

• Searching, browsing, and downloading websites.
• Broadband filtering
• Copyright guidelines
• Online communication, including social media, email, forums, and messaging
• Online gaming guidelines
• Publishing a school website

Your AUP should make clear when and how users may communicate online. We suggest including things like social media and gaming since these are likely to be tempting for students and may require guidance to prevent problems.

#2: Platforms

Certain platforms have additional information security requirements and rules that must be followed. Your AUP should include information about the use of the following:

• Digital learning platforms
• Email accounts
• Any site that captures and stores media

You’ll need to identify which platforms teachers, staff, and students are using most regularly and make sure to name them and lay out the rules for their use in your AUP.

#3: Internet Safety

Staying safe on the internet is important for people of all ages. Here are some topics you should be sure to include in this category:

• Definition of inappropriate material
• Harmful/illegal use of the internet
• Where to find online safety advice and use guidelines
• Use of email accounts
• Use of equipment for commercial gains
• Reporting mechanisms
• Sanctions

Here again, it’s important to be specific about best practices and sanctions that will be imposed if a user ignores your AUP.

#4: Cyberbullying

Cyberbullying is an issue in every school district to some extent, and your AUP should include a definition of cyberbullying, expectations about behavior, and sanctions for behavior that qualifies as cyberbullying. Here are some activities that should be included:

• Social media, including sites such as Snapchat, Tik Tok, Instagram, Twitter, and Facebook
• Instant messaging, DMs, and online chat
• Text messaging and use of messaging apps
• Use of online forums and chat rooms
• Online gaming communities
• Email

While some of these items have already been mentioned, school districts have a responsibility to mention them as they relate to cyberbullying. Every state has anti-bullying laws and many have added cyberbullying language to protect students.

Some special issues to keep in mind include the persistence of cyberbullying due to students having access to the internet (and one another) 24 hours a day, the permanent damage that may be caused, and the difficulty of identifying students who are being bullied online.

#5: Net Citizenship

Every student should learn how to be a good net citizen. By this we mean learning proper behavior and understanding the power of the internet and how to use it responsibly. The net citizenship section of your AUP should include all of these things:

• The rules of internet use
• How to treat other users online
• How to identify and avoid danger

Teaching students how to behave online is essential because as digital natives, they will spend a large amount of their time interacting with other people on digital platforms.

#6: Sunshine Laws

Sunshine Laws are part of the federal Freedom of Information Act and they spell out rules and guidelines for how schools may collect and store personal data.

Adherence to Sunshine Laws is something that every teacher and administrator should understand, as well as members of the school board.

Every school must maintain certain records and files and the public has the right to access them. These laws also spell out violations, including the use of email to decide on something related to school. To avoid issues, your AUP should include an explanation of rules related to digital communication and the use of such communications in school or district business.

Alludo’s Take

At Alludo, we empower teachers and school districts by creating unique online learning environments that suit their needs. We have prioritized digital citizenship and safe internet use because we want students (and their sensitive data) to be safe.

The districts that partner with Alludo can choose to have teachers complete our K-12 Cybersecurity Training Awareness Program, a comprehensive platform for curating, publishing, managing, and measuring cybersecurity training efforts. With the right cybersecurity training, you can transform your district into one where all employees can do their part to keep your students, staff, and school safe and secure.

Are You Ready to Strengthen Your District Acceptable Use Policy with Alludo?

Your district’s Acceptable Use Policy is only as powerful as the information it contains. The 6 cybersecurity basics we’ve included here should be a part of every AUP and can help teachers understand cybersecurity risks and educate their students about good net citizenship, cyberbullying, and more.

Are you ready to improve your AUP to better protect students? Alludo Learning is here to help! Click here to start your free trial of Madagascar, our online learning platform, with our DigCit 101 mission, complete with 18 tracks, already installed.