Cybersecurity 101: What Teachers Need to Know About Online Privacy & Security

“Access to computers and the Internet has become a basic need for education in our society.” ~ Kent Conrad

Using the internet for schoolwork, both in the classroom and at home, has become as common as referencing an encyclopedia or checking a book out of the library used to be. Students of all ages rely on the internet, and so do teachers—which makes the issue of cybersecurity one that must be addressed in every school district and classroom.

At Alludo, we understand the importance of cybersecurity for teachers because we see how a lack of security can negatively impact schools and students. That’s why we’ve designed the Alludo K-12 CyberSmart Training program — a comprehensive platform for curating, publishing, managing, and measuring cybersecurity training efforts. With that in mind, here is our take on what teachers need to know about online privacy and security.

Table of Contents

1. What is Cybersecurity
   
   1. What Are the Risks of Poor Cybersecurity
2. What Are the Top Five Cybersecurity Threats for Schools
   1. #1: Data Breach
   2. #2: Denial of Service
   3. #3: Phishing, Malware, and Ransomware
   4. #4: Unpatched/Outdated Software Vulnerabilities
   5. #5: Cyberbullying
3. What Are the Dos and Don'ts of Cybersecurity?
   1. Cybersecurity Dos
   2. Cybersecurity Don'ts
4. Who Needs to Report Cybersecurity Incidents
5. Alludo K-12 CyberSmart Training
6. Train Your District's Teachers in Cybersecurity with Alludo

What is Cybersecurity?

Cybersecurity is a term that describes the job of protecting people and data online. It includes the following things:

• Protecting networks, devices, and data from unauthorized access or use.
• Ensuring the availability, confidentiality, and accuracy of stored information.

Anything we do online must be protected, including communications (emails, texts, and chat); shopping (credit cards and online shopping); entertainment (interactive video games and social media); healthcare (online medical records and prescriptions); and transportation (navigation apps).

A robust system of cybersecurity might include all of the following protections:

• Antivirus software
• Malware protection
• Firewall
• Multi-factor authentication
• User education

Anyone who uses a system plays a role in protecting it, so cybersecurity education for teachers is a must. In addition to protecting themselves, cybersecurity education also empowers teachers to inform their students of their role in the system and how they can protect themselves and their personal information.

What Are the Risks of Poor Cybersecurity?

Understanding the risks of poor cybersecurity is part of understanding the importance of cybersecurity. Here are some of the biggest risks of not prioritizing cybersecurity:

• Data deletion from malware
• Use of personal data for unauthorized purchases
• Alteration of essential data
• Threats to share personal information as part of a ransomware attack
• Cyberstalking

These risks are all real and can put teachers’ personal safety in jeopardy. Learning about cybersecurity can help teachers protect themselves, their students, and their schools.

What Are the Top Five Cybersecurity Threats for Schools?

Learning about cybersecurity isn’t just an exercise, it’s a necessity because every school could be the target of cybersecurity threats. Here are five of the most common.

#1: Data Breach

Schools may be the target of people who want to use personal data for unauthorized purposes because they collect and hold data for school employees, including teachers, administrators, and staff, as well as for students.

A data breach might include outright theft of data or alteration of critical data. Since schools often have sensitive data, including Social Security Numbers and other information, it’s essential to take steps to protect any data that you’re storing on site or in the cloud.

#2: Denial of Service

A denial-of-service or DoS attack happens when an outside actor deliberately floods a server or another network resource with more requests than it can handle. Connectivity can be a real issue with schools since they often lack the financial resources to invest in top-notch protection.

One example might be if an outside actor turned off a server’s ability to log information about who accesses confidential information, leaving the attacker free to collect data without a trace. In addition to outside actors, there’s also a potential risk from students.

#3: Phishing, Malware, and Ransomware

One of the biggest risks to school cybersecurity is a user inadvertently introducing something harmful into the system or sharing information willingly with a bad actor. This risk breaks down into three separate categories.

Phishing

Phishing is a process where an attacker sends an email that looks like it came from a legitimate person or organization, such as a bank or an online retailer. The email contains a link that encourages the recipient to share confidential information such as logins, passwords, and credit card numbers.

Malware

It’s not uncommon for phishing emails to contain malware, which is software that can inflict damage on a system or device. Malware may also attack computers on certain websites and once it is introduced into a school network, may infect other devices as well.

Ransomware

Ransomware is a type of malware that may be included in a phishing email or installed via a direct attack on a network. The purpose of ransomware is to hold data hostage and demand a large payment for its release. If the attacked party cannot or will not pay the ransom, the data is often released to the public.

Schools are often vulnerable to these cyber threats because students and teachers may have school email accounts and if they are unaware of the risks, may unknowingly click on a link that exposes the school’s data.

#4: Unpatched/Outdated Software Vulnerabilities

Part of effective cybersecurity is updating software or patching it when there is an issue. Such updates and patches should be installed immediately but it’s not uncommon for school districts to neglect updates.

Unpatched or outdated software is vulnerable because holes in the software’s security may grant access to attackers. Schools may not have the funds to hire dedicated cybersecurity staff and as a result, may be more vulnerable to these issues than companies who have cybersecurity experts on their payroll.

#5: Cyberbullying

Cyberbullying is bullying that occurs online or via devices such as smartphones, tablets, or computers. Every school has rules that prohibit bullying but in some districts, there is still an inadequate response to cyberbullying, which can be difficult to trace.

There are obvious safety issues around cyberbullying, with multiple stories in the news about students self-harming or even taking their own lives after being targeted by online bullies. Schools can’t risk students’ safety, so preventing cyberbullying needs to be a priority.

What Are the Dos and Don’ts of Cybersecurity?

Now that we’ve identified the most serious cybersecurity threats that schools face, here are some important Dos and Don’ts of cybersecurity from the Cybersecurity & Infrastructure Security Agency.

Cybersecurity Dos

Let’s start with things that teachers and school districts can do to keep their data and students safe:

• DO keep software up to date. As soon as updates or patches become available, they should be installed on all computers and mobile devices connected to the school network.
• DO run up-to-date security software. Any antivirus software or malware protection should be updated regularly and renewed to make sure of continuous protection.
• DO use strong passwords. Passwords should contain at least eight characters plus a number and a special character to minimize risks.
• DO change default usernames and passwords. Access to school data must be limited and one of the best ways to do that is not to use default usernames and passwords, but replace them with strong passwords and usernames that aren’t easy to guess.
• DO implement multi-factor authentication. MFA involves requiring both a password and a secondary or tertiary security check such as a biometric scan or a security code.
• DO install a firewall. A good firewall will be able to block attempted attacks and may also limit the release of outgoing data.
• DO be suspicious of unexpected emails. Every user in a system should be taught to view unexpected emails with suspicion and to avoid clicking on links or opening attachments.
• DO be aware of surroundings when accessing or using sensitive information. School administrators and staff may need to copy, fax, or print sensitive information and may also need to discuss it. Everyone handling such data should be cautious and avoid leaving printed documents where they can be accessed by unauthorized personnel as well as avoiding discussing personal information within earshot of unauthorized personnel.
• DO lock your computer and mobile devices when not in use. One of the easiest ways to protect the school network and sensitive data is to get in the habit of locking devices when you’re not using them.
• DO avoid public Wi-Fi hotspots and use VPN software instead. The risks of using public Wi-Fi are significant, so teachers and students should be taught to use VPN software to protect their devices and data.

Cybersecurity Don’ts

Now, here are some behaviors to avoid if you want to make cybersecurity a priority:

• DON’T post private or sensitive information. Anytime someone shares their personal information (or someone else’s information) on a public website, social media site, or sends it via email, there’s a risk that data could be compromised.
• DON’T click on links from unknown or untrusted sources. If you’re not sure about a link, don’t click it. 
• DON’T respond to phone calls or emails requesting confidential data. No legitimate person is going to send you a link to provide your password or call you to ask for your Social Security Number. Being skeptical is a big part of cybersecurity.
• DON’T install unauthorized programs on your work computer. Educators, staff, and students should all be advised to check before installing any new program or app on their school computers or any personal devices that might be connected to the school’s Wi-FI or network.
• DON’T leave devices unattended. It’s never a good idea to leave your computer, phone, or tablet unattended. Always sign out before you leave.

Avoiding careless or harmful behavior is just as important as protecting devices in the first place.

Who Needs to Report Cybersecurity Incidents?

Part of educating teachers about cybersecurity is helping them understand their responsibilities and the role they play in keeping the school’s network and data secure. That means providing them with protocols to follow in the event of a cybersecurity incident or data breach.

Anybody can report incidents directly to the CISA using this link. Teachers and staff should report any and all incidents, including software vulnerabilities, phishing, malware, and ransomware.

You may also want to implement a system of internal notifications where teachers must alert office staff and administrators of any incident and administrators must notify the school district. There should be internal protocols for notifying anybody affected by a data breach, since transparency is essential to help people protect themselves if their data is compromised.

Alludo K-12 CyberSmart Training

We take cybersecurity seriously at Alludo. We have to because our specialty is creating safe and engaging online learning environments for teachers, administrators, and staff.

Equip your district personnel with compliant cybersecurity training with the Alludo K-12 CyberSmart Training program. Alludo CyberSmart will help your district to meet security compliance standards and protect your student, staff, and district data. 

Train Your District’s Teachers in Cybersecurity with Alludo

Training teachers in cybersecurity is essential because not only are they entrusted with sensitive data, they are also the ones who can teach students about cybersecurity and online citizenship, so they can learn how to protect themselves.

Do you want to educate your district’s teachers about cybersecurity? Alludo can help! Click here to start your free trial of Madagascar, our online learning platform, with our 17-track Privacy and Security Mission preloaded for you to try!