“Access to computers and the Internet has become a basic need for education in our society.” ~ Kent Conrad
Using the internet for schoolwork, both in the classroom and at home, has become as common as referencing an encyclopedia or checking a book out of the library used to be. Students of all ages rely on the internet, and so do teachers—which makes the issue of cybersecurity one that must be addressed in every school district and classroom.
At Alludo, we understand the importance of cybersecurity for teachers because we see how a lack of security can negatively impact schools and students. That’s why we’ve designed the Alludo K-12 CyberSmart Training program — a comprehensive platform for curating, publishing, managing, and measuring cybersecurity training efforts. With that in mind, here is our take on what teachers need to know about online privacy and security.
Cybersecurity is a term that describes the job of protecting people and data online. It includes the following things:
Anything we do online must be protected, including communications (emails, texts, and chat); shopping (credit cards and online shopping); entertainment (interactive video games and social media); healthcare (online medical records and prescriptions); and transportation (navigation apps).
A robust system of cybersecurity might include all of the following protections:
Anyone who uses a system plays a role in protecting it, so cybersecurity education for teachers is a must. In addition to protecting themselves, cybersecurity education also empowers teachers to inform their students of their role in the system and how they can protect themselves and their personal information.
Understanding the risks of poor cybersecurity is part of understanding the importance of cybersecurity. Here are some of the biggest risks of not prioritizing cybersecurity:
These risks are all real and can put teachers’ personal safety in jeopardy. Learning about cybersecurity can help teachers protect themselves, their students, and their schools.
Learning about cybersecurity isn’t just an exercise, it’s a necessity because every school could be the target of cybersecurity threats. Here are five of the most common.
Schools may be the target of people who want to use personal data for unauthorized purposes because they collect and hold data for school employees, including teachers, administrators, and staff, as well as for students.
A data breach might include outright theft of data or alteration of critical data. Since schools often have sensitive data, including Social Security Numbers and other information, it’s essential to take steps to protect any data that you’re storing on site or in the cloud.
A denial-of-service or DoS attack happens when an outside actor deliberately floods a server or another network resource with more requests than it can handle. Connectivity can be a real issue with schools since they often lack the financial resources to invest in top-notch protection.
One example might be if an outside actor turned off a server’s ability to log information about who accesses confidential information, leaving the attacker free to collect data without a trace. In addition to outside actors, there’s also a potential risk from students.
One of the biggest risks to school cybersecurity is a user inadvertently introducing something harmful into the system or sharing information willingly with a bad actor. This risk breaks down into three separate categories.
Phishing is a process where an attacker sends an email that looks like it came from a legitimate person or organization, such as a bank or an online retailer. The email contains a link that encourages the recipient to share confidential information such as logins, passwords, and credit card numbers.
It’s not uncommon for phishing emails to contain malware, which is software that can inflict damage on a system or device. Malware may also attack computers on certain websites and once it is introduced into a school network, may infect other devices as well.
Ransomware is a type of malware that may be included in a phishing email or installed via a direct attack on a network. The purpose of ransomware is to hold data hostage and demand a large payment for its release. If the attacked party cannot or will not pay the ransom, the data is often released to the public.
Schools are often vulnerable to these cyber threats because students and teachers may have school email accounts and if they are unaware of the risks, may unknowingly click on a link that exposes the school’s data.
Part of effective cybersecurity is updating software or patching it when there is an issue. Such updates and patches should be installed immediately but it’s not uncommon for school districts to neglect updates.
Unpatched or outdated software is vulnerable because holes in the software’s security may grant access to attackers. Schools may not have the funds to hire dedicated cybersecurity staff and as a result, may be more vulnerable to these issues than companies who have cybersecurity experts on their payroll.
Cyberbullying is bullying that occurs online or via devices such as smartphones, tablets, or computers. Every school has rules that prohibit bullying but in some districts, there is still an inadequate response to cyberbullying, which can be difficult to trace.
There are obvious safety issues around cyberbullying, with multiple stories in the news about students self-harming or even taking their own lives after being targeted by online bullies. Schools can’t risk students’ safety, so preventing cyberbullying needs to be a priority.
Now that we’ve identified the most serious cybersecurity threats that schools face, here are some important Dos and Don’ts of cybersecurity from the Cybersecurity & Infrastructure Security Agency.
Let’s start with things that teachers and school districts can do to keep their data and students safe:
Now, here are some behaviors to avoid if you want to make cybersecurity a priority:
Avoiding careless or harmful behavior is just as important as protecting devices in the first place.
Part of educating teachers about cybersecurity is helping them understand their responsibilities and the role they play in keeping the school’s network and data secure. That means providing them with protocols to follow in the event of a cybersecurity incident or data breach.
Anybody can report incidents directly to the CISA using this link. Teachers and staff should report any and all incidents, including software vulnerabilities, phishing, malware, and ransomware.
You may also want to implement a system of internal notifications where teachers must alert office staff and administrators of any incident and administrators must notify the school district. There should be internal protocols for notifying anybody affected by a data breach, since transparency is essential to help people protect themselves if their data is compromised.
We take cybersecurity seriously at Alludo. We have to because our specialty is creating safe and engaging online learning environments for teachers, administrators, and staff.
Equip your district personnel with compliant cybersecurity training with the Alludo K-12 CyberSmart Training program. Alludo CyberSmart will help your district to meet security compliance standards and protect your student, staff, and district data.
Training teachers in cybersecurity is essential because not only are they entrusted with sensitive data, they are also the ones who can teach students about cybersecurity and online citizenship, so they can learn how to protect themselves.
Do you want to educate your district’s teachers about cybersecurity? Alludo can help! Click here to start your free trial of Madagascar, our online learning platform, with our 17-track Privacy and Security Mission preloaded for you to try!