Increasing Cybersecurity on Your Campus

Schools have experienced an increase in the number of cyberattacks over the past year. Cybersecurity attacks can include data breaches, ransomware, and phishing, all of which disrupt learning. These can result in compromised sensitive personal information, disrupt the learning environment, and, at times, bring a high financial burden due to the need to investigate the attack, add network security, restore files, or make payments to recover the encrypted files stolen in a ransomware attack. We are all susceptible to these attacks and risk having our personally identifiable information (PII) shared with others without even knowing.

With these challenges, schools must take steps to safeguard data and implement policies and best practices for cybersecurity. This can involve everyone in the school:

• Administrators and IT can work together to create comprehensive cybersecurity policies that outline expectations for staff and students. These policies should include topics like password strength, data protection, and acceptable use of technology.
• Schools should provide ongoing training for all staff on cybersecurity best practices and incident response procedures.
• Classroom teachers can guide students in creating strong passwords and teach them about the risks of phishing, malware, and other risks.
• Students can protect themselves by creating strong passwords, closely evaluating sites and links, and asking for help if they are unsure about an email or a website.

By having clear policies in place and conducting regular audits of digital tools, educators can protect themselves, students, and students’ families from these risks. 

Data Privacy in Education

Sensitive student and educator data is being shared every day. Here are some areas to review to ensure that there are guidelines in place for accessing the information and maintaining a secure system for storing the data.  

Student records: Throughout the K–12 system, students’ records contain a lot of personal information, such as name, address, date of birth, and Social Security numbers, in addition to academic and behavioral records. All of this information is personally identifiable, and schools need secure systems in place to protect it.

Staff information: Schools store a lot of information about their teachers and administrative staff. In addition to personal and financial information, most employment records are typically stored online now on various platforms. A cyberattack can cause this information to be accessed and shared without permission. 

Digital tools and technologies: There are new tools available for use in our classrooms, especially with the rise of AI. With so many tools available, there is greater potential for the misuse of data or the entry of PII into these different systems. All educators must carefully review privacy policies and make sure that laws such as COPPA (Children’s Online Privacy and Protection Rule) and FERPA (Family Educational Rights and Privacy Act) are complied with.

So, how do we keep our data safe?

Educators and school leaders must be vigilant and proactive to protect personal and student data. It is important to share this information with students and their families. Here are five suggestions for how to keep data safe.

Create strong passwords. Creating a strong password and changing it frequently is important. When teaching my students about cyber safety, we test passwords and talk about how to create a unique password. I have even shared my habit of making passwords that would be difficult to discover. Including a mix of upper- and lowercase letters, numbers, and symbols and having a longer password, between 12 and 16 characters, makes it more difficult for someone to discover. It’s also important not to reuse passwords across multiple accounts. There are fun classroom activities like “The Password Game,” where students are taught to build strong passwords step-by-step while learning the importance of cybersecurity.

Use two-factor authentication (2FA). 2FA provides additional security by requiring the verification of one’s identity through a second method, such as text message, email, fingerprint, facial recognition, or other authentication apps. Even if the password has been compromised, the use of 2FA will help to keep the information safe. Be sure to set this up so you have an added layer of security for your data. 

Watch out for phishing scams. In most weeks, I receive at least 10 emails that are phishing scams, which attempt to trick the recipient into clicking links or sharing personal details. A few times, I’ve even heard from a friend that they received an email they thought was from me. Phishing scams typically come in emails or text messages that appear to be from trusted sources. However, upon close analysis, they are clearly not legitimate.

The best advice is to look at the email address closely, check the grammar, and never click on a link. Helping students build phishing awareness is easier with interactive tools like the Google Phishing Quiz or the phishing game from SoSafe. These help students and adults learn how to spot fraudulent messages.

Check websites carefully. Educators and students must be careful when searching and interacting with a website, especially when sharing personal or student data. To check that a website is secure, look for “https” in the URL and security certificates available on the site. I show my students the padlock symbol in the URL line, and we discuss how to ensure that a site is legitimate. 

Install antivirus software and keep systems updated. Make sure you have reliable and updated antivirus software on all devices used for school purposes. Antivirus software can detect and block malicious programs before they can access information or cause chaos to the school network and devices. Always update the computer operating systems because they often contain patches for security vulnerabilities. If these measures are not in place, we will be more susceptible to cyber attacks. 

Resources for Educators

There are a variety of organizations that provide resources for schools to help with cybersecurity threats. Here are a few that will provide educators with updated information and materials for classroom use. 

Cybersecurity & Infrastructure Security Agency: CISA offers valuable resources for understanding cybersecurity basics, including how to protect educational institutions from attacks. There are materials available that can be used for professional development or for designing student curricula.

Cyber.org: Through Cyber.org, educators can obtain cybersecurity curricula for K–12 students. There are activities, lesson plans, and videos available. 

Common Sense Media: In addition to having resources focused on digital citizenship, there are lessons on cybersecurity, internet safety, and privacy. 

Microsoft Educator Center: Offers many topics and modules. A great lesson focused on cybersecurity for K–12 classrooms and many other modules are available for educators. The module shows how to create safe passwords, evaluate sites, and more to keep safe when interacting online.

Where to begin

Providing educators with professional development focused on cybersecurity is essential, especially with increased attacks in our schools. Educators can be targeted through phishing scams and schools through ransomware attacks. Consistent training or providing updated resources will help educators stay informed so they can respond quickly to any potential threats.

Schools also need to establish clear policies with guidelines around the use of technology. Educators need access to this information so they can teach students how to recognize threats and protect their data. 

With the advancing technology, schools must focus on cybersecurity measures to protect students, staff, and members of the school community. For school leaders, developing clear cybersecurity policies and providing professional development opportunities for staff are essential for building a secure digital environment. By working together, educators and administrators can foster a culture of digital citizenship and ensure that the school community is prepared to navigate the complexities of an increasingly digital world.