Reading, writing, and cybersecurity: Practicing good cyber hygiene

Key points:

Individual cyber hygiene plays a huge role in defending school networks

Even the youngest students can be taught basic cyber hygiene practices

See related article: Schools are at a greater risk for cyberattacks than ever before

Learn How to Lower Cybersecurity Threats to Your School

The school bell is about to ring in another academic year, and as children pull out their lunchboxes and teachers decorate their rooms, schools continue to face an onslaught of cyberthreats while also grappling with perpetually insufficient budgets, legacy IT, and under-staffing concerns.

The increased level of connectivity in today’s schools means richer opportunities for learning and community, but it also puts at further risk the financial data, personally identifiable information (PII) and other sensitive information that educational institutions hold.

K-12 schools received a cyber maturity score of 3.55 out of 7 from the Nationwide Cybersecurity Review (NCSR) risk-based assessment, despite the fact that many school districts are trying to strengthen their cybersecurity posture. And according to 29 percent of K–12 participants in that report, a cyber incident occurred in their district in the previous year. Malware and ransomware were two of the most prevalent occurrences. According to the report, ransomware attacks pose the greatest cybersecurity risk to K–12 schools and districts in terms of overall cost and downtime.

The good news is that the federal government is taking this seriously. In early August, the Biden Administration announced a new plan focused on strengthening cybersecurity in K-12 schools. While the elements of this plan are rolled out, school IT teams and leaders can also start to take action in another area: cyber hygiene for students. It’s never too early to start teaching children basic cyber literacy.

New rules are part of the solution

The Biden Administration’s new proposal comes on the heels of a report from the Cybersecurity & Infrastructure Security Agency (CISA), Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity, which offers guidelines for schools to help bolster defenses.

Guidelines include investing in the most impactful security measures and building toward a mature cybersecurity plan, recognizing and actively overcoming resource constraints, and focusing on collaboration and information sharing. CISA will continue to engage with federal partners, including the U.S. Department of Education, and work closely with state and local officials, school leaders, emergency management officials, nonprofits, community leaders, and the private sector to identify areas for progress and provide meaningful support that measurably reduces risk.

Other elements of the administration’s new plan include a proposed pilot program that will provide up to $200 million over three years to strengthen security in schools and libraries with the help of federal agencies, and establishing a new council to coordinate between federal, state and local leaders to help bolster cyber defenses in schools. It also calls for new resources for reporting and enlists the help of private companies to provide free and low-cost resources for school districts, including training.

It’s great to have support at this level, but it will take some time for these plans to roll out to schools. In the meantime, district leaders and IT teams can start implementing good cyber hygiene practices right away.

Fostering good cyber hygiene for teachers and students

People don’t have to be tech geniuses to practice good cyber hygiene. Teachers and even the youngest students can be taught some basic cyber hygiene practices. For instance, a very common-sense practice is to not share passwords or any kind of PII with strangers online. Teachers and students must learn what suspicious links look like and learn not to click them, or to open unexpected attachments or download anything on their computers without approval. When students are online in the classroom, teachers can ensure that they use only approved websites and applications and get approval for certain activities.

When it’s age-appropriate, children can learn how important strong passwords are and how to create them. Best practices include:

Create longer passwords that are personally meaningful but that don’t contain any PII. An example would be a line from an obscure song with numbers and symbols mixed in to create a password that’s at least 10 characters long. These are much harder, if not impossible, for attackers to guess.
Use a unique password for each account.
For all your online accounts, create one-of-a-kind, long and difficult passwords using a password manager.

Obviously, younger children, like those in kindergarten through third grade, aren’t going to be creating or using strong passwords. Educators at that level will need to be creative in how they help students at that age protect their work, but certainly by middle and high school, this will be a key part of learning.

Pre-teens and teenagers can learn to understand how to securely navigate social media. For example, it’s wise to not use social media accounts to log in to certain kinds of platforms, because those platforms then have instant access to whatever PII is available in those accounts. If there’s no other way to connect to that platform, students can create dummy accounts to use only for this purpose.

Students also need to be cautious about instant messaging services due to social engineering risks. The rule about never giving out PII applies here, especially financial information. And QR codes, though convenient, can send students to a site with malicious files waiting to be downloaded.

And for teachers and staff, from the White House to the private sector, organizations are already offering cybersecurity training for K–12 school districts. Such programs provide academics and employees with the most recent information, advice, and suggestions to help them make better decisions when faced with cyberattacks and other dangers to the school. These free training programs are already being used by many districts.

Knowledge is power–and stronger security

As long as there are school IT teams working with few human and financial resources, there will be cyber adversaries trying to take advantage and break into school networks. This requires a two-pronged approach: technology and training. Because students have network access, they need to learn how to use it safely and responsibly–IT does not bear the sole responsibility for cybersecurity.

Individual cyber hygiene plays a huge role in helping to defend the network. Training for students, teachers, and staff will help IT teams keep the bad actors out and will ultimately help create a cyber-savvier generation.

Author
Recent Posts

eSchool Media Contributors

Bob Turner, CISO for Education, Fortinet

Bob Turner has years of experience as a higher education executive, board member, and thought leader with a focus on cybersecurity strategy and leadership, information assurance and business continuity planning, and information technology management. At Fortinet, he is the CISO for K-12 and higher education acting as a senior level strategic business and technical advisor for the cybersecurity community and business executives. Previously, Turner was a cybersecurity executive and Director of the Office of Cybersecurity reporting to the Chief Information Officer/Vice Provost for Information Technology at the University of Wisconsin at Madison. There, he built a cybersecurity team of 60+ cybersecurity experts delivering all cybersecurity services as well as improved university IT policy development by working with distributed IT and faculty governance groups to ensure cohesive approach to IT policy, governance, audit, and cybersecurity operations.

Latest posts by eSchool Media Contributors (see all)

4 ways to encourage play in education - April 25, 2024
CoSN IT Leader Spotlight: Lisa Higgins - April 25, 2024
It’s time to pay student teachers - April 25, 2024

Sign up for our K-12 newsletter

Crunch the Numbers: New Data on Student Wellbeing, the Skills Gap Crisis, and Tech Usage in Utah

CoSN2024 Wrap-Up

Reflecting on the Parkland tragedy, its lasting impacts, and work still to be done

CoSN IT Leader Spotlight: Lisa Higgins

It’s not business, it’s personal: Building a culture of trust to protect personal data

The importance of the ITS and Facilities relationship

CoSN2024 Wrap-Up

CoSN IT Leader Spotlight: Don Wolff

AI-Enabled Personal Professional Learning MicroGrant Winners Announced

Educators Honored with YouScience® Innovative Educator Award

CIESC Member Schools Gain Access to Metrasens Ultra Weapons Detection Systems Through New Partnership

SchoolStatus Launches SchoolStatus Boost, an Innovative Educator Development Solution for Enhanced Teacher Growth and Development

Frontline Education Releases Inaugural K-12 Lens Survey Report To Guide K-12 Decision-Making

Sign up for our K-12 newsletter

Login