Teachers' Essential Guide to Cybersecurity

Most educators don't spend their days thinking about cybersecurity. Between classroom management, learning objectives, and so much more, it usually doesn't rise to top priority. But as technology evolves and continues to become more integrated into every aspect of our lives—including mental health and biometrics—and cybercrime increases and sometimes targets schools, cybersecurity is something we need to be mindful about and help students understand. 

Use these questions to help you find the information you need:

• What is cybersecurity?
• Is it different from online privacy? If so, how?
• What are the absolute basics I need to know?
• What steps can I take in my classroom to protect cybersecurity?
• I teach young kids. What can I teach them about cybersecurity?
• I teach middle school students. What can I teach them about cybersecurity?
• I teach high school students. What can I teach them about cybersecurity?
• Are there other facets of cybersecurity to be aware of?

What is cybersecurity?

In its simplest form, cybersecurity is everyone working together to keep our information safe and our computer systems secure. 
More specifically, cybersecurity is the practice of protecting computer systems, networks, and sensitive information from unauthorized access that can compromise confidentiality, integrity, and availability.

Is it different from online privacy? If so, how?

Online privacy is just one small part of cybersecurity, which encompasses much more. Privacy is more about personal data and the control you have over it. Security is more about the systems that contain such data and preventing people from gaining unauthorized access to information.

What are the absolute basics I need to know?

Everyone who uses technology, even just a smartphone, should be familiar with common types of scams and know how to protect themselves, their data, and their devices. And when we're aware of the latest kinds of attacks and able to protect ourselves, then we can also help our students and our schools. For example, setting a strong password and enabling multifactor authentication are simple steps that can have a huge impact.

What steps can I take in my classroom to protect cybersecurity?

These basic steps apply to everyone:

• Start with the passwords that you and your students use. Are they complex? Have young students change their passwords every year, more often as they get older. This video provides more detail, and here's a website where you can test a password's strength.
• Think about personally identifiable information. This includes names, addresses, phone numbers, and any other information that would allow a stranger to know exactly who you are. Be mindful of sharing this information: When, where, and why are you inputting your own information or student data?
• Keep devices updated. This can protect them from attacks. Create a routine for updating software and apps on a regular basis.
• Make it a classroom rule to "pause and think" while online. Never click on a suspicious link or pop-up window. This also applies to QR codes—don't scan any that look suspicious. These can easily contain malware and viruses.

I teach young kids. What can I teach them about cybersecurity?

Cybersecurity can be an intimidating topic, but there are simple elements you can incorporate into your classroom. Additionally, teaching young kids about cybersecurity is an important step in helping them develop safe and responsible online habits. 

Here are some key concepts that can be taught to elementary school students:

• General digital citizenship: Teach younger students about the importance of being a responsible digital citizen. This includes respecting the privacy of others as well as following the rules and guidelines set by their parents, school, or community.
• Device care: Make sure kids know how to take care of their devices, including keeping track of them and charging them. Not only will this help prevent lost devices, but also it lays the foundation for keeping them updated down the road.
• Online safety: Tell students that they need to be careful about what they click, since sometimes things they click on can make their devices sick with a virus. This includes links, pop-ups, and ads. As they get older, you can expand this advice to QR codes and downloadable attachments. They also need to be aware of the safety of the site itself.
• Passwords: Help students create strong passwords. Encourage them to use a mix of uppercase and lowercase letters, numbers, and symbols. In upper elementary school, students should be encouraged to set up multifactor authentication when possible.
• Personal information: Teach students to be careful about sharing personal information online, such as their full name, address, phone number, and birthday. Encourage them to share this information only with trusted sources, and remind them to never post it publicly. When creating a username, students shouldn't use any part of their real name or birthday.

I teach middle school students. What can I teach them about cybersecurity? 

By this point, students are online a lot. They have access to devices, maybe use social media, play games online, and more. Teaching middle school kids about cybersecurity is an important step in continuing their development of healthy online habits. 

Here are some key concepts that can be taught to middle school students:

• Online privacy: Continue to reinforce the concept of online privacy, including the risks associated with sharing personal information publicly on social media platforms. Emphasize the importance of adjusting privacy settings and being cautious about what they share online. Talk about how sites and apps might use that data.
• Phishing awareness: Introduce students to the concept of phishing and show them how to identify suspicious emails, messages, or links that may attempt to steal personal information. Teach them to be cautious when clicking on unfamiliar links or sharing sensitive information.
• Malware and viruses: Introduce the concept of malware and viruses, and discuss the potential risks they pose to devices and personal information. Teach students about the importance of using antivirus software and not downloading anything that looks suspicious.
• Internet safety: Cover general internet safety practices, including being cautious about downloading files from unknown sources, recognizing fake websites, and avoiding interactions with strangers online.
• Digital footprint: Help students understand how their online actions can leave a permanent trail. As they enter the world of social media, it's even easier to believe posts and messages disappear, so kids need to understand that they don't.
• Online gaming safety: Address the importance of safe online gaming practices, including the risks associated with sharing personal information during gameplay and interacting with strangers. 

I teach high school students. What can I teach them about cybersecurity?

High school students can benefit from a more in-depth understanding of cybersecurity concepts. It's essential to provide hands-on activities, simulations, and real-world examples to engage high school students in cybersecurity concepts. 

Here are some cybersecurity concepts that can be taught to high school students:

• Threat landscape: Discuss the current cybersecurity landscape, including common types of cyberthreats, such as phishing, malware, ransomware and social engineering. Help students understand the evolving nature of cybersecurity risks and the need for awareness.
• Secure communication: Teach students about the importance of secure communication methods, such as using encryption, secure messaging apps, and virtual private networks (VPNs) to protect their online conversations and data.
• Social engineering: Explain social engineering techniques used to manipulate individuals and gain unauthorized access to systems or information. Discuss common social engineering tactics, such as pretexting, phishing, and baiting to help students recognize and resist such attempts.
• Network security: Introduce the basics of network security, including firewalls, intrusion detection systems (IDS), and secure Wi-Fi practices. Teach students about the risks of using unsecured public Wi-Fi networks and the importance of securing their home networks.
• Data privacy and protection: Educate students about data privacy laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Help them understand their rights regarding personal data and the importance of organizations protecting user data.
• Ethical hacking and penetration testing: Introduce the concept of ethical hacking and system testing, explaining how these activities help identify vulnerabilities in systems and improve security. Emphasize the importance of obtaining proper authorization and ethical guidelines when conducting tests.
• Multifactor authentication (MFA): Teach students about the benefits of using multifactor authentication to enhance account security. Explain how MFA adds an additional layer of protection by requiring a second verification step, such as a unique code sent to a mobile device.
• Cybersecurity careers: Introduce students to various careers in cybersecurity, such as cybersecurity analyst, ethical hacker, digital forensics expert, and security consultant. Discuss the skills and qualifications needed for these roles and the demand for cybersecurity professionals in today's job market.
• Online research and source evaluation: Help students develop critical thinking skills to evaluate online sources for reliability, credibility, and potential biases. Teach them to discern between trustworthy and potentially misleading information, particularly in the context of cybersecurity.

Are there other facets of cybersecurity to be aware of?

Cybersecurity is an ever-changing field, as systems and networks become more advanced, and the next generation is going to be innovating, maintaining, and strengthening these digital security efforts. We're all connected to devices and other people more than ever before, and much of our information and assets exist in cyberspace. Just as physical security continues to be imperative to protecting ourselves, cybersecurity is even more necessary in today's world.

This work was made possible with the generous support of Craig Newmark Philanthropies.

Image credit: Photo by Allison Shelley for EDUimages