When examining cybersecurity breaches comprehensively, it becomes clear that human error constitutes the primary weak link regarding vulnerability. In previous times, schools could provide their employees and students with cybersecurity training once a year annually, and that would be enough to tick the box. However, given the escalating prevalence of threats, it has become imperative to continuously and consistently engage in cybersecurity awareness and training initiatives.
Sadly, statistics paint a stark picture of the extent to which cybercrime has invaded the school premises. Up to this point in 2023, around 120 educational institutions have encountered ransomware attacks, compared to a total of 188 incidents documented throughout 2022.
Academic institutions, particularly schools, stand as both incubators of future talent and vulnerable targets for cyber threats. As hubs of technological engagement, schools are tasked with cultivating a generation of digital citizens who are not only proficient users of technology but also adept at safeguarding their digital footprints.
So how can schools ensure they are well-equiped to mitigate cybersecurity threats? Let’s look at the current state of student and staff awareness before discussing how to construct a cybersecurity awareness program.
Current cybersecurity awareness in schools
The emergence of the digital native generation, those born and bred in a technologically immersive environment, paradoxically creates students that lack fundamental cybersecurity knowledge and understanding. For example, studies conducted in the tech-savvy Silicon Valley revealed—despite their exposure to cutting-edge technology—many students demonstrated inadequate usage of basic security measures like password complexity and two-factor authentication.
Furthermore, a notable amount of students exhibited a casual willingness to share personally identifiable information within a school setting, despite being fully aware of the potential consequences. These trends, though concerning, are not isolated to specific regions; rather, they represent the larger global landscape of cybersecurity awareness among students. When you consider that schools have also become the primary target for data breaches for criminal cyber actors, you arrive at a dangerous conclusion, given many students’ attitudes towards cybersecurity.
The cybersecurity awareness blueprint
To address these concerns, a cybersecurity awareness model tailored specifically for educational institutions is vital. Let’s consider the fundamental areas to building a comprehensive awareness program.
Seeking support and understanding school context
First things first, school leaders need to collaborate with government initiatives, such as the document laid out by the National Initiative for Cybersecurity Education (NICE). Aligning with national frameworks,, to address awareness, formal education, professional training, and workforce structure, can improve the long-term cybersecurity attitude of students and teachers. These guidelines ensure a cohesive and unified approach to cybersecurity education.
Additionally, collaborating with cybersecurity experts and industry professionals can foster a dynamic learning environment. Guest lectures, workshops, and real-world case studies provide students with valuable insights and practical applications.
The findings from the Silicon Valley report also showed that even though all students were aware of some information security concepts, they behaved differently in protecting their smartphones compared with their computers. Therefore it's crucial to increase training campaigns that educate students on the possible security risks related to smartphone usage in educational settings.
Innovative solutions to promote awareness
One clever way to increase awareness is by combining cybersecurity into Computer Science Curricula. The resulting educational plan enhances the preparation of the cybersecurity workforce, particularly by producing students who exhibit heightened career readiness due to their improved abilities in logical reasoning and effective cross-disciplinary communication.
The efficacy of game-based learning has been well-demonstrated across a range of subjects such as healthcare and management, underscoring its effectiveness as a training tool. Within the area of cybersecurity, the adoption of game-based methodologies holds promise for enhancing the quality of cybersecurity education and training. One study found that young students taking game-based educational approaches were far more engaged than in traditional listening and reading practices.
One useful example comes from CyberCIEGE, which elevates information assurance and cybersecurity education by harnessing computer gaming methodologies akin to those found in The Sims. Within the virtual landscape of CyberCIEGE, participants allocate virtual funds to manage and safeguard their networks, observing the ripple effects of their decisions as they ward off attacks.
Assessment and recognition
Regular cyber security assessments can come in the form of periodic quizzes and surveys to test student and staff comprehension. Topics could include everything from password security and phishing awareness to data protection and safe online behavior. Schools can then track progress and identify areas where further education or reinforcement is needed. Iterative evaluations also ensure that awareness programs remain effective and adaptable to evolving threats.
Similarly, if you implement a tiered certification system, this can encourage students to continually enhance their own cybersecurity awareness. As students advance through different levels of certification, they demonstrate their growing proficiency in cybersecurity concepts. Certificates earned at each level serve as tangible evidence of their achievements and incentivize further learning. Plus, school leaders can even consider offering rewards for each stage completed.
Educational institutions bear the responsibility of shaping students into cyber-resilient individuals. The blueprint outlined here lays the foundation for an empowered future where students possess the knowledge, skills, and awareness to navigate the digital landscape safely and responsibly. Through collaborative efforts, unwavering commitment, and innovative methodologies, we can bridge the cybersecurity awareness gap and pave the way for a more secure and prosperous digital future.
About the author
Charlie Sander is CEO of ManagedMethods, a Boulder, Colorado-based data security and student safety platform for K-12 schools. With more than three decades of experience in the IT industry, Charlie has been an executive at some of the fastest-growing companies in business. He holds 10 patents and graduated from the Cockrell School of Engineering at the University of Texas at Austin with a BSEE degree.