Teachers and district leaders perceive the threat of cyberattacks very differently, according to a survey from Clever, a K-12 digital learning platform. And that perception gap could be a big problem.
Sixty-six percent of district leaders think it is 鈥渧ery鈥 or 鈥渟omewhat鈥 likely that a school near them will be impacted by a cybersecurity incident in the next year, compared with 42 percent of teachers, according to the survey of more than 800 district leaders and 3,000 teachers conducted in October.
In recent years, the number of cyberattacks on K-12 schools has increased. , a nonprofit focused on helping schools prevent cyberattacks, found that there have been more than 1,330 publicly disclosed attacks since 2016.
In fact, 1 in 4 district leaders said their districts had experienced some kind of cyberattack in the past year, Clever鈥檚 survey found. Sixty-seven percent of those who said they experienced some kind of cyberattack said the incidents were phishing attacks.
Doug Levin, the national director of the K12 Security Information Exchange, said it wasn鈥檛 a surprise that teachers don鈥檛 have sophisticated cybersecurity knowledge on topics such as how schools can protect themselves or where the threats originate from.
鈥淭hose are not questions that I would expect a typical teacher to be informed about,鈥 said Levin. 鈥淚t鈥檚 not their job.鈥
But as schools increase their use of technology, it鈥檚 even more important for them to protect their data. One way schools can prevent cyberattacks is by providing more training and education to every student and staff, according to cybersecurity experts.
Districts should focus on digital citizenship
While a majority of teachers have had some training on student data privacy and digital security, there are still more than a quarter of teachers who haven鈥檛 had any training at all, according to the survey.
鈥淚t鈥檚 a skill that everybody鈥攖eachers, students, maybe even family members and parents鈥攏eed to learn. If you have access to log into a device in a school district, then you also need the training to make sure you鈥檙e doing that securely,鈥 said Dan Carroll, the co-founder and chief product officer for Clever.
Nearly 4 in 10 teachers and 3 in 10 district leaders agree that more educator training is necessary to improve their district鈥檚 cybersecurity efforts, the survey found.
Joseph South, the chief learning officer for the International Society for Technology in Education, said training for teachers shouldn鈥檛 just be about cybersecurity. It should be more about the broader topic of how to become effective digital citizens.
鈥淚f you鈥檙e thinking, not just in terms of security, but how can I help educators [and students] become effective digital citizens, then, of course, you鈥檙e going to look at issues like security,鈥 South said. 鈥淏ut you鈥檙e also going to look at curating your digital footprint. You鈥檙e also going to look at being able to tell the difference between fact and fiction online, which of course benefits your security profile.鈥
But there are teachers (34 percent) who said they didn鈥檛 want any more training on security or privacy.
Levin found it concerning that more than a third of teachers didn鈥檛 want additional cybersecurity training.
鈥淭eachers are actually commonly targeted for phishing attacks,鈥 in which criminals posing as someone in the district, or a vendor, may ask for their login credentials, said Levin. Those emails can be so well-crafted that hackers 鈥渃an get the most savvy of us to fall for it,鈥 he added.
What鈥檚 more, teachers have a personal stake in keeping their district data secure, since cybercriminals can get access to information like their names and home addresses through the district.
With the rise in cyberattacks in K-12 schools, 65 percent of district leaders said they鈥檒l increase their spending on cybersecurity over the next two to three years, the survey found.
But 鈥渉aving money alone does not solve the problem,鈥 South said. 鈥淚n the end, many of the threats have a human factor. Spending money on training makes sense. Spending money hardening your system makes sense. But ultimately, if you aren鈥檛 helping your staff become more savvy, more adept, more confident in using the technology, then no amount of money is going to protect you.鈥