69“«Ć½

Classroom Technology

69“«Ć½ Teach ā€˜Cyber Hygieneā€™ to Combat Phishing, Identity Theft

By Sarah Schwartz ā€” March 06, 2018 7 min read
  • Save to favorites
  • Print
Email Copy URL

69“«Ć½ in Whitney Poucherā€™s cybersecurity education courses are no strangers to highly technical topics. At Greenbrier High School in Georgiaā€™s Columbia County district, they learn how hackers monitor usersā€™ systems to exploit weaknesses, and staff from the nearby U.S. Army fort drop in to give lectures.

But some of the most relevant lessons are also the simplest.

One incident at the school stands out in Poucherā€™s memory: A student opened anotherā€™s email account, impersonating that peer and sending a threatening email message to another classmate. The victim hadnā€™t logged out of an account on a public work station, which allowed the other student access.

Now, said Poucher, she makes sure to emphasize basic, practical security precautionsā€”like logging out of public computersā€”in her courses.

Facing an increasing array of daily security threats, schools like Greenbrier are teaching what is being dubbed ā€œcyber hygiene,ā€ the basic cybersecurity habits that will keep students safe online at home and on their school networks. As reports of large-scale cyber attacks targeting business and government institutions have multiplied in recent years, cybersecurity education has come into national focus. Across the country, schools are implementing workforce-oriented courses to prepare students for careers in designing and protecting networks.

Profound Consequences

Cyber hygiene is foundational for students on these pathways, argue some educators and privacy advocates, though they also believe it has broader relevance. Itā€™s not only IT specialists who deal with sensitive information online. Training in best practices can help middle and high school students protect their personal computers, understand the difference between ethical and unethical hacking, and prepare them to confront the digital threats they will face in the workplace.

At the same time, the challenge is to present lessons on cybersecurity habits in ways that engage, rather than overwhelm, students and resonate with their daily experiences, educators and advocates say. Teachers also say thereā€™s a need to remind students of the ethical choices that come with making decisions about how they use technology.

Cyber Safety Habits Curricula

National Integrated Cyber Education Research Center: The project, funded by the federal Department of Homeland Security and based out of Louisianaā€™s nonprofit Cyber Innovation Center, offers free K-12 cybersecurity curricula to schools and districts. Courses at the high school level include Cyber Science and Cyber Society. They cover everyday safety risks, cyber law, and online ethics.

Common Sense K-12 Digital Citizenship: Common Sense Media includes lessons on privacy, security, and internet safety in their broader digital citizenship curriculum. Topics covered at all grade levels include identifying spam, creating strong passwords, and figuring out whether a website is protecting usersā€™ personal information.

CyberPatriot Training Modules: CyberPatriot, a cyber education program created by the Air Force Association, aims to encourage students to pursue careers in cybersecurity or STEM fields. Training materials for the programā€™s national IT simulation competition for middle and high school students include tips on protecting personally identifiable information, instructions on building strong passwords, and case studies on ethical cyber behavior. Archived training modules are publicly available on the CyberPatriot website.

Elementary School Cyber Education Initiative: Also developed by CyberPatriot, these three free digital games are designed to teach students in grades K-6 about online safety and introduce them to the basics of cybersecurity. The games, available in English and Spanish, cover topics like phishing, malware, security software, and sharing personal information.

iSAFE Digital Citizenship: iSAFE, a nonprofit publisher, offers digital curricula for grades K-12 covering a range of privacy, security, and digital citizenship topics. Lessons in digital safety and security summarize broad subjects like personally identifiable information and acceptable use policies, but also touch on specific issues relevant to teenagersā€™ livesā€”for example, risks to watch out for when shopping online.

As targeted cyberattacks, like phishing, become more sophisticated, schools have a vested interest in helping take security precautions, said Jonathan King, the chief strategy officer at i-SAFE, a provider of curricula on cybersecurity, privacy, and digital citizenship. Counting teachers, administrative staff, students, and parents, districts have an ā€œinordinateā€ amount of users on their systems, said King.

ā€œAnything they can do to help mitigate irregular use on their infrastructure helps them in the long run,ā€ he said.

As soon as students begin using devices in the classroom, teachers and administrators need to start having age-appropriate discussions about staying safe and protected, said Kevin Nolten, the director of academic outreach for the National Integrated Cyber Education Research Center. The center develops cybersecurity curricula for schools to integrate across disciplines.

ā€œWhen I walk into a kindergarten class, and they have a set of iPads that theyā€™re utilizing, we need to begin having a conversation about security,ā€ said Nolten.

At that age, he said, teachers can talk with students about the purpose and use of passwords, and other, broader questions. Why do we secure certain information? Why might we want a private space online?

When theyā€™re working with older students, teachers can draw connections to current events. Poucher said she keeps her high school students up to date on news about ever-evolving cyber attacks, like phishing scams, that could target them at home or at school. ā€œThe best defense,ā€ she said, ā€œis understanding the offense.ā€

Drawing direct connections to situations that users could actually experience makes cybersecurity warnings stick, said Michelle Mazurek, an assistant professor in computer science at the Institute for Advanced Computer Studies at the University of Maryland, College Park. Thatā€™s why demonstrating the consequences of a specific action, like leaving an account open on a public computer, is a good strategy, said Mazurek, whose research is focused on building systems to support usersā€™ security and privacy behaviors and preferences.

ā€œIf you hear a story about something that went wrong, and you say, ā€˜I would never do that,ā€™ thatā€™s less effective,ā€ she said.

But one of the risks in cyber-education programsā€”for students or adultsā€”is that the audiences are overloaded with warnings and other information, Mazurek said. People have ā€œlimited bandwidthā€ to make changes in their daily routines, even if they know what security precautions they should be taking, she said. Focusing on a few crucial, actionable stepsā€”generating strong passwords, updating software, being cautious of scamsā€”makes it more likely that people will actually follow advice.

In the Bossier Parish school system in Louisiana, many students get those types of lessons through the CyberPatriot program, a national competition for middle and high school students run by the Air Force Association. 69“«Ć½ practice in local teams to run an IT simulation, in which they manage the network of a small company. The district also offers cyber literacy and cyber science electives, taught with National Integrated Cyber Education Research Center curriculum materials, for high schoolers, and fields CyberPatriot teams at the middle and high school level.

Parsing Cyber Ethics

Lessons that prepare students for the competition touch on topics like how to craft a strong password, safe browsing tips, and websites that pose security risks (online shopping and social media are at the top of the list).

A step-by-step guide on spotting phishing attempts shows a sample email and labels the telltale signs: Messages are sent from a spoofed sender address, and generally ask the recipient to click through a link to input personally identifiable information.

For most of the students sheā€™s worked with, these warnings are new information, said Charlene Cooper, an instructional coach at Cope Middle School in the Bossier Parish system and a CyberPatriot coach.

Most students donā€™t immediately make the connection that the kinds of cyber attacks unleashed on banks or government agencies could happen closer to home, said Marco Reyes, a cyber literacy teacher at Bossier High School.

Learning about attacks and security in school settings make it clear that these are concrete concerns, with profound consequences, he said.

Those consequences are especially apparent when the school is the site of an attack.

One Friday last school year, Nathan Mielke was getting ready for a cybersecurity-themed homeroom lesson at Hartford Union High School in Wisconsin. A few minutes after the period was supposed to start, a distributed denial-of-service, or DDoS, attack cut off access to the internet.

Mielke, the director of technology services in the high school district, said that to this day, leadership isnā€™t sure whether a student or an outside actor was responsible.

ā€œBut I will tell you that after we talked to students face to face about it, it stopped,ā€ he wrote in an email.

He used the network failure as a teachable moment, explaining what happened and how the attack blocks internet connectivity, in follow-up announcements and in the school newsletter.

Grounding cybersecurity lessons in conversations about right and wrong can steer students away from mischief-minded experiments, said Nolten, of the national research center.

ā€œItā€™s not only important to teach a student how to push the gas pedal,ā€ he said. ā€œWeā€™ve also got to teach them how to push the brake.ā€

In Columbia County, Ga., Poucher teaches her students how to use a virtually protected network, or VPN, which allows users to securely access a private network and still share data through public networks. Protected networks can insulate users from hackers and surveillance online, Poucher explains to students, so they can be a safer alternative to public networks at coffee shops and hotels.

But she stresses to her classes that using the same technology at school can violate district policy, because it can be used to bypass the schoolā€™s internet filtering software. In that case, she said, students would be trying to avoid protections put in place by administrators meant to keep them safe.

In Poucherā€™s classes, students learn how to parse the sometimes messy distinctions between moral and immoral, and safe and risky, behaviors.

ā€œTeaching them the responsibility that they have over themselves,ā€ she said, ā€œis huge.ā€

A version of this article appeared in the March 07, 2018 edition of Education Week as 69“«Ć½ Teach ā€˜Cyber Hygieneā€™ to Prevent Internet Attacks

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Artificial Intelligence Webinar
AI and Educational Leadership: Driving Innovation and Equity
Discover how to leverage AI to transform teaching, leadership, and administration. Network with experts and learn practical strategies.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School Climate & Safety Webinar
Investing in Success: Leading a Culture of Safety and Support
Content provided by 
Assessment K-12 Essentials Forum Making Competency-Based Learning a Reality
Join this free virtual event to hear from educators and experts working to implement competency-based education.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide ā€” elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Classroom Technology Most Teens Believe Conspiracy Theories, See News as Biased. What Can 69“«Ć½ Do?
Teenagersā€”like adultsā€”struggle to recognize accurate, unbiased information in a chaotic digital media landscape.
6 min read
Fake News concept with gray words 'fact' in row and single bold word 'fake' highlighted by black magnifying glass on blue background
Firn/iStock/Getty
Classroom Technology Spotlight Spotlight on Blended Learning
This Spotlight will help you analyze key research on school tech use, explore strategies for engaging virtual instruction, and more.
Classroom Technology Opinion This Group is Trying to Teach ā€˜Digital Literacy.ā€™ Hereā€™s How
How can students avoid getting duped by deepfakes online?
6 min read
Image shows a multi-tailed arrow hitting the bullseye of a target.
DigitalVision Vectors/Getty
Classroom Technology Opinion 69“«Ć½ Are 'Digital Natives,' But Hereā€™s Where They Struggle
The internet is awash with dubious claims. How can educators teach students to distinguish fact from fiction?
6 min read
Image shows a multi-tailed arrow hitting the bullseye of a target.
DigitalVision Vectors/Getty