Educating Students on Cybersecurity
Recently checking my old high school’s website, curious how much the curriculum had changed, I was impressed by the differences I found. Among other new additions, there were even several tech/computer courses that my class definitely was not offered. Of course, this is a much more recent trend, and other schools have followed suit.
What we have here are the first forays of K-12 schools into rudimentary tech education. The next step, as Education Dive suggests, is to introduce security training to a generation that views their devices as an inextricable part of their school and social lives. We recently discussed synthetic identities, and how hackers target children for their personal information, even years before they have to buy a car or get a credit card. It should come as no surprise, then, why schools make such a tempting target. Tens of millions of records on students are stored throughout an often digitally ill-equipped education system.
So it was in 2016, when breaches at the University of Central Florida and University of California at Berkley resulted in the exposure of thousands of personal records of students and university employees. 2014 saw four massive breaches that exposed almost a million records combined, while in 2015 the UCLA Health System got breached for 4.5 million. School districts in recent years have also become popular targets for ransomware, from New York to Texas to California. Usually, the school ends up having to pay the ransom to end the hostage situation.
Even when there isn’t a clear theft motive, the vulnerability of districts’ cybersecurity leaves much to be desired. Last week, Orchard Views High School in Michigan experienced a breach of its student information system. Grades and attendance records were altered, which, of course, raises the question of whether the affected students were also the perpetrators. No answer has yet been given. However, the ease with which the system was compromised punctuates the same need. K-12 students have troves of information they might not even be aware of for some time (birth dates, academic and medical information, geolocation data, etc.); but it’s at risk all the same.
School districts themselves naturally bear the bulk of the responsibility for protecting the student data they collect. But that doesn’t mean students should be left in the dark. If there are to be classes on coding, graphic design, and Microsoft Office, there should be some formal education for best cybersecurity practices. It is imperative for students in this new digital age to gain a basic understanding on the subject. Such knowledge is already fast becoming fundamental to possess, and will serve them in life as well as most any other subject.