Advocacy Agenda: October 2020

The COVID-19 pandemic impacted instructional delivery as students, teachers, and administrators were forced to work from home. Depending on the school system, this unprecedented migration was referred to as “remote,” “distance,” “online,” or even “emergency” learning. Regardless of the terminology used, internet-connected devices became essential components of this effort.

Because the transition to distance learning happened so rapidly, with minimal preparation time, many teachers and students were not adequately prepared for the challenge. Cybersafety—the safe use of technology and the internet—was, in many cases, an afterthought. As many schools navigate the continuation of distance learning, they should consider providing teachers with focused professional development to help ensure the safety of students and teachers online.

Making the Comparison

When it comes to deploying technology for student use, it may be helpful to compare it with another older, well-known machine: the car. The car is a common piece of technology with which most people interact. We may own, drive, or be a passenger in a vehicle, or interact with them while riding bicycles or as pedestrians. Interactions with a car come with a lot of training and safety instruction. In most states, it is not legal to just hand car keys to a person who doesn’t know how to drive. We don’t expect teens to understand the rules of the road and how to operate a car safely without training. Before getting a driver’s license, drivers must meet minimum age requirements and demonstrate the knowledge and ability to drive a car safely through written and practical exams.

In most instances, this level of care is not applied to classroom technology. Teachers and students use internet-connected devices with minimal training on responsible and safe use. However, online teaching differs significantly from face-to-face instruction and requires an educational foundation in basic cybersafety principles. Even the best classroom teachers may struggle with the transition. According to a study produced by The Hechinger Report titled “Colleges Struggle to Blend Tech, Teacher-Training Lesson Plans,” teacher training programs are still struggling to incorporate the technology in their own classrooms, and only a few programs include basic cybersafety training.

Adults often make incorrect assumptions about student abilities with regard to technology use. Even if students have had access to devices from a young age and may appear to navigate them fluently, this doesn’t mean that they know how to use technology safely, ethically, or responsibly. Nor does it mean that they know how to leverage technology for learning. The term “digital native” has done today’s students a great disservice by implying that they automatically know how to use technology safely and appropriately.

The rapid deployment of internet-accessible devices to students and teachers without cybersafety education is akin to handing them the keys to the car to complete an emergency evacuation. Now that teachers have successfully navigated the initial emergency, they must focus on teaching students to use these devices safely.

Building a Culture of Cybersafety

Most people know the basic safety rules for pedestrians, such as looking both ways before you cross the street. Similarly, educators and students should know standard cybersafety literacies. These key life skills will protect student safety and privacy, and they should be ingrained in school culture. Coaching teachers on cybersafety habits will allow them to model and teach these skills to their students.

1. Create strong and unique passwords. Basic digital hygiene begins with creating and using strong passwords. Instruct teachers and students to create strong passphrases—a sequence of words strung together that are generally longer than passwords—which are easy to remember but hard to break. The blog post “Easy Ways to Build a Better P@$5w0rd” from the National Institute of Standards and Technology has helpful tips for passphrase creation, such as leveraging the power of association (instead of always relying on memorization) when creating passwords.
2. Keep passwords secure. Compromised passwords can result in dangerous consequences. It’s not uncommon for teachers and other school employees to write passwords on sticky notes stored on monitors or under keyboards. Creating clear expectations about the individual nature of passwords and each person’s responsibility to keep them private is important to the ongoing safety of students.
3. Identify phishing and fraud emails. Phishing emails are a growing cause of identity theft and cyberattacks in schools. The COVID-19 pandemic has only increased their frequency. All teachers and students with email accounts should be taught to identify phishing attacks and how to handle them.
4. Think before you post. Students and teachers should learn to think carefully before posting anything online. Digital content can easily be shared beyond the original audience, sometimes with devastating consequences. School systems should develop and communicate clear social media guidelines for employees, and teachers should engage students in conversations about what is and isn’t appropriate or safe to share online.
5. See something, say something. Although most schools have web content filters to protect students from inappropriate or dangerous online content, these tools are not foolproof and are easily circumvented by students. Students may accidentally (or intentionally) access inappropriate websites that may make them feel uncomfortable or unsafe. Teachers and students should be taught how to handle and report these incidents to reduce the possibility of unnecessary trauma.
6. Establish clear processes for students who cross the line. There will always be boundary-pushing students who will try to gain unauthorized access to school systems, attack and disrupt school networks, disrupt classrooms and learning activities, or engage in other unauthorized technology use. When possible, school leaders should leverage these incidents as teachable moments rather than relying solely on punitive responses. With the right guidance, today’s teenage “hacker” may become tomorrow’s cybersecurity professional.

Important Technical Safety Nets

None of the cybersafety skills listed above are technology- specific, but there are technical solutions that can be used on school devices and networks to help protect students and employees:

1. Web content filtering systems block inappropriate or dangerous content based on category, including violence, pornography, gambling, etc. School leaders should know what content categories are being blocked and why.
2. Antivirus or antimalware software monitors individual devices for viruses, ransomware, and other threats that can compromise the device security and/or user safety and privacy.
3. System patches are distributed routinely by all vendors to fix security problems in their operating system software. Schools should have a standard process in place to update critical software patches on a regular basis as they become available.

Starting Your Cybersafety Journey

The recommendations in this article are a basic foundation for improving cybersafety in your school. School leaders seeking to improve their understanding of cybersafety should consult these additional resources:

• Consortium for School Networking (CoSN) (www.cosn.org): The CoSN website offers privacy and cybersecurity guidance to school district administrators and technology leaders. Some components to explore include:
  • COVID-19 Response Guidance (http://covid19edtechguidance.com)
  • Student data privacy resources (www.cosn.org/protectingprivacy)
  • Cybersecurity resources (www.cosn.org/cybersecurity)
• National Cyber Security Alliance (NCSA) (https://staysafeonline.org/stay-safe-online): The NCSA provides broad-reaching cybersecurity and privacy education and awareness for users at home, work, and school. The NCSA coordinates the annual Cybersecurity Awareness Month in October.
• Student Privacy Compass (https://studentprivacycompass.org): The Student Privacy Compass, an initiative of the Future of Privacy Forum, provides information, news, and guidance about student data privacy. Some helpful school cybersafety articles include:
  • 3 Easy Ways for Educators to Keep Online Accounts Secure (http://studentprivacycompass.org/bearden1)
  • 3 Easy Steps for Educators to Make a Secure Passphrase (http://studentprivacycompass.org/bearden2)

Center for Internet Security

The Center for Internet Security (CIS) (www.cisecurity.org) is a community-driven nonprofit that focuses on IT security best practices. In addition to offering a wide range of free security tools, CIS has identified 20 key steps organizations can take to secure their technology called “CIS Controls.”

The COVID-19 pandemic has resulted in unprecedented shifts to technology-based instruction. While the term “new normal” has been vastly overused, technology will likely play a more significant role in K–12 education even after the immediate pandemic threat has passed. To help keep students safe, it’s critical that student and teacher cybersafety education be an important consideration now and in the future.

Amy McLaughlin is the cybersecurity project director for the Consortium for School Networking.