Higher education institutions are not the only targets of ransomware attacks within the education sector. K-12 schools are frequently targeted by ransomware attacks and data breaches aimed at exploiting student and staff data. Between 2022 and 2023, ransomware attacks on K-12 schools surged by 92%, according to Malwarebytes.
To address widespread vulnerabilities and safeguard your school against cyber threats, it’s essential to promote a cybersecurity-conscious community among students, staff, and parents.
We’ve outlined several strategies that can help advance the cybersecurity-minded culture of your school by implementing actionable steps:
For Staff
-
Promote Security Awareness Training and Development
- Provide Security Awareness training sessions that educate staff on cybersecurity best practices and ways to protect and reduce the risk to sensitive information. At least annually, training should be updated to reflect the latest in emerging risks, industry best practices, and current standards and regulations.
- Offer workshops for teachers and administrators, as well as communications like newsletters, to keep them informed about the latest cybersecurity news, trends, and threats, including phishing, ransomware, malware, and social engineering. Provide workshops in different formats such as in-person sessions, webinars, and recorded videos to accommodate different schedules and preferences.
-
Develop Clear Policies and Procedures
- Establish and enforce strong cybersecurity policies for staff to follow. Regularly review and update your cybersecurity policies to address new threats, technologies, and regulatory requirements. Involve cybersecurity experts and legal advisors to ensure that policies remain effective and compliant.
- Create a clear protocol for reporting and responding to cybersecurity incidents. Provide clear instructions on how incidents should be reported and specify who employees should contact immediately upon discovering a cybersecurity incident, such as the IT department, a designated security team, or an incident response team.
-
Promote a Culture of Security
- Encourage staff to model good cybersecurity behavior, such as utilizing strong passwords, using multi-factor authentication, keeping their operating systems and anti-virus software updated, and having the ability to recognize and report phishing emails.
- Recognize and reward staff who consistently follow and promote cybersecurity practices. Issue top performers a certificate or reward them with a free lunch.
For Students
-
Integrate Cybersecurity into the Curriculum
- Teach basic cybersecurity principles in existing computer science courses at different educational levels. Include topics such as encryption, secure coding practices, network security, and malware detection. Explore hands-on exercises where students practice implementing security measures, such as writing secure code, configuring firewalls, or identifying vulnerabilities.
- Use real-world examples and case studies of cybersecurity incidents to illustrate concepts and demonstrate the importance of cybersecurity in everyday technology use.
- Incorporate lessons on digital citizenship, online safety, and privacy into various subjects. Encourage critical thinking about online behavior and digital footprints. Demonstrate to students how to evaluate the credibility of online sources and recognize phishing attempts.
-
Interactive Learning Activities
- Use gamified learning tools and cybersecurity simulations to make learning engaging. Develop educational games or use existing cybersecurity games that simulate real-world scenarios, which can reinforce concepts like threat detection, incident response, and secure coding practices in a fun and interactive way.
- Organize cybersecurity competitions and hackathons to encourage hands-on learning. These competitions challenge students to solve cybersecurity challenges, including cryptography puzzles, network forensics, and web application security. Hackathons encourage student collaboration in developing innovative solutions to cybersecurity challenges or creating cybersecurity tools and applications, which promotes teamwork, creativity, and practical problem-solving skills. Check out the California Cybersecurity Institute’s past events for inspiration!
-
Create Student Cyber Clubs
- Support the formation of cybersecurity clubs where students can learn and share knowledge. Provide resources and support for students interested in forming cybersecurity clubs at schools. Facilitate connections with cybersecurity professionals who can arrange networking events and introduce them to industry conferences or mentorship programs.
- Encourage club activities such as workshops, guest speakers, and projects focused on cybersecurity. Organize workshops on various cybersecurity topics, such as ethical hacking, penetration testing, digital forensics, or secure software development. Guest speakers can share insights into current trends, career paths, and cutting-edge cybersecurity research.
For Parents
-
Host Educational Workshops and Seminars
- Conduct regular workshops and webinars on cybersecurity topics relevant to parents, such as online privacy and data protection, safe social media usage, recognizing and preventing phishing scams, and parental controls and monitoring tools. Ensure that workshops are interactive, with Q&A sessions, demonstrations of cybersecurity tools, and practical tips that parents can implement immediately.
- Provide resources and guides on how to discuss cybersecurity and online safety with their children. Create resource kits that include key cybersecurity concepts, tips for fostering open communication with children about their online activities, and recommended cybersecurity tools and apps for family use. If possible, develop an online portal where parents can access these resources, view recorded webinars, and find additional articles/videos on cybersecurity topics. Distribute printed guides and brochures during school events, parent-teacher conferences, and through school newsletters to ensure that all parents have access to these resources.
-
Parent-Teacher Collaboration
- Encourage regular communication between parents and teachers about students’ online activities. Establish clear and consistent communication channels such as emails, newsletters, and parent-teacher meetings to discuss students’ online behavior and cybersecurity education. Create a feedback tool where parents can report concerns or observations about their children’s online activities to teachers through an online form or dedicated email address.
- Share updates on school cybersecurity initiatives and how parents can support these efforts at home. Regularly publish updates about the school’s cybersecurity initiatives, upcoming events, and any changes in cybersecurity policies through school newsletters and bulletins. Provide parents with suggested activities and discussions they can have with their children at home to complement what is being taught in school.
-
Create a Parent Cybersecurity Committee
- Form a committee of interested parents to discuss and promote cybersecurity awareness. Recruit interested parents through school communications and during parent-teacher meetings. Set clear goals and objectives for the committee, such as increasing cybersecurity awareness, organizing events, and supporting the school’s cybersecurity curriculum.
- Involve the committee in planning cybersecurity-themed events, such as family cybersecurity nights, guest speaker sessions, or community cybersecurity fairs. Leverage the expertise and resources of committee members to develop educational materials, organize workshops, and spread awareness about cybersecurity practices.
By implementing these strategies, schools can build a stronger cybersecurity-focused community that actively participates in maintaining a safe and secure online environment.
CampusGuard can assist by reviewing your school’s security policy and procedures to ensure their effectiveness and offer recommendations to strengthen your security practices. Contact us to help you boost your school’s security posture and more.
Check out our recent webinar on empowering your K-12 staff with effective security training.