Teachers and district leaders perceive the threat of cyberattacks very differently, according to a survey from Clever, a K-12 digital learning platform. And that perception gap could be a big problem.
Sixty-six percent of district leaders think it is “very” or “somewhat” likely that a school near them will be impacted by a cybersecurity incident in the next year, compared with 42 percent of teachers, according to the survey of more than 800 district leaders and 3,000 teachers conducted in October.
In recent years, the number of cyberattacks on K-12 schools has increased. An estimate from the K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, found that there have been more than 1,330 publicly disclosed attacks since 2016.
In fact, 1 in 4 district leaders said their districts had experienced some kind of cyberattack in the past year, Clever’s survey found. Sixty-seven percent of those who said they experienced some kind of cyberattack said the incidents were phishing attacks.
Doug Levin, the national director of the K12 Security Information Exchange, said it wasn’t a surprise that teachers don’t have sophisticated cybersecurity knowledge on topics such as how schools can protect themselves or where the threats originate from.
“Those are not questions that I would expect a typical teacher to be informed about,” said Levin. “It’s not their job.”
But as schools increase their use of technology, it’s even more important for them to protect their data. One way schools can prevent cyberattacks is by providing more training and education to every student and staff, according to cybersecurity experts.
Districts should focus on digital citizenship
While a majority of teachers have had some training on student data privacy and digital security, there are still more than a quarter of teachers who haven’t had any training at all, according to the survey.
“It’s a skill that everybody—teachers, students, maybe even family members and parents—need to learn. If you have access to log into a device in a school district, then you also need the training to make sure you’re doing that securely,” said Dan Carroll, the co-founder and chief product officer for Clever.
Nearly 4 in 10 teachers and 3 in 10 district leaders agree that more educator training is necessary to improve their district’s cybersecurity efforts, the survey found.
Joseph South, the chief learning officer for the International Society for Technology in Education, said training for teachers shouldn’t just be about cybersecurity. It should be more about the broader topic of how to become effective digital citizens.
“If you’re thinking, not just in terms of security, but how can I help educators [and students] become effective digital citizens, then, of course, you’re going to look at issues like security,” South said. “But you’re also going to look at curating your digital footprint. You’re also going to look at being able to tell the difference between fact and fiction online, which of course benefits your security profile.”
But there are teachers (34 percent) who said they didn’t want any more training on security or privacy.
Levin found it concerning that more than a third of teachers didn’t want additional cybersecurity training.
“Teachers are actually commonly targeted for phishing attacks,” in which criminals posing as someone in the district, or a vendor, may ask for their login credentials, said Levin. Those emails can be so well-crafted that hackers “can get the most savvy of us to fall for it,” he added.
What’s more, teachers have a personal stake in keeping their district data secure, since cybercriminals can get access to information like their names and home addresses through the district.
With the rise in cyberattacks in K-12 schools, 65 percent of district leaders said they’ll increase their spending on cybersecurity over the next two to three years, the survey found.
But “having money alone does not solve the problem,” South said. “In the end, many of the threats have a human factor. Spending money on training makes sense. Spending money hardening your system makes sense. But ultimately, if you aren’t helping your staff become more savvy, more adept, more confident in using the technology, then no amount of money is going to protect you.”