Why K–12 Students Need to Be Taught to Guard Their Data Online
A recent McAfee survey of 1,000 college students and recent graduates ages 18 to 25 revealed some startling statistics on how little this tech-savvy cohort knows about data security.
As many as 80 percent of students surveyed said either they or a friend or family member had been affected by a cyberattack. Despite that, 43 percent said they believed that they wouldn’t ever be a victim of a cybercrime. The consequence? Shockingly poor data hygiene. Just over half (53 percent) of students surveyed had security software on their computers, only 37 percent had smartphone protection and an even lower number, 14 percent, had some security installed on their tablets.
It seems schools haven’t taught students how — or why — to keep personal information safe. McAfee found that that only 36 percent of students said that they learned about personal data safety through school resources. And with the increasing use of mobile phones, computers and tablets in K–12 institutions, it’s imperative that good data hygiene is inculcated in students far before they reach college.
Why K–12 Students’ Data is Valuable to Cyberattackers
Students are particularly vulnerable to data theft and breaches because they have “clean” data — unblemished credit reports and pristine Social Security numbers — that cybercriminals want to exploit. So valuable is this data that criminals will pay as much as $350 for a student record on the black market, Melissa Tebbenkamp, co-chair of the Consortium for School Networking’s working group on student data privacy, tells Education Week.
It’s no wonder that cyberattacks targeting the education sector in this year’s first quarter increased 50 percent over the previous quarter.
“I think the rate of security breaches will keep growing, especially the number of records exposed,” privacy advocate Paul Bischoff tells The Philadelphia Public School Notebook. “That doesn’t mean cybersecurity isn’t improving. It just means we put more things online to be stolen.”
That’s why schools need to step up their cybersecurity curriculum.
“Educational institutions are very careful to promote physical safety, but what about cyber safety?” writes Gary Davis, chief consumer security evangelist at McAfee, in a company blog post. Schools, he noted, should take some responsibility to train students on how they can help keep their data safe from cybercriminals.
MORE FROM EDTECH: K–12 IT leaders can mitigate cybersecurity risks through user training.
Data Security Starts with Simple but Essential Steps
The majority of schools aren’t negligent and many have put data security frameworks in place, writes Toni Birdsong, a family safety evangelist for McAfee, in a company blog post. Birdsong says K–12 institutions are hampered by interrelated challenges, including providing a technology-driven education to students while protecting student and staff privacy and finding funds to address escalating risks.
But there are some easy and basic fixes to help students become better digital citizens.
“Begin by teaching them about privacy concerns and how to manage their digital identities. A good place to start is the International Society for Technology in Education’s Standards for Students,” writes Wendy Jones, a K–12 education strategist for CDW•G, in EdTech.
Here are some essential steps students can take to make data hygiene a continuing part of their lives, throughout their elementary education, through college and beyond:
Strive to Use Uncrackable Passwords
Make passwords complex — and long. A password that’s longer than 12 characters that includes numbers, letters (lower case and upper case) and symbols in unconventional spots is less vulnerable to being cracked, according to The Conversation. Experts also advocate using a reliable password meter to check the strength of passwords. Complex passwords are difficult to memorize, and students may be tempted to reuse them. They should not, nor should they write them down. A password manager can help students keep track of them.
Make VPN Your Friend
In an always-online world, many students use public Wi-Fi networks to access the internet for homework and for entertainment. But very few use VPNs, or virtual private networks, to secure their online activity. Even among college students, McAfee found that only 18 percent of students they surveyed used a VPN for protection, while 90 percent said they used public Wi-Fi. VPNs encrypt data, protecting it from being intercepted, especially on public Wi-Fi networks where there are snoops aplenty. “If you only do one thing to better protect your online privacy in 2019, start using a VPN,” writes Michael Grothaus in Fast Company.
Be Cautious on Social Media
K–12 students should “minimize the digital footprints future colleges and employers might find,” according to The Conversation. A 2017 survey administered to colleges by the American Association of Collegiate Registrars and Admissions Officers found that, of those who monitor social media for admissions purposes, 11 percent have denied admission based on social media content, 7 percent have rescinded an offer of admission and half monitor the social media of those already admitted. On the flip side, K–12 students should use social media to enhance their public profiles, which can serve as a sort of “supplemental essay,” says Alan Katzman, founder of Social Assurity, which trains students on harnessing the power of social media.
Beware of Online Questionnaires
Students may be tempted to fill out online questionnaires related to college admissions, hoping that doing so will better their chances of finding scholarships or other benefits. This can be a dodgy proposition, especially when data brokers, who trade in personal information, make students their targets, writes Ariel Fox Johnson, senior counsel for policy and privacy at Common Sense.
Some questionnaires and websites, Fox Johnson writes, may ask students about sensitive subjects, like their health, political views, disabilities and sexual orientation.
Parents, students and teachers should be educated about the fact that such data procuring operations exist. “[S]tudents and parents (and the public) need to know more — such as who they are giving their information to and how the information will be used and shared and what choices and controls students have,” she writes.
