Why cybersecurity skills in K-12 take commitment, not complexity

The cybersecurity skills educators need to protect their school networks from hackers are not all complex IT strategies.

Here’s a great place to start. “The most important step that anyone can take is committing to improving their personal cybersecurity and then following through,” says Mark Wenberg, a K-12 cybersecurity trainer and author who is also an educational technology integrator at Richmond Public Schools in Virginia.

Cybersecurity does take some commitment. For instance, the fundamental practice of never reusing passwords isn’t a complicated concept. But, Wenberg stresses, it can be “tedious and inconvenient” unless you’re using a password manager to keep track of everything.

Another critical step is helping staff get much better at recognizing phishing scams that hackers used to steal passwords and personally identifiable information so they can break into school networks. Schools should provide detailed and up-to-date training to employees about the dangers of phishing and related threats, such as vishing and smishing attacks, says Wenberg, who will co-present “Cybersecurity Basics: How to Stay Safe Online” at the 2023 Future of Education Technology® Conference in New Orleans in January.

“One of the biggest misunderstandings around cybersecurity in K-12 is the idea that district IT staff can erect technical barriers like firewalls or antimalware software that will provide perfect security,” he explains. “The idea that IT staff are the only ones responsible for cybersecurity ignores the obligation that every end-user has to remain informed and vigilant against a variety of threats.”

Wenberg’s FETC workshop will also focus on important cybersecurity skills such as managing your digital footprint, using multi-factor authentication and virtual private networks, and how to respond to data breaches. It is just one of several conference sessions on the Future of EdTech Administrator and Future of EdTech Information Technology tracks focused on staying safe online and helping employees build their cybersecurity skills:

• “Reframing your Edtech Messaging to Reflect New Realities”: Parents today want edtech to personalize learning without putting student privacy at risk. This workshop will share research from Project Tomorrow’s Speak Up Project about what parents really want from their child’s education and the value they place on edtech and cybersecurity skills. Presenters: Julie Evans, CEO of Project Tomorrow, and Ann McMullan, a leading education consultant
• “Cybersecurity Considerations with Remote Work”: Remote work has expanded districts’ IT networks beyond their school buildings. With K-12 education and its databases becoming a big target for hackers, IT leaders need strategies to extend protection to staff working from home and other remote locations. Presenter: Lorrie Owens, chief technology officer, San Mateo County Office of Education
• “Getting Beyond IT: Building Cabinet Buy-in for Cybersecurity”: A general assumption in most K-12 districts is that the IT department “owns” cybersecurity from A to Z. Given the increasing threats, the entire executive leadership team must take ownership of cybersecurity. In this interactive workshop, participants will learn how to build cross-organizational buy-in. Presenter: Julie Evans, CEO of Project Tomorrow
• “Getting Buy-In for Cybersecurity and Data Privacy”: Everyone who works in information technology knows the importance of devoting resources to cybersecurity and the protection of district data. This session will discuss proven approaches to get the attention of district leaders and board members, and ways to promote a district-wide culture of cybersecurity. Presenter: Adam Griffin, Maynard Cooper & Gale PC

More on cybersecurity: Should schools pay ransoms? Here are 3 scenarios to look out for