Teacher’s Guide to Cybersecurity - Everything You Need to Know in 2024

The days of handwritten homework assignments, heavy printed textbooks, and mailed paper report cards are slipping away. Learning is digital in the 21st century. Students often complete their homework, communicate with classmates, check their grades, and conduct research for assignments online.

The internet speeds up students’ ability to study and instantly connects them with more information than a printed school library could possibly hold. However, the cyber world of modern education can be dangerous, both to your students and to you as a teacher.

Your Risks as a Teacher

Your students are more tech-savvy than you can possibly imagine. While many adults rely on the occasional tutorial to learn how to use a new program or application, students are digital natives. They intuitively know how to use apps, mobile devices, and online platforms, since they’ve been using them their whole lives.

This means that, with the right motivation, your students could probably figure out how to hack into your accounts. For example, if a student wasn’t satisfied with her grade, she might be able to figure out your password and change a grade or two. Similarly, a student who wanted to play a joke on you could change all the images in your PowerPoint presentation.

You need to know how to protect both yourself and your students from cyber attacks.

Cyber Safety for Students

In some cases, students might be the culprits of cybersecurity issues in your classroom, but in others, they might be the victims.

While many young people are able to easily learn digital programs and might even have some hacking skills, they still have a lot to learn about the world. They may not be savvy enough to spot every cybersecurity risk that they encounter.

As a teacher, you can both directly protect your students and teach them about cybersecurity so they can better safeguard themselves online.

Protecting Your Classroom

Cybersecurity threats can be alarming, but fortunately, there is a simple solution to help keep you and your students safe: education! After all, knowledge is power.

By educating yourself and your students about cybersecurity, the latest applications, and other features of modern technology, you can spot and resolve digital safety issues before they put your classroom in danger.

How Students Put You in Danger

Even if they don’t mean to, your students could put you, your school, and their fellow students at risk with their digital habits. In this section, we’ll describe these hazards and explain how you can avoid them.

Integrating the Internet Into Your Classroom

As we discussed above, your students are often more tech-savvy than you. They probably know how to use every feature of the most popular online programs and digital devices. This could give them an enormous advantage over you if they wanted to hack into your accounts.

Your first instinct might be to completely ban digital devices in your classroom. However, this isn’t likely to work. According to the Pew Research Center, as of 2018, “95% of teens have access to a smartphone, and 45% say they are online ‘almost constantly.’”

This means that your ability to actually eliminate cell phone, tablet, or laptop use during class is very limited. Fighting digital devices in the classroom will most likely be futile and frustrating. Instead, make your students’ time online a productive part of class by integrating your students’ devices into your lessons (for more information on this, see our lesson plans).

Who’s Using Your User Accounts?

As a teacher, you probably have numerous online accounts. As well as your personal email and social media accounts, you also have multiple school and education software accounts.

Now, imagine if your students had access to all the information stored on those accounts. They could read your personal emails, change their online homework assignments and grades, look at other students’ reports, publish fake updates to your social media profiles, or hack you in many other ways.

Hacking into your accounts probably isn’t very challenging for your students. To make matters worse, many schools also don’t have great cybersecurity systems in place to help you protect your accounts.

To protect your important information from potential student hackers, it’s crucial that you understand how to protect and secure your accounts.

Below, we provide our suggestions for keeping your user accounts secure. This advice applies to your online teacher portals, personal accounts, emails, and social media platforms. We recommend that you:

• Use your school email address to create education-related accounts. This will help keep your personal email address separate from accounts students may have access to.
• Create complex passwords. Your passwords should be a mixture of upper- and lowercase letters, and include numbers and symbols. These types of passwords are more difficult to guess.
• Change your passwords frequently. Experts advise switching your passwords every six months, but since that’s already most of the school year, we recommend changing your passwords every three months.
• Use a different password for each unique account. For example, the password you use for your teacher portal shouldn’t be the same as the one you use for your personal Facebook. This means that if someone guesses or hacks one password, they won’t be able to access all of your accounts.
• Check to see if your password is strong enough using a password meter, like ours. These tools calculate how difficult or easy it would be to guess or hack your password.
• Use a password manager to generate and store your passwords on your device or browser. A password manager uses a special database to create and store strong passwords so you don’t have to remember them.
• Use biometric passwords such as fingerprint access when available. These are very secure as only you can use them.
• Take advantage of strong authentication or two-factor verification when it’s available. These systems typically require you to enter both your password and a special code sent to your phone or email. Strong authentication offers the best protection for sensitive accounts like your email address or bank account. Many services offer strong authentication on an opt-in basis. Ask your service provider for help if you’re not sure how to get started.

This should help keep your accounts safe from students and other potential hackers.

Making Mobile More Secure

An infographic on making mobile more secure.

You probably rely on your smartphone to stay in touch with friends, check your email, and post to social media. You may even use a mobile device to assign and grade homework or conduct research for your class.

Smartphones are incredibly convenient and useful, but they’re also very vulnerable to student hacking.

Your smartphone may be expensive, but the data stored on it is even more valuable. Photos, social media accounts, personal messages, bank accounts, and all sorts of other private information are stored on smartphones.

If you don’t take proper precautions, a student, fellow faculty member, or stranger could access any of the sensitive data on your smartphone or tablet. There are four ways you can protect your mobile devices from potential hackers:

1. Keep your devices updated. Hackers work to find flaws in technology companies’ security systems, and they’re almost as fast as the companies trying to stop them with updated software. No system is 100% secure, but updating your software is one of the most important ways to protect your phone. We recommend that you turn on auto-update features for all apps and devices.
2. Use biometric passwords. As mentioned above, biometric passwords are one of the most secure login options for your digital devices. Keep your smartphone and tablet safe by setting up fingerprint passwords where possible. Minimally, use a traditional password for your mobile device.
3. Disable wi-fi and Bluetooth as often as possible. They’re great when you’re actually using your device. However, when you’re offline, leaving wi-fi and Bluetooth on lets hackers know that you’re there. We recommend disabling your wi-fi and Bluetooth when you’re not using your device. This will limit your visibility to nearby devices.
4. Customize your encryption settings. The factory settings for your device and its various apps may not be ideal for cybersecurity. If your device is not encrypted by default, turn encryption on. You should also adjust your privacy settings to limit different applications’ access to your data.

These safety measures can help keep your mobile devices safe from students. They can also protect you from other potential hackers anywhere else you take your smartphone or tablet.

Maintaining Personal Privacy and a Stellar Online Reputation

You probably don’t discuss your romantic relationships, political opinions, or favorite celebrities with your students. However, if you don’t properly safeguard your social media accounts, your pupils could easily access all of that information.

Most teachers would rather keep their social media accounts and personal lives private from students, and for good reason. According to an article in Inc. magazine, “privacy matters more to Generation Z. They are very careful and intentional about managing their online reputation.” Since students are concerned with their own reputations online, they’re also very aware of yours.

As their teacher, you need to be careful about what your students can find out about you online. If they know about your recent breakup, see pictures of you at a concert, or learn what you think about a controversial issue online, they might feel less comfortable in your classroom or question your authority. It’s important that you remain a trusted, respected figure in their lives.

Many teachers are tempted to delete all their online information, but that’s not necessary. After all, you should still be able to use the internet to connect with your friends, express yourself, post photos, and more.

To keep your personal information safe from your students (and anyone else you may not trust), you need to cleverly conceal your online presence.

Our experts recommend that you take the following steps to safeguard your online reputation:

• Google yourself. If you can find it on a search engine, your students can too. Googling yourself will reveal almost any personal information that is publicly available. Once you know what data about yourself is online, you can find its source and delete anything you wouldn’t want your students (or anyone else) to see.
• Adjust your privacy settings. Many accounts are set up with minimal privacy as the default. If you want to keep your personal data away from students, make sure your posts, tweets, and other social accounts are private and visible to only your friends or followers. This way, your students won’t be able to easily find this information.
• Delete and/or deactivate accounts you aren’t using. If you have an old social media account you’re no longer using, you should delete or deactivate it. This will prevent imposters hijacking the account and posting as you. If you want to keep your old accounts, make sure you set them to private.

These guidelines will help you enjoy the benefits of social media while protecting your online reputation.

The Internet in Your Classroom

You and your students will be online at school, so it’s vital that you know how to stay safe - and protect them. Below, we explain how.

Is Your School Network Safe?

Your school network is probably the primary way you and your students access the internet. It can also be a good way to block certain unsafe or inappropriate sites and improve your school’s cybersecurity. Unfortunately, it could also be vulnerable to breaches, which could put you and your students at risk.

There are many ways students can bypass the network and access blocked sites. As our article on this topic points out, students can use a VPN, proxy, or portable browser to get around the school network. These tools could allow them to unblock websites and load inappropriate online content while they’re in your classroom. This could be dangerous and disruptive.

Now that you’re aware of how students can get around school network blocks, you can work with technology professionals to prevent them from doing so. You can also be on the lookout for unsuitable online content students might bring into your classroom.

Furthermore, if your school network isn’t password-protected, this could make it even more unsafe. Hackers lurk on public wi-fi looking for users’ personal data and trying to take control of their devices. This could leave you, your students, and school administrators susceptible to malicious attacks.

In fact, in September 2018, the Federal Bureau of Investigations (FBI) issued a PSA warning about the increasing cybersecurity risks faced by schools. The FBI stated that the widespread collection of sensitive information in schools “could present unique exploitation opportunities for criminals” and could result in “social engineering, bullying, tracking, identity theft, or other means of targeting children.”

Clearly, both you and your students face cybersecurity risks if your school network is unsecured. If your school network is open, you can work with administrators and IT professionals to make it more secure.

We recommend adding a password to your school’s wi-fi and changing it every three months. It may also be useful for the school to hire a cybersecurity professional to help set up more advanced anti-hacking systems.

The Hazards of Cyberbullying

According to the non-profit Kids Health, “cyberbullying is the use of technology to harass, threaten, embarrass, or target another person.”

The organization explains that “sometimes cyberbullying can be easy to spot” as in the case of “a text, tweet, or response to a status update on Facebook that is harsh, mean, or cruel.” However, Kids Health points out that “other acts are less obvious, like impersonating a victim online or posting personal information, photos, or videos designed to embarrass another person.”

Unfortunately, cyberbullying is epidemic in many schools. A September 2018 survey by the Pew Research Center found that 59% of US teens have been bullied or harassed online. The study found that 90% of teens believe online harassment is a problem that affects people their age.

The same survey found that “majorities of young people think key groups, such as teachers, social media companies and politicians are failing at tackling this issue.”

As you might assume, cyberbullying can have a devastating long-term impact on children and adolescents. Like other forms of bullying, it can lead to real-world consequences that affect a victim’s whole life. Kids may experience depression, anxiety, and low self-esteem as a result.

They may also want to avoid school, affecting your ability to teach them the skills they need to succeed in the adult world.

As a teacher, you may be an adult onlooker when it comes to cyberbullying. It can be tricky to identify bullying and to understand the best way to intervene when it’s happening on an online platform, forum, or private messaging service that’s inaccessible to you. However, since you need to protect your students from its upsetting effects, it’s vital to know how to spot it in your classroom.

The Vocabulary of Cyberbullying

If you want to safeguard against bullying in your classroom, there are a few terms you should become familiar with. These include:

• Trolling: intentionally posting provocative and insulting messages about sensitive subjects, such as racist and sexist material, in order to elicit a response. Merriam-Webster defines the verb “troll” as “to antagonize (others) online by deliberately posting inflammatory, irrelevant, or offensive comments or other disruptive content.”
• Flaming: sending provocative messages to incite an argument. According to Lifewire, “flaming is about hurling insults, transmitting bigotry, name-calling, or any outright verbal hostility directed at a specific person.”
• Harassment: specifically targeting an individual or group with persistent actions meant to make the receiver(s) frightened or upset. Harassment can develop into cyberstalking.
• Cyberstalking: according to the Cyberbullying Research Center, “cyberstalking involves the use of technology (most often, the internet!) to make someone else afraid or concerned about their safety...Cyberstalking behaviors may include tracking down someone’s personal and private information and using it to make them afraid, texting them hundreds of times a day to let them know you are watching them, ‘creeping’ on their social media accounts to learn where they are so you can show up uninvited, or posting about them incessantly and without their permission.” Cyberstalking is against the law in many places.
• Catfishing: stealing someone’s online profile or setting up fake profiles to lure others into starting online relationships. This form of cyberbullying can also be used to spy on, shame, or manipulate children, teens, and even adults.
• Fraping: impersonating someone or logging in to their profile to post inappropriate content. This is a serious offense and, according to Business Insider, “is now a crime that could get you 10 years in prison, in Ireland.”
• Griefing: abusing and angering people via online gaming. According to Oxford Dictionaries, a “griefer” is “a person who harasses or deliberately provokes other players or members [of an online game or community] in order to spoil their enjoyment.”
• Outing: publicly sharing someone else’s personal, private, or embarrassing information, photos, or videos. This can be very damaging, especially amongst children and adolescents, who may not react compassionately.
• Roasting: when an individual or, usually, a group, gangs up on an individual online until the victim “cracks.” The Bark Blog explains that “roasting is a term from comedy where a comedian roasts another person with good humor” but it becomes problematic when done “without the consent or desire of the individual to be roasted.” Although it “can start out innocuous and light-hearted...that is not where it always ends.”

If you notice your students discussing these types of activities in relation to themselves or their classmates, you should pay attention. Discussing cyberbullying with your pupils could help you save them from its hazards.

How to Tell if a Student is Being Cyberbullied

Even if you don’t hear your students talk about cyberbullying, you may be able to spot a student who is suffering from these types of online attacks. Children and teenagers who are cyberbullied often exhibit signs of general bullying or distress.

A student may have been cyberbullied if he or she:

• Appears more lonely or isolated. Cyberbullied children may withdraw from their friends or feel as if they can’t trust anyone.
• Unexpectedly or suddenly changes his or her friendship group. Sometimes, students’ own friends are the culprits of cyberbullying. In these cases, the student may no longer want to spend time with the friends who have bullied him or her.
• Suffers from seemingly sudden changes in personality. This could include becoming withdrawn, anxious, sad, or angry.
• Cries frequently, unusually, or in seemingly strange circumstances. A student may become upset in apparently odd circumstances when dealing with the consequences of cyberbullying. This could occur when other students mock the victim or remind him or her of what happened online.
• Is getting worse grades. Cyberbullied students’ academic performance may decline due to feeling upset, being scared, or being unable to focus.
• Seems distracted or lacks focus in the classroom. Students who have dealt with cyberbullying may be worrying about their fear or embarrassment instead of thinking about their schoolwork.
• Misses school frequently. Students whose classmates have cyberbullied them may want to avoid school so they don’t have to deal with their attackers.
• Loses interest in extracurricular activities. Cyberbullied children and teens may want to quit their athletics teams, dance programs, theater productions, or other activities to get away from their attackers. They might also be less interested in extracurricular activities because they feel ashamed, shy, or afraid to get hurt again.
• Suffers from an increasingly negative self-perception. Children and teens who are victims of cyberbullying often feel less confident as a result, since they may believe the negative things their attackers say about them.
• Isn’t doing as well physically. The emotional and mental stress of cyberbullying may cause victims’ physical health to worsen.

If these descriptions sound like one or more of your students, you should have a conversation with them about cyberbullying. The earlier you can intervene and stop this harmful behavior, the better.

An Educational Solution

One of the best ways to prevent cyberbullying is to teach students about it. You can educate them about how to avoid cyberbullying, when to report harmful online behavior, and why they shouldn’t engage in these activities themselves.

See our tips and lesson plans for instructing your class about cyberbullying.

Your students are generally tech-savvy, but they may not understand the dangers of the internet.

They can make a social media profile on almost any site in seconds, but they don’t know how to protect themselves from catfishers. They can win online games, but they don’t realize how easily a hacker could steal their gaming account password. They know how to break into their friends’ social media accounts, but they don’t comprehend how hurtful it could be to out them online.

As a journalist writing for Forbes magazine argued, “just as we teach our kids to lock their bicycles, parents and teachers need to remind them to password-protect their phones and other devices. And kids need to know that some things in life need to be kept secret,” such as their account and device passwords.

We highlight a few other things your students need to know about cybersecurity below.

Public Wi-Fi Precautions

Free is always attractive, and free public wi-fi is especially tempting for students who may have limited data plans on their cell phones.

However, public wi-fi networks are especially vulnerable to hackers who lurk on open systems looking for data to steal and devices to control. You can help to safeguard your school’s network by ensuring it is password-protected and preventing your students from using different techniques to bypass its blocks.

However, you also need to teach them about the dangers of public wi-fi outside of school. Since they’re almost always online, your students probably use public wi-fi in cafes, restaurants, malls, and other public areas.

Although it can be convenient, there are many reasons to avoid public wi-fi. These include malware, worms, unencrypted websites, and more.

Fortunately, you can help teach your students how to combat these risks. You can urge them to:

• Use HTTPS sites. As Wired points out, “when you browse over HTTPS, people on the same wi-fi network as you can’t snoop on the data that travels between you and the server of the website you’re connecting to. Over HTTP? It’s relatively easy for them to watch what you’re doing.” Your students should make sure to only browse sites whose addresses begin with HTTPS (you can tell them the “S” is for “safe”).
• Understand the public wi-fi network’s privacy agreement. As Popular Science puts it, your students must “read the small print.” Actually reading the privacy agreement that often pops up when you connect to public wi-fi can help your students answer the questions: “what are you giving up in exchange for your wireless access? How will your email address or phone number or whatever else you’re surrendering be used?” You should also teach students not to give up important private information just for public wi-fi access, since their personal data is priceless.
• Turn off sharing. Students should ensure that they’ve turned off the “share” option on their devices before connecting to public wi-fi. According to Wired, “when you’re on a public network around strangers, you’ll want to cut off the features that enable frictionless file sharing on your devices.” While sharing features can be useful for easily sending pictures and other information, they can be dangerous in a public setting.
• Connect to public wi-fi with a VPN (Virtual Private Network). Forbes explains: “if you want to keep hackers out and lock down your connection entirely, you should consider using a virtual private network.” This system “protects your data from ever being accessed by third parties because they would need the encryption key to decode it.” VPNs can help keep students safe from hackers on public wi-fi networks. Setting up a VPN might seem too difficult for students, but they’re actually quite easy to use, especially for tech-savvy Gen Z-ers. If your students need help, they can check out our beginner’s guide on choosing the best VPN for their needs.

By teaching students to remember and apply these key concepts, you can help them stay safe on public wi-fi.

Fighting Phishing

Your students’ devices are filled with valuable information. This could include private photos, credit card information, personal messages, bank data, and more. Additionally, some hackers, cybercriminals, and cyberbullies simply want to mess with victims’ lives and cause chaos.

Some people assume that only those who are especially naive or irresponsible can be affected by these types of cyber schemes.

However, according to Pacific Standard magazine, researchers in a Dutch study found that “when it came to phishing and malware, hardly anything distinguished victims from other computer users, except that the more time people spent on the internet, the more likely they were to be victims.”

Since “teens spend an average of nine hours a day online,” as per Quartz, they are especially susceptible to cyber attacks. Knowing more about how phishing and malware work can help you and your students identify and avoid them.

According to the United States Department of Homeland Security, “phishing is an attempt by an individual or group to solicit personal information from unsuspecting users” by manipulating them into providing personal information to the attacker. To trick receivers, “phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual.”

Once the person has opened the message and decided that it’s trustworthy, “these emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user will then be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises.” These websites may also infect devices with malware (which we explain below).

To protect your students, you can teach them to identify the signs of a phishing scam. These often include:

• Unfamiliar sources. If a student has never interacted with this person or company before, they should not open the email or its attachments.
• Strange email addresses. As the University of Chicago explains, “any communication from a University, or from a bank, health provider or other legitimate company with which you do business, should come from that organization’s email system, not from some unrelated email address.” For instance, students should not trust emails coming from addresses like starbucks@gmail.com or chasebankcustomerservice@hotmail.com. You can also suggest that they check the email addresses that previous, valid messages came from to see if they match up.
• Messages to many people. The email should be to the student alone, not to “undisclosed-recipients or to a large number of recipients you are not familiar with,” as per the University of Chicago. In addition, students should be suspicious of messages that do not refer to them by name, but instead say “‘Hello, [blank],’” as CNET noted.
• Grammar or spelling errors. An individual trying to trick someone into sharing their information may not write perfectly. However, an actual, trusted company most likely would, since they hire professionals.
• Requests for personal information or money. Phishing scammers often want their victims’ private data or money. Students should be very cautious about providing personal information, even if they believe the email is legitimate.
• Extremely profitable and easy offers. The University of Chicago argues that you should “watch out for emails with claims like ‘you have won the lottery’... [or] you stand to inherit millions of dollars.” You can tell your students that if it seems unlikely, unrealistic, or too good to be true, it probably is.
• Odd attachments. Instruct students that if an attachment seems unnecessary or unrelated to the message, they should not open it. In addition, any attachment they do open should be a familiar file type, like “Word files, Excel spreadsheets, PowerPoint presentations, or Acrobat PDFs,” and definitely not “ones like.pif,.scr, or.exe.,” according to the University of Chicago. Scammers’ attachments may install malware.

If the email falls into any of these categories, tell students they should run the email by their parents, guardians, or by you before sharing information. As the Department of Homeland Security recommends, they can also “verify [requests] by contacting the company directly.” Students should only open email attachments if they are truly sure the message is authentic and safe.

Since anyone can be phished, you should also educate your fellow teachers and administrators about phishing. After all, if any member of the school’s staff is phished, this could put student information at risk.

Staying Away from Malware

Malware is linked to phishing. Scammers often phish as a way to install malware on victims’ computers, but devices can also be infected in other ways.

Malware is the umbrella term that describes all malicious software, including ransomware, viruses, rootkits, worms, adware, spyware, and more. Malware compromises your device, slowing down its basic functions and breaching its security. It can be used to steal your data, control your device, or to add software that you’ve not approved.

Malware can destroy a device or make it extremely difficult to use. It can also steal private or critical data users need to access. Malware may also cause a device to run very slowly or poorly.

In addition to phishing attachments, malware can access a device if students install files like “screensavers, toolbars, or torrents that [they] didn’t scan for viruses...from an untrustworthy source,” as per How to Geek. Clicking on pop-ups can also install malware on your device.

Malware can be included with seemingly trustworthy applications. As How to Geek explains, “the makers of popular software keep selling out, and including ‘optional’ crapware that nobody needs or wants,” which allows them to “profit off the unsuspecting users that aren’t tech-savvy enough to know any better.”

For these reasons, users should always research and understand exactly what they’re putting on their devices.

As Microsoft Windows Security Support points out, “infected removable drives” could also be to blame for malware. The article mentions that “many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your PC. Some worms can also spread by infecting PCs connected to the same network.” Students should never use a drive or network they can’t completely trust.

Pirating software, music, or movies may also make a device susceptible to malware, according to Computer Hope. This is because “these files and programs [sometimes] contain viruses, spyware, trojans, or malicious software in addition to what you believe you are downloading.”

Unfortunately, once malware does get onto students’ computers, it can multiply, “[installing] even more malware.” This dynamic can make the consequences of malware exponentially worse.

Students should also be aware that PCs and Androids (rather than Apple devices) are at higher risk for malware, as are devices without virus protection software installed.

To help your students be aware of and protect themselves from malware, you can teach them to:

• Use protective software. As How to Geek explains, students may unintentionally let “malware, spyware, and other junk software...onto your computer” because they “aren’t using a quality Anti-Virus or Anti-Spyware application.” These products can protect students against malware. Remind them that they should use antivirus software on all their devices, including laptops, tablets, and smartphones.
• Prevent pop-up ads and banners. The United States Federal Trade Commission (FTC) advises users to “use a pop up blocker, and don’t click on links and popups.” Kids may not be aware of this, so you should instruct them not to click on these images.
• Update their devices. Software providers and tech companies work hard to limit malware and other cybersecurity issues. If you don’t update your device regularly, your outdated programs could be more vulnerable to malware. The FTC recommends that users “set [their] operating [systems] and… web [browsers] to update automatically.”
• Spot the signs that malware has been installed. The sooner students realize their devices are infected with malware, the better. The FTC describes that a computer with malware often “runs slowly, drains its battery quickly, displays unexpected errors or crashes...won’t shutdown or restart...serves a lot of popups, [takes users] to web pages [they] didn’t visit, changes [the] home page, or creates new icons or toolbars without...permission.” If students notice any of these software symptoms, they should avoid accessing sensitive information or using passwords on the affected device and ask an expert to take a look.
• Use browsers with good security settings. As per PC Mag, Chrome and Firefox have security settings that help let users know when a site doesn’t appear reputable.
• Identify and avoid phishing scams. Following our phishing tips above can help defend students from both phishing and malware, as they often go together.

Educating your students on these points could save them the hassle and harm of malware.

Toying with Cybersecurity - The Internet of Things

In this digital era, it’s not just smartphones, tablets, or laptops that can go online. Today, other devices, including watches and toys, can access the internet. As CNBC explains, “the Internet of Things, commonly called IoT in tech circles, is the concept of conventional, physical objects being linked to the internet and communicating with each other - think, for instance, of automobiles or appliances that are linked to the internet.”

Having a refrigerator that checks emails or a watch that sends your health information to your smartphone is certainly convenient. However, internet-enabled tools can also be dangerous. Many of the cybersecurity protections that come installed on phones, tablets, and computers don’t exist on the Internet of Things.

In late 2018, software security executive Haiyan Song commented to CNBC that “next year, we will definitely hear of even more IoT-related security challenges.” This new technology “has really changed...the way we live, and whenever you have new technologies like that...you open up a new attack surface.”

Many cybersecurity risks that affect normal internet-enabled devices can impact the Internet of Things. Hackers can access private information and use it to steal, phish, cyberstalk, cyberbully, and harass victims. Since the Internet of Things is relatively new, there aren’t the same safeguards in place, making your students’ trendy wearable fitness trackers or fancy toys easy targets.

For example, Info Sec Institute reported on “Cloudpets...adorable soft toys” that were “internet-enabled, allowing audio messages to be shared between the child and a parent via the Cloud.” However, “it turned out that CloudPets leaked the messages of 2 million of their owners, along with personal details and passwords.” They had “poor security” and couldn’t effectively protect their users’ data, especially since they “had no password strength rules.”

Similarly, Info Sec Institute described that when “security firm Mnemonic was engaged by the Norwegian Consumer Council to check the security safety of a range of kids' smartwatches,” they “found a number of critical security flaws in a number of watches.”

While these devices might be fun and fashionable, they demonstrated a “lack of consent to share and process data, showing a fundamental lack of respect for personal information,” including “location data.” In addition, “some of the watches did not even use basic security techniques such as encryption in transit to protect” users’ information.

You can help keep your students safe from cybersecurity threats on the Internet of Things by:

• Encouraging them to create longer, more complex passwords. These will be much more difficult to hack than Cloudpets’ three-character, unsafe passwords.
• Suggesting that they and their parents research new devices before purchasing them. They should only purchase internet-enabled toys, watches, or other devices if they understand and approve of their cybersecurity methods.
• Showing them how to adjust security settings on their Internet of Things products. As Reuters advises, students should “turn off cameras and microphones that aren’t in use.”
• Urging them to download updates. As we’ve discussed throughout this guide, students can improve their cybersecurity by making sure their devices are up to date. According to Reuters, “if your gadgets receive software updates, [you should] accept those because they could improve security.”
• Advising them to connect to a safer network with their Internet of Things devices. Reuters recommends that users “create a ‘guest’ network for IoT devices” so that hackers can’t get into traditional devices via the IoT. They could also “use a VPN [Virtual Private Network]” to secure their data. If your students want to use a VPN, you can go with one of the choices on our carefully-selected Best VPNs list.

These tips can help make the Internet of Things safer for your students.

Safeguarding Students’ Social Media

Teens spend an increasing amount of time on social media. For this reason, it’s vital that students understand, can protect themselves from, and avoid participating in the cybersecurity risks on these platforms.

Statista reported that “a survey conducted in the US earlier [in 2018] showed that 70% of teenagers (13-17) check their social media several times a day, up from just 34% in 2012. More astoundingly, however, 16% of today’s teens admit to checking their social feeds nearly constantly and another 27% do so on an hourly basis.”

Given these statistics, if you teach high school students, it’s almost certain that your students are on social media throughout the school day.

Many teenagers share the intimate details of their personal lives on social media platforms. Pew Research Center reports that 44% of teens post about their family on social media, while 34% post about their emotions and feelings, 22% post about their dating life, 13% post about their personal problems, 11% post about their religious beliefs, and 9% post about their political beliefs.

Cyberbullies, stalkers, phishing scammers, or even identity thieves can use all of this data to hurt students. For example, if a teen’s classmates know that his or her parents are going through a divorce, they might use this information to harass that person. In addition, if a phisher wanted to steal a teen’s bank account information or social security number, he or she might pretend to be a member of the pop band the teen always talks about on social media.

As we discussed above, Gen Z-ers are conscious of their online reputations, but that doesn’t mean your students have spotless social media accounts. Some teens seem to know instinctively that posting personal data online could hurt their reputations.

Pew Research Center noted that 32% of teens delete or restrict “access to their posts because it could negatively impact them later,” and another 29% of teens delete or restrict “posts because they don’t want their parents to see” what they’ve put online.

While some teens think ahead regarding their social media reputations, statistics from the Pew Research Center indicate that roughly two-thirds do not.

This is unfortunate, as what students post online could have an impact on their futures. A 2017 US News and World Report piece noted that “in a Kaplan Test Prep survey of more than 350 college admissions officers in the US, 35% of officers polled reported having looked at applicants’ social media accounts to learn more about them.”

Similarly, a survey from CareerBuilder found that “70% of employers use social media to screen candidates before hiring, which is up significantly from 60% in 2016.”

These reports indicate that a single tasteless photo, emotional rant, or controversial photo could prevent students from attending the universities of their dreams or getting the jobs they want. As their teacher, you can advise them to be scrupulous about anything they reveal on social media and encourage them to consider how others might perceive their posts.

Perhaps more worryingly is that, according to Pew Research Center, 42% of teens surveyed sometimes or often post updates on their location and what they’re doing. As Lifewire explains, “we don’t often think about our current location as sensitive information, but it is. Armed with the knowledge of where you are at a specific point in time, people with ill intent could use that information to your disadvantage.”

Explain to your students that sharing their location and activities in real time on social media can create cybersecurity problems. Someone who wants to rob their house could know they weren’t home and take the opportunity to steal their family’s possessions. A cyberstalker might also use location information to track down a student and harass them.

Additionally, geotagging and geolocation on social media create issues. Lifewire describes how “most smartphones default to recording phone location” and “when you take a picture with your smartphone, you’re probably also recording the exact GPS location of whatever you happen to be taking a picture of.” This process is called geotagging, as your device labels your location on the image.

Geotagging means that even if you don’t mean to share where you are, a hacker might be able to access your location through “the metadata associated with a photo.” This process is called geolocation. Google, Yelp, and other applications also use geolocation to tell exactly where students are. These apps can potentially share that information with others.

In order to avoid theft, stalking, and other cybersecurity issues related to location sharing on social media, you can suggest that your students:

• Avoid naming their exact location and activities in photos on social media. There is no need to tell their friends or followers precisely where they are or what they’re doing.
• Turn off automatic geotagging on all their devices. Hackers can’t steal location metadata if it doesn't exist.
• Wait to post photos from outings until they’ve arrived back home. This prevents burglars from using this information to break in.

When it comes to social media, it’s not your job to monitor your students’ online activity. Checking all of your students’ social media accounts every day for inappropriate content would be invasive (and time-consuming).

Instead, educate them about the risks associated with social media. This way, they can make informed decisions about their cybersecurity on these platforms.

Later in this guide, we describe various techniques you can use to teach your students about cybersecurity.

Stranger Danger in Cyberspace

Whether on social media, messaging apps, chat rooms, forums, or games, your students also face the cybersecurity risks associated with communicating with strangers.

Regrettably, not every online user has the best intentions. Healthfully describes how “predators… befriend [children], usually posing as another child or slightly older teen, and gain trust by behaving as an understanding and trusted friend. Once trust is gained in the chat room [or messaging app, forum, or social media platform], the predator will move the conversation to a private area or in person.”

What begins as an anonymous online connection can turn into something much more dangerous in person. In addition, online predators who want to steal credit card information or commit identity theft might target young people who may be less aware of scams.

A 2018 report from WBTW News suggested that online predators may use popular online games like Fortnite to attack or steal from younger users. The news station also cited “statistics from the Crimes Against Children Research Center” which noted that “one in five children between 10 and 17 years of age reported receiving unwanted sexual solicitation online.”

Furthermore, cyberbullies might use these platforms to harass, shame, or embarrass young people. As Healthfully puts it, “chat rooms are a place where bullies can have free reign over potential victims while enjoying anonymity.”

In addition, unfortunately, anonymous users may also use “chat rooms...to post links to pornography.” Your students may “click on a link and be taken to an offensive site, either intentionally or by mistake.”

To protect your students from these dangers, you can:

• Have an open conversation with them about these types of online platforms. We recommend discussing the potential dangers of anonymous online communications with your students in a relatable way. Explain that you understand how it can be fun to meet new people online, but that students need to be safe. Gently tell them that there are some people online who might want to hurt them.
• Teach them never to connect with or talk to someone they don’t know online. Students will be at a much lower risk if they only friend, follow, like, and communicate with people they know in person and trust.
• Urge them never to share private information or photos online. This is good advice regardless of whether or not a student knows who they are messaging, but it’s especially important with anonymous users.
• Advise parents to monitor their children’s online communications. According to WBTW News, “the Horry County Sheriff’s office tells parents to” have their children “play [or text] where parents can hear.” The Sheriff’s office also encourages parents to “have access to [their] child’s phone and social media accounts.” You can also recommend that parents look out for potentially dangerous apps, such as Kik, Whisper, Yik Yak, Private Photos (Calculator%), Roblox, ChaCha, WeChat, After School, Line, Shush, Snapchat, and Line, as per Montgomery Advertiser.
• Tell students they can come to you and their parents or guardians for help if they encounter anything upsetting or unsafe online. It’s important to let students know that they can trust you and their parents or guardians. Explain that you are there to help them and if they ever feel unsafe online, they can talk to you.
• Have your students play Band Runner, an educational game about communicating safely online. Students choose a character, collect stars, and answer multiple-choice questions about cybersecurity.

These suggestions will help students stay safer in chat rooms, forums, messaging apps, games, social media, and any other apps or sites where users can communicate anonymously.

We’ll provide further advice about teaching your students about cybersecurity in the next section.

Tips and Lesson Plans for Teachers

Technology use is increasing, so we can assume that cybersecurity will continue to be an important issue. As a teacher, you have the power to shape the next generation’s understanding of and response to cybersecurity issues.

By teaching your students how to safely use the internet, you can improve their quality of life, happiness, and success. Below, we provide our advice for effectively educating your students about cybersecurity.

How to Begin

We recommend that you begin with an online safety quiz to test your students’ knowledge. This will hopefully interest them in learning more about cybersecurity, and allow them to discover what they don’t know.

It will also give you the opportunity to evaluate their knowledge and create lesson plans accordingly. For example, if you find that your students already know a great deal about creating strong passwords, you may not need to include this topic in your curriculum.

We recommend using:

• the Pew Research Center’s Cybersecurity Knowledge Quiz
• the National Society for the Prevention of Cruelty to Children’s Staying Safe Online-Quiz (note that it has some UK-specific references)
• the Australian Office of the eSafety Commissioner’s CyberSmart Kids Quiz

General Tips

When it comes to planning your cybersecurity curriculum, we have a few broader suggestions. We recommend that you:

• Break down the information over a few lessons, rather than trying to cover everything cybersecurity-related in one day. This will prevent your students from becoming overwhelmed and help them better understand the material.
• Use interactive lessons instead of lecturing. Students will remember and apply the lessons they learn if they participate in the process. For example, you can have students attempt to hack a social media account. We recommend that you create a fake account beforehand so no student’s personal information is compromised.
• Relate cybersecurity to other lessons and classes. This will make the topic seem more relatable. For example, in an English class, you could have students read emails that were sent to people who were phished. You could have them highlight the grammatical errors in these messages, which can be a sign that they are scams. You might then have students discuss other strategies they could use to prevent an attack.
• Have students read or watch stories of actual people or organizations that have suffered from cyber attacks. This will help students understand that the consequences of cybersecurity issues are real and serious. Some examples of these types of stories include:
  • “Real life stories” [of cyber scams] - Australian Competition & Consumer Commission set of articles
  • “These are the victims of a ransomware attack” - CNN Business video (Note: this content includes a bleeped curse word)
  • “How ransomware hackers ‘prey on people’s willingness to click’” - CBS News article and video
  • “Cyber Bullies Drove My Daughter to Commit Suicide” - This Morning video (Note: this content discusses suicide)
  • “Emma’s Story: Cyberbullied by a Best Friend” - Common Sense Media video
  • “Cyberbully: YouTuber ClearlyChloe’s Story” - storybooth video
  • “Stacey’s Story: When Rumors Escalate” - Common Sense Media video
  • “How Chatting with Strangers Could Ruin a Child’s Life” - Online Sense.org article and video (Note: mention of pedophiles, rape, and murder)
  • “The hidden danger of high-tech toys” - WCPO.com video (Note: mentions pedophiles)
  • “They Loved Your G.P.A. Then They Saw Your Tweets” - New York Times article
  • “The Untold Story of NotPetya, the Most Devastating Cyberattack in History” - Wired magazine article (Note: this content includes some curse words)
  • “Man charged with cyberstalking ex-classmate for more than a decade” - Fox News KTVU article (Note: this content mentions rape and murder)
  • “How One Woman’s Digital Life Was Weaponized Against Her” - Wired magazine article (Note: this content involves cyberstalking and harassment. It is explicit and adult. It includes sexual descriptions, curse words, and discussions of suicide and violence.)
• Give students visual examples of cybersecurity threats. Showing students what phony ads, messages, and pop-ups look like will help them better identify and avoid them. This may be especially helpful for students who are visual learners.
• Involve students in your lesson planning by asking them about their experiences and designing your curriculum accordingly. For instance, if your students are already very familiar with social media security, there may be no reason to cover this topic in your lessons. Similarly, if students are particularly worried about malware, you could spend more time on this subject.
• Assign interactive, practical homework. Just as interactive lessons are more effective, useful homework assignments may help students better learn the basics of cybersecurity. For example, you could give students a homework assignment to secure their devices and accounts. You might also have them write an essay about the dangers of public wi-fi and describe how they are going to avoid these.

By applying the above advice, you can help make sure that your cybersecurity curriculum is creative, fun, accurate, and successful.

The Cyberbullying Conversation

Since your students may be both the victims and the culprits of cyberbullying, it’s worth having a longer discussion about this specific subject in cybersecurity. Talking about this is important because students who struggle with cyberbullying may not open up about it on their own.

We recommend ensuring that your school has an anti-bullying policy in place that includes cyberbullying. Once this is fully in place, go over these rules with your students and make sure they fully understand them. We suggest having students come up with examples of cyberbullying to demonstrate that they comprehend what it involves.

Next, show students the consequences of cyberbullying so they fully understand how serious it is. You can help students comprehend the effects of cyberbullying by showing a relevant video from the list above. You might also ask students to imagine how they would feel if someone harassed them online.

Often, students do not see how harmful teasing, shaming, or insulting a classmate online can be. This means they have less empathy for the victims of cyberbullying and are therefore more likely to participate in it. Knowing the hurt that their actions can cause may reduce the risk of future cyberbullying.

You should also teach your students what to do if they are being cyberbullied. You can advise them to:

• Reach out to a trusted adult. This could be you as their teacher, their parents, an adult family friend, or some combination of these. Once an adult understands the situation, they should begin looking into what happened and helping the student come up with a solution. For example, a meeting between the victim, the cyberbully, and their parents might be appropriate.
• Save proof of the cyberbullying interaction(s). This could include screenshots, voicemails, or other evidence. This type of proof could be useful in an investigation by the police or your school. It can also be used to talk about the issue with the cyberbully’s parents.
• Avoid fighting back. Responding to the cyberbully may simply feed into his or her attack. In addition, any sort of negative reaction could be considered its own form of cyberbullying.
• Report the cyberbullying to the online platform on which it took place. As WebWise explains, “abuse on social networking sites or through text messaging needs to be reported to the websites and mobile phone service providers.”
• Come up with strategies for preventing future cyberbullying. Of course, it is not the victim’s fault that he or she was harassed. However, that doesn’t mean your student can’t do anything about it. Webwise recommends “[giving] the child advice for making sure it does not happen again. This can include changing passwords [and] contact details, blocking profiles on social networking sites, or reporting abuse online.”

Ideally, none of your students would ever suffer from cyberbullying. However, if they do, following these steps can help minimize the damage of this harmful online activity.

Studying Social Media Safety

No matter how you approach your cybersecurity curriculum, we believe you must include a section on social media. These types of online platforms are widely used and very vulnerable to cybersecurity issues.

In 2018, the Pew Research Center reported that 85% of teens use YouTube, 72% use Instagram, 69% use Snapchat, 51% use Facebook, and 32% use Twitter. Only 3% of teens don’t use any common social media platforms, which means approximately 97% do.

As we’ve explained above, social media can be dangerous for children and teens. Cyberbullies can attack your students on these platforms, scammers can attempt to steal young people’s sensitive information, and cyberstalkers can use their posts to follow them, just to name a few.

We recommend that one of your first cybersecurity lessons teaches students how to protect their social media accounts. A few key ideas to cover include:

• Passwords. It is vital that students create strong passwords for all of their accounts, and especially their social media profiles. These accounts often contain sensitive information cyber attackers could use against them. You should inform students that strong passwords:
  • Have numbers, symbols, and letters (both lower- and uppercase, ideally). If students have trouble coming up with their own passwords that fulfill these requirements, they can use a “‘strong random password generator’” online, according to the Chicago Tribune. The article also suggests “starting with at least 16” characters.
  • Are different for different accounts. As an example, the Chicago Tribune notes, “your Twitter password should not be the same as the password you use to log in to your banking accounts.”
  • Should be changed often. We recommend at least once every three months.
  • Should not be shared with anyone. Some children and teens feel pressure to share their passwords with friends and classmates. This is unsafe. Remind students that their passwords are only for them (and perhaps their parents) to know.
• Two-Factor Authentication. As discussed above, this security feature requires users to enter two pieces of information to enter an app. In many cases, this means entering a password, then entering a code texted to the user’s phone. It could also involve using a biometric password (such as a fingerprint) or answering a security question. Encourage your students to use two-factor Authentication on social media (and other accounts) whenever possible, since this is more secure.
• Privacy settings. Tell your students not to simply go with the default privacy settings for their social media accounts. They should set their accounts to be as private as possible. At the very least, their sensitive social media data and pictures should not be publicly visible.
• Personal information. Your students should never share personal information on social media. This includes their date of birth, address, full name, social security number, credit card information, and similar data.
• Virus protection. Some malware, phishing, and other scams come from social media. If students are active online, they should have antivirus software installed on all of their devices.
• “Think before you click.” Since cyber scams are unfortunately quite common, students should be wary of any social media messages that ask them to act immediately or provide personal information. You should let them know that scammers often offer something too good to be true in exchange for private data.
• Online reputation. As we’ve mentioned above, your students’ online reputations could impact their ability to get into college or get the jobs they want. In addition, a poor online reputation could lead to or worsen cyberbullying and cause problems with students’ parents. As the National Cyber Security Alliance’s Stay Safe Online site explains, “what you post online stays online. Think twice before posting pictures [or any other information] you wouldn’t want your parents or future employers to see.”
• Report issues to social media platforms. Tell students that if they’re being cyberbullied, scammed, or otherwise harassed on social media, they should report these activities to the social media sites themselves. These types of activities are usually against social media platforms’ rules and the company may be able to help.
• Ask an adult for help if needed. Encourage students to ask for assistance if they feel unsafe or uncomfortable. Remind them that they can come to you, their parents, or other trusted adults if they encounter any problems.

These crucial concepts should definitely be included in your cybersecurity curriculum.

Sample Lesson Plan: Go Phish

Below, we’ve included a sample cybersecurity lesson plan on phishing. You may use this as a model for planning your classes.

Introducing Phishing

Begin by showing students an email from “netflix@gmail.com” that reads:

Hello [name],
We reget to inform you that your Netflixx account has been suspended do to a problem with your billing informations.

To repair your account and get it bak up and running, please go open the file netflixaccountinformation.exe and respond with
Your full legal name:
Your date of birth:
Your address:
Your phone number:
Your preferred credit card number:

Please write us back if you need any asistance.

Sincerely,
Netflix Customer Service

Ask them why they would or wouldn’t respond to this email.

Defining Phishing

Once they’ve answered, explain that this is very similar to a real email many people have received as part of a phishing scam. Explain that “phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by” manipulating them into providing personal information to the attacker. In order to trick receivers, “phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual” (as per United States Department of Homeland Security).

Describe how phishing scammers use these emails to collect personal information. Explain that they use this data to steal users’ identities, install malware on their computers, and harass them.

Teach them the common signs of a phishing email:
To protect your students, you can teach them to identify the signs of a phishing scam (covered in more detail above):

You can also show your students this educational video about Spotting Phishing Emails and/or this video on How to Spot a Scam Email.

Going Phishing: In-Class Exercise

Have students write their very own phishing emails. Have them assume the identity of a cyber scammer trying to get the email recipient to give up their private information. Tell them to send their phishing emails to you so you can choose the best, most convincing one. Share the winner with the class and explain why it is a good example of a phishing email.

Once you’ve completed this exercise, remind students to look at any strange emails through the eyes of a phishing scammer. If it seems like it could have been written by a cyber attacker, remind them not to open any links or attachments.

Phishing Homework

For homework, have students write a five-step plan for avoiding phishing attacks. Have them share this plan with at least one other person (such as a classmate, parent, or family friend) and note down this person’s reactions.

Other Resources and Tools for Teachers

If you’d like further information and/or lesson plan suggestions, we recommend:

• “Digital Citizenship” by Common Sense Education. This site offers free, interactive lesson plans for students of all grades.
• “Bits N Bytes Cybersecurity” by Kyla Guru. A 16-year-old high school junior created this award-winning website on cybersecurity. It includes activity resources.
• “STOP. THINK. CONNECT.™” by the National Cyber Security Alliance and other organizations. This site offers tip sheets, memes, graphics, videos, posters, and research materials for many areas of cybersecurity.
• “Digital Safety Resources: Tools for the classroom and home” by Google’s Be Internet Awesome Project. This offers curriculum and educational games on digital citizenship.
• “The 5 Best Internet Safety Resources for Teachers” by E-Learning Industry. This article lists some of the best educational sites for cybersecurity and similar subjects.
• “4 Great Lesson Plans for Internet Safety” by Common Sense Education. This piece offers sample lesson plans for grades K-12.
• “Cyber Security for Beginners” by Heimdal Security. This free course teaches cybersecurity to beginners and includes a free security self-assessment PDF cheat sheet you can use to help determine how much your students already know.

In addition, if you want to combine playing and learning about cybersecurity, you can enter your school or class into a coding competition. The Australian Digital Technologies Hub offers competitions in robotics, coding, and tech, Grok Learning offers coding and AI training and competitions to students of all levels, and Code Chef offers a unique international coding competition. You can search online for similar opportunities in your local area.