Cybersecurity for U.S. schools is clearly led and managed by administrators and staff, but students themselves have a surprisingly significant role to play in preventing hacks — especially account takeovers that lead to ransomware attacks.

The impact cyberattacks have on the K-12 ecosystem can quickly add up. Costs are obviously involved, as well as the need for skilled talent, and most importantly, instructional time can be lost.

That’s the problem faced by school districts today. Enterprises don’t have to worry about the same long-lasting educational effects as much, as their employees and most customers are not in the midst of their most valuable educational years. But parents, schools and teachers do. They want to maximize their child’s educational experience and don’t want criminals to impede it, regardless of whether it’s an online or physical threat.

Schools need to place a similar emphasis on cybersecurity awareness and training for students just as they do for everyone else on their campus. The approach and need vary depending on the grade level and tech tools used, as well as the students’ individual needs, but foundational elements of digital literacy that deal with the protection of children should be paramount.

Students can be taught several cyber warning signs to look out for, including:

When receiving something

  • Unsolicited links that should never be clicked
  • Unexpected requests to change a username or password
  • Phone calls with requests to take some action online
  • Any requests asking about their family or friends
  • Any form of outside (non-district) messages asking for personal details
  • Messages from someone with whom they’ve never previously communicated

When doing something

  • Visit a website directly instead of using third-party links 
  • Maximize privacy and security settings when using social media
  • Don’t connect with someone on social media unless they have met in person
  • Always assume there is a chance that strangers contacting a student online may not be real
  • If something doesn’t seem right or different than usual, alert a trusted adult

All these scenarios can lead to cybercriminals learning information about the student or someone else — eventually leading to them figuring out access pathways or even direct credentials that turn out to be privileged. Social engineering, including spear phishing, can be just as effective with students as they are with employees. Students can share data with cybercriminals that may have taken them far longer to obtain without communicating with an individual directly.

There are oftentimes far more students than even teachers, staff and administrators combined, so school cybersecurity leaders need to keep their training fresh and up to date by providing them with real-world examples of what to look out for in order to keep the school’s vast number of digital identities safe. This way, there’s always a small army of eyes and ears looking out for their school.