“The mere imparting of information is not education” – Carter G. Woodson
We know it’s cliché to pull a random quote and apply it to our chosen subject matter, but the one above is a perfect fit for the cyber security industry (and Mr. Woodson was an inspiration in every sense of the word).
Taking some liberties, we can rewrite his quote as “The mere imparting of cyber security information is not education”. Meaning, of course, that simply telling users—particularly young users—about the dangers of the internet, and the methods of avoiding said dangers, is not going fix the problem. It’s a start, but education is most effective at an early age, and needs to be reinforced in a “show, don’t tell” manner as children mature.
Which begs the question, who is teaching kids proper cyber hygiene? It’s a well-known fact that as school systems evolve, more and more technology is finding its way into classrooms. Apple spearheaded the movement with their launch of iTunes U, and Google’s Chromebook accounted for nearly half of the 8.9 million devices sold to school districts in 2015. There is no doubt that the future of education is coming to an internet device near you.
It also means that the future of education needs to include cyber awareness. If we’re going to flood our classrooms with technology to help kids learn, we also need to teach them proper safeguards, especially since a lot of schools are giving students devices as a part of their enrollment.
But how do we do that? And whose responsibility is it? Obviously, parents are the first in line when it comes to raising good people, which includes good digital citizens. There’s also some onus on our educators. When a student is given a school-issued device (or brings their own) someone needs to step in and explain that with great technology comes great responsibility.
Thankfully, a few schools have developed after-hours programs to teach kids about cyber security, and at least one has a dedicated four-year program. While these are great, they are more devoted towards spurring interest in the IT field, and less about general education—the neediest area of cyber security.
It’s obvious that we need to develop security awareness as a regular part of curricula for schools across the world. We would love it if every school had a “cyber security and ethics class”. But until that actually happens, we all have to do our part in educating kids, whether they be our students or our own children, about the birds and the bees of cyber security.
The issues, as always, come down to time and money. It’s not fair to ask educators, who are already swamped, underappreciated and underpaid, to add this to their lesson plans. Parents have full-time jobs, full-time social commitments and full-time parenting responsibilities, so it’s understandable that the discussion of cyber morality gets shuffled to the bottom of to-do lists.
As a result, general security awareness education falls into a flat circle, leaving kids to figure it out for themselves. Excuse the analogy, but learning about cyber security is a lot like learning about wiring electricity: trial by fire is not recommended. So unfortunately, there are more questions than answers. But there are fundamentals that we as educators, as parents, as good digital citizens can utilize to create a culture of learning in classrooms of all sizes and beyond.
Encourage kids to take interest in their cyber well-being.
We’re sympathetic to the time and financial constraints many people have. Thankfully, summer camps like GenCyber, and nonprofit programs like Hacker High School are great, inexpensive options for educators and parents (note, that we are not affiliated with those organizations and this is not an endorsement, but we encourage the use of any service that promotes cyber awareness). Whether you teach at a large public school, or a small home school, getting kids involved in cyber education doesn’t necessarily have to happen in your particular classroom. But without encouragement, why would they have any interest? Spark that interest.
Lead by example.
Cyber security is not an age-specific issue. We all need to stay on top of the many threats we face in everyday internet communications. Learn how to secure your devices. Learn how to spot phishing emails. Learn how to avoid becoming a victim of identity theft and all the other information security concerns out there. Then pass that information along whenever possible.
Take a few minutes to discuss the importance of strong passwords.
We cannot state this any more clearly: if your password sucks, you will get hacked. We don’t mean to be dramatic, but every time a list of cracked passcodes is published, our jaws drop. Not sure if your passwords suck? There’s an infographic for that!
Prepare an incident response plan.
Incident Response is a common asset among corporations for when they get hacked (notice the intentional lack of the word “if” in that statement). Incident response is all about knowing which steps to take when a data breach occurs. For students, it’s not about getting hacked, although that’s a big part of the equation, it’s about cyber bullying. We have to enable our students to be brave enough to report when they recognize a cyber bullying attack. And we have to be prepared to handle that situation when it happens. This is all about creating a culture of cyber ethics, and enabling important conversations.
Write your congressperson.
This is a major political season in the United States. And we’re a firm believer in the “rock the vote” movement. But it’s more than electing the next President. Get to know your local representatives. Ask them about their involvement in the cyber industry. On a micro level, go to meetings for your local schools and instigate the topic of cyber security education. The discussion has to start somewhere.
Download all of our free stuff.
This may fall under the “shameless self-promotion” hashtag, but hey, it’s our blog and we reserve the right to push our narrative. But seriously, we have a huge content inventory that’s free for you to use to your liking. Most of it is targeted towards companies looking to develop their own security awareness programs, but all of it is centered around cyber-security fundamentals and can be applied to any situation. (While you’re at it, might as well jump in our raffle to win even more free content throughout the month of October!)
For more information about setting up a security awareness program, check out our resources page. And remember that being cyber aware doesn’t require a strong technical background. It’s more about using common sense, staying skeptical and maintaining good cyber hygiene.
Latest posts by Justin Bonnema (see all)
- 2019 SAP Planning Calendar - December 11, 2018
- Incident Response in 3 Domains - November 30, 2018
- How the NIST Framework Improves Your Organization’s Cybersecurity - November 15, 2018