Kids need to learn about cybersecurity, but teachers only have so much time in the day
The following opinion piece authored by Dr Joanne Orlando, Senior Lecturer at the School of Education, was first published with full links on The Conversation (opens in a new window).
Last week, the personal informational of thousands of clients of a large ASX listed company was inadvertently leaked to the dark web. A few days later, our very own parliament house computer system was hacked.
Among this increasingly hostile data environment came the announcement of a new cybersecurity program that aims to raise high school students’ awareness of online personal data risks and how to manage them. Footing the A$1.35 million bill for the project is the four big banks, AustCyber, British Telecom and the Australian Government Department of Education and Training.
While we do need more education on cyber security, the school curriculum is already overflowing, and teachers are expected to take on this program voluntarily. It seems schools are routinely being expected to manage more societal issues - road safety, teeth brushing, and how to have sex safely. We need to carefully consider whether we can ask teachers to take this on too.
The way we use the internet has changed a lot in recent years. Entering our personal data online to join a dating website, sign up for newsletters, social media accounts, or sell used furniture has become the norm.
The data generated as a result is astonishing, and expected to double every two years. This presents as an increasingly tempting financial gain for hackers who can make money off people’s personal data. It has led to many data breaches already and there will be many more.
Understanding why companies want our data, what they do with it, and the implications for us is new basic knowledge everyone needs.
The new cybersecurity program in high schools is a step in the right direction in ensuring young people know more about the dangers posed to them by the internet. As part of the program, students will take part in four challenges focusing on online personal safety, cryptography (data representation, and secure online communication), networking and SQL injections (web application security and hacking techniques).
Importantly, this shifts cybersafety education beyond privacy and prevention of unwanted behaviour (such as cyberbullying), to include new risks facing today’s youth such as fake emails and text messages that look real but aim to steal personal and financial information from you.
On the downside, this program places even more pressure on the already overstretched resources of schools and teachers. The program is designed to be opt-in. It’s hoped schools will incorporate the challenges into their classes, and use them to deliver parts of the Digital Technologies curriculum, or weave them into other subjects.
But the current school curriculum is already overcrowded and there’s no guarantee this program will become part of mainstream curriculum. When schools have high numbers of imperatives such as NAPLAN and the Higher School Certificate (HSC), this program is likely to remain a lunchtime extra-curricula club. This impacts the time that can be given to teaching the program and also the learning students will take from it.
And teachers are not cybersecurity experts, nor should we expect them to be. This content is not part of university teacher training. In order to teach the program, teachers would likely need to attend multiple professional learning seminars on their own time, and unpaid.
Unfortunately, this is a recurrent scenario for teachers. A common strategy for solving new social issues is to offload it to schools for teachers to deal with.
Improving and changing current information-security behaviours requires more than providing teachers with information to teach. Teachers must be able to understand and apply the advice, and they must be motivated and willing to do so.
If we’re really serious about cybersecurity education in schools, it needs to become part of the school curriculum, and teachers need to be supported in a meaningful way to teach it.
Parents need to pitch in too
Cybersecurity is something new for most of us, so parents also have some learning to do, to make sure their kids learn as much as possible. Enabling parents to become familiar with the information themselves supports them to be more able to guide their children in informed ways.
Parents need to stay ahead of potential risks so they know how to safely manage their kids’ online data. Errors in putting in too much information or including highly personal information to untrustworthy sources can affect a child over the course of their lifetime.
If parents are unsure of a source it’s best to err on the side of caution and not enter any personal information. Parents can learn more from trusted sources such as the Australian Cyber Security Centre.
26 February 2019