Kids need to learn about cybersecurity, but teachers only have so much time in the day
The following opinion piece authored by Dr Joanne Orlando, Senior Lecturer at the School of Education, was first published with full links on The Conversation (opens in a new window).
Last week, the personal informational of thousands of clients of a large ASX listed company was inadvertently leaked to the dark web. A few days later, our very own parliament house computer system was hacked.
Among this increasingly hostile data environment came the announcement of a new cybersecurity program that aims to raise high school students’ awareness of online personal data risks and how to manage them. Footing the A$1.35 million bill for the project is the four big banks, AustCyber, British Telecom and the Australian Government Department of Education and Training.
While we do need more education on cyber security, the school curriculum is already overflowing, and teachers are expected to take on this program voluntarily. It seems schools are routinely being expected to manage more societal issues - road safety, teeth brushing, and how to have sex safely. We need to carefully consider whether we can ask teachers to take this on too.
The way we use the internet has changed a lot in recent years. Entering our personal data online to join a dating website, sign up for newsletters, social media accounts, or sell used furniture has become the norm.
The data generated as a result is astonishing, and expected to double every two years. This presents as an increasingly tempting financial gain for hackers who can make money off people’s personal data. It has led to many data breaches already and there will be many more.
Understanding why companies want our data, what they do with it, and the implications for us is new basic knowledge everyone needs.
The new cybersecurity program in high schools is a step in the right direction in ensuring young people know more about the dangers posed to them by the internet. As part of the program, students will take part in four challenges focusing on online personal safety, cryptography (data representation, and secure online communication), networking and SQL injections (web application security and hacking techniques).
Importantly, this shifts cybersafety education beyond privacy and prevention of unwanted behaviour (such as cyberbullying), to include new risks facing today’s youth such as fake emails and text messages that look real but aim to steal personal and financial information from you.
On the downside, this program places even more pressure on the already overstretched resources of schools and teachers. The program is designed to be opt-in. It’s hoped schools will incorporate the challenges into their classes, and use them to deliver parts of the Digital Technologies curriculum, or weave them into other subjects.
But the current school curriculum is already overcrowded and there’s no guarantee this program will become part of mainstream curriculum. When schools have high numbers of imperatives such as NAPLAN and the Higher School Certificate (HSC), this program is likely to remain a lunchtime extra-curricula club. This impacts the time that can be given to teaching the program and also the learning students will take from it.
And teachers are not cybersecurity experts, nor should we expect them to be. This content is not part of university teacher training. In order to teach the program, teachers would likely need to attend multiple professional learning seminars on their own time, and unpaid.
Unfortunately, this is a recurrent scenario for teachers. A common strategy for solving new social issues is to offload it to schools for teachers to deal with.
Improving and changing current information-security behaviours requires more than providing teachers with information to teach. Teachers must be able to understand and apply the advice, and they must be motivated and willing to do so.
If we’re really serious about cybersecurity education in schools, it needs to become part of the school curriculum, and teachers need to be supported in a meaningful way to teach it.
Parents need to pitch in too
Cybersecurity is something new for most of us, so parents also have some learning to do, to make sure their kids learn as much as possible. Enabling parents to become familiar with the information themselves supports them to be more able to guide their children in informed ways.
Parents need to stay ahead of potential risks so they know how to safely manage their kids’ online data. Errors in putting in too much information or including highly personal information to untrustworthy sources can affect a child over the course of their lifetime.
If parents are unsure of a source it’s best to err on the side of caution and not enter any personal information. Parents can learn more from trusted sources such as the Australian Cyber Security Centre.
26 February 2019
Opinion: What this collaboration between artists and health-care leaders teaches us about living through COVID-19
A new project that spotlights the strain from COVID-19 on our health systems and the people who work in them has invited health-care leaders and artists to create artworks.
Opinion: If you were called by a melody, how would it sound? Communities in Ethiopia and PNG name people with unique individual tunes
36-year-old Binoora Bhultse lives in Garda village in the Oyda district of southwest Ethiopia. Binoora also has a name that is special to him.
Opinion: Climate change is testing the resilience of native plants to fire, from ash forests to gymea lilies
Green shoots emerging from black tree trunks is an iconic image in the days following bushfires, thanks to the remarkable ability of many native plants to survive even the most intense flames.