Module 5: EdTech Paper—Cybersecurity Issues for Schools

Dr. Janel Morris, Ed.D.

Winona State University

EDUO 802: Current Trends and Issues

Dr. Steven Baule

December 10, 2024

rely on educational technology (EdTech) tools, both in the classroom and for administrative

functions. However, the frequent use of digital tools and services brings with it an array of

cybersecurity risks. Protecting the data of minor students, teachers, and administrators is

paramount to maintaining the integrity and privacy of educational environments (Triplett,

2023, p. 50). In K-12 schools, cybersecurity issues present unique challenges, given the wide

variety of stakeholders involved, the often-limited resources and expertise available to prevent

or address these concerns, and the diverse range of devices and platforms used by children

and adults (Srivastava, 2024, p. 18282).

The rapid adoption of digital tools in education has brought about a transformation in

how students learn, and how teachers facilitate their learning. With the widespread use of

laptops, tablets, cloud-based platforms, and educational apps, K-12 schools have

revolutionized how education is delivered. Approximately 97% of K-12 public schools in the

United States now have access to high-speed broadband, up from just 30% in 2013 (White &

Rotermund, 2019, p. 11). This connectivity is essential for leveraging online learning

resources, enabling remote or hybrid learning, and ensuring that students have access to the

technology tools they need to succeed in an increasingly digital world.

However, this rapid increase in digital adoption has not been without risks.

Cybersecurity threats in K-12 schools have risen contemporaneously with the increased use of

technology. These threats include data breaches, ransomware attacks, phishing scams, and

unauthorized access to sensitive student data. In 2020 alone, there were more than 1,000

publicly reported cybersecurity incidents involving K-12 schools, with significant increases in

the severity of these incidents (Levin, 2021, p. 6). For example, ransomware attacks, where
hackers lock a district's data and demand a ransom to release it, have become a particularly

common threat (Minnaar, 2019, p. 105).

The educational technology environment is further complicated by limited budgets for

cybersecurity in most school districts. The U.S. Department of Education's Office of

Educational Technology reports that a lack of funding, as well as insufficient training for

educators and administrators, continues to be a barrier to implementing effective

cybersecurity measures (Shillair, et al., 2022, p. 102756). In many cases, schools are using

outdated infrastructure and software, with cybersecurity policies and practices falling behind

the rapid pace of technological advancements. This makes K-12 institutions particularly

vulnerable to cyberattacks.

Some of the most common threats to public and charter school districts include data

breaches, ransomware, phishing, social engineering, and insider threats (Kamaludeen, et al.,

2020, p. 240). With students' personal data stored in digital systems, K-12 schools are prime

targets for cybercriminals. Data breaches can expose sensitive information such as social

security numbers, academic records, and medical history, which can be exploited for identity

theft and other malicious purposes. Due to the Family Educational Rights and Privacy Act

(FERPA), school districts face serious legal consequences in the event that confidential

information becomes accessible to people who should not have these records (Richardson, et

al., 2020, p. 26).

Ransomware attacks have increasingly targeted school districts, locking up data and

demanding payment to restore access. These attacks often disrupt educational activities, delay

academic processes, and can result in significant financial costs. Phishing attacks, where

attackers trick individuals into revealing sensitive information (e.g., usernames, passwords),
are also common in K-12 environments. These attacks can compromise both personal and

institutional data. Cybersecurity risks also come from within the school system. Students or

staff with malicious intent, or even individuals who unknowingly compromise security, can

pose a significant threat to sensitive data. Given the frequency and potential impact of these

incidents, it is clear that addressing cybersecurity concerns is critical for ensuring the safety

and success of educational environments (Chen, et al., 2021, p. 112).

Teachers play a central role in both utilizing and safeguarding educational technology

in the classroom. The increased use of digital platforms and tools means that educators must

be aware of cybersecurity risks to protect not only their students' data but also their own.

Many teachers are tasked with managing digital devices, such as tablets and laptops, and

navigating educational software, but they are often not adequately trained in cybersecurity

best practices (Corradini & Nardelli, 2020, p. 104). According to a survey conducted by the

Consortium for School Networking, 59% of K-12 educators have received no formal training

in cybersecurity (Tsado, 2019, p. 4). This lack of knowledge can contribute to a school’s

vulnerability to cyber threats. Teachers need to understand common cybersecurity practices

such as creating strong passwords, recognizing phishing emails, and ensuring that personal

devices are securely configured.

Furthermore, teachers have the opportunity to play an important role in promoting

cybersecurity awareness among students (Javidi & Sheybani, 2018, p. 3). By incorporating

cybersecurity topics into the curriculum, educators can teach students about the importance of

online privacy, responsible digital behavior, and safe internet practices. Digital literacy is

essential in preparing students for the future, and teaching them about cybersecurity can

empower them to protect themselves and others from online threats (Rahman, et al., 2020, p.
378). Students, as frequent users of digital tools, also have a responsibility in maintaining

cybersecurity within schools. However, many students are not fully aware of the risks

associated with the digital tools they use daily (Chukwube, 2024).

Cybersecurity education for students is crucial, as they are often the most vulnerable to

attacks like phishing, social engineering, and data breaches. Research from the National

Cyber Security Alliance suggests that elementary and secondary students are not as vigilant as

they should be when it comes to online security (Walsh, 2020, p. 28). Students can learn skills

to help recognize suspicious emails, safeguard their personal information, and avoid

downloading harmful software. Cybersecurity education can be embedded into various

subjects, including computer science, social studies, and health, to foster an understanding of

how to interact safely with digital environments (Chase, et al., 2020, 8). With the rise of

online learning and remote education, cybersecurity literacy becomes even more important for

students who may be engaging with digital platforms outside of the school's direct supervision

(Chukwube, 2024).

Moreover, students have a growing role in advocating for stronger cybersecurity

measures within their schools. Student organizations and technology clubs can collaborate

with school administrators to help develop better cybersecurity policies and practices. The

impact of cybersecurity on education is multifaceted. Data breaches or cyberattacks can

disrupt learning, compromise privacy, and even halt educational operations. For example, a

ransomware attack that locks school systems for days can delay assignments, test scores, and

administrative processes, significantly affecting students' academic progress. In March 2020,

a malware attack on the main computer server in Fort Worth ISD, one of the largest districts

in Texas, resulted in disruption of daily learning activities for more than 84,000, and had
significant long-term impact on district operations, including a complete wipe of the library

circulation inventory at every campus (Greubel, et al., 2023, p. 265).

Additionally, the loss of student data, such as personal records and academic

performance, can create long-term consequences. Research by the Center for Digital

Education highlights that compromised data can have lasting effects on students, especially in

terms of their academic records and future opportunities (Nowicki, 2020, p. 12). Schools must

protect this data not just to prevent immediate harm but also to ensure long-term educational

success for students. Cybersecurity threats can also hinder the adoption of new educational

technologies. If educators and administrators feel that the risks of using technology outweigh

the benefits, they may become reluctant to integrate new digital tools into the learning

environment (Shen, et al., 2017, p. 173). The fear of cyberattacks could limit innovation in

education, preventing students from accessing the full potential of digital learning platforms.

As technology continues to evolve, so will the challenges associated with

cybersecurity. The increasing use of cloud-based services, online learning platforms, and

artificial intelligence (AI) tools in education presents new opportunities for improving

teaching and learning but also raises new security concerns. A report from the Center for

Digital Education forecasts that the continued growth of EdTech will lead to more

sophisticated cybersecurity risks (Mohamed & Abuobied, 2024, p. 76). Schools will need to

adopt more advanced tools and techniques to mitigate these risks, such as multi-factor

authentication, encryption, and threat detection software.

Moreover, as schools adopt more personalized learning tools powered by AI,

cybersecurity becomes even more critical. These tools often collect vast amounts of personal

data, such as learning preferences, behaviors, and performance metrics. Ensuring that this data
is kept secure will be vital to maintaining students' privacy and trust. Ongoing education and

training in cybersecurity will be essential for both educators and students (Chen, et al., 2021,

p. 114). As technology continues to change, so too will the methods employed by

cybercriminals. Teachers and students will need to be continuously educated about emerging

threats and best practices for staying safe online. Schools must invest in regular cybersecurity

training programs, not only for staff but also for students, who will need to be lifelong

learners when it comes to digital safety (Rahman, et al., 2020, p. 382).

Partnerships with cybersecurity firms and consultants can provide schools with the

expertise needed to design and implement robust cybersecurity policies and frameworks.

Moreover, these experts can provide ongoing monitoring and support to help schools respond

to incidents swiftly and efficiently. As educational technology becomes increasingly integral

to K-12 education, cybersecurity must be a central concern for schools, teachers, students, and

policymakers. The current state of cybersecurity in K-12 schools reveals significant

vulnerabilities, but it also highlights opportunities for improvement. By prioritizing

cybersecurity education, investing in protective technologies, and fostering a culture of

security awareness, schools can help ensure that educational environments remain safe and

conducive to learning (Richardson, et al., 2020, p. 35). As the future of education becomes

more digitally driven, the importance of cybersecurity will only continue to grow, requiring

proactive and collaborative efforts to safeguard the educational experiences of all students.
 References

Chase, J., Uppuluri, P., Denny, E., Patterson, B., Eller, J., Lane, D., & Onuskanich, R. (2020,

July). STEAM powered K-12 cybersecurity education. In Journal of The Colloquium for

Information Systems Security Education, 7(1), 8.

Chen, W., He, Y., Tian, X., & He, W. (2021, October). Exploring cybersecurity education at the

K-12 level. In SITE Interactive Conference (pp. 108-114). Association for the

Advancement of Computing in Education (AACE).

Chukwube, M. (2024, January 15). Digital literacy and cybersecurity skills for elearning success.

eLearning Industry. https://elearningindustry.com/digital-literacy-and-cybersecurity-

skills-for-elearning-success

Corradini, I., & Nardelli, E. (2020). Developing digital awareness at school: a fundamental step

for cybersecurity education. In Advances in Human Factors in Cybersecurity: AHFE

2020 Virtual Conference on Human Factors in Cybersecurity, July 16–20, 2020, USA

(pp. 102-110). Springer International Publishing.

Greubel, A., Andres, D., & Hennecke, M. (2023). Analyzing reporting on ransomware incidents:

a case study. Social Sciences, 12(5), 265.

Javidi, G., & Sheybani, E. (2018, October). K-12 cybersecurity education, research, and

outreach. In 2018 IEEE Frontiers in Education Conference (FIE) (pp. 1-5). IEEE.

Kamaludeen, M., Ismaeel, S., Asiri, S., Allen, T., & Scarfo, C. (2020, September). A framework

for cyber protection (FCP) in K-12 education sector. In 3rd Smart Cities Symposium

(SCS 2020) (Vol. 2020, pp. 239-244). IET.

Levin, D. A. (2021). The State of K-12 Cybersecurity: 2020 Year in Review. Washington, D.C.:

K-12 Cybersecurity Resource Center.

ransomware. Acta Criminologica: African Journal of Criminology & Victimology, 32(2),

105.

Mohamed, N. N., & Abuobied, B. H. H. (2024). Cybersecurity challenges across sustainable

development goals: A comprehensive review. Sustainable Engineering and

Innovation, 6(1), 57-86.

Nowicki, J. M. (2020). Data Security: Recent K-12 Data Breaches Show That Students Are

Vulnerable to Harm. Report to the Republican Leader, Committee on Education and

Labor, House of Representatives. GAO-20-644, 1-27. Washington, D.C.: U.S.

Government Accountability Office.

Rahman, N. A. A., Sairi, I. H., Zizi, N. A. M., & Khalid, F. (2020). The importance of

cybersecurity education in school. International Journal of Information and Education

Technology, 10(5), 378-382.

Richardson, M. D., Lemoine, P. A., Stephens, W. E., & Waller, R. E. (2020). Planning for cyber

security in schools: The human factor. Educational Planning, 27(2), 23-39.

Shen, L., Chen, I., & Su, A. (2017). Cybersecurity and data breaches at schools. In Cybersecurity

Breaches and Issues Surrounding Online Threat Protection (pp. 144-174). IGI Global.

Shillair, R., Esteve-González, P., Dutton, W. H., Creese, S., Nagyfejeo, E., & von Solms, B.

(2022). Cybersecurity education, awareness raising, and training initiatives: National

level evidence-based results, challenges, and promise. Computers & Security, 119,

102756.

Srivastava, A. K. (2024). Critical analysis of cybersecurity awareness programs in school

education. Library Progress International, 44(3), 18282-18303.

of STEM Education for Sustainability, 3(1), 47-67.

Tsado, L. (2019). Cybersecurity Education: The need for a top-driven, multidisciplinary, school-

wide approach. Journal of Cybersecurity Education, Research and Practice, 2019(1), 4.

White, K., & Rotermund, S. (2019). Elementary and secondary mathematics and science

education. Science & Engineering Indicators 2020. NSB-2019-6. Alexandria, VA:

National Science Foundation.