A common misconception is that young people, many of whom grew up using tablets or touchscreen phones from an early age, are inherently tech savvy. For many, digital safety is a glaring area of growth. K-12 education faces a staggering number of security threats and receives over 80% of workplace malware attacks. By pairing focused, consistent digital safety instruction with Microsoft’s security tools like Defender and Intune for Education, students can safely navigate their digital lives.

Fulton County Public Schools outside Atlanta, Georgia, is one example of a district that faces many of the same challenges as nearly every U.S. school system. The district is dedicated to making sure that students grow socially, emotionally, and academically in a safe and supportive environment. The concept of “school safety” has evolved significantly in the last several decades to include cybersecurity, ranging from policy compliance, privacy, and data protection from common cybersecurity threats like phishing attacks, malware, and untrustworthy links.

Something smells phishy

Phishing occurs when a site, communication app, or other platform tries to collect personal or private information for harmful reasons. Often, phishing attacks try to gather personal information like credit card details or login credentials. In a given month, Fulton County Schools faced 254,255 phishing attempts, and successfully blocked 89% of them using their Microsoft 365 A5 security subscription.

To help reduce the number of successful threats, work with students to look for these common phishing red flags:

  • The message or subject has misspellings and errors
  • The message uses an email address that mimics a teacher’s or administrator’s name
  • The message contains links that do not go where expected
  • The message appears to be from a school or staff member and conveys a threat or urgency or offers an unrealistic reward
  • The message makes a request to supply private information

Our job is to protect student and staff data, no matter what because we have social security numbers, health data, and other sensitive data in our student information systems and enterprise resource planning system, we must have a robust information security system in place. - AJ Philips, Director of Instructional Technology, Prince William County Schools

As the Director of Information and Instructional Technology, AJ Philips helps keep the students in Prince William County Schools in Virginia safe from cybersecurity threats like phishing. His district uses Microsoft Defender for the Cloud Apps to protect and watch potential threats to the district’s 90,000 student devices. Defender’s comprehensive protection helps keep students safe when they are on-campus, at home, or even when visiting family around the world.

Take a tick before you click bad links

The shift to blended learning accelerated abruptly over the last few years. Unfortunately, many students’ digital skills and cyber hygiene are still catching up.

Students access content in multiple ways: through learning tools, communication apps, and search engines. Each of these platforms is a landing spot for hyperlinked text. Students need digital literacy skills to help them determine which links are safe, valuable, and reliable as they explore content. Help students improve their digital hygiene by modeling how to assess and verify links found in websites, search results, email, communication apps, and social media.

It’s important for students to understand that clicking a harmful link could lead to someone being able to access their device’s camera, spy on or crash the device, or steal private information. Harmful links can occur on many of the devices that students use on a regular basis in the classroom like cell phones, tablets, and laptops.

Something doesn’t ad up

While ads are not inherently good or bad, it’s important that students develop the ability to tell the difference between a legitimate advertisement and a potentially harmful one. Ads are commonly found in interstitial videos in digital games, promoted search results, and social media. Advertisements show up everywhere promising a flashier app or a healthier life, and they can sometimes be a gateway for malware or phishing attacks.

Remember, ads are not always bad. It’s important that students understand the signs of trustworthy ads from those that are suspicious or potentially harmful. Help students avoid harmful ads by discussing and modeling the following practices:

  • Identify the advertisement. Labels or captions like #ad or “sponsored” could be good clues.
  • Decide if the ad is relevant to a search query.
  • Avoid links that ask for personal data or try to incite fear.

Responding when mistakes are made

Even with good digital skills and tools like Microsoft Defender for the Cloud monitoring security threats, mistakes still happen. It’s important for students to know how to respond when they see a questionable email, click on a harmful link, or visit a dangerous ad.

The first step is to tell a trusted adult what happened. Help students feel free from judgment or punishment. Use these messages and strategies to help when mistakes are made:

  • Emphasize that there are no consequences for reporting. Asking for help will not be punished or reprimanded. Microsoft recommends a “no consequences self-reporting environment” when possible.
  • Remind students if they mistakenly click on a bad link, their life isn’t over! They just need to tell an adult to get help
  • Provide students access to school experts who have helpful tools to fix it.

Help students understand why cyber hygiene is important

Recent years have shown the importance of understanding how to behave safe online and that everyone has a role to play in cybersecurity. Because of that, Microsoft has created the Cybersecurity Awareness website, with consumable resources for organizations, consumers, and students to learn cybersecurity best practices and how to be cyber smart. In this hub, audiences will be able to find infographics, certifications, reports, events, trainings, scholarships, and more to stay connected with cybersecurity education opportunities.

As students continue to gain important digital skills, they will increase their understanding of the threats that commonly try to compromise schools, social media apps, and communication tools that they use every day. Explain to them the cause and effect so they can see how to avoid scams and compromises, and why keeping an eye out for these is important.

Begin your cybersecurity discussion with students using the Microsoft K-12 Cybersecurity Infographic and Conversation Guide:

The K-12 Cybersecurity Infographic provides simple examples of phishing links and scam ads and how to identify them.
The K-12 Cybersecurity Conversation Guide helps educators and caregivers discuss key topics with students on how to improve their cyber hygiene.