MARCH 2022
TECHLEARNING.COM
Safe Learning Spaces Fostering security and well-being for staff and students
CONTENTS 4
4
Balancing Responsibility for Student Data and Online Safety By Dr. Kecia Ray
6
6 Tips to Remove Social Security Numbers from Student Data By Beverly Miller
10
10
Cyber Insurance: What Schools Need to Know By Annie Galvin Teich
13
4 Ways To Prevent Cyberbullying By Erik Ofgang
16
Best Student Data Privacy Practices for Schools
20 Best Cybersecurity Lessons and Activities for K-12 By Diana Restifo
26 Lightspeed Systems Acquires CatchOn: What You Need to Know By Erik Ofgang
30 Fostering Well-Being and Social-Emotional Learning Skills By Erik Ofgang
34 5 Mindfulness Apps and Websites for K-12 By Stephanie Smith Budhai, Ph.D.
34
By Sascha Zuger
13
Group Publisher Christine Weiser christine.weiser@futurenet.com
Production Manager Heather Tatrow heather.tatrow@futurenet.com
CONTENT
Managing Design Director Nicole Cobban
Managing Editor Ray Bendici ray.bendici@futurenet.com
Senior Staff Writer Erik Ofgang erik.ofgang@futurenet.com Event Development Director Marquita Amoah marquita.amoah@futurenet.com VISIT US www.techlearning.com
Senior Design Director Cliff Newman
MANAGEMENT Senior Vice President, B2B Rick Stamberger Head of Production US & UK Mark Constance Head of Design Rodney Dive
ADVERTISING SALES Sales Manager Allison Knapp, allison.knapp@futurenet.com Sales Associate Anne Gregoire, anne.gregoire@futurenet.com FOLLOW US
All contents © 2022 Future US, Inc. or published under licence. All rights reserved. No part of this magazine may be used, stored, transmitted or reproduced in any way without the prior written permission of the publisher. Future Publishing Limited (company number 2008885) is registered in England and Wales. Registered office: Quay House, The Ambury, Bath BA1 1UA. All information contained in this publication is for information only and is, as far as we are aware, correct at the time of going to press. Future cannot accept any responsibility for errors or inaccuracies in such information. You are advised to contact manufacturers and retailers directly with regard to the price of products/services referred to in this publication. Apps and websites mentioned in this publication are not under our control. We are not responsible for their contents or any other changes or updates to them. This magazine is fully independent and not affiliated in any way with the companies mentioned herein.
FUTURE US, INC. 130 West 42nd Street, 7th Floor, New York, NY 10036
If you submit material to us, you warrant that you own the material and/or have the necessary rights/permissions to supply the material and you automatically grant Future and its licensees a licence to publish your submission in whole or in part in any/all issues and/or editions of publications, in any format published worldwide and on associated websites, social media channels and associated products. Any material you submit is sent at your own risk and, although every care is taken, neither Future nor its employees, agents, subcontractors or licensees shall be liable for loss or damage. We assume all unsolicited material is for publication unless otherwise stated, and reserve the right to edit, amend, adapt all submissions.
twitter.com/techlearning
WWW.TECHLEARNING.COM
| M A R C H 2 02 2 |
3
DATA AND ONLINE SAFETY
CREDIT: GETTY IMAGES
BALANCING RESPONSIBILITY FOR STUDENT DATA AND ONLINE SAFETY
4
School districts face enormous challenges in protecting student data -- and students themselves -- while also fending off hackers and attackers
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
By Dr. Kecia Ray
DATA AND ONLINE SAFETY
O
n October 8, 2021, President Biden signed the K-12 Cybersecurity Act of 2021 into law. The legislation acknowledges that maintaining the security of student data is mission-critical and, therefore, a study will be conducted to determine the best guidance to offer districts. While this seems to be a great attempt at protecting our student data, it also represents the federal government slowly crossing the state and local authority line using legislation, policies, and letters to companies to emphasize concerns related to technology in schools, specifically cybersecurity and privacy. However, more than 45 states and Puerto Rico have introduced legislation related to cybersecurity during 2021, according to the National Conference of State Legislators. So, it begs the question: what is the purpose behind the federal legislation? The increased use of technology in schools will no doubt increase the risk of attacks on student data. Since 2016, there have been at least 1,062 reported attacks on school districts across the U.S., with 53 school districts being attacked in 2020 and costing more than $7.5 billion, according to a recent report from Amtrust Financial. Since July, at least 16 school districts have already been victims of ransomware attacks. In spite of these numbers, technology is no longer an option for districts. Schools must include technology in their daily practice of operating a school and delivering instruction. They must also use technology to protect student data as well as protect students themselves while they are online. An estimated 500,000 online predators are seeking out children while they are accessing the internet. The F.B.I. reports that children aged 12-15 represent more than 50% of the victims of online sexual exploitation. In addition to adult predators, students are also attacked by cyberbullies. Cyberbullying through digital devices occurs through social media, text, emails, instant messaging, and gaming. Research suggests 21% of children aged 10-18 experience cyberbullying, which can lead to additional mental health issues. And, children living in lower-income households are more likely to be bullied online.
STRIKING A BALANCE
Cybersecurity and student data privacy are certainly huge issues for districts today and support is definitely needed to fend off hackers and attackers, but does the support need to come in the form of guidance or restricting what products and services districts can use? States have already passed legislation on handling student data, and organizations such as SEDTA and CoSN determine effective practices for managing student data and protecting students while online, and standards have been set to manage this. The federal government’s role should be supporting states through funding and legislation that protects constitutional and civil rights when states fail to do so. States and local school boards must do diligence to defend the needs of their schools when it comes to protecting student data and online safety. Interested in learning more about cybersecurity in K-12, check out these articles: • Best Cybersecurity Lessons and Activities for K-12 Education • How to Implement a Systemic Approach to Student Data Security and Privacy • 5 Ways to Boost School Cybersecurity • How to Integrate Student Data Privacy Protection into District Data Governance Plans
Data privacy isn’t the only challenge with our students online. We must protect their safety as well, and some companies aid districts in monitoring student safety online. However, during the first week of October 2021, these Want to be more informed about protecting students online? Look over companies received letters of concern from three U.S. Senators related to these resources: violating students’ privacy. • Keeping Students Safe While Learning Online Where is the balance between protecting student data and protecting • A Starting Point for Ensuring Student Online Privacy students online? Students -- and the data that come with them -- are the • 10 Back-to-School Tips for Online Tips and Resources for Parents most fragile piece of the education system and the entire reason the system exists. No school or district Longing to learn more about the role of school administrator wakes up thinking of putting their boards, states, and federal government in overseeing students at risk. Districts and the schools they support education? Read over this interesting history of our must be armed with resources to protect their most educational system in these resources: significant responsibility, the safety of the students they • History and Evolution of Public Education in the U.S. serve. These resources come in the form of funding, • A Relevant History of Public Education in the U.S. CHILDREN AGED technologies to monitor student activity online, 12-15 REPRESENT technologies to protect student data, and legislation to Our districts are under so much pressure today, let’s MORE THAN 50% back it when a predator or hacker is doing harm. stand united to support their best efforts and intentions, OF THE VICTIMS OF Federal government may have good intentions, it and let’s make sure each entity responsible -- federal, state, ONLINE SEXUAL remains the responsibility of the states and local school and local school boards -- educates our amazing students boards to govern and direct school operations. and does the right thing for the good of the whole. EXPLOITATION
WWW.TECHLEARNING.COM
| M A R C H 2 02 2 |
5
SAFE DATA
6 TIPS TO REMOVE
SOCIAL SECURITY NUMBERS FROM STUDENT DATA
By removing social security numbers from student data, Greeneville City School District has increased security by making itself less of a target By Beverly Miller
I
t is no coincidence that K-12 organizations have become one of the most targeted sectors for cybercriminals seeking access to confidential data. Most student information systems (SIS) contain sought-after information when the goal is to illegally assume another person’s identity. Student and employee data sets most always include full, legal names, dates of birth, and far too often, social security numbers. While still necessary to maintain employee social security numbers for tax and retirement reporting purposes, I believe it is time for schools and school districts to eradicate student social security numbers from both electronic and paper records, if they have not
already done so. The task may sound simple. However, the reality of accomplishing that feat is complex and must be strategically planned and executed. The Greeneville City School District is located in the heart of the Appalachian Mountains in rural, eastern Tennessee. Digital records are now the norm; however, certain paper documents are still maintained in various locations throughout the district. The one warehouse in the district is not environmentally controlled with temperatures soaring during Tennessee summers and dipping throughout the winter months. To preserve these historical records, the district has a goal to digitize it all and has engaged
1
2
We began by brainstorming and prioritizing what could quickly become an overwhelming project. This is the point in the process at which we identified the importance of eliminating student social security information as our top priority.
While it may be obvious to concentrate on SIS, make sure to account for hard copies of such information that may be inside permanent records or other files. This step in the overall process can be laborious. Allow time for team members to speak with teachers, school leaders, special education experts, school secretaries, and others who will likely have pertinent information to help the project progress.
Assemble a cross-sectional team of stakeholders who have a broad knowledge base.
6
with a vendor-partner to accomplish that task. As the current Assistant Director of Schools for Administration, I have also served as the Chief Technology Officer for the school district for the past 27 years and have certainly observed a rapidly shifting landscape in regard to data security and information management. Never has data management been more critical than it is in today’s environment. There are so many aspects of data security, privacy, and information management that need to be addressed. Just focusing on the elimination of student social security numbers, the following steps are the ones taken by our rural district and are recommended for others who might be facing this same challenge.
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
Identify all sources of student social security information.
SAFE DATA
3
5
Like any project management endeavor, this one will not be fully successful without a robust, streamlined communication plan to keep all stakeholders involved and engaged. Parents and guardians need to know about your effort and understand the reasons behind it. Teachers need to be involved as they might be asked to provide student information when rostering as part of a software pilot project or other similar task. District leadership team members need to receive regular updates as the work progresses. School boards and local media outlets need to be involved. Invite them to serve on data security teams and work together to accomplish your goals.
We reached out to the EIS (Education Information System) team at the Tennessee State Department of Education early in our planning stages. The Tennessee EIS platform is critical because all our state education funding is generated based on the student enrollment and attendance data uploaded by local SIS extracts. Our EIS support team were instrumental in helping us map the data fields and prepare for the transition to the unique pin numbers by which students would be uniquely identified and tracked.
Communicate plans across the organization throughout the process.
4 CREDIT: GETTY IMAGES
Develop a strategic plan to address both paper and electronic record scrubbing simultaneously.
8
It is important to have small teams focusing on specific record types. For example, we solicited the help of a couple of great special education teachers to assist our team in purging socials from historical records, which was a substantial task. Our district utilizes PowerSchool as our SIS. Our local PSUG (PowerSchool Users Group) played a tremendous role in developing a plan to begin using a unique pin number in lieu of social security number. They then tested the plan exhaustively in a sandbox environment before moving to the production server.
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
Involve your state education department information systems team.
6
Stay the course.
Any school system with a large amount of data (historical and/ or current) must acknowledge that the process of removing student social security numbers will be one that requires focus, endurance, and commitment. Team members may leave. New team members may emerge. It is important to have the process documented and a training plan in place by which information and knowledge transfer can happen quickly and thoroughly. The Greeneville City School District is now positioned to enroll and serve students without ever seeing or knowing their social security numbers. As a longtime IT professional, I often worry about the fact that many young adults may find themselves applying for college scholarships, seeking a loan to buy that first new car, or filling out an application for a job only to discover that their identity has been stolen as the result of a data breach during their K-12 school years. It gives me a sense of peace to know that social security numbers are not at risk in the district I serve.
CYBER INSURANCE:
WHAT SCHOOLS NEED TO KNOW As cybersecurity attacks increase, districts ask if the cost of cyber insurance is worth the price
CREDIT: GETTY IMAGES
By Annie Galvin Teich
10
E
ach week, more public education sites report phishing attacks, data hacks, and ransomware demands. In 2021, 62 school districts and 26 colleges or universities were hit. On January 4, 2022, 3,000 K-12 schools were caught in an international ransomware attack. “It’s gotten to the point that it’s not ‘if ’ we are attacked, but ‘when’ it will happen,” says Sandra Paul, director of information technology at Township of Union Public Schools in New Jersey. “There are at least four districts in our area that have been hacked in the last few years.”
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
While everyone is trying to save money, they are also loading more items onto their data network such as security cameras, HVAC systems, and other Internet of Things devices, which create more potential openings for hackers, says Paul. Protecting it all grows proportionally, so investing in cyber insurance is becoming a necessity. And even those districts that can’t afford it can benefit from exploring the process. “Not everyone can buy cyber insurance. There are a lot of requirements before you can get approved, such as multifactor authorization, specific
CYBER INSURANCE filters, and so on,” she says. “Cyber insurance doesn’t protect you from getting hacked but complying with the insurance company’s requirements can make you a lot safer.” Paul reports that policies are different. If you have a DNS attack and your data is held for a ransom, your insurance may cover some of the ransom, but it usually just covers what it would cost to remediate your equipment back when you need it. For example, it generally takes 48 to 72 hours to get servers back in service. “We don’t feel safe, but we’re doing everything we can to protect our network,” says Paul. “We have a $1 million policy, which is standard, and we use outside services to help us monitor our systems looking for holes.” She shares the list from her insurance company to help districts see what system and process requirements are in play to be approved for cyber insurance.
QUESTIONS ABOUT SECURITY, PRIVACY, AND MEDIA CONTROLS Some school leaders are upset to find out that they don’t qualify for cybersecurity insurance. Schools and districts have to make investments in protecting themselves before insurance underwriters will approve a policy.
CREDIT: GETTY IMAGES
To start that process, here is a list of some of the typical questions an insurer wants districts to answer: • Do you have firewalls in place to protect your data and devices? • Do you have antivirus software in place to protect your data and devices?
12
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
• Do you encrypt your data at rest, in transit and/or on mobile devices? • Do you have an intrusion detection/prevention system in place to protect your data and devices? • Do you conduct vulnerability scanning and patching? • Do you require the use of multi-factor authentication? • Do you back up your electronic data? • Do you have a business continuity plan, disaster recovery plan, and an incident response plan? • Do you have a written information security policy and/or privacy policy? • Do you have vendor risk management protocols in place that address cyber risk controls, contractual liability, indemnification, etc.? • If you are a covered entity under HIPPA, COPPA, FERPA, the Red Flag Rule or any other similar law, do you have measures in place to comply with your obligations under the applicable laws? • If you process credit card payments or store credit card payment information, do you comply with Payment Card Industry Data Security Standard (PCI-DSS)? • Do you have an employee who is trained to address cyber risk issues? • Do you have a content review process in place to review content/material being disseminated prior to release? • Do you obtain proper licensing for content/material? • Do you have procedures in place to remove controversial content/ material? HINT: the answers to most of these questions should be “yes.”
CYBERBULLYING
4 WAYS TO PREVENT CYBERBULLYING Chad A. Rose, the director of Mizzou Ed Bully Prevention Lab, shares tips for preventing cyberbullying. By Erik Ofgang
P
reventing cyberbullying is increasingly critical for education as students spend more and more time online. “We live in a world now where bullying doesn’t begin and end with school bells,” says Chad A. Rose, director of Mizzou Ed Bully Prevention Lab at the University of Missouri. “It encompasses a kid’s entire life.” Rose shared the following suggestions for educators who want to help prevent cyberbullying at their schools.
RECOGNIZE THAT IT’S A SCHOOL PROBLEM EVEN IF IT HAPPENS OUTSIDE OF SCHOOL
1
CREDIT: GETTY IMAGES
Bullying, of any kind, is defined as an imbalance of physical or emotional power, intent to cause physical or emotional harm, and behavior that is repeated or likely to be repeated, Rose says. Unlike traditional in-person bullying, cyberbullying does not necessarily occur on school grounds or even during school hours. As a result, it can be seen as an issue that is outside of school, even though cyberbullying has the potential to impact every aspect of a child’s life and education. “I think it’s always a school issue,” Rose says. If educators acknowledge this, they can do more to prevent it and support and protect their students in their digital interactions.
WWW.TECHLEARNING.COM
| M A R C H 2 02 2 |
13
CYBERBULLYING
3
WORKING WITH CYBERBULLIES ON SEL AND EMPATHY
4
DON’T SUGGEST STUDENTS STOP USING TECHNOLOGY
When educators discover one of their students is a perpetrator of cyberbullying they are limited in how they can respond. “You can’t tell a kid that, ‘Hey, I’m confiscating your phone that your parents paid a thousand dollars for,’” Rose says. However, educators can and should work to form a connection with parents. “Before anything happens, we should have a nice form of communication between parents and schools,” he says. That way parents of both cyberbullies and their victims can be enlisted to help find solutions. Students who engage in cyberbullying should be given extra social and emotional learning lessons. One strategy is to build empathy by having the student and a facilitator talk through a story that is similar to the real-life situation that is occurring, and then delve into the student’s thoughts and feelings in relation to that story. If the student says they wouldn’t care if someone did that to them, an educator can teach them about empathy by explaining that other students might care.
CREDIT: GETTY IMAGES
2
14
TEACH DIGITAL CITIZENSHIP
A key to protecting students from cyberbullying is to teach digital citizenship in elementary school, Rose says. These lessons should focus on the following: • Safety - Students should learn the basics of online safety, including not giving out personal information such as their name or address • Choice - Students should be reminded that posting something online is a choice and that stopping and thinking before posting or sharing can often prevent an unfortunate incident • Permanence - Students need to learn that things that you post online are permanent, Rose says, as even apps that claim to delete data often keep that data stored While school digital citizenship programs often do a good job with teaching online safety, Rose says more needs to be done to teach students about the other two key aspects, particularly that items posted online can be there forever. “I don’t think kids quite understand permanence,” he says.
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
A common piece of advice for the victims of cyberbullying is to stop using the platform on which the bullying is taking place, however, that may not be the best approach. “We used to tell kids if someone is mistreating you, delete the app,” Rose says. “I’ve long said that we can’t just tell them to socially remove themselves.” For example, Rose says you wouldn’t tell a child to stop playing basketball if they were getting bullied on the court. Increasingly, online spaces fulfill a similar function in children’s lives, and simply withdrawing from social media isn’t a valid option. Instead, educators need to understand the causes of bullying and work with students to develop online strategies to mitigate the impact. “Digital citizenship should be embedded in the daily curriculum, especially in environments that include high usage of electronic devices,” Rose says. “This includes teaching students about the safety, choice, and permanency of interacting online.”
PRIVACY PRACTICES
BEST STUDENT DATA PRIVACY PRACTICES FOR SCHOOLS Protecting student data privacy goes beyond buying the most expensive product
CREDIT: PAUL BRADBURY/GETTY IMAGES
By Sascha Zuger
16
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
PRIVACY PRACTICES
T
he last week of January was National Data Privacy Week. As part of the global online safety, security, and privacy campaign called ‘Stop. Think. Connect.’—an initiative of the National Cyber Security Alliance (NCSA)—it serves as a reminder to those in education to evaluate how we are doing when it comes to keeping our students and their data safe in the classrooms and beyond.
STUDENT DATA PRIVACY RULES—IS THE PARTY OVER? Educators are trying their best to keep kids feeling connected and excited about school, even in these chaotic and uncertain times during which “school” might be located in a different place each week. Does remote school safety mean an end to the fun of sharing and showing off projects and achievements? “We don’t need to stop celebrating the students and their work,” says Eileen Belastock, Director of Technology and Information at Nauset Public Schools, Orleans, Massachusetts. “We just have to make sure it’s safe and secure. So it means having district-sanctioned social media accounts, or a secured website where only your art Google classroom or your students’ parents can see what’s going on.” Getting permission from parents to even have their child’s image and voice out there is a must. “At the beginning of the year they sign off on a general release form,” says Belastock. “But whether it’s a project they want to showcase on a website of the great things these kids are doing or a video clip pulled from Zoom, systems can be set up to ask permission from parents every time before posting. We’re not trying to say no, we are just trying to do it safely. Yes, it’s an extra step, but the last thing we want to do is put a child in jeopardy.”
STUDENT DATA SECURITY: AN ISSUE NOT REMOTELY GOING AWAY It feels as if the news is peppered with daily stories of school data breaches and privacy leaks. Is this just the buzzword of the day or a developing issue schools need to tackle to ensure the safety of their students? “Information security and privacy have grown and will continue advancing as major factors for all educational institutions,” says Ed Zuger, J.D., Associate Professor and Dean at University of the Cumberlands, School of CIS. “During the past couple years, the revolution of remote schooling removed security controls from the relatively careful environs of trained, formal IT experts. We now have hundreds or thousands of separated students and their homegrown security ‘solutions’—e.g., the $120 big box router. Along the way, every new node, onramp, and pathway amounts to another point-of-entry for potential criminals, not only to access content on students’ personal devices, but to walk through these unlocked and interconnected doorways into sensitive data on the greater school networks.” Ask any cybersecurity pro and they will say the most risky element of keeping a system protected is the users. “So how do we save the budget?” says Zuger. “Do what we do best and teach. Teach our staff and students how to be savvy cyber-citizens. The best and most expensive security network can’t undo the damage of a careless user clicking on malicious links or kicking open a virtual doorway for any outsider to wander in.” In conjunction with that, Belastock offers some best practices for schools.
WWW.TECHLEARNING.COM
| M A R C H 2 02 2 |
17
PRIVACY PRACTICES Assess your current landscape. How is the district software being acquired—at the school level, the teacher level? You need to have an easily accessible vetting process so there is a process in place for approval to ensure there are no inherent risks within that tech. Be transparent about why. We don’t want to be the people of “No.” Explain to teachers and parents, “What if it was your photo being tagged in a public site or your personal video being shared because there wasn’t security preventing that?” Make it relatable for adults to drive home the importance. Partner with vendors. Talk to them as there are a lot of data privacy agreements available. Vendors want you to use their product, so make sure they understand your privacy policies. It’s been really helpful for our district. Get the word out to the school community. Put it in the face of the superintendent, go to school board meetings, just talk about this whenever you can. Talk to teachers, students, parents— always share the same mantra about protecting student and staff data.
WE CAN’T CONTROL WHAT HUMANS DO, BUT WE AS TECH DIRECTORS CAN HAVE ALL THE SAFEGUARDS, COMMUNICATIONS POLICIES REGARDING PUBLIC DISPLAYS— WE CAN AT LEAST DO OUR BEST TO PROTECT OUR STUDENTS.
WHY STUDENT DATA PRIVACY MATTERS
CREDIT: PAUL BRADBURY/GETTY IMAGES
“What drives my institution to maintain tight security protocols is the value of our students,” says Zuger. “We are talking about some of the most vulnerable in society, as well as the most targeted because of the inherent vulnerabilities of those who have not yet experienced life’s cautions.” In some cases, the consequences of lax security protocols could be much more serious than a paper getting swiped, risqué photo accessed or grade changed.
18
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
“Years ago, we interrupted a potentially dangerous incident,” Zuger says. “One student, intent on personally connecting with another, tracked their target’s computer lab usage and circumvented our security by installing a keylogger on their usual workstation. This tool records every keystroke, giving access to countless private and personal communications, passwords and data. However, because our protocols included regularly reviewing logs and system changes, we spotted the keylogger, identified the offender and they were turned over to law enforcement before the student-victim was ever compromised.”
AN UPHILL CHALLENGE
With increasingly more sophisticated cyber criminals and hackers out there, it can make a district leader wonder if there is any point to trying to shield things anymore. “On the one hand, there is some rationale in simply throwing the hands up. Everyone is prone. The trillion-dollar organization that is the U.S. government, with endless human capital expertly trained and practiced in cyber-defense, still experiences scores of attacks and breaches daily,” says Zuger. “But on the other more practical hand, why do we secure anything? We lock our front doors, enable the car alarm, and use PIN at the ATM. In those days of yore, nearly everyone left their front door unlocked. Eventually we realized that by simply spinning that deadbolt we might shuffle the scofflaw to the next address for easier access.” Although it might feel like an overwhelming challenge, doing what we can to protect our students is non negotiable. “It can be expensive. Securing assets does not create revenue; it costs. So there must be a discussion about the hard costs, both of the tech and in training users to use and rely on the security solutions,” says Zuger. “What, though, might the cost of noncompliance be? Our students’ reputations, psychological and physical health? The institution’s reputation? Accreditation, even? All those and more are at risk. We have a duty to our students and our communities.” “We can’t control what humans do,” says Belastock. “But we as tech directors can have all the safeguards, communications policies regarding public displays—we can at least do our best to protect our students. There will always be that one parent who takes a video or photos at a celebration and puts it out on Facebook. We can at least say we did our due diligence and put protections in place.”
CYBERSECURITY LESSONS
CREDIT: GETTY IMAGES
BEST CYBERSECURITY LESSONS AND ACTIVITIES FOR K-12
20
Here are the best K-12 cybersecurity lessons, games, and activities By Diana Restifo
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
CYBERSECURITY LESSONS
C
omputer literacy and security are not merely elective topics for today’s students. Instead, these have become an essential part of elementary education, starting at the earliest levels— because even preschoolers have access to internet-enabled devices. Launched in 2004 as a collaboration between the National Cyber Security Alliance and the U.S. Department of Homeland Security, Cybersecurity Awareness Month aims to promote not only awareness of cybersecurity hazards, but also the knowledge and tools users need to protect themselves, their devices, and their networks while accessing the vast information highway that makes modern life possible. The following cybersecurity lessons, games, and activities cover a wide range of topics and grade levels, and can be implemented in general instruction classes as well as dedicated computer science courses. Nearly all are free, with some requiring a free educator registration.
BEST CYBERSECURITY LESSONS & ACTIVITIES CODEHS INTRODUCTION TO CYBERSECURITY (VIGENERE) A full year-long course for high school students, this introductory curriculum is ideal for beginning computer science students. Topics include digital citizenship and cyber hygiene, cryptography, software security, networking fundamentals, and basic system administration.
CODE.ORG CYBERSECURITY - SIMPLE ENCRYPTION This standards-aligned classroom or elearning lesson aims to teach students the basics of encryption - why it matters, how to encrypt, and how to break encryption. As with all code.org lessons, included are a detailed teacher’s guide, activity, vocabulary, warmup, and wrap up.
CODE.ORG RAPID RESEARCH - CYBERCRIME What are the most common cybercrimes and how can students (and teachers) identify and prevent such attacks? Learn the basics in this standards-aligned lesson from the Code.org curriculum team.
COMMON SENSE EDUCATION INTERNET TRAFFIC LIGHT This Common Core-aligned first-grade lesson teaches basic internet safety with a fun Google Slides presentation/activity. Also included are instructions for an in-class Traffic Light game, as well as a video, handout poem popster, and take home resources. Free account required
CYBER.ORG CYBERSECURITY LESSON FOR GRADES 10-12 A comprehensive cybersecurity course covering threats, architecture and design, implementation, risk, regulation, and much more. Login via Canvas account or create a free educator account.
22
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
CYBER.ORG EVENTS Explore Cyber.org’s upcoming virtual events, such as Intro to Cybersecurity, Cybersecurity Activities for Beginners, Cybersecurity Career Awareness Week, Regional Cyber Challenge, and more. It’s a great resource for professional development, as well as for your high school cybersecurity curriculum. CyberPatriot Elementary School Cyber Education Initiative (ESCEI) Complete a brief request form, download the digital ESCEI 2.0 kit, and you’re ready to plan your cybersecurity instruction. Included in the free digital kit are three interactive learning modules, supplementary slides, instructor’s guide, introductory letter describing ESCEI, certificate templates and more. An excellent start to your K-6 cybersecurity curriculum.
DON’T FEED THE PHISH Help your students learn how to protect themselves from Internet scams with another fine lesson from Common Sense Education. Taking a playful approach to a serious topic, this complete standards-aligned lesson includes a warmup and wrap up, slides, quizzes, and more.
FAUX PAW THE TECHNO CAT Questionable puns and animated animal characters such as Faux Paw the Techno Cat are a great way to engage young learners in an important topic. Follow the adventures of this technology-loving polydactyl puss via PDF books and animated videos as she learns with difficulty how to navigate digital ethics, cyberbullying, safe downloading, and other tricky cyber topics.
HACKER 101 Ever hear of ethical hacking? The thriving ethical hacker community invites interested persons to grow their hacking skills for good. A wealth of hacking how-to resources is free for users, from novice to advanced levels.
HACKER HIGHSCHOOL A comprehensive self-guided curriculum for teens aged 12-20, Hacker Highschool consists of 14 free lessons in 10 languages, covering everything from what it means to be a hacker to digital forensics to web security and privacy. Teachers’ guide books are available for purchase, but not required for the lessons.
INTERNATIONAL COMPUTER SCIENCE INSTITUTE: TEACHING SECURITY Built on the AP Computer Science Principles, and standards-aligned, these three lessons cover threat modeling,
CYBERSECURITY LESSONS authentication, and social engineering attacks. Ideal for high school students. No account required.
K-12 CYBERSECURITY GUIDE What skills are needed to enter the burgeoning cybersecurity field? Which cybersecurity jobs offer the greatest career opportunities? What steps can students take to maximize their cybersecurity knowledge? These questions and many others are answered by cybersecurity experts in this guide for interested K-12 students.
NOVA LABS CYBERSECURITY LAB Designed to teach students how to detect and thwart cyber attacks, PBS’s Cybersecurity Lab posits a newly launched company website with insufficient built-in security. What strategies will you, the CTO, employ to protect your startup? Play as a guest or create an account to save your progress. Cybersecurity Lab Guide for educators included. Be sure to check out the Nova Labs Cybersecurity Videos too!
RISK CHECK FOR NEW TECH A highly practical lesson from Common Sense Education, Risk Check for New Tech asks kids to think hard about the tradeoffs that come with the latest tech innovations. Privacy is especially vulnerable in today’s smartphone- and app-driven tech culture. How much privacy should one give up for the benefits of the latest tech gadget?
SCIENCE BUDDIES CYBERSECURITY PROJECTS One of the best sites around for complete, free cybersecurity lessons. Each lesson includes background information, materials needed, stepby-step instructions, and guidance on customization. Ranging from intermediate to advanced, these eight lessons examine hacking the air gap (i.e., computers not connected to the internet -- yes these can be hacked!), the actual security of security questions, sql injection attacks, the true status of “deleted” files (hint: these are not really deleted), and other fascinating cybersecurity issues. Free account required.
SONICWALL PHISHING IQ TEST This simply 7-question quiz tests students’ ability to spot phishing attempts. Have the entire class take the quiz, tally the results, then examine each example closely to distinguish the salient features of a genuine vs. “phishy” email. No account required.
BEST CYBERSECURITY GAMES ABCYA: CYBER FIVE This animated video introduces five basic internet safety rules, as explained earnestly by Hippo and Hedgehog. After watching the video, kids can try the multiple-choice practice quiz or test. Perfect for younger students. No account required.
CYBERSTART GO Terrific selection of free cyber games sorted by difficulty level and
24
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
subject. The easy games are ideal for younger students and novices, while the harder games pose a stimulating challenge for more advanced students.
EDUCATION ARCADE CYBER SECURITY GAMES Five arcade-style cybersecurity games offer an adventurous look at digital security issues such as password breach, phishing, sensitive data, ransomware, and email attacks. Fun for middle to high school students.
INTERNET SAFETY HANGMAN The traditional Hangman game, updated for the internet, provides an easy exercise for kids to test their knowledge of basic internet terms. Best for younger students. No account required.
INTERLAND From Google, architects of much of the internet as we know it today, comes this stylish animated game featuring sophisticated graphics and music. Users are invited to navigate the perils of Kind Kingdom, Reality River, Mindful Mountain, and Tower of Treasure, learning important internet safety principles along the way. No account required.
PICOGYM PRACTICE CHALLENGES Carnegie Mellon University, host of the annual picoCTF (“capture the flag”) cyber competition, offers dozens of free cybersecurity games that will challenge and engage middle and high school students. Free account required.
SCIENCE BUDDIES CYBERSECURITY: DENIALOF-SERVICE ATTACK What happens to a website during a denial of service attack? How can computers be conscripted into such attacks without the owner’s consent? Most of all, how can these attacks be prevented? Explore critical cybersecurity concepts in this NGSS-aligned paper-and-pencil game for middle school students.
THINKU KNOW: BAND RUNNER A simple, engaging, music-themed game designed to help 8-10 year olds learn how to stay safe online.
CREDIT: GETTY IMAGES
INDUSTRY NEWS
LIGHTSPEED SYSTEMS ACQUIRES CATCHON: WHAT YOU NEED TO KNOW Lightspeed System’s recent acquisition of CatchOn looks to boost both companies and education. By Erik Ofgang Lightspeed Systems recently announced that it had acquired the ENA affiliate CatchOn, Inc. Here’s what educators need to know about the coming together of these two edtech companies.
26
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
INDUSTRY NEWS WHAT DOES THIS MEAN FOR DISTRICTS THAT USE LIGHTSPEED AND CATCHON? Lightspeed and CatchOn’s analytics products will eventually be integrated. “The plan is to let our customers who already use CatchOn continue to use that, and our customers who already used Lightspeed analytics to continue to use that, but the goal is to merge any technology that is in Lightspeed’s analytics product into CatchOn,” says Brian Thomas, president and CEO of Lightspeed Systems. “There’s a lot more features in CatchOn products than there are in Lightspeed’s analytics products.” CatchOn founder Jena Draper hopes the bolstered analytic tool will help across other Lightspeed services. “We should be thinking about how analytics impacts safety, classroom management, filtering – there’s just a tremendous amount of value,” she says. Suzy Brooks, director of instructional technology at Mashpee Public Schools, was intrigued by the potential of the acquisition. “Our district has been a client of CatchOn for many years,” she wrote via email. “With Lightspeed’s leadership in online safety and classroom management, we’re excited about the potential for visibility into a students’ engagement, academic, and mental health status in one place.”
WHY DID LIGHTSPEED ACQUIRE CATCHON? Thomas says he and other executives at Lightspeed were interested in both CatchOn’s mission to help leaders to accurately assess their online software application investments and the data and analytics technology the company had developed. Lightspeed technology reaches more than 20 million students in 39 countries and 32,000 schools globally. The company utilizes patented agents to provide web filtering for school districts. “Those agents allowed us to do mobile device management, classroom management, and a product called Alert, which is our human review and artificial intelligence that allows us to predict if a student is at risk of harming themselves or others,” Thomas says. However, members of the company realized there was other potentially useful information about learning that could be gathered at the same time, and that the company could move into “a form of analytics.” This type of technology is what led Draper to form
28
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
I’M DELIGHTED TO BE WITH LIGHTSPEED, I’VE BEEN A FAN OF THEIRS FOR A LONG TIME. I LOVE HOW QUICKLY THEY MOVE. I LOVE THE PROBLEMS THAT THEY SOLVE. I LOVE THEIR AGILITY. I THINK CATCHON HAS A FANTASTIC NEW HOME.” Jena Draper, CatchOn founder
CatchOn in 2016. “Jena and the CatchOn team were developing agents of their own and technology that was also solving analytics problems. And she was, honestly, doing it before us, and doing a better job,” Thomas says. Draper and Thomas have long been friends, and when Thomas learned that ENA was going to sell CatchOn, he was interested in acquiring the company. “Because CatchOn’s product was at least 18 months to 24 months ahead of the Lightspeed analytics product, and I had great faith in Jena’s alignment with Lightspeed, we thought that the merger of two companies would be really exciting,” Thomas says.
HOW WILL THIS ACQUISITION HELP CATCHON? CatchOn was founded by Draper in 2016. “The overarching problem that I wanted to help school districts solve was how to use technology efficiently and effectively,” she says. “I wanted them to really understand and harness the full power and potential that technology provided classrooms and teachers and students. And I had this assumption from my own experience in school, that they didn’t fully grasp it. It was being used more, but it wasn’t necessarily being effectively used and used in a way that could really benefit education as a whole.” Draper met with many school leaders and realized they had minimal systems in place to measure what technology was purchased, how or even whether it was used, and what the overall return on investment was. Schools had limited data on technology usage and much of the data they had was being filtered through the companies they worked with, which had a high potential for bias. Draper asked if a program that would work as a black box on an airplane, and show district leaders where kids went online and what tools they utilized, would be helpful. “They said, ‘If you can do that, you’ll be solving one of the biggest problems in K-12 education. And I thought, ‘Okay, that sounds fun. Challenge accepted.’” Being acquired by Lightspeed will help CatchOn grow and reach more students and educators. “I’m delighted to be with Lightspeed,” Draper says. “I’ve been a fan of theirs for a long time. I love how quickly they move. I love the problems that they solve. I love their agility. I think CatchOn has a fantastic new home, that’s going to just amplify and accelerate our vision to the nth degree.”
WELL-BEING & SEL At a recent Tech & Learning roundtable, education experts discussed the findings of a new OECD report on social and emotional learning in global students. By Erik Ofgang
FOSTERING WELL-BEING AND SOCIAL-EMOTIONAL LEARNING SKILLS
CREDIT: GETTY IMAGES
S 30
ocial-emotional learning (SEL) is not easy to study. “All of us in education know it’s challenging measuring academic skills; it’s even more challenging measuring socialemotional skills,” said Jennifer Adams, who serves on the Executive Committee for Karanga The Global Alliance for Social-Emotional Learning and Life Skills, and is former Superintendent/Director of Education for the English public schools in Ottawa, Canada. Despite the challenges involved, global research into SEL is improving as is an understanding of its importance and the best practices involved. “The topic discussion is becoming more granular and more nuanced. It’s moved away from smiley face stickers for everybody to people understanding the science behind it,” said Mark Sparvell, director of marketing education at Microsoft and an advisor to Goldie Hawn’s MindUp Foundation. Adams and Sparvell, who is also an ambassador for the Emotional Intelligence Society of Australia and founder of the SELinEdu Community, spoke about global research into social-emotional learning during a recent Tech & Learning webinar hosted by Dr. Kecia Ray. The two focused on highlights from Beyond Academic Learning: First Results from the Survey of Social and Emotional Skills, a global study of SEL from the Organization
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
for Economic Cooperation and Development (OECD). View the on-demand version of the webinar here.
KEY TAKEAWAYS Social and Emotional Skills Related to Well-Being The OECD study is one of the first international efforts to collect data from students, parents and educators on the social and emotional skills of learners at age 10 and 15. Survey results were collected from 11 cities in 10 countries. “The first and foremost conclusion that the study comes to is that social-emotional skills are strongly related to well-being,” Adams said. “That might seem obvious, but I think it’s important that we’ve got an international study that says this across countries around the world with very different education systems with very different cultures, languages, religions, etc.” This intercultural finding highlights the need for schools to do more to support SEL for educators and students, Adams said. Other findings include: • SE skills dip in adolescence, particularly for girls
WELL-BEING & SEL those panelists are talking, whether they’re from the education system or the mental health sector, they’re all saying the exact same thing,” she said. “The advice that they’re giving to education, policymakers, and to leaders, is to make sure that we really take care of our students and our staff, and the learning will come as part of that. The knee-jerk reaction to potentially go down that path of trying to catch up is absolutely the wrong approach.” Social and Emotional Learning Disparities A particularly significant finding of the OECD paper was that socioeconomically advantaged students reported higher social and emotional skills. “We know that there is a demonstrated gap based on sociodemographics for academic skills,” Adams said. “What this study has shown is that that gap exists for social-emotional skills. And obviously, during this time with a pandemic, it exacerbated both of those gaps, which really means that as we come back, and we have children coming back into schools, we have to take extra care now that we know more about the gaps and the needs of those vulnerable children.” Sparvell said the impact of this disparity could potentially be felt for years. “Those with higher developed social and emotional skills, with greater resilience, with greater ability to put things into perspective, with greater levels of optimism, all of that good social and emotional learning stuff, essentially have got protective factors to allow them to mitigate the harm caused,” Sparvell said. “Yet this research is suggesting those very students who are already more vulnerable through their parents possibly having to physically go to work, through not having potential access to devices and technology, and who are already at risk, are even further at risk if they’re not having access to high-quality, social and emotional learning programs.”
• Boys reported higher emotional regulation, sociableness , and energy levels • Girls reported higher levels of responsibility, empathy and cooperation • Socioeconomically advantaged students reported higher SE skills • A competitive school climate and high expectations (teachers/parents) are associated with higher well-being in 10 year olds and higher test anxiety for 10 and 15 year olds • Well-being dips as test anxiety increases from 10-15 year olds, especially for girls Focus on Well Being Rather Than Learning Loss The OECD report and a separate Aspen Institute guidance reached similar conclusions around learning loss, Sparvell said. “At the moment, we hear people, schools, and systems talking about learning loss talking about learning interrupted,” he said. “There is maybe an inclination to rush toward more content, more time spent covering curriculum, but both the OECD paper and the Aspen Institute suggest a balanced approach, which carefully considers well-being, particularly emotional well being, as a route toward academic achievement.” Adams leads a thought leadership group, which frequently invites education and health experts to talk. “It’s very interesting to hear that when
Boosting Academic Achievement By Giving Students Control Sparvell shared how Microsoft sponsored The Class of COVID: Lessons of Today and Learnings for Tomorrow, a white paper by Harvard Business Review. For the paper, the team spoke with experts in a variety of fields to develop advice for coming out of the pandemic. Sparvell shared highlights from his conversation with John Medina, a developmental molecular biologist, and bestselling author of the “Brain Rules” series of books. “He said to me he’s only interested in what he can measure in terms of the brain. And he said that brains are built for stress, they love it. That’s what we’re designed for. Stress triggers emotions, which then guide behaviors fight, flight, freeze. But the brain hates feeling out of control. When it feels out of control, experiencing stress for prolonged periods, it ceases to operate effectively. It basically starts to freak out.” With this in mind, Medina’s advice for educators that Sparvell relayed is: “Be very cognizant about allowing students to have control in remote learning, hybrid learning, or face-to-face learning because in a world that is largely out of their control, they need small pockets of control. So when you hear people talking about voice and choice, and agency, what they’re really talking about is, ‘I see you, I hear you, and you matter.’ It calms the stressed brain, and allows learners to engage in deep learning.” Sparvell added, “We know that emotions are the gatekeeper of how we think and process information. What drives us to do what we do and motivation, and where we direct our scarcest resource, our attention. So, for learning to be effective, we need to pay very careful attention to the emotional context.”
WWW.TECHLEARNING.COM
| M A R C H 2 02 2 |
31
MINDFULNESS
5 MINDFULNESS APPS AND WEBSITES FOR K-12
Mindfulness apps and websites for K-12 that can help support both students and teachers By Stephanie Smith Budhai, Ph.D.
CREDIT: GETTY IMAGES
W 34
ith the lingering effects of the global pandemic, coupled with myriad instances of civil unrest, K-12 students have been through a great deal over the past two years. While academic learning is at the crux of teaching, we as teachers must also focus on the socialemotional needs and wellness of students. One way to address this is to offer students opportunities to engage in mindfulness practices. According to Mindful.org, “ Mindfulness is the basic human ability to be fully present, aware of where we are and what we’re doing, and not overly reactive or overwhelmed by what’s going on around us.” Here are five mindfulness apps and websites for K-12 students and teachers.
| MA R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
MINDFULNESS
1 DreamyKid
Dreamy Kid offers a comprehensive platform of mindfulness and mediation tools for students ages 3-17. Content on Dreamy Kid can be accessed through a web browser as well as a mobile application. One of the unique aspects of Dreamy Kids is the diverse category offerings that range from supporting ADD, ADHD, and anxiety, to healing activities and guided journeys for teens. For teachers who want to incorporate Dreamy Kid into their classroom, an education program is available.
2 Calm The Calm app offers a robust suite of online mindfulness resources focused on stress management, resilience, and self-care. One unique feature of Calm that is relevant to K-12 students is the 30 Days of Mindfulness in the Classroom resource. Included are reflection questions, scripts, and a plethora of mindfulness activities. Even if you are not familiar with mindfulness strategies, there is a Self-care Guide for Teachers. The self-care guide includes calm tips, images, blog postings, planning calendars, and links to videos.
CREDIT: GETTY IMAGES
3 Breathe, Think, Do
36
with Sesame Geared toward younger learners, Sesame Street offers the Breathe, Think, Do with Sesame app that is designed to help children de-stress. Within the app, a variety of scenarios are offered with video clips that learners move through. Additional resources and games can be accessed once the learner
| M A R C H 2 02 2 | W W W . T E C H L E A R N I N G . C O M
has completed the prerequisite activity. Activities are offered in both English and Spanish.
4 Headspace The Headspace platform offers a series of sleep, meditation, and mindfulness resources and activities. Educators are welcomed to Headspace and supported through free access for K-12 teachers and supporting staff members in the U.S., U.K., Canada, and Australia. Resources for how to care for yourself as a teacher are available, as well as mindfulness tools for your students. If you would like to delve deeper into specific topics, categories include: mediation; sleep and wake up; stress and anxiety; and movement and healthy living.
5 Smiling Mind
Smiling Mind is a nonprofit based in Australia that offers a mindfulness app developed by educators and psychologists. The app has strategies that support students’ social and emotional well-being, and it offers a series of strategies and techniques specifically designed for children. Teachers and parents can order care packets too. Also, if you are an educator in Australia, there are additional professional development opportunities along with indigenous languages resources. These mindfulness apps and websites can support humanizing educational experiences while helping students cope with the ongoing mental health crisis. As students are seemingly always engaged on tech devices, introducing mindfulness, meditation, and de-stressing practices through the use of edtech tools may provide a pathway for students to self-reflect, center calmness, and become less overwhelmed with other environmental forces impacting them.
SAVE TIME. STAY INFORMED. BE PREPARED. Sign up for the Tech & Learning newsletter for ideas and tools to transform education. The newsletter will offer you weekly summaries of what matters to you, written by expert editors. For 40+ years Tech & Learning has been the leading resource for professionals looking for ways to use technology to drive innovation in teaching and learning.
SUBSCRIBE FOR FREE TODAY TAL TLE13.AD_.indd Newsletter Ad.indd 7 3
01/06/2021 6/2/21 3:24 15:14 PM