Cyber Preparedness: Protecting Students from Digital Dangers

Troy Lunt, Technology Director, Data Privacy Manager, Iron County School District

Troy Lunt, Technology Director, Data Privacy Manager, Iron County School District

In the field of K-12 education, the emphasis on student safety and data privacy is a constant priority. While educational trends and programs may come and go, the commitment to protecting students remains a priority and our primary goal. This dedication is evident in the nature of district operations: annual training sessions, monthly emergency drills, and the daily decisions that school leaders make. This consistent effort is preparation for potential crises (that may never happen). However, when a real threat emerges, this preparation is what enables a rapid and effective response.

The importance of student safety is a belief shared by parents and educators alike. This group consensus ensures that student protection, including the oversight of student data, receives continuous support. This is also reflected in the federal laws that govern K-12 education. Laws such as the Family Educational Rights and Privacy Act (FERPA) and the Children’s Internet Protection Act (CIPA) set a high standard for how school districts must handle student information. These federal rules, along with state and local policies, form the necessary structure for district compliance. They provide the framework for ongoing staff training, but the effectiveness of these policies depends on the awareness and actions of every person in the greater school community.

“This group consensus ensures that student protection, including the oversight of student data, receives continuous support”

Digital Threat Enters the Classroom

The digital age has introduced new risks into the educational environment. Online platforms, while offering learning opportunities, can also create pathways for danger. A few years ago, a local school district saw this firsthand when introducing a program to teach students about computer coding. The program had a feature that permitted students to chat with one another; to collaborate and share their projects.

A student, using this program, connected with another user they believed to be a student (but would soon prove to be an imposter). In less than an hour, the student had shared their personal information, including account credentials, passwords and even their phone number. The student was then manipulated into phone calls with this individual. Unbeknownst to the student's family or school staff, the person had already scheduled an in-person meeting with the child. This individual had used the personal information to convince the student that there would be consequences if they did not meet.