Protecting Our Future: Why Cybersecurity Training Is Essential For Students

by Darren Guccione

Cybersecurity awareness begins at home, where young people first interact with internet-enabled devices and online connectivity. However, as the digital landscape becomes increasingly complex and cyber threats evolve, it’s crucial that schools step in to provide comprehensive cybersecurity education. By integrating cybersecurity awareness and training into school curriculums, we can empower students to recognize, respond to and prevent cyber threats, helping them build a foundation for a secure digital future.

Unfortunately, that’s not happening.

In today’s hyper-connected world, children and students are increasingly exposed to the same cybersecurity risks that affect adults and organizations. Despite their general tech-savviness, students are highly vulnerable to cyberattacks and often use technology without understanding the risks. New research from my company, Keeper Security, finds that while 74% of parents express confidence in their child’s school’s cybersecurity measures, only 21% report receiving any guidance on secure password management.

The rise of credential theft, identity fraud and personal data exploitation are becoming key attack vectors affecting victims of all ages. Cybercriminals target students through phishing scams, often tricking them into giving up login credentials and sensitive information. And this problem can extend beyond individual students to entire campuses, with attackers seeking to access institutional data, financial details and personally identifiable information. In 2023, 79% of higher education institutions faced ransomware attacks, underscoring the vulnerability of colleges and universities to cybercriminals who exploit security gaps.

Data from Comparitech reveals a record-breaking 121 successful ransomware attacks against U.S. schools in 2023, compared to 71 the previous year, costing these educational institutions $550,000 per day of downtime. This surge highlights the considerable risk posed by the volume of personal and financial data that schools manage, making them prime targets for cybercriminals.

Yet, despite the growing frequency of breaches, including high-profile incidents affecting the Los Angeles Unified School District and Stanford University, there is still a dearth of formal, comprehensive cybersecurity education affecting students and schools at all levels. In fact, our research found only 14% of schools mandate security awareness training, and a mere 13% offer it as an option, leaving most students ill-equipped to handle online threats.

Educational institutions must take two critical actions to address this growing threat: Strengthen their technical defenses and integrate cybersecurity education into student curricula. Cybersecurity education should be part of every student’s academic experience, starting from K-12 and continuing through higher education. Students will benefit from this knowledge by learning to protect themselves, their families and their educational institutions from cyber threats.

Key Strategies To Strengthen Cybersecurity

1. Implement privileged access management (PAM): Universities should invest in PAM not only to minimize security risks but also to restrict access to sensitive systems and ensure only trusted personnel can view or modify critical data. The granular access control provided by a modern PAM solution prevents privilege escalation and reduces the attack surface, as well as the risk of data breaches and insider threats, which are increasingly common in education. Meanwhile, auditing and monitoring capabilities help detect suspicious behavior and ensure compliance.
2. Enhance IT infrastructure: As higher education institutions manage vast amounts of data across multiple systems, adopting advanced cybersecurity tools—such as multi-factor authentication (MFA), encryption and endpoint detection—is critical. Regular vulnerability assessments and penetration testing should also be conducted to identify potential weaknesses and prevent exploitation.
3. Provide cybersecurity awareness training for faculty and staff: It’s essential to go beyond the IT department to ensure all faculty and staff members are educated on cybersecurity best practices. Training programs should focus on identifying phishing attempts, securing personal and institutional data and ensuring staff follows data privacy regulations. Cybersecurity awareness at all levels within schools and universities is key to preventing breaches caused by human error.
4. Integrate cybersecurity into curricula: Students of all ages should gain a solid understanding of cybersecurity, including how to protect their digital identities, avoid cyber scams and understand the ethical implications of technology. Cybersecurity lessons should be integrated into general education courses, ensuring that students from all disciplines are equipped to protect themselves and their institutions from cyber threats. Public service initiatives like the Flex Your Cyber campaign provide free, age-appropriate resources for students, teachers, parents and administrators.
5. Foster a culture of security: Beyond technical solutions, creating a campus-wide culture of security is vital. Security should be part of the academic environment, not just a series of technical measures. Schools and universities should launch initiatives to promote safe online behavior, such as the importance of strong passwords, MFA and the responsible use of technology.

The Path Forward: Making Cyber Education A Priority

The education sector has a unique responsibility to prepare students for the digital challenges they will face, not only in the classroom but throughout their professional lives. Integrating cybersecurity education into academic programs and investing in the right cybersecurity solutions to protect institutional data is essential for security.

The next generation of leaders, researchers and professionals will need the skills and knowledge to combat cyber threats. This makes it all the more important that administrators lead the way in cybersecurity education and innovation. By prioritizing their own cybersecurity and providing comprehensive resources, schools and universities can better protect their students, faculty and critical systems from the growing threat of cyber attacks.