Understanding the needs of youth: Teaching Cybersecurity & Cybersafety to high-school students

Nowadays, we are trying to protect the users from online threats and attacks, keeping in mind that generally,  users have no cybersecurity skills or knowledge. The idea here is to improve that baseline by having future users with basic or even advanced cybersecurity skills.

How to do that?

Educate the students from an early stage of their online lives on matters relevant to their online security and safety. 

Is that enough?

NO! We need to educate and prepare their educators to make the students aware of, teach them how to detect, avoid and handle online risks. We decided to create the teaching material in order to equip the teachers to teach Cybersecurity and Cybersafety to high-school students.

Our approach:

We collected the high-school students’ requirements and needs using a questionnaire targeting EU-based participants relevant to our topic. Subsequently, we took one-to-one interviews with those participants who were interested in further contributing to our effort to understand the results drawn from the survey questionnaire. Based on the main findings of the combined results from the survey and interviews, we are about to start building/drafting the teaching material for Cybersecurity courses that focus on high-school students. We additionally investigate how we can make use of a collection of existing tools developed by our partners and us:

The Survey: Objectives

The first step of our action was to collect the requirements and needs by performing a survey at the EU level. We targeted high-school students, their parents and teachers, and high-school management representatives. We designed a questionnaire to gather the most relevant topics and the most effective methods/instruments which could deliver Cybersecurity/Cybersafety courses with high-school students. Furthermore, we wanted to investigate the gaps and flaws of the existing programs.

The Survey: Sample

We have been collecting data since December 2020,  and our survey is still on. Based on the data collected within December 2020 – September 2021, we have obtained data from 339 participants. We present the demographics of our sample in the following plots.

Plot 1: The percentage of participants per group in the sample

Plot 2: The percentage of participants in the sample per country

Plot 3: Gender of participants in the sample *we only asked the gender of the adult participants (parents, teachers, school management representatives)

The Survey: Questions

Our survey consists of questions related to:

  • the demographics of the participants
  • information regarding high school students as well as:
    • the types of online applications and devices they use
    • their degree of confidence in specific online activities
    • their degree of awareness of online risks
    • online threats they experienced
  • topics to discuss and methods/instruments to deliver cybersecurity courses
  • the existing practices of Cybersecurity in high schools.

The Interviews

To further understand the survey results, we had nine interviews with participants who offered to contribute more to our action by giving their emails while filling the questionnaire. Four of those interviewees were parents, and five of them were teachers. 

The interviews aimed to identify the Cybersecurity existing practices in high schools and the future needs regarding the topics and the methods/instruments.

Survey & Interviews: Main Findings

The most significant points from the results of our survey are the following:

Students

  • A high percentage of high school students (50%) mentioned they had experienced online risks.
  • They mostly use music/video, social media platforms, e-mail, and communication applications.
  • They mostly use mobile phones and private computers to access their online activities.
  • Students feel less confident in detecting and handling online risks. Having said that, they seem to be more confident than their parents and teachers think they are regarding being aware, detecting, avoiding, and handling online risks.
    • High-school students feel from neutral-confident to confident in all the online activities. On the other hand, they have little-confidence level for secure online shopping and sharing files online
    • The students failed to select the best options in online security practices questions. That shows that even if they feel confident in several online activities, they are not equipped with the skills and knowledge to choose the best practices to stay safe online.

Parents & Teachers’ Perception

  • There is a lack of communication between students and parents/teachers about their online experiences (only 23% of teachers and 19% of parents answered that their student/child shared an online risk experience). 
  • A high percentage of teachers (55%) reported that Cybersecurity is taught in their school, while parents and students reported with 48% and 38% that they don’t know about it.
  • In general, parents and teachers are more concerned about the confidence level of high-school students in their online activities.

Topics & Methods

  • The top-5 topics to discuss in a Cybersecurity course are ‘Being safe in online social platforms,’ ‘Recognizing fake online content,’ ‘Creating strong passwords,’ ‘Securely downloading online content,’ and ‘Ensuring your online privacy.’ 
  • The three most effective instruments to deliver Cybersecurity courses are interactive presentations, videos, and games/platforms.

The most significant points from the results of the interviews are the following: 

Existing practices:

  • There is no common practice in the EU regarding teaching Cybersecurity in high schools.
  • In most cases, Cybersecurity is not part of the curriculum. Specialized organizations or teachers interested in teaching cybersecurity outside the curriculum give short courses.
  • The short or non-existing time allocated for cybersecurity topics in school time is not enough to make students and parents aware of cybersecurity activities in school.

Future needs:

  • Parents must be cybersecurity-educated too – they must be involved in teaching Cybersecurity to high-school students. 
  • More interactive methods are needed, presenting real facts, stories, and examples of cybersecurity threats followed by a discussion between students and teachers.
  • It is essential to teach Cybersecurity during Computer Science and other courses where the topics are relevant
  • Cybersafety topics (e.g., cyberbullying, sexual grooming, inappropriate content, etc.) are more covered in the existing programs than Cybersecurity topics (e.g., attacks, password creation, viruses, etc.)

Future Steps

Our survey is still active, and we are targeting to collect data from other EU countries too, so as to have a more representative sample. We will create the teaching material as a drafted version and test it with high-school teachers and students. Additionally, we will investigate how we can use the existing tools of our partners within the courses to improve the interactivity and add hands-on practice to our material. 

Take-aways

Our survey and interviews brought us one step closer to creating our teaching material for teaching Cybersecurity:

  1. We identify the most relevant topics to be covered
  • Being safe in online social platforms,
  • Recognizing fake accounts, 
  • Ensuring privacy in online activities,
  • Creating strong passwords,
  • Using email applications in a  secure way

We drew these results based on the ranking of parents, teachers, and students.

Additionally, based on the lower confidence level students reported in “Secure online shopping,” “Securely sharing online files,” and “Downloading online content securely,” we add those topics in the most relevant topics lists.

  1. We identify the most effective instruments/methods to be used based on the teachers, parents, and students’ preferences: “videos,” “interactive presentations,” “games/platforms”. Additionally, during the interviews, teachers strongly suggested giving real facts, stories, and examples of online threats and discussing them with the students as the most effective method to teach Cybersecurity.
  1. We identify the areas not well covered  by the existing programs:

Detecting and Handling the risks are tasks that students feel less confident about. Those tasks require giving real examples and giving practical exercises to students instead of theoretical ones and much more time than they currently allocate. Existing programs rarely discuss Cybersecurity topics.

(By Pantelitsa Leonidou, Cyprus University of Technology)

If you are interested in more information on this task, read our full action report at the following link:

https://www.concordia-h2020.eu/wp-content/uploads/2021/12/TEACHING-CYBERSECURITY-IN-HIGH-SCHOOL-survey_report.pdf

We are looking for more participants for our survey!

If you are an EU based high-school student

An EU based parent of high-school students or

An EU based teacher of high-school students or

An EU based high-school Administrative Staff 

Help us with filling our questionnaire at the following link:

LINK TO THE SURVEY: 

https://ec.europa.eu/eusurvey/runner/6e30ed0b-3888-eff4-e85f-0d7c92f178db

Otherwise, please share the survey link among your friends/family/network to help us “Understanding the needs of the youth”!

Acknowledgments

This work is under the CONCORDIA task T.3.4. with the objective to build a European Education Ecosystem for Cybersecurity. 

The overall activity was coordinated by EIT Digital and received support from CONCORDIA partners: Cyprus University of Technology, TÜV Trust IT GmbH, Research Institute CODE, University of Maribor, Institute Jozef Stefan, University of Zagreb, University of Patras, University of Lorraine, University of Insubria.