24/7 Teach
Contact
Introduction to Cybersecurity
Lesson 12 of 15

Lesson 12

Lesson 4.3 - Be Accountable: Protecting Student Data & School Networks

Introduction to Cybersecurity · 2 min read

In this lesson, you will…

  • Understand the correct procedures for reporting cybersecurity incidents for compliance.

  • Identify cybersecurity threats that require legal reporting.

INTRODUCTION

Why Reporting Matters

Recognising a threat is just the first step. Knowing how to report it quickly and correctly is what stops a small issue from becoming a major breach.

District cybersecurity policies are only as strong as the people who follow them. Every staff member plays a key role in keeping the school secure.

In this lesson, you’ll learn what to do when you spot a cybersecurity incident and you’ll practice submitting a real-world incident report using a district template.

ACTIVITY READING:

What Is a Cybersecurity Incident?

Any event that might threaten the security, confidentiality, or integrity of your school’s data or systems.

    • You clicked on a suspicious link or attachment.

    • You received a phishing email (even if you didn’t click).

    • You notice strange system behavior (e.g., pop-ups, slowness, unexpected logouts).

    • Someone requests sensitive information in a way that feels “off.”

    • A colleague shares a cybersecurity concern with you.

    1. The IT/security team reviews your report immediately.

    2. They investigate and contain any threat.

    3. They follow legal/compliance steps (e.g., FERPA/COPPA).

    4. You may be contacted for more details.

    Key point: Reporting quickly helps IT act faster — even if you’re unsure whether it’s serious, it’s better to report right away.

[caption id="" align="alignnone" width="500"] Click to englarge. Click to englarge. [/caption]

PAUSE TO PROCESS

Take a moment to recall what you have learnt.

When you are ready, click the button to begin the activity.

REVISITING THE READING

Early Reporting

Let’s pause to understand and explore why reporting cybersecurity incidents is essential for your school’s safety.

Reporting early means acting before damage spreads.

Cybersecurity threats often start small, but it can quickly grow into serious breaches that affect the whole school. Timely reporting gives your IT team a head start to investigate and contain threats before they spread.

  • Threats aren’t always obvious: What seems like a harmless glitch may actually be malware or a phishing attempt in disguise.

  • IT teams can’t fix what they don’t know: Without your report, they may miss early warning signs.

  • You’re not expected to be 100% sure: Reporting isn’t about being certain, it’s about being cautious.

  • Even near-misses are valuable: Flagging failed phishing attempts helps IT strengthen school defences.

  • Documentation supports compliance: Proper reporting ensures legal requirements (like FERPA or COPPA) are met, reducing risk to the district.

SHOW WHAT YOU KNOW

In this activity, you’ll decide which scenarios should be reported and which can be safely ignored.

JOIN THE CONVERSATION:

Now that you understand your legal and ethical responsibilities, discuss why it’s important to report cybersecurity concerns, even if you’re unsure they’re serious.

Respond to at least one other post with a new insight.