Cybersecurity, Safety, & Privacy Concerns of Student Support Structure for Information and Communication Technologies in Online Education FAIZA TAZI, University of Denver, USA SUNNY SHRESTHA, University of Denver, USA SANCHARI DAS, University of Denver, USA COVID-19 has created a dramatic paradigm shift in education methods, which forced schools and universities to abandon the usual in-person education in favor of online education modules. Such a shift has extended the time and use of internet communication technologies (ICTs) by most, making online education platforms primary cyberattack targets. In this context, this study aims to explore parents, educators, and other caregivers’ 1 concerns about online education and the cybersecurity of their children and students. Thus, we conducted a survey-based study with 983 participants recruited through popular crowdsourcing platforms: MTurk and Prolific. Our results indicate a lack of technical support following cyber safety that the students received with the sudden transition to online education. Over 31% of our participants claimed that they never or rarely receive any communication related to cyber safety from the students’ educational institutions. Additionally, our analysis shows that the student support structure needs to be trained and informed on the threats faced by children online and on the ways to mitigate these threats. Finally, we find a statistically significant difference between parents, educators, and other caregivers regarding their perceptions of children’s online privacy and cyber safety. We conclude this work by providing actionable recommendations to promote privacy-preserving and digitally secure online education. CCS Concepts: • Security and privacy → Social aspects of security and privacy; Privacy protections; Usability in security and privacy; • Social and professional topics → User characteristics. Additional Key Words and Phrases: Online Education, Children Cyber Safety, Online Education Privacy, Remote Learning, Remote Learning Cybersecurity, ICTs, Covid-19. ACM Reference Format: Faiza Tazi, Sunny Shrestha, and Sanchari Das. 2023. Cybersecurity, Safety, & Privacy Concerns of Student Support Structure for Information and Communication Technologies in Online Education. Proc. ACM Hum.Comput. Interact. 7, CSCW2, Article 264 (October 2023), 40 pages. https://doi.org/10.1145/3610055 1 INTRODUCTION The rapid advancement in technology and the accessibility of the internet have enriched our living experience. One such area is internet communication technologies’ (ICTs) involvement in the education sector which has extended to provide online education to students from diverse backgrounds. With better technology and network reliability, the education system has slowly 1 we will cumulatively refer to them as the student support structure Authors’ addresses: Faiza Tazi, Faiza.Tazi@du.edu, University of Denver, 2199 S University Blvd, Denver, Colorado, USA, 80208; Sunny Shrestha, sunny.shrestha@du.edu, University of Denver, 2199 S University Blvd, Denver, Colorado, USA, 80208; Sanchari Das, Sanchari.Das@du.edu, University of Denver, 2199 S University Blvd, Denver, Colorado, USA, 80208. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM. 2573-0142/2023/10-ART264 $15.00 https://doi.org/10.1145/3610055 Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264 264:2 Faiza Tazi, Sunny Shrestha, and Sanchari Das moved toward the digital format. This gradual shift was pushed into rapid advancement when COVID-19 hit the world [13]. With enforced lockdowns and social distancing policies, traditional classes are now live stream (LS) based learning mode [14, 26]. This form of digital learning is also referred to as online education or remote learning. To summarize, online education can be defined as the implementation of ICTs in the mechanism through which education is delivered, either synchronously or asynchronously, through the internet with the aid of digital technology tools and platforms [18, 34]. The transition from a physical classroom to a digital one during the COVID-19 pandemic was fraught with minimal resources, a technological knowledge gap, a lack of support from the government, and vast socioeconomic disparity [4]. Nevertheless, many educational institutions could take on this task and execute it, albeit with some difficulties. The availability of technology and infrastructure to support such a massive move helped preserve the learning progress of many students [31]. However, most families and educators across the US struggled to keep up with the online education format [24]. Many parents, educators, and other caregivers who form the student support structure had to overcome network issues, technical errors, and limited knowledge of the platform to create an engaging virtual learning environment. For working parents, this was a Herculean task as they were forced to continue their work from home while overseeing their children [2]. Online education was a challenging experience for educators and other caregivers as well. Similarly, students had to spend much of their time in front of the devices to receive education and interact with peers and, after that, had to invest more time trying to adjust to new learning formats [1, 3]. As most of the population was spending time online interacting with new technology platforms and tools, the target pool for cybercrime was at an all-time high [16, 47]. Most of the population online was unfamiliar with these technological tools and lacked important cybersecurity knowledge. In July 2019, hackers held technology systems at Monroe College in NY at ransom for $2 million in bitcoin as reported in the news2 . In a similar cyberattack incident, the Federal Bureau of Investigation notified Pearson, a British educational software, of a data breach that exposed sensitive information like names, date of births and email address of student from more than 13000 school and university accounts3 . The pandemic has highlighted the need for cybersecurity education and awareness in the general population. Students, especially those under the legal age, are more vulnerable to online threats and attacks, as they are unable to understand the severity of cybercrimes and equally unable to prevent or resolve such attacks [7]. The student support structure involving the parents, educators, and other caregivers is thus in a critical position to make decisions to safeguard the privacy and security of students. Traditionally, the student support structure has dealt with such risks by limiting students’ interaction with technology, which could not be achieved during the pandemic as the students needed to be online for the better part of the day for education, entertainment, and social engagement. Apart from finding innovative ways to support the students’ mental health during such sudden exposure to higher digital threats, their support structure also needs to monitor the platforms to prevent any cyber threats and attacks [9, 42]. For example, an adult supervisor might notice activities and risks that a younger individual might not suspect as a threat. In this way, the student support structure is in an excellent position to prevent cyber threats and mitigate risks. However, this is only possible if they are educated and aware of cybersecurity risks [21]. Thus, it is essential to understand the perspectives of parents, educators, and other caregivers when we evaluate students’ security and privacy in an online learning system. Unfortunately, however, this population is severely understudied. 2 https://www.cnbc.com/2019/08/29/hackers-are-targeting-colleges-for-students-data.html 3 https://www.wsj.com/articles/pearson-hack-exposed-details-on-thousands-of-u-s-students-11564619001 Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:3 To this aid, we conducted a survey-based analysis to understand the student support structure’s cybersecurity, safety, and privacy risk perceptions. The survey was deployed on two prominent crowdsourcing platforms, MTurk and Prolific, where we collected data from 1036 participants. Through this study, we aim to answer the following research questions: • RQ1: How do educators, parents, and other caregivers perceive cybersecurity, cyber safety, and privacy threats concerning their children and students with online education? • RQ2: To what extent is the communication between the parties accountable for students’ cybersecurity, cyber safety, and privacy reliable and efficient? • RQ3: What are the individual factors that contribute to the attitudes of parents, educators, and other caregivers towards cybersecurity, cyber safety, and privacy of children in the online education context? Our study shows that the majority (76.91%) of our participants are aware of the importance of cybersecurity to their students and children regardless of their age group, although the importance of age-appropriate communication was repeatedly voiced by all participant groups. Our results also reveal the importance of more cybersecurity training for the student support structure to improve the quality of communication about the cybersecurity, cyber safety, and privacy risks the children incur from being online. Through this study, we aim to contribute to the literature by: • Delving deeper into the perceptions and attitudes of parents, educators, and other caregivers towards the security of the students in online education. We deem it necessary to address all these categories forming the student support structure, seeing that they all play an essential role in raising future generations in a safe physical and virtual environment. Furthermore, most other studies we investigated only consider parents or educators. In contrast, we chose to include other caregivers in our analysis for the reasons cited above and for their knowledge and experience. • We specifically focus on the impact of our participants’ computer and cybersecurity expertise on their responses which in turn reflect the critical requirement of IT support and cybersecurity awareness and education for the students. This is critical to evaluate as we need to understand the technological limitation of the student support structure, which the students might need and seek at home and in the classroom. • Additionally, we collected data from 1036 participants; these responses have been both qualitatively and quantitatively analyzed to extract essential themes. The mixed-methods approach on such a large scale is one of its kind. It has provided critical insights into the user perception of online education while emphasizing the essential cybersecurity and safety aspects. In the following section 2, we detail the background work which motivated our research as we explored further the cybersecurity, cyber safety, and privacy domains of the online education module. After that, in section 3, we discuss in-depth the study design, recruitment methods, and analysis techniques. Next, we detail the results and discuss the findings in section 4. Then, given the results and prior work on the topic, we provide our recommendations in section 5. Finally, we list the future extension of the work, and discuss the limitations in section 6 and in section 7, we provide a conclusion to this study. 2 RELATED WORK Online education has long been established as a viable form, in which the education is delivered through the internet either in synchronous or asynchronous fashion [18, 34]. This education delivery form has always been used on the sidelines as an alternative to traditional classroom Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:4 Faiza Tazi, Sunny Shrestha, and Sanchari Das learning. However, the recent onset of the pandemic, COVID-19, and subsequent lockdowns pushed online education as a primary form of education delivery for students across the United States and worldwide [25, 53, 56]. This sudden switch across all levels of education has forced students, educators, parents, and caregivers to adjust their lives around this form of learning. Researchers have been taking note of the different implications of online education [55]. However, it is imperative to note the impact of such a shift to online modules from cybersecurity, cyber safety, and privacy lenses. Although online education has been a boon to instructors and students by allowing them to continue their education despite the pandemic, it has also created a shift in technology usage. Before the pandemic, online education was rarely used in the traditional classroom setting for young children and teenagers [32]. In their research, Ali discusses how parents and educators primarily relied on an in-person classroom set up to provide an appropriate learning environment for their children but now have to recreate a learning environment using the ICTs that were not traditionally designed for the educational realm [3]. This development has piqued researchers’ interest in further understanding the transition process to online education and its effect on family dynamics. Online education methods brought classrooms home, and the student support structure has been forced to understand and operate modern technology tools almost overnight [11]. This new role as ‘learning agents’ has put additional strain on the student support structure, especially on parents. In recent research, parents expressed a need for more support from educators on setting up the online education environment and understanding how to support their children’s learning [19]. Thus, our study aimed to analyze the student support structure’s perspectives on online education focusing on the understudied cybersecurity, safety, and privacy lenses. 2.1 User Perception Towards Online Education 2.1.1 Parents’ Perception. Parents usually monitor their children’s “screen time” to effectively prevent their prolonged interaction with technology [51]. In 2020, parents were forced to participate actively in facilitating and monitoring children’s interaction with internet platforms and tools. A study by Bansal et al. shows that many parents found the experience of online education stressful for their children and family overall [6]. During the pandemic, parents often were the primary facilitator of online education. As a result, they had a closer view of the pervasive nature of Zoom4 classrooms and school-mandated learning tools and platforms. Balash et al. discuss how students perceive the online proctoring tools and the existing privacy and security concerns related to these tools [5]. Their user study, conducted on 102 participants (72% in the age range of 18-24), discovered that students did not trust the school-mandated proctoring tools and standalone software. Most students found these tools to threaten their privacy and unnecessary, impacting their parents’ perception and understanding of the tools. Prior studies show that parents prefer education in a traditional classroom rather than the online delivery system [22, 52]. This preference is guided by the parent’s desire to keep their children socially active, engaged in studies, and protected from cyber-related risks and harm [20]. Such studies motivated us to investigate if this recent development of the parent-children-technology dynamic has changed parents’ perspectives on cybersecurity, cyber safety, and privacy. Hence, in this study, we delve deeper into parents’ perceptions of online education and report on their opinions on use of these tools and software. 2.1.2 Educators’ Perception. Educators who otherwise do not have to monitor their students’ online presence, now suddenly had to conduct online classrooms, and monitor students’ online behavior during this pandemic [12, 46]. Revilla et al. discuss the educators’ vital technological 4 https://zoom.us/ Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:5 difficulties with the sudden transition to online education [46]. Moreover, since educators played a crucial role in the students’ interactions with technology, they could provide essential insights into the pros and cons of online education as demonstrated in studies conducted in India [33] and Saudi Arabia [41]. As evident in these studies, educators went through a harrowing experience as they were thrust with the responsibility to conduct a class over video conferencing, which meant getting familiar with the technology, being able to troubleshoot technical interruptions, keeping the students engaged, and monitoring disruptive behaviors, all while still delivering education to students. In addition, this experience highlighted the need for digital knowledge for parents and educators, as the ones that did not use digital technology otherwise had a more challenging time adjusting to online education. With online education, the student’s support structure has witnessed different cybersecurity vulnerabilities that can jeopardize students’ well-being and privacy. Hence, in this study, we investigate technical and cybersecurity support avenues educators have access to and educators’ experience with these support systems. We also look into the struggles, if any, experienced by educators in safeguarding their students’ privacy. 2.1.3 Caregivers’ Perception. Apart from parents and educators, caregivers, or kinship caregivers5 were also affected by this switch to online education over the pandemic. Here we consider all adults other than parents, who provide care for children like grandparents or babysitters or guardians or social care providers as caregivers. Caregivers bear similar stresses in varying degrees that parents felt while facilitating online education for children during the pandemic [59]. Many students had to rely on their grandparents to facilitate online education during the pandemic. Many caregivers have a critical responsibility for children, yet their role in children’s education needs to be wellresearched. Due to the diverse nature of individuals identifying as caregivers to children, they can provide a nuanced and different take on online education’s privacy and security aspect and its impact on children’s overall education. However, we noted a gap in the literature evaluating the online education perspective from the caregiver lens, which we explored through this study. 2.2 Privacy & Security Challenges It is reported that during the COVID-19 pandemic, when most of the population relied upon online interaction to meet daily needs, the number of cybercrimes increased by 600% [10]. Although these crimes might affect all users equally, the scope and impact of such crimes have increased drastically among the vulnerable population like young students, the elderly, and so on [8]. Thus, online education platforms and technical tools are paramount to be secure and privacy-preserving. However, the platforms widely utilized for online education worldwide were not explicitly designed to deliver education to hundreds of thousands of children and students in a secure way [30]. Instead, these platforms and technologies were selected for their availability, ease of use, and ability to meet the requirements of a simulated classroom with minimum setup and time [54]. As demonstrated in the survey conducted by Balash et al., highly invasive (monitoring the screen time, mouse movement, web browser activity) exam proctoring tools and schools-mandated standalone software were used to facilitate online education. Although these tools looked safe due to their association with online education platforms like Canvas, it is a third-party service with unknown security vulnerabilities. Software and tools like these can easily be exploited, resulting in a devastating breach of privacy [5]. The rushed move to online education with the aid of such platforms and technology tools was not a desirable scenario for either parents or educators [15]. When it comes to online education, what is more imperative for privacy and security is that the children’s data can be at stake due to issues of technology, parents’ and educators’ understanding of 5 https://www.childwelfare.gov/topics/outofhome/kinship/about/ Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:6 Faiza Tazi, Sunny Shrestha, and Sanchari Das the tools used, and the institutions. Thus, it is critical to understand the perception of the learning agents. In this study, we recruited participants through crowdsourcing platforms, MTurk 6 and Prolific 7 , to assess the user perception of online education from the parents’, educators’, and caregivers’ point-of-view. Crowdsourcing platforms are effective tools for studying large and diverse groups of people in a short amount of time [29, 45]. The platforms we used in this study like Amazon Mechanical Turk and Prolific marketplaces can reach participants from countries with varying personal, professional, and geopolitical situations [28]. This way, we ensure that the data collected in this study represent most of the population with access to some technology. Although we cannot reach the population who do not interact with technology for our study, the advantages of using crowdsourcing platforms, like the ease of use, a quick study, and access to most populations, outweigh any limitations. These valuable prior works have guided us to formulate the questionnaires in our survey. Through our study, we provide a detailed view of the perceptions and experiences of parents, educators, and caregivers regarding cybersecurity, cyber safety, and privacy aspects of online education. While there are some studies available on parents’ and educators’ perspectives on online education, our study has also focused on caregivers because they, too, played a crucial role in students’ online education, especially when considering students that are under the care of kinship caregivers in the absence of their parents. Furthermore, we look into the technical support provided to educators from the privacy and security viewpoint while conducting online education and recommend more support. 3 METHODOLOGY In this study, we analyze online interaction and cyber safety for the education sector from the perspectives of parents, educators, and other caregivers. To this regard, we conducted a survey-based analysis to discern the cybersecurity, cyber safety, and privacy risk perceptions of the students’ support structure, including professors and teaching assistants in an online education setting. The target population of this study is parents and caregivers of children who are still in school and who are currently taking or have in the past taken classes in an online format, as well as educators, including professors and teaching assistants who have worked in an online setting. Teaching assistants were included in the educators’ category since they can impact or be part of the decision-making process regarding cybersecurity communications, tools, and overall methods of communication. We used power analysis with a power of 0.9 and differences of 3 to determine an adequate sample size; through the result of this analysis, we determined that the best sample size would be 200 participants for each category, however, we decided to try to recruit 300 participants per category, since after data cleaning these numbers eventually decrease. As such, a total of 1141 participants were recruited from both platforms, of which 980 answers were analyzed to maintain the quality of the data analyzed. This is due to multiple reasons, including 26 participants who did not answer the attention check questions correctly and 132 participants who identified within one or more of the considered categories but did not have school-aged children, or were not currently teaching any classes. Participants were asked to answer questions for up to three age groups of students they supported. Accordingly, educators answered questions for 391 different classes, parents answered questions for 614 and caregivers answered questions for 536 students. The ethical review board approves this study. 6 https://www.mturk.com/ 7 https://www.prolific.co/ Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 3.1 264:7 Survey Design Our questionnaire was deployed on two crowdsourcing platforms, Amazon Mechanical Turk (MTurk) and Prolific. Both are common prominent crowdsourcing platforms for academic research. For example, MTurk has been widely used for cybersecurity, safety, and privacy studies [35, 48, 58], while Prolific proclaims on their website that they can offer “high-quality data, on various topics, from a variety of different audiences” 8 . The questionnaires for both platforms were deployed on Qualtrics. For MTurk, we collected data from the participants who had at least 98% MTurk HITs approved and who were compliant with our inclusion and exclusion criteria. The prolific survey was launched in multiple stages to ensure an equal final distribution from all participants and obtain participants in all three categories. At first, the survey intended for educators was launched; after filling the quota, the parents and the other caregivers’ surveys were launched, respectively. Participants from both platforms were paid the compensation mentioned in the ethical review board procedure, which was more than the state’s minimum wage. The complete questionnaire is included in Appendix A (In the Supplementary Files). 3.1.1 Pre-screening Questionnaire and Survey Flow. The participants answered the pre-screening questions, including age brackets and what category they identified as a parent, an educator, other caregivers, or none. Participants less than 18 years old were disqualified since our study targets adults who care for students who are currently or were previously enrolled in remote education courses to understand their perspective about cybersecurity, safety, and privacy of these students. Additionally, For the MTurk survey, our participants could identify either as a parent, an educator, a caregiver, or a combination of these categories. If they identified as none of the categories, they were disqualified and did not proceed with the studies. Those who carried forward answered the questionnaire for that relevant category; however, if they identified as more than one category, then a questionnaire from one of these categories was randomly selected. Such study design led to an uneven distribution of the three categories. To remediate the skewness, we chose to deploy the prolific and MTurk survey on different stages and fill the quotas for each category separately. The multiple surveys also helped with crowdsourcing platforms’ requirements for pre-screening. For MTurk, we had inclusion criteria of HIT Approval Rate for All Requesters HITs at greater than 95%. Additionally, we required the participants to be Master Turkers. A Master Worker is a top Worker of the MTurk marketplace that has been granted the Mechanical Turk Masters Qualification. These Turkers have consistently demonstrated high success in performing a wide range of HITs across many Requesters. The time allotted to the Turkers was one hour, and the survey batch expired every seven days. Additionally, we limited the geographical location of the participation to the US and had the age criteria set to 18 years though this was also a screening criterion in our survey. The total number of requests per batch was 20. This was done for quality control of the data collected. For Prolific, we advertised the survey with a clear description that this study was for participants’ perception of remote learning as an educator, a parent, and a caregiver. Within the survey, we asked the participants if they were educators, parents, caregivers, or any combination of such or none to a student. Any participant who did not select the required identification was prohibited from continuing the study. Although Prolific allows platform-provided filters to screen the survey-takers, we needed more than these pre-built filters to allow us to recruit specific groups we needed for our survey. For example, we wanted to recruit specific people who were either just parents or educators or cared for kids in a caregiver capacity but were not parents or educators of the students they cared for. Thus, we deployed the survey to specific groups which satisfied our requirements. We 8 https://www.prolific.co/blog/qualtrics-surveymonkey-prolific-higher-quality-data Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:8 Faiza Tazi, Sunny Shrestha, and Sanchari Das reviewed the submissions from the participants to verify that the recruited participants satisfied our study criteria. Parents and caregivers were asked to answer questions for each child enrolled in school, up to three children. They were also prompted to choose three different age groups to answer if they had more than three children. This serves the purpose of comparing the attitudes of parents and caregivers toward the different age groups. These answers were then aggregated into one table for each category, where each child had their own entry. On the other hand, educators were asked to answer a set of questions for all the classes they were teaching as it would take a lot of work to obtain information about every student they teach. 3.1.2 Open and Close-Ended Questions. The survey questionnaire comprised both close-ended and open-ended questions. A combination of these questions was used since multiple-choice questions allowed for information collection quickly and efficiently. Open-ended questions were also included within the survey as they can provide valuable insight into significant thoughts and events relevant to this research. However, many participants bypassed the open-ended questions, as with many survey-based studies. The participants who answered the questions provided valuable insight used for thematic analysis. It is also important to note that all questions except the aforementioned pre-screening questions were optional so as not to prompt or pry for information that participants did not feel comfortable giving, to maintain authenticity for information that participants provided within this context and minimize the noise in the data. 3.1.3 Concluding Remarks and Expertise Evaluation. Participants were asked conventional demographic questions such as age, education, and household income. All these questions were taken from prior works, and we ensured that we asked appropriate demographic questions and even made edits from our pilot study with 50 participants. We also asked them questions about their security and computer science knowledge to determine whether it impacts our participants’ attitudes since research into the negotiation of cybersecurity within a household showed that the parents’ computer background may influence household cybersecurity practices and choices that parents make [40]. These questions were based on research by Rajivan et al. [44]. Rajivan et al.’s questionnaire included 17 questions sorted into four categories: Academic and professional background, computer security skills, everyday computer interactions, and security knowledge. While the questions within this work are valid for helping to gauge participants’ computer knowledge, time and content constraints on our survey led us to use these questions as guidelines for questions to understand participants’ computer knowledge better. As we were also seeking to learn about other factors, it was not prudent for our survey to include all 17 questions; thus, we implemented a subset of it. 3.1.4 Analysis Strategies. We analyzed answers from 980 participants, which included 1541 responses pertaining to the different children. We examined the close-ended questions’ data for each group by itself to compare the parents’, educators’, and other caregivers’ perspectives. We also compared the grade groups to examine and measure the differences between the age groups and whether being responsible for an older or younger child influences the perspective and attitude of our participants towards cybersecurity, cyber safety, and privacy regarding students. Finally, we explored the factors responsible for each group of participants’ perceptions of the importance of cybersecurity, cyber safety, and privacy to students in the online education paradigm. For the quantitative study, we used linear regression to explain the relationship between the perceptions of cybersecurity importance of the student’s support system with the Likert scale answers they provided during the survey. More details on the statistical evaluation are provided in section 4. As mentioned above, we analyzed each category of the students’ support system. We Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:9 used the following variables: “student’s time using ICTs” , “Frequency of cybersecurity, cyber safety or privacy school administration communications” , “Frequency of cybersecurity or cyber safety communication with students” , “Cyber incidents involving students” , “Perceptions of tools available to support the cybersecurity, cyber safety, and privacy of students” , “Security Knowledge” as well as “Computer Knowledge” as independent variables for all the categories analyzed in this study. In addition, for Educators, we used an additional independent variable, namely “Frequency of cybersecurity or cyber safety communication initiated by a parent or caregiver” . Concerning the open-ended questions, we evaluated questions about similar subjects, such as how our participants manage cybersecurity communications and how the school administration manages these communications. Accordingly, we performed a thematic analysis of these responses. The first author reviewed the open-ended questions to determine the themes of the analysis. Two coders reviewed the responses and themed the responses for each question. Afterwards, the coders met and reviewed each other’s coding. The final codebook reflects the themes that both coders agreed on. The themes are demonstrated in the following tables: Table 6, Table 5, Table 4 and Table 7. 4 FINDINGS AND DISCUSSIONS Here we report the results of our study. First, we will provide an overview of our participants’ demographics; after that, we will note the quantitative analysis of the survey. Finally, we provide the qualitative analysis of the survey’s open-ended questions. 4.1 Demographics A total of 1141 participants took our survey, on MTurk and Prolific. Of which 584 Mturk responses were analyzed based on their completed responses. These included 210 participants who identified as parents, 160 as educators, and 214 as other caregivers. Similarly, 396 responses from our survey posted on Prolific were analyzed, of which 183 identified as parents, 122 identified as educators, and 91 identified as other caregivers. This left us with a final dataset comprising 393 parents, 282 educators, and 305 other caregivers. Of the 980 records analyzed, 56.42% of our participants were aged between 25 and 40 years old. Two participants who identified as educators and one other caregiver were over 71 years old. In addition, over 56% of our participants reported identifying as male, 40.71% percent identified as female, six participants identified as non-binary, and one participant identified as transgender. Finally, most participants (80%) reported at least some college education, with educators having the highest percentage (84.75%). Table 1 provides the overview of the participants’ demographics of the study. 4.2 Parents’ Perspective Here we report on our participants who identified as parents. Online education has created several issues for parents, which may or may not be related to technology. 393 of our participants identified as parents; these participants answered our survey for a total of 614 school-aged children. 4.2.1 Importance of Cybersecurity. Parents were asked questions to gauge the perceived importance of cybersecurity for their children. Our results show that most participants who identified as a parent from both crowdsourcing platforms acknowledge the importance of cybersecurity for their children; in fact, over 72.31% of the children’s parents believed cybersecurity to be extremely important or very important. While less than 2.3% of parents thought cybersecurity to be “Not at all important” to their children who were mostly in K-2 grades, this can be examined further in Figure 1. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:10 Faiza Tazi, Sunny Shrestha, and Sanchari Das Table 1. Demographics of the Participants, including age, gender and education level Educators Parents Other caregivers 42 85 84 46 14 10 2 14 94 155 91 26 13 0 44 77 112 46 15 10 1 109 150 2 0 21 166 221 1 0 5 124 180 1 0 0 0 3 150 87 17 3 9 1 1 1 52 192 91 4 18 9 19 3 1 25 158 87 3 7 7 14 3 Age 18 − 24 years 25 − 30 years 31 − 40 years 41 − 50 years 51 − 60 years 61 − 70 years Over 71 years Gender Female Male Non Binary Transgender Did not specify Education Level Less than high school High school graduate Bachelors degree program Masters degree program Doctorate Diploma Professional degree Vocational training Other K-2 grade 7 9 3-5 grade 0 5 16 6-8 grade 1 4 14 9-12 grade 4 4 55 60 74 64 46 21 College 12 12 Graduate 1012 3 28 20 18 10 58 39 Not at all important Slightly important Moderately important Very important Extremely important Fig. 1. Parents Perceived Cybersecurity importance for students Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:11 4.2.2 Cybersecurity Incidents Involving Children. Parents were asked if their children were part of a cybersecurity incident. Parents of 140 children confirmed they were indeed involved in a cybersecurity incident. However, some parents chose not to answer this question. Only 10 of which explicitly selected the option “chose not to answer” , while 2 participants chose to ignore the question altogether. More details are shown through the bar graphs in Figure 2. 25 K-2 grade 126 3-5 grade 40 6-8 grade 40 9-12 grade College 3 116 4 79 17 4 71 12 31 1 0 Yes No Did Not Answer Graduate 6 10 Fig. 2. Frequency of cyber incidents that involved students as reported by the parents 4.2.3 Time spent using ICTs. Parents of 24 children purport that the amount these children spend online has decreased since they started online education. Only 5 of whom affirm that it has drastically reduced. Parents of 15.15% of these children estimate that there was no change in the amount of time spent on ICTs during remote education. 48 K-2 grade 59 3-5 grade 43 37 9-12 grade 19 Graduate 4 130 29 17 27 77 54 6-8 grade College 71 5 20 18 62 20 21 40 41 32 Greatly increased Somewhat increased No change Somewhat decreased Greatly decreased Fig. 3. Perceptions of parents on the students’ time spent on ICTs during remote learning Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:12 Faiza Tazi, Sunny Shrestha, and Sanchari Das 4.2.4 Cybersecurity Communication. Parents were asked how frequently they communicate with their children about cybersecurity. This will allow us to understand if the perceived importance and the frequency of cybersecurity communications correlate. Parents were also asked about the prevalence of cybersecurity communication they received from their children’s schools. For over 39.57% of the children, parents affirmed that they rarely or never receive communication about cybersecurity from their children’s schools. Additionally, for over 44.46% of the children, parents confirmed that they discuss cybersecurity of safety with their children weekly or even daily. 4.3 Educators’ Perspective In this section, we will detail the results pertaining to our participants who identified as educators. 282 participants identified as educators, and they answered questions for 391 different classes. This analysis was critical as the shift to online education has impacted educators globally. 4.3.1 Importance of Cybersecurity. Most educators who took the survey deemed cybersecurity, cyber safety, and privacy critical (66.75%) for their students, while 21.74% of our participants believe cybersecurity is “Moderately Important”. Only 11 participants identified as educators proclaimed that cybersecurity is not essential to their students, most of whom teach college-level classes. 4.3.2 Cybersecurity Incidents Involving Students. Educators were asked whether their students were involved in any cybersecurity incidents. This question is crucial because it allows us to understand how educators are engaged in the cybersecurity of their students in general. By asking this question, we were primarily interested in comparing the number of incidents reported by the different categories. This can confirm the importance of committing to cybersecurity communication with students. 23.53% (92) of educators confirmed that their students were a part of a cyber incident; only 26 participants refused to answer this question or skipped it altogether, while the rest did not report any incidents. 4.3.3 Time spent using ICTs. The time spent using ICTs during online education has increased, according to most of our participants. Over 45.78% of our participants who identified as educators affirmed that their students’ time spent on ICTs has dramatically increased, and 40.15% said that it somewhat increased. Only four participants mentioned that their students’ time spent on ICTs decreased, while the rest estimated no change. 4.3.4 Organizational Cybersecurity Communication. Our participants were asked multiple questions about their communication about cybersecurity from different standpoints. These questions sought to examine the frequency at which the cybersecurity of the students is conferred, not only from the perspective of the students but also from the perspectives of their caretakers and parents, as well as school administrations. Over 58.31% of participants who identified as educators affirmed that students’ parents and caretakers never or rarely reached out to communicate with them about cybersecurity and privacy, and 12.27% of our participants who identified as educators have affirmed that a caretaker has reached out to them daily about the cybersecurity or privacy of the students. This is compared to only 42.2% educators who declare that they never or rarely reach out to the parents and caregivers of their students about their cybersecurity, cyber safety, and privacy. Similarly, 37.6% of educators proclaim that school administration rarely or never reaches out to them about cybersecurity, cyber safety, and privacy. 4.4 Other Caregivers’ Perspective This section will detail the results of our participants who identified as other caregivers. Although a total of 324 caregivers were considered for this analysis, these specific participants answered questions for 517 different children. Including caregivers other than parents and educators in this Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:13 study is critical since this category offers necessary support, help, and guidance in raising future generations. In addition, it can include kinship caregivers such as siblings and grandparents, or babysitters, guardians, and social workers. 4.4.1 Importance of Cybersecurity. Other caregivers were asked questions to assess their perceived cybersecurity importance. More than 83.95% of our participants in this category deemed cybersecurity critical or extremely important; in fact, only one participant said that cybersecurity is not essential to the child they cared for; more details can be viewed in Figure 4. K-2 grade 03 11 3-5 grade 03 59 55 26 6-8 grade 13 93 19 9-12 grade 02 8 College 012 7 7 Graduate 0 13 3 67 31 53 48 14 Not at all important Slightly important Moderately important Very important Extremely important Fig. 4. Other caregivers perceived cybersecurity importance for students 4.4.2 Cybersecurity Incidents Involving Children. Caregivers reported the highest number of incidents among the children they cared for, with 44.59% of these children being involved in a cybersecurity incident. Furthermore, 19 caregivers refused to answer the question about cybersecurity incidents by explicitly choosing the “Prefer not to answer” option, while ten other caregivers just skipped this question. More details on the distribution of incidents by grade level are provided in Figure 5. 4.4.3 Time spent using ICTs. According to caregivers, 85% children under their care have been spending more time using ICTs. However, also according to caregivers, about 11.01% of the children did not change their use of ICTs. As for the rest of the children(19), their caregivers claim that their time spent on ICTs has decreased. Figure 6 provides an insight into the distribution of students’ time spent using ICTs by educational grade level. 4.4.4 Cybersecurity Communication. For 67.16% of the children, caregivers affirmed that they discuss cybersecurity weekly or daily. However, only 15 of these children have yet to receive any cybersecurity communications from their caregivers. Similar results extended to the communication initiated by the children’s schools and targeting their caregivers, where 58.77% of the children’s schools initiate these conversations weekly or daily. In contrast, only 6.34% of these schools never do so. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:14 Faiza Tazi, Sunny Shrestha, and Sanchari Das 59 K-2 grade 67 86 3-5 grade 85 57 6-8 grade 9-12 grade 4 19 70 35 7 12 1 College 5 8 4 Graduate Yes No Did Not Answer 13 30 Fig. 5. Number of cyber incidents that involved students according to other caregivers 41 K-2 grade 58 3-5 grade 19 9 51 97 42 6-8 grade 9-12 grade 72 69 30 17 25 30 21 5 10 College 6 4 3 22 Graduate 3 11 020 Greatly increased Somewhat increased No change Somewhat decreased Greatly decreased Fig. 6. Perceptions of other caregivers on the students’ time spent on ICTs during remote learning 4.5 Cross-category and Cross-platform Comparisons To understand further the similarities and differences in the perceptions of parents, educators, and other caregivers, we conducted additional statistical analysis to gauge the differences between groups. Since our data were not normally distributed, we could not use ANOVA to do this analysis; we chose the Kruskal-Wallis rank sum test. Table 2 shows the test results for different themes considered during this analysis, proving a significant difference between the three categories in all the themes. Consequently, we conducted a pairwise Wilcoxon test to calculate pairwise comparisons between category levels. Table 3 shows that for all themes except the “Time spent Using ICTs” and “Computer knowledge scores” parents and other caregivers are significantly different. In addition, educators and other caregivers are significantly different in all themes except Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:15 one: “Caregiver’s perceived cybersecurity importance for child”. On the other hand, we can see a significant difference between educators and parents for only three themes, as shown in Table 2. Table 2. Kruskal-Wallis rank sum test result to compare educator, parents, and other caregivers. Time spent Using ICTs School initiated communication about cybersecurity Caregiver initiated communication about cybersecurity with child Cybersecurity tools were available in support of student’s online learning Caregiver’s perceived cybersecurity importance for student Cybersecurity incidents involving student Cybersecurity knowledge score Computer knowledge score 𝜒2 df 25.727 2 53.567 2 87.288 2 57.435 2 22.818 2 46.961 2 141.97 2 7.5495 2 p-Val < 0.0001 < 0.0001 < 0.0001 < 0.0001 < 0.0001 < 0.0001 < 0.0001 0.02 Table 3. Pairwise Wilcox p-value to compare educator, parents, and other caregivers. (Ed: Educator, P: Parent, OCG: Other CareGiver) Time spent Using ICTs School initiated communication about cybersecurity Caregiver initiated communication about cybersecurity with child Cybersecurity tools available in support of student online learning Caregiver’s perceived cybersecurity importance for student Cybersecurity incidents involving student Cybersecurity knowledge score Computer knowledge score Ed vs P 0.00036 0.3 < 0.0001 0.65 < 0.0001 0.63 0.078 0.257 Ed vs OCG < 0.0001 < 0.0001 < 0.0001 < 0.0001 0.66 <0.0001 0.0001 0.03 P vs OCG 0.12844 < 0.0001 < 0.0001 < 0.0001 < 0.0001 < 0.0001 < 0.0001 0.082 To explore the differences between platforms, we used the Kruskal-Wallis rank sum test on each question, organizing the answers by platform. For the question of the perceptions of cybersecurity, cyber safety, and privacy importance, there was no significance between platforms for participants who identified as parents (𝑝 = 0.09) as for educators and other caregivers; there was a statistically significant difference between platforms with a p-value of 1.733𝑒 − 09 and 0.004 respectively. Furthermore, there was no statistically significant difference between platforms on time spent on ICTs during remote learning for all categories (𝑝 > 0.32). Moreover, the results for communication all show statistically significant differences between platforms with a p-value equal to or less than 0.0005, except for communication initiated by caregivers towards students with a p-value of 0.32. 4.6 Open-Ended Question Evaluation Our questionnaire included several open-ended questions to give our participants more opportunities to convey opinions, thoughts, and insights on the relevance of cybersecurity to the students. In the educator segment of the survey, participants were asked ten open-ended questions, while the parents and other caregivers segments included 6 open-ended questions each. Participants were not required to answer questions, so naturally, they only sometimes answered the text entry questions or provided sparse or unusable replies. However, more detailed responses show our participants’ concerns and speculations regarding the students’ cybersecurity. Consequently, we conducted a thematic analysis of the open-ended responses and inferred some essential themes that we will present in the following subsections. Some answers provide a glimpse of crucial pieces Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:16 Faiza Tazi, Sunny Shrestha, and Sanchari Das regarding cybersecurity, cyber safety, and privacy communication, as well as the challenges of online education. A constant pattern that keeps appearing limits the amount of time the children are allowed to spend on the internet to keep them safe. 4.6.1 Importance of Cybersecurity. The student support system was asked about their perspective on the importance of cybersecurity to students. The consensus was that cybersecurity is a priority but only sometimes a top priority among all participants. An open-ended question was then asked to reveal the participants’ mindset. The responses to these questions were then classified into themes: privacy, online predators, malware and phishing, inappropriate content, not concerned, improper interaction, and vulnerable population. 29 10 16 96 27 39 34 47 21 15 19 19 9 9 10 18 32 8 Ma l Ph ware ish & ing Co Not nce rn e d pp Co ropri nte ate nt Ina Vu Po lnera pu lat ble ion y vac Pri G Im ener po rta ic nce Theme P E OCG Pre dat ors Table 4. Distribution of the themes generated from thematic analysis of the question: “Why do you think cybersecurity is important/not important to your child/students ”.E: Educator, P: Parent and OCG: Other CareGiver 5 9 4 “Online Predators” was a recurring theme within multiple questions. The student support system believes that students need protection from strangers and, in the case of cyberbullying, from each other. One prolific caregiver declared that: “I want to prevent the child from accessing non-age appropriate sites and communicating with adult strangers, both of which are essential for their safety and psychological well-being.” (OCG-P-57) 9 Cyberbullying was rarely mentioned in the initial open-ended answers; very few participants said cyberbullying was part of the subjects they communicated with the students about. However, when asked about their perspective on the importance of cybersecurity, many participants conveyed their worry about students being cyberbullied or even bullying each other, as they mentioned: “Because it helps to prevent the child from being bullied and possible abuse.” (OCG- P -94) Similarly, our participants conveyed their worry about identity theft and privacy loss. Participants worry not only about the outside attack but also about the type of data the students are sharing online and with whom they are sharing that information. a participant stated that “There is so much at stake for my child’s identity. Cybersecurity is an ever-increasing matter that we need to deal with... ” (P-P-49) Another participant conveyed that: “The digital footprint and implications of those footprints for young people may not be apparent until later in life, and it is imperative that ample steps are taken to convey that” (OCG-P-61) 9 The first part of the code refers to the category the participant identifies as, E: Educator, P: Parent and OCG: Other CareGiver. The second part of the code stands for the platform, MTK: Mturk, P: Prolific Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:17 An equally important theme that emerged during this discussion is the vulnerability of children. Children are the most vulnerable to cybersecurity, cyber safety, and privacy issues due to their age, lack of experience, and tendency to trust others. The consequences for children can be devastating. The student support system also mentions how these students might need more maturity and perception to protect themselves online. One such parent notes that: “I wonder if my first child understands the importance of cybersecurity and/or how it can be used by less-desirable individuals.” (P-MTK-33) Another caregiver states: “...because they are children, they are vulnerable to hackers, so security and safety are vital.” (E-MTK-58) Finally, some participants stated they were not concerned about cybersecurity, cyber safety, and privacy of the students. Some of these participants claimed that it is because the students have limited access to their ICTs that they are not concerned about cybersecurity, cyber safety, and privacy “If my child had unlimited access to the internet, then I believe I would be much more interested in cybersecurity.”(P-P-21) “They don’t do anything besides play games” (OCG-P-113) Multiple participants also claimed that the students are old enough to understand the repercussions and care for themselves online. “Old enough to look out for himself.” (OCG-P-54) 4.6.2 Communication Between Students and Student Support Structure. Several open-ended questions directly explored how students’ support structure communicates with the student(s) about cybersecurity, cyber safety, and privacy, a topic identified as one of our survey themes. For example, one prompt asked participants to describe an experience communicating these ideas with a student. Multiple themes emerged from the answers, including online predators, privacy, password safety, malware and phishing, safe browsing, age-appropriate social media, no discussions, and general discussions. However, some answers needed to be clearer to be classified within a theme and were not used. In the following paragraphs, we will discuss the most prevalent themes. 44 10 26 40 8 24 34 31 18 24 11 16 6 12 8 2 6 1 1 0 5 dia Me So c ial Ap Age pro pri ate Ma l Ph ware ish & ing dis cus sio n 9 16 3 No s sw ord Pas row s eb Saf G Dis ener cus al sio n dat o Pre Theme P E OCG Pri vac y rs ing Table 5. Distribution of the themes generated from thematic analysis of the question: “Please give an example or describe your experience discussing cybersecurity or cyber safety or privacy with your child/students” 3 0 1 Many participants shared that their main concern is for privacy, making sure to let the children know that they should not share passwords, pictures, locations, or personal information online; one such participant mentioned that they communicate with their children and quote that: “Keep your personal information private; avoid sharing your name, address, telephone number, birthday, passwords, and the name of your school when using the Internet. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:18 Faiza Tazi, Sunny Shrestha, and Sanchari Das Think twice before you post or say anything online; once in cyberspace, it is out there forever.” (MTK-P-117) Many of our participants also try to warn their kids about online predators, asking them not to communicate with strangers and warning them to be wary of people they meet online. One participant who identified as a caregiver noted that, “<the child> knows to never give out information to people she does not know on the internet, even when they may have been added to the same chat on Instagram, because she does not know who is behind the screen and what their intentions might be.” (OCG-P-74) A parent also mentioned that: “I constantly remind them that they do not know who is really on the other side of the internet and you do not know if they have good intentions, so don’t tell people anything” (P-P-38) A few participants also disclosed their worry about zoom bombing: “After an incident in a nearby district regarding cybersecurity, -an educator- discussed what to do if something inappropriate occurs over Zoom. This included how to leave the meeting and instructions to inform an adult.” (E-MTK-125) 10 26 16 Co m wi mun th stu icatio den n ts 35 29 30 N to othin im pro g ve on B mm etter un ica ti 31 32 30 Co Sp mm ecifi un c ica tio n 12 64 14 Co Theme P E OCG C Tra lass/ ini ng Table 6. Distribution of the themes generated from thematic analysis of the question: “How can your child’s school improve its communication about cybersecurity and privacy ” 13 2 4 4.6.3 Improving Cybersecurity Communication. Parents, teachers, and other caregivers, often do not understand the risks associated with cybersecurity. As such, schools need to be able to provide adequate communication regarding cybersecurity, cyber safety, and privacy. When asked how schools can improve this communication, our participants had many ideas. We organized these answers into themes, including offering classes or training, communicating about cybersecurity with the students directly, communicating more frequently about it, or having specific ideas on the type and content of the communication. Some participants did not have anything to improve; more information on these themes can be found in Table 6. Participants who were not very tech-savvy asked for more information delivered in a user-friendly manner. One participant asked for the following: “More information for parents who do not understand IT.” (P-P-15) A frequent theme within this question is better communication with parents. This includes enhancing the quality of the communication: “I think they could communicate with parents better. I find a great deal of the fine details have been entrusted to children initially, leaving my wife and I to have to pursue more information - through school and on our own.”(P-P-39) Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:19 (P-P-32) Responses were also classified within this theme if they discuss the consistency of the communication, promptness, or ask for more frequent communication. Multiple participants asked for information to be sent more frequently and more consistently to them. “I think they should release more messaging on the subject. Cybersecurity does not seem to be as significant a focus as I think it should be.” (P-P-44) Similarly, a prevalent theme in our analysis “Specific communication”encompasses participants asking for notifications of security issues: “Send us reports of any reported cybersecurity incidents that have happened.” (OCGP-82) Or participants asking for a specific means of communication such as email, text messages, or phone calls, or participants asking for communication to include recommendations on tools. An important theme, especially among participants who identified as educators, is “ class/training”where participants asked to be provided with classes, workshops, or training to help them learn more about cybersecurity and cyber safety: “The range of tech competence among faculty members is so varied that it is impossible to design a one size fits all cybersecurity and privacy training that’s both relevant and accessible to the majority of the staff. I think the only effective way to improve cybersecurity would involve an initial assessment of each faculty member’s knowledge and sorting them into one of two or three training based on how much detail and beginner knowledge they need.”(E-P-64) On the other hand, some participants mentioned that they were not concerned about this type of communication and that they required less communication. As one participant requested: “Don’t send more information to the parent. It’s just confusing.” (P-P-98) 31 22 9 ing 28 17 28 Me He ntal alt h lly bu Cy ber 9 27 18 pp Co ropri nte ate nt Ma Ph lwar ish e ing 26 2 11 Pri Theme P E OCG Ina O Pre nline dat ors 29 33 17 y vac Table 7. Distribution of the themes generated from thematic analysis of the question: “Can you elaborate on the form of cyber threats you are most concerned about for your child ” 17 0 0 4.6.4 Student Support Structure Cyber Threat Concerns. An essential section of our survey asked about the cyber threats the student support structure is concerned about regarding the students. An open-ended question delved more into this subject to discern their apprehensions and worries. The themes from these answers comprised mental health, online predators, financial repercussions, privacy, inappropriate content, malware, and age-appropriate communication. An critical theme that emerged from this analysis is mental health. Participants were worried about the repercussions of online safety on the student’s mental health, citing that cyberbullying and inappropriate content can hurt children’s mental health. One of the parents mentions that: “inappropriate content is too easy to access and easy to view without any effort by the child. This is probably by far the most adverse effect on a child’s mentality and long-term experiences” (P-P-48) Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:20 Faiza Tazi, Sunny Shrestha, and Sanchari Das An equally important theme that emerged from the open-ended answers is age-appropriate communication, as some participants noted that they avoid some topics since they feel that their children are not concerned about them at their age, as one participant mentions: “Consider your child’s maturity level. Before making any decisions about screen time, consider your child’s maturity level. Ideally, as your child ages, they should be able to handle more responsibility and make rational decisions. However, this is only sometimes the case. If your child is irresponsible, immature, and has an attitude, think of all of the negative ways that technology can amplify this. Make sure that your child can handle all of the responsibility that comes along with technology.”(OCG-MTK-72) Similarly, a different parent noted: “...I can block sites according to what I think is the appropriate level for the child.” (PMTK-56) 4.7 Research Questions RQ1: How do educators, parents, and other caregivers perceive cybersecurity, cyber safety, and privacy threats concerning their children and students with online education? Through our analysis, we determine that the majority of the students’ support structure believe that cyber security and privacy is essential to students, 66.75% of participants who identified as educators deemed cybersecurity, cyber safety, and privacy extremely important or very important, over 72.31% of the children’s parents shared the same position, similarly, 83.95% of our participants who identified as other caregiver regarded cybersecurity, cyber safety, and privacy as critical. Moreover, these results are further corroborated by the qualitative analysis of the open-ended questions, where themes regarding the perceived importance of cyber security included: “Generic Importance”, “Online Predators”, “Privacy”, “Vulnerable Population”, “Malware & Phishing”and “Not Concerned”. This last theme includes participants who were not concerned about cyber security and safety because they were not the child’s primary caretaker and did not manage device usage, educators with older students, and parents who only allowed their children online for a specific time or usage. The rest of the themes were all pertinent to perceived reasons why cyber security and safety are vital to students. Most of the students’ support structures believe cybersecurity, cyber safety, and privacy are important for students for numerous reasons. The motive behind this perception includes worry about online predators and inappropriate content and the apprehension about the mental repercussion this could have on these vulnerable children. Participants also had concerns about attacks on the devices used by the students. However, through the analysis of the open-ended questions, we also noticed that the participants who indicated they were not concerned about cybersecurity and cyber safety defended their attitudes, albeit with reasons that can sometimes be misguided. Some of the more frequent arguments include: Students are knowledgeable about cyber security and safety, or they have been trained to stay safe online; some of the reasons also include the fact that children are only allowed online for a limited amount of time or they are only allowed online to do school work. RQ2: To what extent is the communication between the parties accountable for students’ cybersecurity, cyber safety, and privacy reliable and efficient? Parents and caregivers were asked how frequently they communicated about cyber security and safety with the students. Results were different between the two groups, where almost 45% of the parents proclaimed that they discussed cybersecurity with their children regularly, whereas 67.16% of the caregivers made the same claim. On the other hand, educators were asked about Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:21 organizational cybersecurity communication. Results show that over half of the educators (58.31%) never received cybersecurity communication from the student’s parents, and caretakers. In contrast, over 42% of educators declare that they rarely reach out to parents about cybersecurity and cyber safety. Similarly, about a third of educators proclaimed that school administration rarely reaches out to them about cybersecurity and cyber safety. In addition to the quantitative analysis, we have also conducted qualitative analysis on some open-ended questions to understand better the type of communication between students and their support structure and the importance of enhancing cybersecurity communication with our participants. From our analysis of the responses we got through asking the following question: “Please give an example or describe your experience discussing cyber security or safety with your child/students” we notice that parents mainly discussed privacy and identity theft, online predators, safe browsing and secure passwords. Very few participants mentioned social media in their discussions, and many offered a generic answer that mentioned the frequency at which they discuss cybersecurity with the students without being specific about the topics they discuss. A few participants also mentioned that they should have discussed cybersecurity and cyber safety with the students, but many participants offered senseless answers or no answers. We compare these results to the reported cyber incidents: 140 parents reported that their children were involved in a cyber security incident. In addition, about 23.53% of the educators also confirmed that their students were part of a cyber incident, and over 44.59% of caregivers reported the same. These high numbers show that the cybersecurity, cyber safety and privacy education students receive is inadequate, inefficient and fails to keep them safe online regardless of the frequency or the type of communication they receive. RQ3: What are the individual factors that contribute to the attitudes of parents, educators, and other caregivers towards cybersecurity, cyber safety, and privacy of children in the online education context? To glean the factors responsible for the perceptions of our participants, we conducted a linear regression analysis on the three categories of participants. For each category, we first checked for Pearson correlation between variables. Then we generated multiple linear regression models with the independent variables that did not present a mild or strong correlation. We then used the likelihood-ratio test and the r ANOVA () function to compare models. Table 8 presents the results of the best models we generated for each category. The results of this analysis were different for each category, as shown in Table 8. Through this analysis, we conclude that for participants who identified as educators, the individual factors that contribute to their attitude towards the importance of cyber security and safety are the students’ time spent using ICTs, the frequency of the cyber security and safety communication initiated by the parents, the perceptions of the tools available to support the security and safety of the students and to some extent the computer knowledge of the educators. On the other hand, these results were somewhat different for participants who identified as other caregivers, where their attitudes were affected mainly by the students’ time spent using ICTs, the frequency of the communication they received from the school administration as well as the communication they have with the students themselves, the caregiver’s security knowledge and to some extent whether the students they care for have been a victim of a cyber security incident or not. Finally, parents’ attitudes were only influenced by their security knowledge and the frequency by which they communicated with their children about cyber security and safety. 5 IMPLICATION Our study provided critical insights into the issues students’ support structures face in everyday education, which hinders them from supporting children to facilitate their online education in a Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:22 Faiza Tazi, Sunny Shrestha, and Sanchari Das Table 8. Estimated regression 𝛽 coefficients, standard error values and t-test p-values from linear regression Coefficient Estimate Educators Intercept 1.80688 Student time on ICT 0.18366 Frequency of cyber security or safety communication initiated 0.2039 by a parent or caregiver Perceptions of tools available to support the cyber security and 0.17875 safety of students Computer Knowledge 0.1508 Parents Intercept 3.0084 Frequency of cyber security or safety communication with stu- 0.3802 dents −0.1915 Security Knowledge Other caregiver Intercept 3.880 Student time on ICT 0.26 Frequency of cyber security or safety school administration 0.102 communications Frequency of cyber security or safety communication with stu0.123 dents Cyber incidents involving students −0.108 Security Knowledge −0.312 std. Error p-value 0.3295 0.06745 0.04092 < 0.00001*** 0.0068** < 0.00001*** 0.05794 0.0022** 0.08528 0.0779. 0.102 0.0348 < 0.00001*** < 0.00001*** 0.05816 0.00104** 0.131 0.040 0.0378 < 0.00001*** < 0.00001*** 0.0073** 0.042 0.0037** 0.065 0.059 0.0999. < 0.0073** secure and privacy-preserving manner. In this study, given the time of data collection, we were able to obtain extensive insight into how people have navigated the emergent shift to online education due to COVID-19. However, irrespective of the daily use of digital technology, including for education at different levels, people’s awareness of cybersecurity and privacy is concerning though their intention to keep the student and children’s data safe and secure is to be acknowledged. Given our analysis, we have provided some recommendations for the topic. 5.1 Cybersecurity Awareness and Education As of April 2022, over 63% of the world population are ICT users 10 ; therefore, it is essential to understand the basics of cyber threats, regardless of age or browsing habits [39]. Similarly, cybersecurity in education is vital for multiple reasons, the most critical of which is to ensure cybersecurity, cyber safety and privacy of the students [43]. To do so, the students’ support structure must first be educated on this topic. Furthermore, as noted in the results, security knowledge is an essential factor in the perceptions of both parents and other caregivers, as such a formal security awareness will help these caregivers support their children and teach them to recognize cyber risks such as cyberbullying, protection of data privacy or phishing. Likewise, educators and school administrations need to be proactive in the cybersecurity education of caregivers and students [17]. Thus, we propose regular technological support and digital literacy to students and their parents, educators, and caregivers. Additionally, educational institutions should establish or improve the communication channel between academic institutions and caregivers to improve the cybersecurity 10 https://www.statista.com/statistics/617136/digital-population-worldwide/ Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:23 awareness of the students’ support structures [37]. Providing adequate and targeted cybersecurity resources would help these caregivers understand the risks and mitigate the threats. 5.2 Tools and Tips Children face many risks while interacting online, including inappropriate content, zoom bombing, commercial spam, cyberbullying, privacy loss, and internet addiction [36]. Unfortunately, the students’ support structure in and out of school needs to be aware of these threats to provide adequate support. When asked about the tools used to protect the children, most participants in our study who provided an answer to this open-ended question mentioned antivirus software or firewalls as the tools they used. This shows that these caregivers are unaware of the threats the children run online. Additionally, some participants who identified as parents or caregivers mentioned parental control software as the primary tool used to keep the children safe online, which can lead to privacy concerns, especially for teenagers [36, 57]. Consequently, better tools must be developed to help students support structure to ensure children’s online security, safety, and privacy. These tools need to consider all the threats children face and ensure ease of usability for the parents, educators, and caregivers who may or may not have the technical knowledge [23]. 5.3 FERPA in Light of Online Education The Family Education Rights and Privacy Act (FERPA) protects personally identifiable information (PII) enclosed in student education records; these PII protected under FERPA do not include “directory” information such as a “student’s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance” 11 . Furthermore, FERPA does not consider online education in any form [49]. This oversight from the legislative viewpoint can have serious privacy repercussions on the students, especially when the students’ support structure is unaware of all the risks and threats students face in the online education format. However, regardless of the shortcomings of FERPA, educational institutions, as well as educators, need to be trained on FERPA to be able to protect the students. Furthermore, the students’ support structure needs to be aware of the student’s rights under FERPA to help safeguard their privacy. This is an interesting problem, especially in the learning disability community [50], as many students reveal their personal information on these platforms. 5.4 Institutional Support The swift move to online education put some of the students’ support structure in a precarious situation in more hardships. These people not only had to deal with the pandemic, the socioeconomic difficulties, and the lack of support from government entities, but they were also at a crunch to provide adequate infrastructure to support the student’s online education. As a result, some of these parents had to revert to device sharing among multiple users [38]. This has the potential to cause a loss of privacy among these students and presents multiple cybersecurity concerns, especially when using one account for all students [27]. Furthermore, the absence of universal access to infrastructure has caused a more immense socioeconomic and educational chasm between the students. Although a health emergency has caused this move to online education, governments and educational institutions need to come together to provide adequate support infrastructures such as internet access and devices to the students before making such a move [37]. Additionally, risk communication is a helpful tool in cybersecurity and can be immensely helpful if the institutions can conduct workshops to make users understand the security concerns of shared devices. 11 https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:24 6 Faiza Tazi, Sunny Shrestha, and Sanchari Das LIMITATIONS AND FUTURE WORK Online education has been an active research topic for a while, which witnessed an escalation of interest due to the pandemic. In this paper, we expand on this topic by studying parents, educators, and other caregivers’ perceptions on cybersecurity, cyber safety, and privacy of the students. Though the survey design provided critical insights into this field of research, it leaves out the user base of the students. We plan to investigate the students’ perspective of cybersecurity, cyber safety, and privacy in online education in a future extension of this work. Thus, we are already collaborating with different educational institutions to obtain student data to overcome the limitation of obtaining an institutional-focused perspective. Privacy and cybersecurity are not the foremost concerns for parents, educators, and caregivers when it comes to their children’s or student’s online education, and it is imperative to note that there is a lack of tools to address cybersecurity and privacy concerns even if they wanted to. Thus, we also plan to research tools and methods that helps bridge that literacy gap for online education users and enables parents, educators, and caregivers to prevent and mitigate cybersecurity risks faced by students. 7 CONCLUSION COVID-19 has provoked widespread uncertainty that extended to the education sector. Schools and universities have had to make last-minute changes and react promptly to the new restrictions they were facing, which led to a sudden shift from in-person education modules to online education, which created the attack vector of digital interaction in the education domain. Accordingly, we set out to understand the cybersecurity, cyber safety, and privacy perceptions of the student support structure, including parents, educators, and other caregivers. To this end, we conducted a survey-based study deployed over crowdsourcing platforms, including MTurk and Prolific. The study analyzed data collected from 1036 participants, which provided critical insights into the issues the students’ support system face in everyday education for their children and students. Our study provides a detailed analysis of online education’s privacy and security concerns by parents’ educators, and caregivers. It emphasizes the needs and requirements of adequate tools and legislation to aid secure and privacy-preserving online education. Additionally, our results show that over 85% of the student support structure involving parents, educators, and other caregivers find that students have been spending more time online as a direct result of online education. Consequently, they have been more concerned about cybersecurity, cyber safety, and privacy of the students with little to no technical support from the educational institutions. We conclude by providing recommendations to address these concerns, which can enable building digitally secure tools to facilitate an engaged yet secure online education. ACKNOWLEDGMENTS We extend our sincere gratitude to the participants for their time, and the anonymous reviewers for their feedback that enriched our paper. We would also like to thank the invaluable contributions of the MTurk and Prolific agents who assisted in modifying the advertisement to reach potential participants. Furthermore, we are grateful to Dan Norton and Kathryn Walsh for their expert creation and preparation of the survey. We would also like to acknowledge the Inclusive Security and Privacy-focused Innovative Research in Information Technology (InSpirit) Lab and the University of Denver’s Ritchie School of Engineering and Computer Science for their steadfast support. The opinions, findings, conclusions and recommendations expressed in this document are those of the authors and do not necessarily reflect the viewpoints of any associated institutions. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:25 REFERENCES [1] Olasile Babatunde Adedoyin and Emrah Soykan. Covid-19 pandemic and online learning: the challenges and opportunities. Interactive learning environments, pages 1–13, 2020. [2] Casper Boongaling Agaton and Lavinia Javier Cueto. Learning at home: Parents’ lived experiences on distance learning during covid-19 pandemic in the philippines. International Journal of Evaluation and Research in Education, 10(3):901–911, 2021. [3] Wahab Ali. Online and remote learning in higher education institutes: A necessity in light of covid-19 pandemic. Higher education studies, 10(3):16–25, 2020. [4] M Beatriz Arias. Internet disparity challenges schooling for all. Center for Applied Linguistics (CAL) Commentary. URL: http://www. cal. org/news-and-events/in-the-news/internet-disparity-challenges-6_1_2020, 2020. [5] David G Balash, Dongkun Kim, Darika Shaibekova, Rahel A Fainchtein, Micah Sherr, and Adam J Aviv. Examining the examiners: Students’ privacy and security perceptions of online proctoring services. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pages 633–652, 2021. [6] Utkarsh Bansal, Swati Ghate, Piyali Bhattacharya, Rajeev K Thapar, and Piyush Gupta. Parental perspectives on remote learning and school reopening. Indian Pediatrics, 57(12):1177–1178, 2020. [7] Verónica Basilotta-Gómez-Pablos, María Matarranz, Luis-Alberto Casado-Aranda, and Ana Otto. Teachers’ digital competencies in higher education: a systematic literature review. International Journal of Educational Technology in Higher Education, 19(1):1–16, 2022. [8] Elisabeth Beaunoyer, Sophie Dupéré, and Matthieu J Guitton. Covid-19 and digital inequalities: Reciprocal impacts and mitigation strategies. Computers in human behavior, 111:106424, 2020. [9] Aras Bozkurt, Insung Jung, Junhong Xiao, Viviane Vladimirschi, Robert Schuwer, Gennady Egorov, Sarah Lambert, Maha Al-Freih, Judith Pete, Don Olcott Jr, et al. A global outlook to the interruption of education due to covid-19 pandemic: Navigating in a time of uncertainty and crisis. Asian Journal of Distance Education, 15(1):1–126, 2020. [10] Oleksandr Burov, Oleksandr Butnik-Siversky, Olena Orliuk, and Kateryna Horska. Cybersecurity and innovative digital educational environment. Information Technologies and Learning Tools, 80(6):414–430, 2020. [11] Dick Carpenter and Joshua Dunn. We’re all teachers now: Remote learning during covid-19. Journal of School Choice, 14(4):567–594, 2020. [12] Frank R Castelli and Mark A Sarvary. Why students do not turn on their video cameras during online classes and an equitable and inclusive plan to encourage them to do so. Ecology and Evolution, 11(8):3565–3576, 2021. [13] Olaganwantte Chandasiri. The covid-19: impact on education. Journal of Asian and African Social Science and Humanities, 6(2):37–42, 2020. [14] Zhilong Chen, Hancheng Cao, Yuting Deng, Xuan Gao, Jinghua Piao, Fengli Xu, Yu Zhang, and Yong Li. Learning from home: A mixed-methods analysis of live streaming based remote education experience in chinese colleges during the covid-19 pandemic. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pages 1–16, 2021. [15] Shaanan Cohney, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider, and Madelyn Sanfilippo. Virtual classrooms and real harms: Remote learning at {US}. universities. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pages 653–674, 2021. [16] Ben Collier, Daniel R Thomas, Richard Clayton, Alice Hutchings, and Yi Ting Chua. Influence, infrastructure, and recentering cybercrime policing: evaluating emerging approaches to online law enforcement through a market for cybercrime services. Policing and Society, 32(1):103–124, 2022. [17] Isabella Corradini and Enrico Nardelli. Developing digital awareness at school: a fundamental step for cybersecurity education. In International Conference on Applied Human Factors and Ergonomics, pages 102–110. Springer, 2020. [18] Tom Crick, Cathryn Knight, Richard Watermeyer, and Janet Goodall. The impact of covid-19 and “emergency remote teaching” on the uk computer science education community. In United Kingdom & Ireland Computing Education Research conference., pages 31–37, 2020. [19] Linda Daniela, Zanda Rubene, and Arta Rūdolfa. Parents’ perspectives on remote learning in the pandemic context. Sustainability, 13(7), 2021. [20] S Datta Burton, Leonie Maria Tanczer, Srinidhi Vasudevan, Stephen Hailes, and Madeline Carr. The UK Code of Practice for Consumer IoT Cybersecurity: where we are and what next. Department for Digital, Culture, Media & Sport, 2021. [21] Zhu Di and Guo Ran. Survey report on chinese adolescents’ internet usage and cyber security. Chinese Research Perspectives on Society, Volume 8: Analysis and Forecast of China’s Social Conditions (2019), page 223, 2022. [22] Chuanmei Dong, Simin Cao, and Hui Li. Young children’s online learning during covid-19 pandemic: Chinese parents’ beliefs and attitudes. Children and youth services review, 118:105440, 2020. [23] Quentin Duchaussoy. Security and Privacy Analysis of Parental Control Solutions. PhD thesis, Concordia University, 2020. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:26 Faiza Tazi, Sunny Shrestha, and Sanchari Das [24] Leli Efriana. Problems of online learning during covid-19 pandemic in efl classroom and the solution. JELITA, pages 38–47, 2021. [25] A Garbe, U Ogurlu, N Logan, and P Cook. Covid-19 and remote learning: Experiences of parents with children during the pandemic. American Journal of Qualitative Research, 4(3):45–65, 2020. [26] Adam Garcia, Garrett B Powell, Davis Arnold, Luis Ibarra, Matthew Pietrucha, Michael Kelland Thorson, Abigail Verhelle, Nathan B Wade, and Samantha Webb. Learned helplessness and mental health issues related to distance learning due to covid-19. In Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, pages 1–6, 2021. [27] Alina Hang, Emanuel Von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. Too much information! user attitudes towards smartphone sharing. In Proceedings of the 7th Nordic Conference on Human-Computer Interaction: Making Sense Through Design, pages 284–287, 2012. [28] Benjamin V Hanrahan, David Martin, Jutta Willamowski, and John M Carroll. Investigating the amazon mechanical turk market through tool design. Computer Supported Cooperative Work (CSCW), 28(5):795–814, 2019. [29] Karin Hansson, Thomas Ludwig, and Tanja Aitamurto. Capitalizing relationships: Modes of participation in crowdsourcing. Computer Supported Cooperative Work (CSCW), 28(5):977–1000, 2019. [30] Christine Heitz, Martha Laboissiere, Saurabh Sanghvi, and Jimmy Sarakatsannis. Getting the next phase of remote learning right in higher education. McKinsey Insights, 2020. [31] Charles B Hodges, Stephanie Moore, Barbara B Lockee, Torrey Trust, and M Aaron Bond. The difference between emergency remote teaching and online learning. Educause, 2020. [32] Netta Iivari, Sumita Sharma, and Leena Ventä-Olkkonen. Digital transformation of everyday life–how covid-19 pandemic transformed the basic education of the young generation and why information management research should care? International Journal of Information Management, 55:102183, 2020. [33] Pravat Kumar Jena. Online learning during lockdown period for covid-19 in india. International Journal of Multidisciplinary Educational Research (IJMER), 9, 2020. [34] Andreas M. Kaplan and Michael Haenlein. Higher education and the digital revolution: About moocs, spocs, social media, and the cookie monster. Business Horizons, 59(4):441–450, 2016. [35] Patrick Gage Kelley. Conducting usable privacy & security studies with amazon’s mechanical turk. In Symposium on Usable Privacy and Security (SOUPS)(Redmond, WA. Citeseer, 2010. [36] Emmanouil Magkos, Eleni Kleisiari, Panagiotis Chanias, and Viktor Giannakouris-Salalidis. Parental control and children’s internet safety: the good, the bad and the ugly. Proc. ICIL 2014, 18, 2014. [37] F Manca and F Meluzzi. Strengthening online learning when school are closed: The role of families and teachers in supporting students during the covid-19 crisis. In OECD Policy Responses to Coronavirus (COVID-19). OECD, 2020. [38] Tara Matthews, Kerwell Liao, Anna Turner, Marianne Berkovich, Robert Reeder, and Sunny Consolvo. " she’ll just grab any device that’s closer" a study of everyday device & account sharing in households. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pages 5921–5932, 2016. [39] Andrew McGettrick. Toward effective cybersecurity education. IEEE Security & Privacy, 11(6):66–68, 2013. [40] Kate Muir and Adam Joinson. An exploratory study into the negotiation of cyber-security within the family home. Frontiers in psychology, 11:424, 2020. [41] Iman Oraif and Tariq Elyas. The impact of covid-19 on learning: Investigating efl learners’ engagement in online courses in saudi arabia. Education Sciences, 11(3):99, 2021. [42] Iin Dwi Aristy Putri, Alim Surya Saruman, Ikram Lihu, and Muhammad Samil Ilyas. The role of social media as a learning platform in the covid-19 pandemic. PINISI Discretion Review, 5(1):197–206, 2022. [43] N Rahman, I Sairi, NAM Zizi, and Fariza Khalid. The importance of cybersecurity education in school. International Journal of Information and Education Technology, 10(5):378–382, 2020. [44] Prashanth Rajivan, Pablo Moriano, Timothy Kelley, and L Jean Camp. Factors in an end user security expertise instrument. Information & Computer Security, 2017. [45] Damien Renard and Joseph G Davis. Social interdependence on crowdsourcing platforms. Journal of business research, 103:186–194, 2019. [46] Víctor Revilla-Cuesta, Marta Skaf, Juan Manuel Varona, and Vanesa Ortega-López. The outbreak of the covid-19 pandemic and its social impact on education: Were engineering teachers ready to teach online? International Journal of Environmental Research and Public Health, 18(4):2127, 2021. [47] SM Nazmuz Sakib. Impact of covid 19 on performance of administrative staff of the academic institutions. PhD thesis, School of Business and Trade, 2022. [48] Shruti Sannon and Dan Cosley. Privacy, power, and invisible labor on amazon mechanical turk. In Proceedings of the 2019 CHI conference on human factors in computing systems, pages 1–12, 2019. [49] Alexander R Schrameyer, Tracy M Graves, David M Hua, and Nile C Brandt. Online student collaboration and ferpa considerations. TechTrends, 60(6):540–548, 2016. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:27 [50] Sunny Shrestha, Sanchari Das, and David M Thomas. Secureld: Secure and accessible learning for students with disabilities. In Proceedings of the 66th International Annual Meeting of the Human Factors and Ergonomics Society (2022), 2022. [51] MISHA TEIMOURI. An integrated model to reduce online risks for children. Philosophy, 2015. [52] Ekaterina Tour. Supporting primary school children’s learning in digital spaces at home: Migrant parents’ perspectives and practices. Children & Society, 33(6):587–601, 2019. [53] Joanne Vanderhost. Parents’ perceived benefits of full-time online K-12 education as an educational replacement option. PhD thesis, Pepperdine University, 2017. [54] Xinli Wang, Guy C Hembroff, and Rick Yedica. Using vmware vcenter lab manager in undergraduate education for system administration and network security. In Proceedings of the 2010 ACM conference on Information technology education, pages 43–52, 2010. [55] Joseph Jay Williams, Markus Krause, Praveen Paritosh, Jacob Whitehill, Justin Reich, Juho Kim, Piotr Mitros, Neil Heffernan, and Brian C. Keegan. Connecting collaborative &; crowd work with online education. In Proceedings of the 18th ACM Conference Companion on Computer Supported Cooperative Work &; Social Computing, CSCW’15 Companion, page 313–318, New York, NY, USA, 2015. Association for Computing Machinery. [56] Ben Williamson, Rebecca Eynon, and John Potter. Pandemic politics, pedagogies and practices: digital technologies and distance education during the coronavirus emergency, 2020. [57] Pamela Wisniewski, Arup Kumar Ghosh, Heng Xu, Mary Beth Rosson, and John M Carroll. Parental control vs. teen self-regulation: Is there a middle ground for mobile online safety? In Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing, pages 51–69, 2017. [58] Huichuan Xia, Yang Wang, Yun Huang, and Anuj Shah. " our privacy needs to be protected at all costs" crowd workers’ privacy experiences on amazon mechanical turk. Proceedings of the ACM on Human-Computer Interaction, 1(CSCW):1–22, 2017. [59] Yanfeng Xu, Qi Wu, Merav Jedwab, and Sue E Levkoff. Understanding the relationships between parenting stress and mental health with grandparent kinship caregivers’ risky parenting behaviors in the time of covid-19. Journal of Family Violence, pages 1–13, 2020. Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:28 A Faiza Tazi, Sunny Shrestha, and Sanchari Das STUDY QUESTIONNAIRE The following questionnaire was used for our study. For the Prolific deployed survey, the questionnaire for each category was deployed separately with all the independent parts of the survey. A.1 Commitment We care about the quality of our data. In order to get the most accurate measures of your knowledge and opinions, it is important that you thoughtfully provide your best answers. Do you commit to thoughtfully providing your best answers to each question? • Yes; I will provide my best answers. • No; I will not provide my best answers. • Unsure; I cannot promise either way A.2 Screening (1) What is your age? • Less than 18 years • 18-24 years • 25-30 years • 31-40 years • 41-50 years • 51-60 years • 61-70 years • More than 70 years (2) Which of the following best describes your role in remote learning (Select All that Apply) • Parent • Educator (ex. Professor, Teaching Assistant) • Other Caregiver • None of the Above For MTurk, participants who met the screening criteria were randomly assigned one of the question blocks corresponding to the category they identified as. As for Prolific, we were not able to do in survey screening, as such we had to use filters provided by the platform. Accordingly we deployed three separate surveys on prolific, one for each category. This also ensured an equal distribution of our participants’ categories. A.3 Cyber Background Knowledge The following questions are about your background in Cybersecurity and Cyber Safety. During this survey, we define: • Cybersecurity as the protection of data, information, and privacy. • Cyber Safety as protecting users from harmful online content. (1) Please estimate how many hours you spend on the internet per week.<DROP DOWN> (2) Where do you obtain information about cybersecurity or cyber safety? (Please check all that apply) • News • Friends • School Administration • Personal research • Other (please specify) Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:29 (3) What methods have been used to communicate with you about cybersecurity or cyber safety? (Please check all that apply) • Email • Newsletters • Training • Meeting • Other (please specify) • No Communication (4) Please rank the following statement on a scale between Strong Disagree to Strongly Agree: “I often ask others for help with the computer.” • Strongly Agree • Somewhat Agree • Neither Agree nor Disagree • Somewhat Disagree • Strongly Disagree (5) Please rank the following statement on a scale between Strong Disagree to Strongly Agree: "Others often ask me for help with the computer." • Strongly Agree • Somewhat Agree • Neither Agree nor Disagree • Somewhat Disagree • Strongly Disagree (6) Which of the following things have you done? • Designed a website • Registered a domain name • Used SSH • Configured a firewall • Created a database • Installed a computer program • Written a computer program • None of the above (7) Have you taken or taught a course on computer security? • Yes • No (8) Do you have a security cognate or do you plan on security being a feature of your job role?? • Yes • No A.4 Golden Questions Attention check questions allowed us to cull out the valid question and remove the invalid responses from our dataset. (1) What is 6/3? • 9 • 2 • 3 Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:30 A.5 Faiza Tazi, Sunny Shrestha, and Sanchari Das Educators Questions The following questions were given to the participants who identified as educators. This includes teachers, professors, lecturers, TA’s, and tutors. They were then prompted to answer the following questions in terms of their students and classes. (1) What grades do you teach? (Please select all that apply) • K-2 grade • 3-5 grade • 6-8 grade • 9-12 grade • Undergraduate • Graduate • Other (please specify) (2) How many classes are you teaching? • One • Two • Three • Four • Five • Six or More (3) What best represents the current form of teaching for your students? • In Person • Hybrid (a class that has both in-person and remote learning elements) • Hyflex (each student can either choose their mode of engagement in the course for the day or will be assigned a mode of engagement for that day) • Online (a class designed from the ground up so all students can attend the main class experience online) • Other (please specify) (4) What forms of teaching have you experienced from March 2020 - December 2020. (Please check all that apply) • In Person • Hybrid (a class that has both in-person and remote learning elements) • Hyflex (each student can either choose their mode of engagement in the course for the day or will be assigned a mode of engagement for that day) • Online (a class designed from the ground up so all students can attend the main class experience online) • Other (please specify) (5) Have you faced any challenges while teaching remote learning? • Yes • No • Prefer not to answer (6) If you are comfortable, please describe the challenges.<Open Ended Question> (7) Have your students communicated any difficulties to you related to remote learning? • Yes • No • Prefer not to answer (8) If you are comfortable, please describe any feedback you have gotten from students regarding remote learning. <Open Ended Question> Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:31 (9) What online tools or platforms do you use for remote education? (Please check all that apply) • Zoom • Google • Canvas • Moodle • Other(please Specify) (10) How would you describe your ability to use these tools for remote learning? • Extremely competent • Somewhat competent • Neither competent nor incompetent • Somewhat incompetent • Extremely incompetent (11) What type of device do your students use for remote learning? (Please check all that apply) • Personal smartphone • Personal computer • Personal tablet • Shared smartphone • Shared computer • Shared tablet • Other (please specify) (12) What type of device do you use for remote learning? (Please check all that apply) • Personal smartphone • Personal computer • Personal tablet • Shared smartphone • Shared computer • Shared tablet • Other (please specify) (13) During remote learning, has the amount of time your students spend using electronics for school changed? • Greatly increased • Somewhat increased • No change • Somewhat decreased • Greatly decreased (14) How often has a parent or caregiver of your students communicated with you about cybersecurity or cyber safety? • Daily basis • Weekly basis • Monthly basis • Rarely • Never (15) Please describe you experience communicating about cybersecurity or cyber safety with a parent or caregiver of your students.<Open Ended Question> (16) How often has the school administration communicated with you about cybersecurity or cyber safety? • Daily basis • Weekly basis Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:32 (17) (18) (19) (20) (21) (22) (23) (24) (25) (26) Faiza Tazi, Sunny Shrestha, and Sanchari Das • Monthly basis • Rarely • Never How has the school administration communicated with you about cybersecurity or cyber safety? (Please check all that apply) • Email • Newsletters • Training • Meeting • Other (please specify) • No communication Please elaborate on othe school administration’s communication on cybersecurity or cyber safety.<Open Ended Question> How important do you feel cybersecurity or safety is for your students? • Extremely important • Very important • Moderately important • Slightly important • Not at all important How often do you discuss cybersecurity or safety with your students? • Daily basis • Weekly basis • Monthly basis • Rarely • Never Please give an example or describe your experience discussing cybersecurity or safety with your students.<Open Ended Question> How often do you discuss cybersecurity or safety the parents or caregivers of your students? • Daily basis • Weekly basis • Monthly basis • Rarely • Never Please give an example or describe your experience discussing cybersecurity or safety with parents or caregivers.<Open Ended Question> How would you describe tools available to support the cybersecurity or safety of your students? • More than needed • Slightly more than needed • The right amount • Not enough • None at all Please describe any tools used to increase you students’ cybersecurity or safety.<Open Ended Question> What form of cyber threats are you most concerned about for your students? (drag each choice to list in rank order) • Cyberbullying • Phishing Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:33 • Malware • Privacy • Inappropriate content • Scams • Other (Please specify) (27) Please elaborate on your concerns from the previous question.<Open Ended Question> (28) Have there been any cyber incidents that involved your students? • Yes • No • Choose not to answer (29) If you are comfortable, please describe the incident.<Open Ended Question> A.6 Parents Questions The following questions were given to the participants who identified as parents. Participant answering questions in this category were asked how many of their children are enrolled in school. They were then prompted to answer questions for each child individually who is currently enrolled in school. (1) How many of your children are currently enrolled in school? NOTE: If you have more than three children, please select 3 and answer for the children in the most different age and grade brackets. • No of my children are enrolled in school • 1 • 2 • 3 (2) What grade is your child currently enrolled? • Child is not enrolled in school • K-2 grade • 3-5 grade • 6-8 grade • 9-12 grade • College • Graduate (3) What forms of teaching has your child experienced from March 2020 - December 2020. (Please check all that apply) • In Person • Hybrid (a class that has both in-person and remote learning elements) • Hyflex (each student can either choose their mode of engagement in the course for the day or will be assigned a mode of engagement for that day) • Online (a class designed from the ground up so all students can attend the main class experience online) • Other (please specify) (4) What best represents the current form of teaching for your child during the current 2021 semester? • In Person • Hybrid (a class that has both in-person and remote learning elements) • Hyflex (each student can either choose their mode of engagement in the course for the day or will be assigned a mode of engagement for that day) Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:34 (5) (6) (7) (8) (9) (10) (11) (12) Faiza Tazi, Sunny Shrestha, and Sanchari Das • Online (a class designed from the ground up so all students can attend the main class experience online) • Other (please specify) What type of device does your child use for remote learning? (Please check all that apply) • Personal smartphone • Personal computer • Personal tablet • Shared smartphone • Shared computer • Shared tablet • Other (please specify) How do you manage the usage of the devices of your child?<Open Ended Question> During remote learning, has the amount of time the child under your care spends using electronics for school changed? • Greatly increased • Somewhat increased • No change • Somewhat decreased • Greatly decreased What online tools or platforms does your child use for remote learning? (Please check all that apply) • Zoom • Google • Canvas • Moodle • Other(please Specify) How often has someone from your child’s school communicated with you about cybersecurity or cyber safety? • Daily basis • Weekly basis • Monthly basis • Rarely • Never What methods has your child’s school used to communicate with you about cybersecurity or cyber safety? (Please check all that apply) • Email • Newsletters • Training • Meeting • Other (please specify) • No communication How important do you feel cybersecurity or safety is for your child? • Extremely important • Very important • Moderately important • Slightly important • Not at all important How often do you discuss cybersecurity or safety with your child? Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education (13) (14) (15) (16) (17) (18) (19) 264:35 • Daily basis • Weekly basis • Monthly basis • Rarely • Never Please give an example or describe your experience discussing cybersecurity or safety with your child.<Open Ended Question> How would you describe the cybersecurity or safety tools available in support of your child’s online learning? • More than needed • Slightly more than needed • The right amount • Not enough • None at all Please describe any tools you have used to increase your child’s cybersecurity or safety.<Open Ended Question> What form of cyber threats are you most concerned about for your child? (drag each choice to list in rank order) • Cyberbullying • Phishing • Malware • Privacy • Inappropriate content • Scams • Other (Please specify) Please elaborate on your concerns from the previous question.<Open Ended Question> Have there been any cyber incidents that involved your child? • Yes • No • Choose not to answer If you are comfortable, please describe the incident.<Open Ended Question> A.7 Caregiver Questions The following questions were given when a participant selected the category of a Caregiver (other than parents). Participant answering questions in this category were asked how many children are under their care as a Caregiver. They were then prompted to answer questions for each child individually who is currently enrolled in school. (1) Of the children under your care, how many of them are currently enrolled in school? NOTE: If you have more than three children, please select 3 and answer for the children in the most different age and grade brackets. • No children under my care are enrolled in school • 1 • 2 • 3 (2) What grade is your child currently enrolled? • Child is not enrolled in school • K-2 grade Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:36 (3) (4) (5) (6) (7) (8) (9) Faiza Tazi, Sunny Shrestha, and Sanchari Das • 3-5 grade • 6-8 grade • 9-12 grade • College • Graduate What forms of teaching has the child under your care experienced from March 2020 - December 2020. (Please check all that apply) • In Person • Hybrid (a class that has both in-person and remote learning elements) • Hyflex (each student can either choose their mode of engagement in the course for the day or will be assigned a mode of engagement for that day) • On Line • Other (please specify) What best represents the current form of teaching for the child under your care during 2021? • In Person • Hybrid (a class that has both in-person and remote learning elements) • Hyflex (each student can either choose their mode of engagement in the course for the day or will be assigned a mode of engagement for that day) • On Line • Other (please specify) What type of device(s) does the child under your care use for remote learning? (Please check all that apply) • Personal smartphone • Personal computer • Personal tablet • Shared smartphone • Shared computer • Shared tablet • Other (please specify) How do you manage the usage of the devices of your child? <Open Ended Question> During remote learning, has the amount of time the child under your care spends using electronics for school changed? • Greatly increased • Somewhat increased • No change • Somewhat decreased • Greatly decreased What online tools or platforms does the child under your care use for remote learning? (Please check all that apply) • Zoom • Google • Canvas • Moodle • Other(please Specify) How important do you feel cybersecurity or safety is for the child under your care? • Extremely important • Very important • Moderately important Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education (10) (11) (12) (13) (14) (15) (16) (17) (18) 264:37 • Slightly important • Not at all important How often has someone from the child’s school communicated with you about cybersecurity or cyber safety? • Daily basis • Weekly basis • Monthly basis • Rarely • Never What methods has your child’s school used to communicate with you about cybersecurity or cyber safety? (Please check all that apply) • Email • Newsletters • Training • Meeting • Other (please specify) • No communication How often do you discuss cybersecurity or safety with the child under your care? • Daily basis • Weekly basis • Monthly basis • Rarely • Never Please give an example or describe your experience discussing cybersecurity or safety with the child under your care. <Open Ended Question> How would you describe the cybersecurity or safety tools available in support of online learning for the child under your care? • More than needed • Slightly more than needed • The right amount • Not enough • None at all Please describe any tools you have used to increase your child’s cybersecurity or safety.<Open Ended Question> What form of cyber threats are you most concerned about for the child under your care? (drag each choice to list in rank order) • Cyberbullying • Phishing • Malware • Privacy • Inappropriate content • Scams • Other (Please specify) Please elaborate on your concerns from the previous question. <Open Ended Question> Have there been any cyber incidents that involved the child under your care? • Yes • No • Choose not to answer Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:38 Faiza Tazi, Sunny Shrestha, and Sanchari Das (19) If you are comfortable, please describe the incident. <Open Ended Question> A.8 Final Thoughts Question The next question is an opportunity for our participants to express their for final thoughts. (1) Is there anything else you think we should know regarding your experience with remote learning and/or cybersecurity and cyber safety? <Open Ended Question> A.9 Demographics Questions (1) What ethnicity do you identify with? (Please select all that apply) • American Indian or Native American • Asian • Black or African American • Native Hawaiian or Other Pacifc Islander • White / Caucasian • Hispanic • Other. (Please specify) • Do not wish to specify (2) Which Gender do you identify with the most? • Female • Male • Transgender • Non-binary • A gender not listed here. (Please specify) • Do not wish to specify (3) What is the highest level of education you have completed? (If currently enrolled, highest degree received.) • Less than high school • High school graduate • Diploma • Vocational training • Bachelors degree program • Masters degree program • Professional degree • Doctorate • Other. Please Specify: (4) What is your current employment status? • Employed full time • Employed part time • Unemployed looking for work • Unemployed not looking for work • Retired • Homemaker/ Housewife • Unable to work • Other. Please specify • Do not wish to specify (5) What is your current occupation?<TEXT BOX> (6) What state do you live in? Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. Cybersecurity, Safety, & Privacy Concerns of Online Education 264:39 (7) What is four plus two? • 5 • 6 • 9 (8) What is the current annual household income? • Less than $10, 000 • $10, 000 to $19, 999 • $20, 000 to $29, 999 • $30, 000 to $39, 999 • $40, 000 to $49, 999 • $50, 000 to $59, 999 • $60, 000 to $69, 999 • $70, 000 to $79, 999 • $80, 000 to $89, 999 • $100, 000 to $149, 999 • $150, 000 or more (9) What is your current relationship status? • Single, never married • Married • Widowed • Divorced • Separated • Do not wish to specify Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023. 264:40 B Faiza Tazi, Sunny Shrestha, and Sanchari Das CODE BOOK Table 9. A snapshot of the correlated open codes and themes generated for thematic analysis of the analyzed responses sorted by question Question Why do you think cybersecurity is important/not important to your child/student? Theme Predators Open Code Bad Strangers, Weird Strangers, Age Impersonators, Bullies Generic Importance Privacy Vulnerable Population Inappropriate Content Not Concerned Important for Everyone, Safety is Important, Cybersecurity is a must, To protect from online dangers Data Loss, Data shared online by Child, Data Theft, Identity Theft Children are Vulnerable, Children don’t understand, Children are Naive, Children can’t protect themselves Not age Appropriate Content, Inappropriate content, See something they shouldn’t Child old enough child can protect themselves, Child knows not to, Not Primary Caretaker, Not concerned, Child not Allowed Online for Long Time, Child only Allowed Online for School or Gaming. Malware/Phishing Virus, Malware, Phishing, Clicking on Links, Opening Emails Please give an Privacy Data Loss, Data shared online by Child, Data Theft, Identity Theft example or describe Predators Bad Strangers, Weird Strangers, Age Impersonators, Bullies your experience General Discus- Discuss News, Discuss Frequently, discussing sion cybersecurity or Safe Browsing Safe Web Browsing, Only Allowed on Specific Websites, Not Allowed to safety with your Search on Google child/students Passwords Good Password Practices, Strong Passwords, Password Sharing No Discussion Don’t Discuss, Child Knows, Child doesn’t Understand Malware/Phishing Virus, Malware, Phishing, Clicking on Links, Opening Emails Age appropriate Child is too young, Age Appropriate Discussion Social Media Dangers of Social Media, Posting on Social Media, Owning Accounts On Social Media How can your Class/Training Workshop, Class, Training, Online classes, Course, Seminar child’s school Specific Commu- Email Communication, Phone Class, Communicate about Threats, Commuimprove its nication nicate about Scams, Communicate about Tools communication Better Communi- Prompt communication, Weekly communication, Monthly communication, about cybersecuritycation Fast communication, More Frequent communication, Consistent communiand cyber safety cation Nothing to Im- School is doing Good Job, Nothing to Improve prove Communication Reach out to Students, Teach Students with Students Can you elaborate Privacy Data Loss, Data shared online by Child, Data Theft, Identity Theft on the form of Online Predators Bad Strangers, Weird Strangers, Age Impersonators cyber threats you Malware/Phishing Virus, Malware, Phishing, Clicking on Links, Opening Emails Not age Appropriate Content, Inappropriate content, See something they are most concerned Inappropriate about for your child Content shouldn’t Cyberbullying Cyberbullying, bullying Mental Health Mental Breakdown, Suicide, Bad for Mental Health, Depression Received July 2022; revised January 2023; accepted March 2023 Proc. ACM Hum.-Comput. Interact., Vol. 7, No. CSCW2, Article 264. Publication date: October 2023.