BACK-TO-SCHOOL 2023 GUIDE
DISCLAIMER
The following research has been appropriately collated and sourced, with references provided throughout, while general opinions are considered ownership of the author.
BACK-TO-SCHOOL TRENDS
The back-to-school retail period typically starts and ends in August before schools, colleges and universities reopen between September and October. However, research has shown parents are shopping earlier and stocking up on school-related items such as stationery, clothing, electronics, and sporting equipment.
According to the National Retail Federation (NRF), ‘Retail Holiday and Seasonal Trends’ report, consumers are showing signs of resilience during the cost-of-living crisis, impacting society’s economic outlook. For back-to-school and back-to-college, NRF emphasise record spending, as part of a larger survey of 8,000 consumers and products involving K-12 through to college students. On average there has been a strong increase in electronic items being bought since 2022, linking to digitisation, alongside furnishing, clothing and accessories. 43 percent of shoppers agree they need more of these items, with a third suggesting they are spending more because of price hikes and effects from the pandemic. Coinciding, there has been a general increase in electronic use, such as smartphones, laptops, iPads, and tablets for easier integration with how students learn by means of ‘zoom classrooms’, submitting assignments through learning portals online, and general pressures to have the latest technology when interacting with friends.
Blending in-person and virtual learning through technology has become a back-to-school essential. Laptops, tablets, and digital tools have taken centre stage as students navigate the complexities of modern education. For example, e-books and eLearning within online interactive platforms, have caused rising demand for these “tech-savvy gadgets”.
In total, NRF predicts back-to-school trends will reach USD$41.5B(GBP£32B) in 2023, up from USD$36.9B (GBP£29B) in 2022. Discounts and promotions are still prevalent this year, with many consumers shopping around and considering options such as trading down, reselling items, thrifting and only buying essential items. In the UK, leading retailer Marks&Spencers announced its ‘Pre-Loved Back-to-School Uniform Shop’ in June 2023, enabling consumers to donate items including school uniform from any retailer, alongside pieces displaying school badges and logos, later sold in Oxfam stores and on ecommerce marketplace eBay.
Similarly, to help with spending, US-retailer Walmart launched its ‘Classroom Registry Experience’ in July 2023, underpinned by teacher spending reaching a staggering USD$800 (GBP£635) for school supplies. New integrated features within Walmart’s mobile app will assist educators in reducing classroom costs, by planning and sharing item wish lists.
Additional findings for back-to-school, have been analysed by consulting firm Deloitte, suggesting spending for K-12 students is expected to decrease by 10 percent to USD$597 (GBP£470) per individual, while the overall back-to-school market will subsequently decline. Spending on technology is anticipated to decrease 13 percent and 14 percent for clothing items, with shoppers reportedly cutting costs on electronics and clothing, reinforced by inflation and cost-of-living crisis, opting to save through mass merchants (e.g., Walmart, Wilko, and Target), discount retailers, and dollar-stores.
One stop shops are proving a popular choice amongst consumers for back-to-school, with a return to in-store browsing due to more inventory being available, enabling consumers to buy groceries and shopping; with Walmart reaching the lowest price points at 60 percent, Amazon following behind at 49 percent and Target receiving 39 percent.
CYBER SECURITY THREATS & ACTIONS
Education has seen a rise in cyber attacks and cyber security threats, due to heavy reliance on IT infrastructure for daily operations – similar to other industries globally. A shift to online learning and remote working during the pandemic, has led children, and young students to attend classes through online platforms such as Zoom and Microsoft Teams, therefore increasing prevalence of access points for threat actors, who seek to steal personally identifiable information (PII) including medical records, email addresses, and payment data.
Please consider the following guidance on current threats to the industry.
Shopping Scams. Can be carried out through creating fake online stores, offering discounted school supplies, uniforms, and electronics. After purchase, these items will not be delivered to the buyer, due to being falsely advertised. Threat actors can promote fake stores and products through fraudulent social media ads to entice students and parents into revealing details on their websites at checkout, enabling collection of payment data. Recent scam campaigns observed by security researchers have identified the use of malicious PDF documents labelled ‘back-to-school tips’, sent to victims to lure them into clicking an attached URL link, redirecting to the malicious site. In July 2023, Ecommerce platform Amazon was reportedly being targeted by phishing campaigns, through newly registered domains relating to the term ‘Amazon’, taking advantage of its ‘Amazon Prime Day’ sales which many back-to-school shoppers go to for discounts on supplies.
Identity Theft and Deepfakes. Scammers are employing various identity theft tactics to exploit students and parents when attempting to gain unauthorised access to school databases and retrieve personal information. For example, creating fake enrolment forms to collect sensitive data, and sending well-crafted phishing emails posing as educational institutions or retailers, to trick victims into sharing login credentials. Deepfake AI technology is also emerging as an enabler for cyber crime activities, used to create convincing voice recordings of school officials and mimic students' or teachers' voices to trick parents into making payments and sharing personal information, taking advantage of the trust and urgency surrounding back-to-school activities.
Ransomware and Data Stealing. Are known to cause severe impacts towards education. In January 2023, 16 schools including private academies in Yorkshire, Northern England, UK, were effected by ransomware, resulting in threat actors demanding GBP£15M in return of access to systems. Because Internet access was prohibited, lessons had to be planned and carried out via pen and paper teaching, until operations could be resumed. A few months prior, 14 schools across the UK suffered disruptions by a prolific ransomware group Vice Society in September 2022. This threat group specialise in stealing data and extorting it for payment to fund future campaigns – having targeted many industries over the years including education, retail, and hospitality. Compromised data included children’s passport scans, special needs requirements and employee payroll data.
Actions educational institutions can take against ransomware and data theft include:
Update and install the latest patches on vulnerable / outdated software systems,
Employ phishing awareness training and ensure employees know they can use the ‘Report Phishing’ option in Outlook,
Endpoint security solutions such as network segmentation and firewalls,
Backup data using the 3-2-1 rule (a.k.a. two copies stored online, and one copy of data in an offline environment).
Artificial Intelligence (AI). AI in education can aid collaboration, helping to form social media posts, while students prepare for public relations, communications and social media manager roles. In schools, parent / teacher conferences can be simplified through showing students’ performance across the academic year, for automation and tracking. AI enables virtual tutoring, and personalised education programmes, and online learning environments to supplement traditional educational content for scalability. Schools, colleges, and universities are becoming early adopters of generative AI tools for teaching and learning. For example, a school district in Iowa, US, is using OpenAI’s natural language learning model ChatGPT to ban books lacking ‘age-appropriate material’, resulting in removal of 19 books from several school library collections. Teachers are also beginning to relay generative AI policies, specifically in universities, and encouraging its use within monitored Facebook groups such as ‘Higher Ed Discussions of Writing and AI’, and ‘Google group AI in Education’.
Some of the challenges to AI involve increased loss of creativity in education, and accessibility to data, GDPR concerns, and services like ChatGPT only being as good as its training data.
How do we minimise AI risks?
Security researchers have posed alternatives to ChatGPT, and AI, such as teachers requiring students submit handwritten homework, meaning students have no choice but to read the material assigned before submitting a report; teachers can also grade papers submissions no higher than 89 percent (or a “B”), but that to get an “A,” the student would have to stand in front of the class and verbally discuss the material, their research, their conclusion, and answer any questions the teacher or other classmates might ask. Banning the use of ChatGPT altogether in schools, colleges, and universities can be an alternative option, with global trends showing these technologies were restricted on devices and networks. The New York City public school district became one of the first to temporarily ban ChatGPT from its schools’ devices and networks in January 2023, however was reversed months later. Several schools and universities in Australia also introduced restrictions on the use of generative AI tools, including initial bans by the public-school systems in all Australian states other than South Australia, although it is likely this will be lifted in 2024.
CURRENT CYBER STRATEGIES & IMPACTS
The UK government has introduced free training resources, published online in August 2023 as students prepare to head back-to-school this September, encouraging cyber skills learning and aspirations among children. Coinciding, 50,000 students in the UK have been registered to the ‘Cyber Explorers’ programme since it first launched in 2022, promoting digital literacy, and increasing young student’s safety online by moderating content and addressing disinformation.
Awarding achievements to educational institutions goes a long way in raising awareness about cyber safety practices and hygiene. In August 2023, the University of Kent was recognised by the UK National Cyber Security Centre (NCSC) as an Academic Centre of Excellence in Cyber Security Education (ACE-CSE), receiving a Gold Award for ensuring cyber security remains high on the university’s agenda.
Towards the end of July 2023, the Biden-Harris Administration in the US, published a set of strategic objectives for training and securing the future of cyber talent – unveiling its ‘National Cyber Workforce and Education Strategy (NCWES)’. The most important takeaways involve leveraging a collaborative workforce through developing ecosystems to meet cyber workforce demands, and greater diversity and inclusion. Combating a decline in K-12 school teaching capabilities is also high on the agenda and remains a present challenge for students when accessing education in cyber security-focused subjects. Colleges and universities will be expected to collaborate more with educational agencies and government to innovate programs and increase the number of educators who teach cyber-skills in the future.
The US continues to drive initiatives to combat future labour shortages in the cyber sphere. For example, ‘Cyber.org’ is providing K-12 school education online to empower educators to teach cyber security skills through ‘Project Reach’, targeting Black and minority communities, and ‘Project Access’ for blind and visually impaired students – funded by the Cyber Security and Infrastructure Security Agency (CISA).
In the UK, CyberFirst Schools & Colleges is an initiative set up by the NCSC and GCHQ, delivered by IN4 Group in the Northwest, to encourage a diverse range of young people in their pursuit of a cyber career. CyberFirst also host bursary schemes to support undergraduates through university, degree apprenticeship opportunities, and girls only competitions.
Overall, K-12 through to higher education and university institutions must consider and ensure employees, faculty, visitors attending in-person activities and students learning on campus and within online environments, are well adverse about cyber risks and have access to the appropriate resources. Sharing tools, building a community, and remaining curious in the field of cyber is our best chance at keeping protected against the symptoms of modern life – technology has grown more free-spirited overtime, and it’s up to us to stay updated.
