Back in the dark ages of January, 2012, my colleague Alysia Santo wrote a thoughtful piece about how journalism schools were—or were not—equipping their students with the tools and know-how they need to protect their digital information and communications. Many professors Santo interviewed expressed concern about cyber-security threats, and she reported that general awareness of the issue was “certainly spreading.” But at the same time, most academics she spoke to also said that there were no formal training programs in their curricula that would teach students about, say, encryption.

She wrote that piece a little under two years ago, and a lot has happened since then: Edward Snowden’s revelations about NSA surveillance; the Department of Justice’s subpoena of AP phone records; the legal battles of James Risen and James Rosen, and on and on. The technical and legal threats to journalists and their sources have been in place for a long time, but there is now such stark evidence of them that journalists can no longer claim ignorance as a reason not to take the necessary precautions with their data.

Reached again this week, educators Santo interviewed say that, despite these high-profile cases, digital security is still only starting to find a place in their journalism classes. Many of them liken it to computer-assisted reporting or data visualization—there’s a recognition that these skills are vital to the industry as a whole, but there’s disagreement about how they should be incorporated into the curriculum, given a limited amount of time, and whether or not all students should be required to study them in order to earn a degree.

Anecdotally, though, professionals and students do at least seem more aware of the risks to their digital data, and more receptive to solutions, than they may have been in the past. They might just not know where to start. Investigative journalist Steve Doig, whom Santo interviewed for her piece last year, said this week that he now has audience members lining the walls and sitting in the aisles when he gives his talk “Spycraft: Keeping your sources private.” It’s the same talk he’s been giving for years, but the demand for it has exploded.

Frank Smyth has worked with the Committee to Protect Journalists to develop a guide to help reporters evaluate and respond to all types of threats, as well as a guide specifically on digital security basics for the Medill School of Journalism at Northwestern University, both of which he has said can help fill the void until journalism schools get their act together. “Digital Safety for Journalists should be a three credit-hour elective at every school, and it should be recommended, if not mandatory for anyone focused on investigative journalism, national security or, down the road, even school board meetings,” Smyth writes in an email.

Many professors agree with Smyth, and want to see a separate, dedicated class or workshop on digital security incorporated into the curriculum. Geanne Rosenberg, a professor at Baruch College and the CUNY Graduate School of Journalism, told Santo in 2012 that she lectured her students “in general terms” about risk, without getting into technical details, but that she was very interested in seeing journalism schools increase their focus on the topic. Reached this week for a followup, Rosenberg pointed to her colleague Sandeep Junnarkar’s brand new cyber-security “module” debuting this semester. The course description says it will cover specific tools for secure communication, file storage, and general computer health (for instance, how to “permanently delete the content of your trash”).

It can also make sense to teach digital security in the context of other classes, rather than separating it out into its own category. Another CUNY journalism professor, New York Times reporter Andy Lehren, says that he mentions tools like Tor and public and private keys in his international reporting classes. Jane Kirtley, who teaches at the University of Minnesota’s School of Journalism and Mass Communication, says that she has been disappointed with her colleagues’ response to this gap in the school’s curriculum—but that at least she knows the students will hear about it from her, in the program’s required media law course. It’s not enough to teach the basic legal concepts of tort and libel, says Kirtley; she’s also got to warn her students about the threat of hackers and third-party subpoenas.

Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner