Home Search
Search results for

"safeguard"

phone, pencil, earbuds, and eyeglasses
CTO/CIOCybersecurity

Cybersecurity Resources for Planning, Prevention, and Safeguarding Data

by Miguel Guhlin
written by Miguel Guhlin

As Cybersecurity Month 2021 looms, I am reminded of two incidents that occurred under my watch as a technology director. The first was a ransomware attack due to a Yahoo email attachment. At an elementary school, the ransomware knocked the point of sale food service computers offline. The problem had hit right after lunch. But no one reported it until late in the day. Consequently, I scrambled the team and descended on the campus at 4 p.m. on a Friday afternoon. Then, the second ransomware attack came. As a result of this attack, five years of federal reporting data went missing. With a data protection impact assessment or privacy impact assessment, the issues might have been lessened. It was all preventable if only district staff had listened to recommendations.

“I don’t think there’s a school district in America that doesn’t have important digital assets sitting on a computer somewhere that needs to be protected,” said Michael Kaiser, executive director of the National Cybersecurity Alliance. “We know schools sometimes don’t like to report incidents. Responding right away and bringing in law enforcement should be encouraged.”

Source: Cybersecurity in K-12 education

Recent Cyber Incidents

In August of 2021, there were 84 cyber incidents worldwide. Those accounted for 60,854,828 breached records (source). Here are a few more in the last few months, which affected school districts in the United States:

September 2021 wasn’t looking any more promising than August. For example, at the time this blog entry was written, North East ISD in San Antonio, Texas reported a potential breach as well. Would anyone argue that there isn’t a problem?

Have You Seen This?

If you go to StopRansomware.gov, you will access a resource from the United States Government. Once there, you can access resources, a newsroom, see alerts, and report ransomware.

NBC News Reports Leaked Children’s Data

In their article Hackers Are Leaking Children’s Data — and There’s Little Parents Can Do, NBC News reported data breaches for over 1,200 school districts in 2021. Here is just some of the harrowing information from the article:

“Some of the data is personal, like medical conditions or family financial statuses. Other pieces of data, such as Social Security numbers or birthdays, are permanent indicators of who they are. Their theft can set up a child for a lifetime of potential identity theft.”

“One of those [files], still posted online, is an Excel spreadsheet. It lists approximately 16,000 students. That is, roughly, the combined student population of Weslaco’s 20 schools last year. It lists students by name and includes entries for their date of birth, race, and gender.  Social Security number is indicated as well as whether they’re an immigrant, homeless, marked as economically disadvantaged. It also flags those potentially dyslexic.”

cybersecurity week

Safeguarding Sensitive Data

What can students and their parents do? Check out some suggested steps, including freezing student credit while they are still underage.

You can also get a copy of my free guide Safeguarding Sensitive Data: Data Breach Prevention and Response Plan. It’s available as a Google Doc or an electronic ebook (ePub format). In it, you will find suggestions on prevention. You will also find policies to put into place which I developed to guide my school district’s efforts. Is your organization ready for ransomware and data breaches?

Explore Relevant Resources

In the meantime, what can school districts do? Focus on prevention with proactive measures instead of being reactionary. Most importantly, safeguard against ransomware and cyberattacks. In addition, provide professional learning for all staff on how to protect sensitive data. Finally, take the time to review cybersecurity resources and guides like the resources I provide here.

cybersecurity week

Resource #1: The Cybersecurity Workforce Training Guide

Not sure where to start? Explore the Cybersecurity Workforce Training Guide released in August of 2021. The guide helps professionals develop a training plan. It also provides over 100 training resources and certification prep courses for technical support. The guide is interactive and available online. At the very least, it suggests that this topic requires study.

Resource #2: National Standards for Districts

In August of 2021, the K12 Security Information Exchange (K12 SIX) shared resources that include protective measures every school district should put in place.

cybersecurity week

Resource #3: Cybersecurity K-12 Fact Sheet

Need assistance in selling the message? Grab a copy of the Cybersecurity K-12 Fact Sheet. It can help you explain the complexities of protecting your school’s data assets. For this purpose, it covers a wide variety of topics, including cyber insurance. Another great resource to consider is The Data Breach Survival Guide.

Resource #4: Statewide Cybersecurity Awareness and Training

Looking for a starting point aside from what has been shared above? Take a look at Texas’ Statewide Cybersecurity Awareness Training website. You may also find the Texas Cybersecurity Council resources worth looking into. As you may not know:

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees to complete a certified training program. The statute also requires state and local government employees to complete a certified training program.

School districts only need to have a cybersecurity coordinator to receive the training. A reporting form is available online.

Start the Work

Cybersecurity Month (October 2021) may be the time your organization takes cybersecurity, protecting against data breaches, seriously. If not, consequently, the next major network news source may find your district’s student confidential data on the dark web.

Did You Know?

TCEA offers an online, self-paced course to prepare you to protect your own and district data. It is geared towards individuals who may want to learn more about safeguarding sensitive data. Register now for TCEA’s Data Guardian course.

Feature Image Source

Photo by Dan Nelson on Unsplash

0 comment
1 FacebookTwitterPinterestLinkedinEmail
Android phone
AndroidCybersecurity

Safeguard Your Android Device

by Miguel Guhlin
written by Miguel Guhlin

Did this holiday season leave you with an Android device in your hands? If so, you’re not the only one. “Between them, Android and iOS accounted for 99.6 percent of all smartphone sales in the fourth quarter of 2016,” says James Vincent (Gartner as cited in The Verge). “Of the 432 million smartphones sold in the last quarter [2016], 352 million ran Android (81.7 percent) and 77 million ran iOS (17.9 percent).”According to Google, as cited by MacRumors, over two billion Android devices are in use around the world.

Unfortunately, more Android devices means more opportunities for malware and hacking. Join me as we explore some of the apps that can protect you from malware, hackers, and intrusion. Don’t be afraid to pass these tips to your children/students as they begin to explore the wild, wild world of Android. After all, Bring Your Own Device (BYOD/BYOT) initiatives are ever-increasing in schools.

Note: One handy app that I used to get a list of all the apps on my Android phone is List My Apps. This app makes it simple to get your Android app list emailed to you with links.

#1- Anti-Malware Tool

While there are many anti-malware tools in the Google Play store, not all are safe. For example, some anti-malware tools may masquerade as helpful tools to capture your sensitive data. With an Android device, just like the Windows operating system, you may put yourself at risk without anti-malware tools. Tom’s Guide provides a list of tools.

My favorite one, though, is BitDefender Mobile Security for $15 a year. The app offers a host of features, making sure you don’t let malware install itself or hitch a ride on existing apps. You can lock individual apps to prevent others from opening them; useful if you lose your phone while it is unlocked. This is quite important, especially if you decide to take foolish advantage of third party apps (e.g. GetJar) not approved in the Google Play store.

Did You Know?
If you lose your phone, you can use Android’s Find My Device feature to locate it via GPS or remotely wipe the information on it. Wow! To turn that on, go to your phone’s Settings, then Google then Security. If you have not done so already, make sure to get the Find My Device app. Setup is a snap.

#2- Protecting Your Camera and Microphone Access

Did you know that the camera and microphone on your device can be activated remotely? Worse, once activated, you can be spied upon.

Researchers have discovered a design flaw in Android that can be used to remotely capture screenshots or record audio… without the user’s knowledge or consent. (Source)

Two apps that I use on my Android phone to protect against this include Camera Blocker and Microphone Block Free. Each offers a free version that will allow you to flip the ON/OFF switch on your camera or microphone. You can turn these off when you need to snap a picture or answer your phone.

#3- Prevent Robo Spam Calls

Finding yourself receiving an unending stream of robocalls and spam? Give Hiya a try. It features “spam detection and call blocking capabilities.” These help you “avoid unwanted and dangerous calls.” This app has blocked countless calls to my mobile phone. On Android, Hiya pops up with caller ID to let me know who is calling. This allows me to decide if I want to waste my time responding. For phone numbers not in the Hiya database, I have the option of adding new numbers.

Hiya Call Block Security identifies the calls you want to take and blocks the numbers and texts you want to avoid. Hiya is free (no ads!), and is incredibly easy to use. It offers the ability to block calls, blacklist unwanted phone numbers and SMS text messages, reverse phone search incoming call information, and receive spam alerts.

The best way to win an argument with a telemarketer or spammer is to avoid it. Younger phone users may not know how to say “no.” Get them Hiya so they can avoid a data-compromising conversation.

#4 – Virtual Private Network (VPN)

If you are using public WiFi, make sure to get a virtual private network (VPN) solution. You can find a great overview of why you should use a VPN over at Pixel Privacy. Here’s why a VPN is such a great idea:

A laptop and mobile device user visits her favorite coffee shop, connecting to the free Wi-Fi hotspot to access the internet. She uses the unprotected hotspot to pay bills, do her banking and shop on Amazon. Meanwhile, a quiet young man sits in the corner, sipping his latte and monitoring her internet connection, stealing valuable personal and business information.

Packet sniffing happens all the time. Use a free solution like Opera VPN or a subscription service like Private Internet Access (PIA).

#5- Password Manager

Keeping track of a million passwords can be quite a hassle. Two tools I have found helpful include Secure Space Encryptor (SSE) and/or KeePassDroid. Both work on your mobile phone. You can keep track of your usernames and generate more complex passwords than “password” or “dragon.”

In future Android-related blog entries, we’ll take a look at additional tools you can use to safeguard your data.

 

0 comment
0 FacebookTwitterPinterestLinkedinEmail
art aprons hanging on hooks in classroom
CybersecurityLeadership

Safeguarding Student and School Privacy

by Miguel Guhlin
written by Miguel Guhlin

Safeguarding student privacy and the security of networks remains a key priority for education leaders. In December, 2016, school leaders came together to match answers to tough questions as they heard from industry experts on ways to protect what is most important to them. In this blog entry, learn how to get access to the powerful presentations and conversations that took place.

How Do I Get the Summit Resources?

You can access the audio, presentation slides, and more of the sessions online now for a nominal fee ($49). You will need to have a TCEA log in.

What Exactly Will I Get?

Presentation slides, pictures, and  audio recordings of the high-level speakers will be yours to explore and reflect on. In addition to Bill Fitzgerald’s (of Common Sense Media) keynote, critical areas addressed include:

  • Understanding DDoS Attacks,
  • Securing Single-Sign-On (SSO)
  • Security/Privacy Legislative Panel

TCEA’s Commitment

TCEA is committed to creating professional learning and networking opportunities that address the needs of Chief Technology Officers (CTOs) and Directors/Coordinators of Technology in K-16 education institutions. Be sure to join your colleagues at the Friday, May 12, 2017 event.

0 comment
0 FacebookTwitterPinterestLinkedinEmail
Fence with padlocks affixed to individual strands
CybersecurityLeadership

Process Check: Safeguarding Student Privacy

by Miguel Guhlin
written by Miguel Guhlin

“What approaches do you have in place to safeguard student data and privacy?” From student assessment data to personally identifiable information to counting how many times students visit the restroom, administrators are working to put tracking systems in place. These systems (such as Google Sheets/Form where students submit data about themselves without parental knowledge) make it easier for schools to record and track information on students, but they may also put sensitive data at risk. What is your organization’s process for safeguarding student privacy?

What’s Your District’s Process?

“There’s no right or wrong answer,” says Bill Fitzgerald of Common Sense Media, “except to not have a process to evaluate how data will be maintained over time.” Whatever the original positive intent, each campus and/or district should evaluate how it intends to use and share collected student data BEFORE any program to gather that data is implemented. The process may include something as simple as the following:

  1. Prepare the program for a pilot implementation.
  2. Invite stakeholders, including students, parents, and educators, to meet and discuss the proposed program. Some points to ponder:
  • What are the positive and negative aspects of the program?
  • Who will access the digital data and for what purpose?
  1. What does the Committee think about objections by the Electronic Frontier Foundation (EFF) and other organizations that make these assertions (Source)?
  • While there is an expectation of supervision and guidance in schools, monitoring the detailed behaviors of individuals can be demeaning.
  • Tracking and monitoring young people in their development may condition them to accept constant monitoring and tracking of their whereabouts and behaviors.  (Source: Chip Free Schools as cited by Slate)

Conclusion

Before you purchase and implement a system that tracks students’ movements or data, give serious thought to the process steps you may have overlooked. Doing so can save time and trouble later, resulting in a safer environment.

0 comment
0 FacebookTwitterPinterestLinkedinEmail
network cables plugged into an network hub
Cybersecurity

Safeguarding Sensitive Data: Part 2

by Miguel Guhlin
written by Miguel Guhlin

Ready to find out more about safeguarding sensitive data? In this second part of our cybersecurity series, we will continue exploring the different aspects of safeguarding your data. (In case you missed it, you can still read the first part of this series.) Here are some steps you can take immediately to protect sensitive data at work and home:

  • Encrypt ALL confidential data and personally-identifiable information (PII) at rest and in transit. (View this free tutorial). Assume that anyone can bypass district network security and that the computer on your desk, whether laptop, Chromebook, or desktop, can be worked on as if someone was sitting in front of it. Want to send an email or store data in the cloud? Encrypt the files and the message itself if it deals with confidential data or PII.
  • Use a password tool to generate uncrackable passwords and change them regularly. There are many password managers, like 1Password and LastPass that are online, while others can be saved on your computer or device (e.g. Keepass). You can always use a Secure Password Generator to come up with tough ones. This sure beats writing them on a post-it note and sticking them to your computer or desk (I actually saw a desk covered in these once).
  • Avoid sharing confidential data or PII with students and staff. That information can be used to create bank accounts, etc. This can also include leaving confidential data or PII on your desk at work or in your paper notebook in the car. Whether it’s digital or paper, you still have to pay for identity theft protection!
  • Shred paper copies. It doesn’t matter if you are all digital if a paper copy ends up being stolen from your desk, car, or home. Shred paper as soon as possible.
  • If it’s confidential or sensitive data, the website you are connecting to should have https:// as part of the URL. If not, refuse to enter the information in.
  • Back up your data frequently. It’s obvious, but this is something you can easily do using tools like Dropbox and GoogleDrive. Encrypt your data first before backing it up. And back it up to different places. Maybe you back it up to Dropbox on Mondays, Wednesdays, and Fridays. On Tuesdays and Thursdays, you back it up to Google Drive. If you don’t like the cloud, get a USB external drive. Just make sure to encrypt your data, one file/folder at a time or a whole drive at a time. Just do it.

Steps to Stop Infiltration

Help protect the school district against infiltrations caused by virus/malware attacks that could begin with your computer.

  • Avoid using obsolete, insecure computer operating systems. If your school district is too cheap to upgrade the computers you use, then make sure you don’t do anything personal on them. File a written request citing the need for a more secure operating system. And ask for a newer computer model with up-to-date operating system (e.g. Windows 7 or Mac OS 10.7 or greater).
  • Be careful with email attachments. Don’t just automatically double-click on the attachment someone has sent you. First ask yourself, “Is it reasonable that this person sent me an email attachment? Is the email abrupt or doesn’t make sense? Does the file attachment have an EXE extension or the filename doesn’t make sense?” If the answer to any of these questions is YES, stop and scan the file attachment with your antivirus/anti-malware program (e.g. AVG, Avast are two free ones).
  • Avoid phishing attacks. Just this year, I received an email from a lawyer that purported to be a GoogleDoc, but was a phishing scam (Find out more).
  • Make sure your home computer is protected from viruses and malware. Anti-virus/malware software is available at no cost for personal, home use. Your district should have an enterprise anti-virus/malware solution for your work equipment.
  • Add a password or WiFi key to secure and encrypt your home wireless access. It’s so easy to “sniff data packets” these days (I tried it with free tools and was shocked how easy it was) that you need to prevent unauthorized access to your wireless. (In some cases, this means upgrading your wireless router’s firmware.)
  • Avoid “dodgy” sources of software or apps. These days, you can get your software/apps from approved creators/developers or somewhere else. Most of us should stick to only approved outlets for software because “somewhere else” sources sometimes result in “bonus” malware.

It’s no longer enough to rely on the benevolent protection of your school district to safeguard digital data. There are too many ways that hackers and dishonest people can access confidential information. Part of good digital citizenship involves learning how to safeguard sensitive data. Start now because the challenges will only grow the more you learn and as time progresses.

 

0 comment
0 FacebookTwitterPinterestLinkedinEmail
cybersecurity
Cybersecurity

Safeguarding Sensitive Data: Part 1

by Miguel Guhlin
written by Miguel Guhlin

“People are living in an unprecedented condition,” shares the 2014 Pew Research Report on The Future of Privacy, “of ubiquitous surveillance.” And, although we are now in 2016, did you know that 2014 was known as the Year of the Hack, according to CNet?

“The tone was set in January as we learned details about the Target credit card breach, along with a Snapchat hack that revealed millions of user phone numbers,” shared CNet. Safeguarding sensitive data has grown even more important. Since then, there have been many more hacks, including the Sony Pictures Entertainment hack, which stopped the release of “The Interview;” perhaps we should be grateful for that. Of greater concern, though, is the loss of student and staff personally-identifiable data (PII).

The loss of PII is signaled by facts like the following:

  • 97% of stolen computers are NEVER recovered.
  • Direct costs are incurred by school districts for having to notify individuals whose confidential data has been compromised, as well as notify credit agencies.
  • The cost of paying for credit protection for individuals is affected.
  • The school district may suffer damage to reputation.
  • Staff may be disciplined or terminated, depending on the severity of the data breach.

The failure to understand how to safeguard sensitive data means that districts who suffer a data breach have no recourse; they must pay to protect against identity theft. Yet, if every staff member practiced the following tips, data could be easily safeguarded.

  • Lock or log out of your computer when you leave it alone. Going to lunch? Going down the hall to the restroom? Make sure to secure your computer or device. Don’t leave it logged in, even if you’re just on your web browser checking out the lunch menu.
  • Never use work email for personal purchases and/or items. Aside from being “discoverable” during public records or legal proceeding (which you may not even know is happening), you should use a different email for finances. Move your financial management to another email system.
  • Use two-factor authentication for emails and other services. “Two-factor authentication is a simple feature that asks for more than just your password. It requires both “something you know” (like a password) and “something you have” (like your phone)” (source: LifeHacker). Two-factor works on sites like Google, LastPass, Apple, Facebook, Twitter, Dropbox, Evernote, Paypal, Steam,Microsoft, Yahoo (avoid them), Amazon, LinkedIn, and Wordpress. This will help prevent unauthorized use of your account unless they have your username, password, AND your smartphone.
  • Don’t read spam messages; delete them un-opened. Most email providers (like Gmail) have a way of marking messages as spam. But sometimes, spam slips through those filters they’ve set up to catch unwanted email. That means it’s up to you. Some spam is obvious; others are more clever.
  • Access confidential data on your work device ONLY. If you work from home, make sure that you encrypt confidential data on your mobile device (e.g. laptop) for travel (yes, even for that short trip from work to the grocery store to home). If you decrypt confidential data, make sure to shred it off your computer (it’s easy to recover deleted files). Apple Macs come with “Secure Empty Trash,” and on Windows, you can use the free File Shredder program.
  • Do not put unencrypted confidential data on a USB flash drive or external hard drive or CD-ROM. This is the source of many a confidential data breach!
  • Secure your smartphone and remove confidential/sensitive data from your personal mobile phone after each use. Lots of folks use their smartphones to access work details. Make sure you protect that by a.) Putting a passcode on your phone, or better yet, encrypting your phone’s storage with a password; b.) Shredding data on your Android phone (get SSE app for free), or, if on iOS, useReaddle Documents (free) with a passcode and encryption, which adds another layer of protection. And finally, AVOID saving confidential data on your smartphone from your email (and any emailed confidential data should be encrypted. See Part 2 for more tips.).

Read Part 2 now!

 

0 comment
0 FacebookTwitterPinterestLinkedinEmail
Advocacy

TCEA’s 2025 Legislative Priorities

by Macee Hall
written by Macee Hall

Here at TCEA, we are dedicated to supporting educators of all kinds through the tools, guidance, and policies they need to thrive. And, while our members hail from around the globe, we are deeply passionate about educational advocacy in our home state of Texas. That’s why our TCEA Board of Directors recently approved TCEA’s 2025 Legislative Priorities, a roadmap for advocacy that focuses on key areas like artificial intelligence, broadband access, digital learning, virtual education, and cybersecurity. With the 89th Texas Legislature coming up in just a few short months, these priorities are designed specifically to make a lasting impact on teaching and learning across the state.

What TCEA’s 2025 Legislative Priorities?

TCEA’s 2025 Legislative Priorities reflect its dedication to advancing teaching and learning through technology. Here’s a closer look at the key areas TCEA will advocate for:

1. Artificial Intelligence (AI)

AI is reshaping education, but with great potential comes great responsibility. TCEA supports the creation of ethical and equitable standards for AI in schools, ensuring its use prioritizes student well-being, data privacy, and the integrity of education.

2. Broadband Access

Access to high-speed internet is critical for every Texas student, no matter where they live. TCEA will push for programs that expand broadband infrastructure, particularly in rural and underserved areas. By advocating for public-private partnerships and targeted funding, TCEA aims to ensure every district is connected and every student has equitable access to digital resources.

3. Digital Learning

Digital learning is a cornerstone of 21st-century education, and TCEA’s priorities focus on:

  • K-8 Technology Applications: Safeguarding the inclusion of foundational tech skills in early education to set students up for long-term success.
  • Blended Learning Professional Development: Providing educators with professional development to effectively integrate the latest technologies and blended learning strategies into their teaching.
  • Effective Device Use: Promoting responsible policies and practices for using electronic devices in the classroom to enhance learning and minimize distractions.

4. Virtual Learning

TCEA is advocating for robust, high-quality virtual learning programs that give districts the flexibility to meet the diverse needs of their students. This includes ensuring programs are well-funded, uphold high standards, and provide opportunities for micro-credentialing educators.

5. Cybersecurity and Technology Infrastructure

Cybersecurity threats are a growing concern for Texas schools. TCEA supports:

  • Training for School Employees: Preparing educators and staff to recognize and respond to cybersecurity threats.
  • Sustained Funding: Securing ongoing funding for technology infrastructure to protect sensitive data and maintain efficient systems.

How TCEA Will Advocate During the 89th Texas Legislature

TCEA’s advocacy approach is all about collaboration and impact. During the 89th Texas Legislature, the association will work with policymakers, educators, and industry partners to push for the adoption of these priorities. This includes:

  • Engaging Legislators: Meeting with state leaders to share the real-world needs of schools and how these policies can make a difference.
  • Mobilizing Members: Empowering TCEA members to amplify their voices and share their experiences with decision-makers.
  • Building Coalitions: Partnering with other organizations and stakeholders to create a united front in support of these critical issues.

By combining grassroots advocacy with strategic partnerships, TCEA is ensuring that Texas educators and students are positioned for success in a rapidly evolving digital landscape.

Why These Priorities Matter

Every student deserves access to the tools and opportunities they need to succeed in today’s technology-driven world. Whether it’s through expanded broadband, innovative AI tools, or secure learning environments, TCEA’s 2025 Legislative Priorities address pressing needs of Texas schools.

As TCEA prepares to champion these priorities in the Texas Legislature starting in January, educators can rest assured that their voices are being heard and their needs are being prioritized. Together, we can build a future where technology empowers every learner and educator in Texas.

0 comment
1 FacebookTwitterPinterestLinkedinEmail
Supercharge your technology planning with the AI Plan Analyzer
AI/VRCybersecurityDigital CitizenshipLeadershipPlanning and PreparationSysAdminTechnical Support

Supercharge Your Tech Plans with the AI Plan Analyzer

by Miguel Guhlin
written by Miguel Guhlin

In the ever-evolving world of technology, having a robust and comprehensive plan is crucial for organizations of all sizes. But how can you ensure your technology plans are up to par? Enter the AI-Powered Plan Analyzer, a cutting-edge tool designed to revolutionize the way we assess and improve our technology strategies. While it can’t dig a trench, run fiber, or set up a printer, it can free up some time for you to knock out those other .

What is the AI-Powered Plan Analyzer?

The AI-Powered Plans Analyzer is designed to provide:

  • In-depth assessments of various technology-related plans and strategies
  • Valuable insights, key performance indicators, service-level agreements
  • Recommendations for improvement

Plus, you can access the ChatGPT Custom GPT, TCEA AI-Powered Plan Analyzer at no cost!

What Problems Does It Solve?

You may be wondering, “What problems does this solution solve?”

Well, quite a few! Here are some:

ProblemSolution
Inconsistent Assessment of Technology PlansGenerates standardized assessment rubrics to evaluate District Technology Plans aligned to criteria
Lack of Expertise in Cybersecurity and Incident ResponseDetailed analysis and scoring of plans, including cyber, incident response, and disaster recovery
Visualizing Complex Network MapsCreate visual representations of network maps and diagrams
Too Much Data in Tech Support MetricsAssess metrics and offers feedback
Managing Ed Tech DeploymentsEvaluates Ed Tech deployments
Inefficient Project Planning and ExecutionOffers Project Management Support
Time-Consuming Documentation and Content CreationOutput Rubrics and Assessments in various formats

You now have an idea of what Analyzer can do. Let’s take a look at the rubrics powering the Analyzer. You can print them in a variety of formats, including PDF, markdown, MS Word, etc.

Comprehensive Assessment Rubrics

Diverse assessment rubrics, each tailored to evaluate specific aspects of technology planning, are available. Let’s take a look at a few of them.

  1. Cybersecurity Plan Assessment. This rubric evaluates the effectiveness and comprehensiveness of your cybersecurity strategies. It aligns it with the NIST Cybersecurity Framework (CSF) and other relevant regulations.
  2. Cybersafety Plan Assessment. This rubric focuses on user education, content filtering, and privacy protection. It aligns to important regulations like CIPA and FERPA.
  3. Network Map Assessment. This tool evaluates the clarity, security, and scalability of your network maps. It ensures your infrastructure documentation is up to standard.
  4. K-12 School District Technology Plan Assessment. This rubric assesses technology plans against state education technology standards and E-Rate program requirements.
  5. Helpdesk and Technology Support Assessment. This rubric evaluates the efficiency and quality of your IT support services. The goal is to help you optimize your technology assistance strategies.
  6. Equipment Replacement Plan Assessment. Stay ahead of technological obsolescence with this rubric. It focuses on maintaining and upgrading technology infrastructure.
  7. Disaster Recovery and Business Continuity Plan Assessment. Ensure your organization is prepared for the unexpected with this rubric. It evaluates the effectiveness of your disaster recovery and business continuity plans.

Access all the rubrics online via this document. Remember, you can customize them via the prompts you use; sample prompts are available to get you started. You will also find additional tools available based on infographics.

Project Management Action Phases

One of my favorite assignments for candidates for the IT/Tech Director certification has been to have them plan a project. They often rely on a tool like the one below:

Now, you can ask the AI-Powered Plan Analyzer to generate the various components reflected in the action steps.For example:

PhaseActionExample
StartDefine the project scope, objectives, and key stakeholders.Objective: Deploy 50 wireless access points (WAPs) across the campus to enhance network coverage and performance.
PlanDevelop a detailed project plan, including a timeline, resource allocation, and risk assessment.Task: Schedule site surveys and allocate team members for each building, ensuring equipment availability and addressing potential interference issues.
ExecuteImplement the project plan by installing and configuring the wireless access points.Action: Deploy WAPs in Building A and B in the first week, conducting tests to verify signal strength and coverage before moving to the next buildings.
StopReview the project outcomes, close out any remaining tasks, and document lessons learned.Task: Conduct a final inspection of the deployment, gather feedback from IT staff, and document any challenges encountered for future reference.

This can be translated into a Gantt chart easily, one that you can adapt and use right away.

Give it a spin.

Alignment with Industry Standards

One of the key strengths of the AI-Powered Plans Analyzer is its alignment with various state and federal standards. Whether it’s the NIST Cybersecurity Framework, ITIL best practices, or FEMA guidelines, these rubrics ensure your plans not only meet your organizational needs but also comply with relevant regulations and industry standards.

Let’s take a closer look under the hood of the Analyzer and see how it aligns to various standards and guidelines.

CyberSecurity Focused

Document/ResourceRelated Standards/GuidelinesAlignment Notes
K-12 Cybersecurity Implementation GuideTexas K-12 Cybersecurity Framework, National Institute of Standards and Technology (NIST) CSFAligns with guidelines for implementing impactful cybersecurity measures in schools, addressing state and national standards for cybersecurity.
Implementing Most Impactful Security MeasuresNIST Cybersecurity Framework, Texas Cybersecurity FrameworkProvides recommendations aligned with recognized cybersecurity frameworks, ensuring that schools adopt effective and compliant security measures.
Texas K-12 Cybersecurity InitiativeTexas Department of Information Resources (DIR)Adheres to state directives on cybersecurity initiatives tailored to the K-12 environment.
Guide to Cybersecurity Risk AssessmentNIST Risk Management Framework (RMF), Federal Information Security Management Act (FISMA)Guides risk assessment processes in accordance with national and federal risk management standards for cybersecurity.
Cyber Insurance StandardsCybersecurity & Infrastructure Security Agency (CISA) GuidelinesProvides insurance guidelines consistent with CISA’s recommendations for managing cyber risks in K-12 environments.
National Cybersecurity Review (NCSR) 2024 FAQ SheetNCSR, DHS Cybersecurity Performance GoalsAligns with national cybersecurity performance review standards to guide school districts in meeting cybersecurity expectations.
Safeguarding Sensitive Data – Encryption/Decryption ToolsFederal Information Processing Standards (FIPS) 140-2, CISA GuidelinesProvides encryption/decryption tools recommendations that adhere to federal standards for data protection.
Key Findings and Recommendations in K-12U.S. Department of Education, State Cybersecurity LawsHighlights best practices and recommendations aligned with federal and state regulations for cybersecurity in K-12 education.

Technical Standards and Metrics

Document/ResourceRelated Standards/GuidelinesAlignment Notes
Standards for Permissible Electronic Devices and Software ApplicationsTexas Education Agency (TEA) GuidelinesEnsures compliance with state-level requirements for electronic devices and software applications used in educational environments.
Technician Appraisal ChecklistTexas Educator Evaluation and Support System (T-TESS)Evaluates technician performance using criteria consistent with state guidelines for educational staff appraisals.
Tech Instructional Programs Purchasing RubricTexas Education Code (TEC) Chapter 44, Subchapter B, National Education Technology PlanEvaluates purchasing decisions in alignment with state procurement standards and national technology planning guidelines.
Technology Support MetricsInformation Technology Infrastructure Library (ITIL)Establishes support metrics that align with ITIL standards, ensuring efficient and standardized technology support in educational settings.

TCEA Project Management Action Phases and Supporting Documents

Document/ResourcePurposeAlignment Notes
TCEA Project Management Action Phases InfographicGuides users through the project management phases: Start, Plan, Execute, StopAligns with PMBOK (Project Management Body of Knowledge) standards, providing structured guidance for managing tech-related projects.
De-Implementation Options InfographicOffers strategies for de-implementation processesSupports strategic project management by guiding the discontinuation or re-engineering of ineffective practices.
TCEA Equipment Replacement Plan Assessment RubricAssesses equipment replacement plansAligns with asset management best practices and TEC standards, ensuring strategic planning and budgeting for technology lifecycle.
TCEA Key Performance Indicators (KPI) GuidelinesSuggests actionable KPIs for various technology areasAligns with ITIL and strategic management practices, providing metrics for evaluating and improving technology operations.
Executive Summary Utilization GuideGuides in creating tailored recommendations based on executive summariesAligns with strategic planning guidelines by ensuring that project recommendations are grounded in thorough analysis and context.

What’s more, the Analyzer gets new update from time to time to reflect the changing realities of technology planning.

Why Use the AI-Powered Plans Analyzer?

Want more reasons to use it? Here is a quick wrap up of what it can do:

  1. Comprehensive Evaluation. Get a holistic assessment of your technology plans across multiple domains.
  2. Standards Compliance. Ensure your strategies align with important industry standards and regulations.
  3. Actionable Insights. Receive valuable feedback to improve and refine your technology plans.
  4. Time-Saving. Streamline the assessment process with this efficient, AI-powered tool.
  5. Versatility. The analyzer has rubrics tailored to your needs.

To use it, follow these simple steps:

  • Upload your district technology plan, cybersecurity plan
  • Ask the Analyzer to assess it and
  • Ask it to give it a score with suggestions for improvement
  • Review changes then make them if appropriate

That is all. Easy, right?

The AI-Powered Plan Analyzer

The Analyzer is a powerful tool for school tech planning. It’s not just for assessment, it’s your planning assistant. It uses clear guides and follows industry rules. This makes planning faster and better. As a tech director, I wish I had enjoyed access to it. Use it to make complex planning tasks simpler and easier.

0 comment
0 FacebookTwitterPinterestLinkedinEmail
Author generated image
Good TeachingUncategorizedWeb 2.0 Tool

Outline Classroom Discussions with Kialo Edu

by Miguel Guhlin
written by Miguel Guhlin

Great conversations almost always result in learning. And when students have structure and know how to engage in academic chats, they learn more. Research shows classroom discussions have a positive impact on student long-term information retention. What digital tools can you use to scaffold those learning conversations? In this blog entry, you will explore a free online platform, Kailo Edu, and gain access to the TCEA PROTECT Rubric for Safeguarding Student Data Privacy.

Screenshot by author of Kialo Edu
Screenshot by author of Kialo Edu

Introducing Kialo Edu

Kialo Edu changes how teachers run classroom discussions. This free online platform supports student debate and critical thinking. Here’s how teachers can use Kialo Edu to improve learning:

Starting from a central thesis, students add pros and cons, engaging with each other’s arguments to build an interactive map of the entire discussion.

Source: Kialo Edu website

There are a variety of teacher tools available to you as the teacher. Those include:

  • Small group mode that makes dividing class into groups easier, giving you access to each groups discussions
  • Anonymous participation that replaces names with colorful animal avatars
  • Tasks that set clear objectives and track student progress
  • Grading and feedback that includes formative and summative assessments

These are only four of the available management tools available to teachers. Other benefits include topic libraries, the ability to start and stop chats. What’s more, Kialo integrates with Google Classroom, Moodle, and supports LTI integration with Canvas and Blackboard.

More Students Speak Up

Kialo Edu has the potential to get more students involved in classroom discussions. In many classrooms, few students speak often. With Kialo Edu, everyone can join in at once. The technology takes the hard work out of managing the conversation. To do that, it offers three modes:

  • Anonymous Mode: Students share ideas without fear. Shy students participate more.
  • Text-Based Format: Students write thoughts at their own speed. This cuts down on speaking anxiety. This would have been my favorite approach when growing up in school.
  • Quick Input: No waiting for turns. All students can share ideas right away.

Let’s take a look at an example vignette (fictional) to get an idea of how it might work.

Class Example: A vignette:
Ms. Johnson saw few students talk in social studies. She tried Kialo Edu. Suddenly, almost every student had something to say. “The platform gave my quiet students a voice,” she said. “Everyone had an opinion about the topics.”

Screenshot by author of Kialo Edu
Screenshot by author of Kialo Edu

See Arguments Clearly

Kialo Edu shows debates in a visual way. This helps students grasp complex ideas more easily.

  • Central Topic: Start with one main question or statement.
  • For and Against: Students learn to see both sides.
  • Linked Ideas: Students can build on each other’s thoughts.

How to Use It:

  1. Pick a debate topic from your lessons.
  2. Ask students to add reasons for or against the topic.
  3. Have students respond to each other’s points.
  4. Use the visual map to find strong arguments and weak logic.

Learn Anytime, Anywhere

Kialo Edu fits modern teaching styles. It’s flexible and easy to use.

  • Always Available: Students can join discussions outside class.
  • Prep for Class: Use Kialo for homework before in-class talks.
  • Saved Work: All student input is kept. Teachers can review it later.

Activity Idea: Getting Ready for a Class Discussion

What to DoHow It WorksTeacher’s JobStudent’s JobWhat Students Learn
Pre-Discussion KialoStudents share first thoughts on a topicSet up the Kialo and give guiding questionsAdd ideas, reply to others, vote on good pointsForm initial views and find areas to research more

Write Better Arguments

Kialo Edu helps with essay planning and debate skills.

  • Build Arguments: Students learn to back up claims with facts.
  • Consider Opposites: Students think about views different from their own.
  • Plan Essays: Use the debate map to outline writing.

Teacher Tip: “My students use Kialo to draft essays. It helps them organize ideas and think of counterarguments,” says Mr. Thompson, a high school English teacher.

Works with Other Tech

Kialo Edu fits in with tools you already use.

  • Connects to Learning Systems: Works with Google Classroom, Canvas, and Moodle.
  • Small Groups: Split classes into smaller debate teams (coming soon).
  • Grading Tools: Easily check student work and give feedback.

Kialo Edu boosts critical thinking and class talks. It helps students learn key skills for today’s world. Try it in your class to make learning more engaging and effective.

Account Set Up

As the teacher, you can login using one of the options available:

Screenshot by author of Kialo Edu
Screenshot by author of Kialo Edu

Kialo Edu also offers single-sign-on (SSO) with Google, Microsoft, or Clever. This makes it quite versatile in terms of using it with staff and students, no extra passwords to remember.

TCEA PROTECT Rubric

It can be difficult to ascertain the quality of terms of service, as well as privacy policies for K-12 facing education solution providers. To assist, use TCEA’s PROTECT rubric (view full size | get a copy) to evaluate services like Kialo EDU.

TCEA PROTECT Rubric generated by author with AI Assistance
TCEA PROTECT Rubric generated by author with AI Assistance

To score the Kialo Edu, both its terms of service and privacy policy were analyzed with PROTECT. You can read the Terms of Service, as well as Kialo Edu’s Privacy policy online. Another document of interest is the Data Security and Privacy page, which for some reason, is separate and buried in their Frequently Asked Questions (FAQs) document. Here are how they scored (where 14 is the maximum amount of possible points):

  • Kialo’s Privacy Policy scored 12 out of 14. The Privacy Policy is comprehensive. It addresses most of the criteria outlined in the rubric. Notable points include parental rights, transparency, and consent.
  • Kialo’s TOS scored 7 out of 14. The Terms of Service, while covering some aspects, lacks detail in several key areas, especially regarding opt-out options and specific security measures. To improve their overall score, Kialo Edu could enhance their Terms of Service to more explicitly address the rubric criteria, particularly in areas of parental rights, opt-out options, and security specifics.
  • Data Security and Privacy scored 13 out of 14. This is a great score. Clarification is needed in terms of Opt-Out Options of the rubric. Kialo Edu does not state specifically what options to opt-out there are.

Overall, Kialo Edu does quite well on the TCEA PROTECT rubric scoring. Since this analysis was done by AI, your mileage may vary. You will, of course, want to make your own determination in consideration of your region’s laws and policies.

Online Debates Made Easy

Kialo Edu offers a powerful classroom discussion tool at no cost to schools. It’s integrated features, teacher tools, and SSO account management offer strong incentives for use. Give it a try.

Resources

  1. Kialo Edu Guide: Official user manual (K-12, Higher Education)
  2. Kialo Edu Blog: Teaching tips, updates (K-12, Higher Education)
  3. ProCon.org: Debate topic source (K-12, Higher Education, Other)
  4. [Purdue Online Writing Lab](https://owl.purdue.edu/owl/general_writing/academic_writing/establishing_arguments/index.html): Argument writing guide (Higher Education, Other)
  5. ReadWriteThink: Lesson plan resource (K-12)
0 comment
0 FacebookTwitterPinterestLinkedinEmail
CybersecurityLeadershipSysAdminTechnical Support

The Ogre-tastic Layers of Cybersecurity: A Guide for K-12 Schools

by Dr. Brian Brown
written by Dr. Brian Brown

Disclaimer: This blog is not affiliated with or endorsed by DreamWorks Animation or the Shrek franchise.

In the movie Shrek, the title character famously states, “Ogres are like onions. They have layers.” Little did he know that this metaphor could easily be applied to cybersecurity. Ogres, onions, and cybersecurity are made up of layers, each one an important part in protecting a school district’s sensitive information. These layers work together to create a defense system that shields data from cyberattacks, much like how Shrek’s tough exterior protects his softer side. In today’s digital world, especially for K-12 schools, cybersecurity has become more essential than ever.

Why Layers of Cybersecurity are Important for K-12 Schools

As schools have become more reliant on technology, the need for robust cybersecurity practices has grown. K-12 schools, often considered “soft targets” by cybercriminals, are particularly vulnerable. Our institutions manage sensitive information, including student records, health information, staff data, and even financial details. A data breach can have severe consequences, not only putting children’s personal information at risk but also compromising the trust of the local community.

Consider this: many schools now operate on cloud-based platforms for grading, attendance, communication, and learning management systems. If these platforms are compromised, students’ academic records, health data, or even photos can be exposed to hackers. Additionally, K-12 schools are often underfunded and understaffed in the IT department, which means we may not always have the latest cybersecurity measures in place. A single breach can disrupt learning, lead to costly ransomware attacks, and jeopardize the safety and privacy of everyone involved.

How Cybersecurity Relates to Information Security

To understand the layers of cybersecurity, it’s essential to know how it fits into the broader concept of information security. While these terms are sometimes used interchangeably, they refer to different things. Cybersecurity focuses on protecting digital assets and systems from attacks, while information security is a broader umbrella, encompassing the protection of both digital and physical information.

For K-12 education, cybersecurity deals with safeguarding our digital infrastructure, everything from the Wi-Fi network to student devices. Information security, on the other hand, involves managing all information assets, including physical documents, ensuring that private records remain private and data integrity is maintained, whether online or offline. Both are crucial for schools, as they intersect at many points, especially within digital classrooms.

The Layers of Cybersecurity That Protect Sensitive Data

In cybersecurity, the idea of defense in depth is fundamental, and much like the layers of an onion, or an ogre, multiple layers of defense are required to fully protect data. The following are key layers that K-12 schools should consider when building a comprehensive cybersecurity strategy:

1. Physical Security: The outermost layer of cybersecurity often starts with physical protection. This includes securing devices like school computers, servers, and storage rooms to prevent unauthorized access. Locking doors, installing surveillance cameras, and ensuring that only authorized personnel can access critical areas is the first line of defense.

2. Network Security: A robust firewall is essential to block unauthorized users from accessing the school’s network. Network security also includes tools like intrusion detection systems (IDS) that monitor network traffic for signs of unusual activity. Schools should also use Virtual Private Networks (VPNs) for secure communication and ensure that their Wi-Fi networks are encrypted and password-protected.

3. Endpoint Security: With students and teachers often using mobile devices such as laptops, smartphones, and tablets, endpoint security is vital. Schools must install endpoint detection and response software and ensure regular software updates to prevent vulnerabilities. Implementing mobile device management (MDM) can help administrators monitor and secure student devices.

4. Data Encryption: Data encryption is an essential layer that ensures even if a bad actor intercepts data, they cannot easily read or use it. Schools should encrypt sensitive student and staff information, both at rest (stored data) and in transit (data being shared across networks).

5. Identity and Access Management (IAM): Not everyone needs access to every part of a school’s digital ecosystem. By implementing access controls, such as multi-factor authentication (MFA) and role-based access controls (RBAC), schools can ensure that only authorized individuals can access sensitive information. For example, a teacher may not need access to administrative financial records, while an IT administrator shouldn’t have access to student health records.

6. Incident Response Plan: Even with multiple layers of defense, no system is immune to attacks. That’s why it’s important for schools to have a detailed incident response plan. This layer ensures that in the event of a breach, there are procedures in place to mitigate the damage, recover lost data, and communicate effectively with stakeholders.

Cybersecurity is for Everyone

Cybersecurity isn’t just the responsibility of IT professionals; everyone in a school can play a role. Everyone, such as teachers, administrative staff, and even students, can contribute to a more secure environment with these simple but effective practices:

1. Strong Passwords: One of the easiest ways to improve security is by using strong, unique passwords for different accounts. Encourage staff and students to use passphrases or a mix of letters, numbers, and symbols, and to avoid using easily guessable passwords like “password123.” Entropy, the Second Law of Thermodynamics, can be applied to password creation to create complex passwords by combining random characters, numbers, and symbols in a way that maximizes unpredictability, making it harder for bad actors to guess or crack through brute-force methods.

2. Multi-Factor Authentication (MFA): Implement MFA wherever possible. This adds an extra layer of security by requiring users to provide two or more verification factors, such as a password and a one-time code sent to their phone.

3. Training: We can avoid many cyberattacks by learning how to recognize phishing emails, which often appear to be from legitimate sources but aim to steal login credentials or install malware. Training staff and students to avoid clicking on suspicious links can prevent many potential threats.

4. Software Updates: Regular software updates and patches are often the first line of defense against known vulnerabilities. We should keep our devices and software up to date, which helps close the door on potential threats.

5. Backup Important Data: In case of a ransomware attack or system failure, having regular backups of important data is critical. Users should be encouraged to store backups on secure, remote locations or cloud services, separate from their primary system.

Cybersecurity is Ogre-tastic!

Just like ogres have layers, so does cybersecurity. For K-12 schools, implementing these multiple layers, from physical and network security to training and awareness among staff and students, is crucial for safeguarding sensitive data. The responsibility of cybersecurity doesn’t fall solely on IT departments; everyone can contribute to building a secure learning environment. By staying vigilant, following best practices, and understanding the role that each layer plays, schools can protect their digital assets, ensure student privacy, and create a safe online space for learning.

Join us at SysAdmin 2024

Are you a system administrator or technical support staff member looking for a conference that fits your distinct needs? We’ve got you covered! Join us for SysAdmin 2024, the leading conference designed with you in mind.

Check out sessions like Dr. Brian Brown’s “From Ogre to Firewall: Shrek’s Multi-Layered Security Strategy” and more, this Nov. 7-8 in Georgetown, TX!

Learn More
0 comment
0 FacebookTwitterPinterestLinkedinEmail
Newer Posts
Older Posts