Home Cybersecurity
Category:

Cybersecurity

Stay informed on cybersecurity in education. Discover tips, tools, and strategies to protect schools, educators, and students online.

mobile phone
ChromebooksCybersecurityGoogle Tips and Tricks

Maintain Teacher Privacy with Google Voice

by Miguel Guhlin
written by Miguel Guhlin

As an educator leading remote learning, you may need to call parents. But sharing your mobile number may cause you concerns. Giving students and parents your personal mobile phone number is unprofessional and you may find yourself

in an uncomfortable situation. After all, what if you are at home relaxing with family and you get a phone call to your smartphone? It will feel like a personal moment, but you have to be ready to put on your professional hat. Avoid that. Get another phone number at no extra cost with Google Voice.

Note: Educators should avoid using Google Voice to contact students. You should adhere to your school district’s or organization’s approved communications tool. For example, that may be Seesaw, Google Classroom, MS Teams, or another learning management system. Use Google Voice for contacts with colleagues, parents, and others from whom you would like to safeguard your personal phone number.

What Is Google Voice?

Google Voice is a free* to start service available to you if you have a personal Gmail account. You can make phone calls via the Voice app on your phone or through your web browser. It’s a boon to teachers who may need to speak to parents during the COVID-19 challenge. It’s also nice to be able to share your Google Voice number with strangers. Only you need know that it’s not your “real” phone number.

*Note: If you decide to use Google Voice, you may have to add credit to it. You can add credit to it as you need it. Since it features a billing history, you can keep a record and share that with your supervisor for reimbursement. Some school districts are offering to provide reimbursement for phone calls since teachers have to call parents. This will vary from district to district, so be sure to get clarification. Privacy has a price. That price in the United States is $0.00 per the Google Voice calling rates.

My Google Voice number is 210-617-3330. I’m comfortable sharing it with you because it’s not my smartphone number. And, if spammers get hold of it, I add them to my blocked list. In fact, I rely on the Should I Answer app on my phone to intercept robocallers.

google voice

Why Sign Up for Google Voice?

A close teacher friend keeps her students’ parents updated all the time via Seesaw but COVID-19 caught her and others off-guard during spring break. But her school district administrators want her to contact parents. Have you ever had to deal with parents or guardians who couldn’t maintain a professional distance? I know I did and I was always grateful that they didn’t have my number.

Worse, if you work with older students, it is inappropriate to share that number.  It opens you up to the charge that you are engaging in private conversations with students. That’s a violation of many responsible use agreements (RUAs/AUPs). How do you solve this problem?

Did You Know?

Sign up for one of our Google Certified Educator certifications. You’ll learn about more than Google Meet, as well as earn 12 CPE hours per course. Use these courses to get Google Educator certified. Find out more online.

Some small school districts who have poor phone systems that fail may want to get an “alternate phone.” The alternate phone (using a personal Gmail account) is one that works even when the district’s phone system goes offline.

The way to solve all these problems is get a Google Voice number based on a personal Gmail account, NOT a G Suite EDU. Follow these steps to get started.

Steps to a Google Voice Number

To get a Google Voice number, login with your personal Gmail account, then go online to the Google Voice website. Be sure to login with your personal Gmail account, NOT your G Suite EDU (school/work) account. If you don’t have your own Gmail account, then you may want to get one first.

google voice

Step 1- Get a Google Voice Account

Go to voice.google.com to get your account. Make sure to use the blue SIGN IN button in the top right and again, be sure to use your personal Gmail account.

Step 2- Select Your Phone Number

Google will provide you a list of available phone numbers in your area. Choose one that you would like to use. Make sure to write it down.

google voice

Once you have selected your phone number, you will VERIFY the number you want to connect it to.

google voice

Step 3- Make Phone Calls via Web Browser

You can begin making calls immediately via your web browser. Once the call connects, you will be able to have conversations via your computer’s mic/headset.

google voice

Note: Phone numbers pixelated to protect privacy.

Step 4- Make Phone Calls via the Voice app on Your Smartphone

Need to make phone calls via your smartphone? You can get the app for free via the Google Play store on your phone or iTunes. It’s easy to install. You will need to verify your phone one more time. When you are ready to make phone calls on the go, start with the Voice app on your smartphone.

Step 5- Customize Settings

One of the neat things about Google Voice is that you can customize the settings. Those settings include DO NOT DISTURB. You can turn on DO NOT DISTURB when you want all calls sent to voicemail, such as after work hours. Another neat feature is being able to record one or more professional greetings. For some, this might be an easy way to share daily announcements. You are also able to screen calls. When you do that, you are able to hear a caller’s name when you pick up.

google voice

If you don’t want to disconnect altogether, you can get your voicemails transcribed. Google will work as your assistant to send transcribed voicemails to your email. There are many other settings. Here are a few I recommend you set under Calls:

  • Turn on “Always use my phone to place calls.” This will ensure any calls you start on your computer end up on your phone. If you need to record calls using Audacity, you may want to leave this off.
  • My Devices. Decide what device you want to answer calls on. To push all calls to the web so that you don’t get bombarded on your smartphone, turn on the web, but leave others off. If you don’t mind calls beings forwarded to your smartphone, turn that on.

Google Voice Makes Calling Parents Easy

As wonderful as your parents in your classroom are, you may not be ready to share your number with all. And, with little ears listening, it’s better to keep your real phone number to yourself. Using Google Voice, you can be fearless about sharing your Google Voice number. And you can feel comfortable reaching out to students and parents.

Need a printable document? Share Hunter McConnell’s handout:

12 comments
6 FacebookTwitterPinterestLinkedinEmail
padlock on top of keyboard
CTO/CIOCybersecurityDigital Literacy

Five Cybersecurity Tips for Newbies

by Miguel Guhlin
written by Miguel Guhlin

A topic that remains evergreen is National Cybersecurity Awareness Month’s (NCSAM) “Own it. Secure it. Protect it.” While NCSAM offers this nice toolkit in portable document format (PDF) for you, I thought I might share a few more tips.

In this blog entry, you get access to two Wakelet documents full of information on encryption tools and cybersecurity concerns. Before I share those, let’s revisit one of the reasons why cybersecurity is so important.

Set Yourself Up

“I don’t take the time to change my passwords, filter through my subscription lists and my unused apps, etc. My degree has a focus in computer security, so it is a little disappointing that I do not take the time to have a better digital footprint,” shared one educator in an online forum. If you’re not taking the time to secure and protect what you own online, you are inviting malicious use of your data.

As educators, it’s easy to imagine that we safeguard student data. The truth is, we fail our students when our own practices fall short of modeling cyber-secure practices. Set yourself up for protected use of your data, not for theft by others.

cybersecurity tips

Encryption Tools for Educators – https://wke.lt/w/s/FZz-UX

View Wakelet featuring Encryption Tools for Educators and Students

Tips for Securing and Protecting YOUR Data

Let’s review a few tips that you can take as an educator to better protect yourself, and in turn, model appropriate strategies to students.

Tip #1 – Switch from debit cards to protected credit cards.

“Where did you use your credit card, sir?” asked the bank attendant. “Well, I stopped to get gas in that small town south of the city.”  His short nod confirmed that was the location where unauthorized purchases were made.  Gas station fraud due to skimmers is on the rise. Don’t be a victim.

Make a decision to NOT use your debit card or write print checks with your routing and account number on them. A few short years ago, I had to close all my accounts at a credit union that didn’t offer me better protection.  I would also recommend setting up a separate email for financial accounts. An encrypted email (e.g. ProtonMail) works even better. Never use the same Yahoo/Gmail account you use for signing up for Netflix or Disney Plus for banking and medical accounts. Keep that for common use, but rely on your encrypted account for financial and medical transactions.

You will want to set up two-factor authentication for all email, cloud storage, digital accounts. You will need to have your smartphone with you to receive text messages or run a simple, easy authentication app that will give you a number that changes every 60 seconds for the digital account. This works, as I’ve had attacks on my accounts and seen it action.

Tip #2 – Freeze your credit reports to prevent new accounts.

Want to stop new accounts being opened in your name? With the Door Dash, Equifax, and other data security breaches recently, it’s not hard to imagine someone having all they need to create an account in your name. Prevent others from opening new accounts as if they were you by freezing your credit unless a special PIN# is used. These approaches aren’t foolproof, but they do help. 

Quick Alerts: Get alerts via your bank mobile app for all transactions. I love knowing when funds come out of my bank account. Even if it’s my wife buying me a gift for my birthday.

Be sure to check your credit frequently. Annual Credit Reports provides a free service, but you may need to pay to get that more often. Here are a few credit freeze sites:

You’d be surprised at the peace of mind you get from securing your credit report. Before you freeze your credit reports, you may want to sign up for Experian and Credit Karma apps on your device. What’s nice about these is that they give you quick updates on your credit report status. Also, be sure to  notify credit agencies of potential identity theft if you know your personally identifiable information (PII) has been stolen.

Tip #3 – Online Social Security account.

Create the account before the bad guys do. Problem is, if you froze your credit reports, you’ll have to go in person to the Social Security Admin building. Be sure to file your tax return early, otherwise others may do it and get your tax return check.

Bonus Tip: Give the Password Checkup extension for Chrome a try. It will check your passwords as you use them against the list of passwords resulting from data breaches. Some may not want to do this because it means Google is checking every password you type. Fortunately, no passwords are sent out. Learn more.

Tip #4 – Manage your usernames and passwords.

You may be comfortable using the same password on all websites, but know that hackers are comfortable with your decision to do so as well. Here are some ideas to better manage your usernames and passwords.

  • Use secure passwords. I like to use secure password generator and then add my own twist to it. I end up with a secure password that I keep track of using a password manager (e.g. Keepass, Bitwarden).
  • Add a password or pin number to all bank account transactions. It takes an instant, but without it, it may make it difficult for bad guys to access your accounts. And, of course, change these from time to time.

If you are carrying a paper notebook with all your usernames and passwords, you’ve set yourself up for disaster. If you are trying to remember them and using cues from your life (e.g. middle name, birthdays, pet’s name), be aware that these are easy to get. Get Bitwarden and access your confidential data on the go.

Cybersecurity Concerns – https://wke.lt/w/s/OYHnn

Tip #5 – Encrypt confidential data.

If you’re not protecting medical records in a locked safe, then chances are you have yet to encrypt your cloud data. Make every effort to encrypt confidential data documents you have saved in cloud storage (e.g. Google Drive, OneDrive, Dropbox), as well as when they are “at rest” on your laptop, USB external drives, smartphone, and tablet. Doing so is easier than ever. Note that cybersecurity concerns often arise from unencrypted data (view Wakelet on Cybersecurity Concerns).

Another aspect involves encrypting data when it is in transit, that is, when you’re sitting at Starbucks working on your bank account or reviewing LabCorp medical test results. For goodness sake, use a virtual private network (VPN), such as Mullvad VPN. Take some time to secure your on the go connections.

Wish there was more you could do?  Read the NCSAM toolkit and make securing paper and digital resources of your life and work a top priority. You can never do enough to protect yourself.

Updated with new password management, VPN tool, and new content on July 25, 2023.

1 comment
0 FacebookTwitterPinterestLinkedinEmail
fingerless gloved hands on a laptop keyboard
CTO/CIOCybersecurity

Are Schools Easy Targets for Cyber Threats? The Latest Report Says “Yes”

by Miguel Guhlin
written by Miguel Guhlin

Ransomware attacks penetrated the defenses of 500 schools in 2019. The K-12 Cybersecurity Resource Center attributed only eleven incidents in 2018 to ransomware. When you think about schools, do you imagine an impenetrable fortress? Sixty-eight percent of IT leaders list cyber threats as a top priority. In spite of that, cybersecurity defenses are thin. A new report from Absolute Software describes just how thin. In July and August of 2019, the number of total security incidents jumped to 160. This exceeded the total number of incidents identified in 2018.  Here are some key findings from this report released in October 2019.

While the focus on technology delivers many benefits to students and educators, it also creates more complexity — and more work for resource-constrained teams. Within a few years, K-12 IT leaders have gone from managing a couple of operating systems, a handful of apps, and a few hundred devices to managing hundreds of versions of operating systems, apps, and extensions; and thousands of devices.

Finding #1: K-12 Schools Are Digital Now

In compiling data for their report, Absolute Software discovered some startling information. For example, ninety-four percent of schools have high-speed internet. In schools, technology spending has increased sixty-two percent from 2016 to 2019. And eighty-two percent of districts provide student devices in one-to-one or similar programs. But going digital has consequences for schools, exposing them to fresh dangers. For example, since 2016, there have been 700+ cybersecurity incidents. Schools are the second highest target of ransomware. See the interactive map below. Olive green bubbles represent education.

Did You Know?
To combat ransomware, the U.S. Senate and House have passed legislative bills to create the DHS Cyber Hunt and Incident Response Teams Act. DHS will “maintain cyber hunt and incident response teams to help private and public entities (like schools, students, employees, local government) defend against cyber-attacks.”

In spite of schools going digital, twenty-one percent of devices are used less than an hour a day. Approximately 60 percent of students don’t use devices at home. Putting devices in schools has resulted in 17,000 crime-related device losses in two years. Of those who use school devices, thirty-four percent fail to return them.

Students themselves are doing everything in their power to circumvent those protections. There may be no malicious intent — the students just want access to content that may be restricted on school devices — but their actions create gateways for malicious outsiders.

Finding #2: Staff and Students Open the Door

“Educators in all contexts need to open the door to authentic teaching and learning,” says Wes Fryer. Unfortunately, a lot has changed since 2006 when Wes said that. Forty-two percent of schools have students or staff that actively circumvent security. This often comes in the form of unique proxies or rogue virtual private network (VPN) apps.  When schools opened the door, more than authentic teaching and learning snuck in.

With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with applicable student safety laws.

Finding #3: Digital Tech, A Management Challenge

Spending time troubleshooting a device in class wastes instructional time. When devices fail, schools rely on native client/patch management tools. With so many different devices and operating systems in schools though, there is no one tool for all. For example, consider that Absolute Software found the following was true:

  • 93 percent of schools manage up to five versions of common apps
  • 137,000 unique application versions
  • 6,409 unique Chrome OS extensions
  • 11 device types
  • 258 unique operating system versions across Windows, Chrome, Mac, and others

cyberthreats

Managing that many different systems and devices could give anyone a headache. It’s no wonder technology departments like to standardize on platforms and tools. To manage them, they bring  in various client management systems. Of those, there is a fifty-six percent failure rate of client management tools. To close the gap and make things work, technicians have to engage in a manual resolution process. Worse, most departments are under-staffed. This means you have a perfect storm for data breaches.

Our study reveals that schools that have encryption in place experience agent failures on an average of nine devices per day — almost half of which never recover, leaving students and staff at risk of potential data breaches

Finding #4: Underutilized Devices

One of the most disheartening points in this report speaks to underutilized devices. Whether on or off campus, many devices are used for less than an hour a day. Twenty-one percent of devices fall into this category. Sixty percent of students don’t use devices schools have purchased for them at home.

In my own experience, this can mean that devices that sit idle are easy targets for theft. Thirty-four percent of users fail to return devices at school year’s end. That is, these devices are “lost or stolen.” Another eye-opening statistic? Forty-six percent of devices are stolen from cars. Some of those devices will contain sensitive data that is not encrypted (Learn more about Texas Safe Harbor and encryption via this Wakelet).

It is irresponsible to invest more public dollars into new security technologies if the basic measures — visibility, control, and resilience — are not operating effectively first. Getting the basics right will enable IT leaders to redirect this budget toward enhancing or expanding digital equity initiatives.

Finding #5: Solutions

The report offers potential solutions. It encourages schools to start by getting the basics right. With K-12 technology spending set to grow to $342 billion by 2025, the basics are important. Those basics include:

  • Visibility: Better awareness of what happens on student-managed devices
  • Control: Tighter controls over what gets put on devices
  • Resilience: Ensure basic tools work and use funding to get tools that fill the gaps

End-user training (e.g. staff, students) remains an ever-present high priority.

Critical Questions to Ask

How is your technology department strengthening the basics? How are you addressing the need for end-user training in a comprehensive way? How are you ensuring technical staff have the support and training they need? Yesterday, you could hire low-paid high school graduates. Today, they need a world-class education in cybersecurity and client management. How are you closing the gap?

Schools have gone digital, and with digital learning comes a host of problems. Chief among them are increasing ransomware attacks, difficult device management, and data breaches. To resolve these issues, schools need to get the basics down and close the gap in end-user training.

1 comment
0 FacebookTwitterPinterestLinkedinEmail
Legislature
AdvocacyCoding/Computer ScienceCTO/CIOCybersecurityDigital LiteracyProfessional LearningSTEM/STEAMTechnology Applications

86th Texas Legislature Wrap-Up

by Jennifer Bergland
written by Jennifer Bergland

All good things must come to an end, but only someone who loves politics would consider the legislative process a good thing. I’m one of those people. I love every minute of it, even the ones that go past midnight! Looking back over the past four months, I am happy to report that TCEA was able to move our vision of education forward through legislation and have some promising opportunities to help shape the future of Texas schools. I have created a 2019 Bill Analysis document that include the specifics about the bills that will impact digital education, but below is a quick summary of the more important bills.

Computer Science and Coding

LegislatureWe had some huge wins in the area of computer science and computational thinking this session. Our six-year goal of providing weighted funding for the 9-12 Technology Application courses has finally been achieved. In HB 3, the school finance legislation, the weighted funding for CTE was changed from grades nine through twelve to grades seven through twelve. In addition, the bill specified that CTE courses and programs include Technology Application courses. This means that Technology Application courses from grades seven through twelve will receive the same weighted funding as CTE courses, which is 1.35 (instead of the normal 1).  HB 963 requires the SBOE to consolidate the 9-12 Technology Application courses with similar courses found in the CTE curriculum. The goal is to eliminate duplicates and identify the purpose of each of the courses. Finally, HB 2984 requires the SBOE to update the K-8 Technology Application standards to ensure that they include coding, computer programming, computational thinking, and cybersecurity. It also establishes a committee to create a strategic plan for K-12 CS education to increase computer science instruction and participation in public schools.

Broadband

LegislatureThere are two pieces of legislation that are going to impact educational broadband. The first is HB 1960 which creates a Governor’s Broadband Council that will advise the governor on issues related to broadband access to unserved areas. This is progress, but not as much as we hoped for. There are few, if any, areas of Texas that are unserved. The original bill included underserved areas, but heavy lobbying by the large telecommunication companies eliminated that language from the bill. However, we consider this progress because we finally have some entity at the state level that will look at the state’s needs for broadband from a strategic perspective. For too long, all state entities have tried to provide affordable, scalable broadband for their own purposes when it would be much more cost efficient to survey the needs across agencies and entities and design a plan to meet all the needs. HB 1960 at least establishes a council that could do this in the future, if given the authority.

The second bill that may help with broadband is HB 3906. This is an assessment bill that requires online testing by 2022-2023. The bill requires TEA to evaluate the availability of Internet access for each school district and identify changes to state law or policy that are necessary to improve the availability of Internet access. This may open a door for more aggressive action in parts of the state that are “served” but are underserved.

Digital Learning

HB 3 established a Blended Learning Grant program and then funded it at $6 million a year. TEA’s Math Innovation Zones are how the agency is fulfilling this requirement. It is good to know that the agency has funding to continue these types of grants.

Legislature

I have already mentioned that HB 3906 requires TEA and the SBOE to implement online testing by 2022-2023. Before this can happen TEA and the SBOE must devise an implementation plan that is approved by the legislature. The planning for this type of implementation will require heavy district input, which will largely come from their technology departments. This has the potential to finally focus some much needed light on what the state must do in order ensure that all students have access to technology, not just for assessment, but for learning throughout the year. In order for students to be successful on an online assessment, they must first be technically proficient and familiar with the type of device they will be using when taking the assessment. This translates to more access to digital tools for all students.

Funding

HB 1 is the budget bill for the 2020-2021 biennium. Listed below are some of the appropriations that were made that will impact digital education:

  • Technology and Instructional Materials Allotment – $1,101,430,204
  • OER curation – $20,000,000
  • Blended learning teacher training – $2,000,000
  • Blended learning grants – $12,000,000
  • TxVSN administration – $800,000

HB 396 allows districts to use their TIMA on software that will help manage instructional resources, including the usage and effectiveness of digital materials. HB 4611 stipulates that 50% of the funds that the Texas General Land Office sends to the legislature for education must be appropriated to the TIMA. If this had been in place this biennium, there would have been $3 million more placed in the TIMA. In addition, the budget stipulates that the SBOE should restrict instructional material proclamations to 75% of the TIMA and should consider school district’s technology needs when determining the size of the percentage of the Permanent School Fund sent to the legislature. 50% of this distribution goes into the TIMA. In translation, this means the SBOE should be sending the legislature enough money from the PSF to fund both the instructional material needs of school districts and also their technology needs.

Cybersecurity

SB 820 requires each school district to establish a cybersecurity policy that determines the cybersecurity risks to the district and a plan to mitigate those risks. The district will also be required to designate a cybersecurity officer who will oversee the policy. In addition, the district will be required to report to TEA any cyber attack that breaches the system security and notify the parents of the students whose information has been compromised.

Professional Development

LegislatureThere are several opportunities in the bills mentioned above that will provide professional development in digital learning. The Blended Learning Grants are largely designed to provide professional development for educators in blended learning, not to mention the funding provided to UTeach to continue to provide this type of training to Texas teachers. Also, this is a good chance to remind districts that the TIMA may be used to provide professional development on the use of technology. In addition to these bills, the legislature passed HB 2424 that requires the SBEC to establish rules to create microcredentials in fields of study related to an educator certification class. This was one of TCEA’s legislative priorities, so we are excited to see this bill pass.

What’s Next

The legislative session has come to an end, but  the hardest work is ahead of us. Enacting legislation is the first step in changing things. Now we begin the process of working with the different agencies and entities to ensure they are enacted well. Stay tuned for more blogs about many of these legislative initiatives and how you can provide input.

Credits

Photo of the computer code taken by Sai Kiran Anagani on Unsplash. Photo of cables taken by Jordan Harrison on Unsplash. Photo of teacher interacting with students taken by Mimi Thian on Unsplash Photo of teachers taken by Kylie Haulk on Unsplash.

0 comments
2 FacebookTwitterPinterestLinkedinEmail
internet security
CybersecurityDigital Literacy

Internet Security 101: What Teachers and Students Need to Know

by Guest Blogger
written by Guest Blogger

As educators, you have a high expectation to provide a quality education for today’s youth. But you know that being an educator means much more than just being a teacher. You’re their mentor, their supporter, and someone they can look up to. Your role is ever-changing.

Over the years, we’ve noticed an increase in threats to both student and teacher safety. One less talked-about threat has caused a serious issue for many schools recently. In 2017, there were 455 reported cybersecurity incidents in the education sector alone, according to Verizon’s data breach survey. This number does not reflect unreported cases of problems such as cyberbullying and identity theft. With the expanding use of technology in classrooms, Internet safety has become an issue —and it’s time we start talking about it.

This article will provide tips to help you encourage safer and more responsible use of the Internet among your students.

Tip #1: Learn Your School’s Policy

The most important step is to familiarize yourself with the policy and regulations that your school has in place. There is likely a section on this topic within your employee handbook or on the district website. If there are resources listed for parents and students, check them out.

Having a strong antivirus program installed and knowing the signs of a phishing attack are some of the best mechanisms to protect your school from a cyber attack.

Ask your administrators the important questions. What disciplinary actions are taken when students or faculty break the rules? Are there materials on Internet safety lessons that are available to you? You should also ensure that your school has proper defense systems in place. Having a strong antivirus program installed and knowing the signs of a phishing attack are some of the best mechanisms to protect your school from a cyber attack.

Tip #2: Incorporate Internet Safety Lessons

Beginning the conversation in the classroom will help encourage responsible use, even outside of school grounds. These conversations need to be had, but limited support exists for teachers. Developing ways to incorporate Internet safety into lessons is often best. Important discussion points include appropriate behavior, protecting their personal information, and chatting responsibly online. There are many sites that offer lesson plans and activities, such as this one from BrainPOP.

Tip #3: Talk About Cyberbullying

It’s hard to always be aware of everything that is happening with your students online. One common issue is cyberbullying. Kids and teens are unfortunately more likely to participate in bullying their peers in an online setting. The Internet can be much more anonymous than face to face. That makes its occurrence more prevalent than traditional bullying. Teaching your children to be kind to one another is the best prevention method. It’s also important to build a relationship of trust with your students. This will help them feel comfortable notifying you when they are being cyberbullied or have witnessed a peer cyberbullying another peer. Be on the lookout for the warning signs by educating yourself.

Tip #4: Protect Your Digital Identity

When it comes to Internet security, children are often most at risk. Because of this, its crucial that they learn to protect their digital identity. The earlier students begin using the Internet, the sooner their digital footprint forms. Over time, a larger profile builds around them which can be revealed with a simple Google search. Future college admissions representatives and employers look into these digital profiles. Students wouldn’t want a simple mistake to hurt their chances of going to their dream school or getting their perfect job. Teach them the importance of being responsible with what they post and knowing how to properly remove anything harmful to their reputation.

Tip #5: Take Your Own Advice

The best way for your advice to resonate is to practice what you preach. Take precautions and protect your devices. When you hear your students talking about the newest craze, whether it’s a social media app or a video game, take the time to research it.

Use strong passwords and create an email address that is more professional than personal. You should also look into the privacy settings on your computer to ensure that you have the right protections enabled.

As an educator, there is a higher need to keep your own information secure. You wouldn’t want your students to access anything that is potentially embarrassing, or information you want to keep private. Use strong passwords and create an email address that is more professional than personal. You should also look into the privacy settings on your computer to ensure that you have the right protections enabled.

Together we can make the Internet a safe, responsible, and fun resource for students to use!

This is a guest blog post by Brent Scott. Brent works in the field of cybersecurity, educating the community on the best ways to protect their digital identity online. His goal is to work with teachers, parents, and educators everywhere to ensure that the Internet is a safe environment for all students to explore.  

0 comments
0 FacebookTwitterPinterestLinkedinEmail
padlock on keyboard
ChromebooksCTO/CIOCybersecurityGoogle Tips and Tricks

Protecting Confidential G Suite Files

by Miguel Guhlin
written by Miguel Guhlin

“I’m working with a few schools. They only wish to send password protected files. The files will go outside their organization,” says John M., a Google Certified Trainer*. “From a Windows machine, that’s fine. But we’ve moved to a Chromebooks-only environment. How do you add a password to exported files, like DOCx or PDF, that get sent via email?” In this blog entry, we’ll explore several no-cost (free) options for protecting file attachments. Ready to take a closer look at the problem and possible solutions?

The Problem

In organizations with Chromebooks only, how do you encrypt files? On a Chromebook, you can’t run traditional programs available on Windows or Mac. This means you have to find web-based solutions to share files and encrypt. For schools and organizations in Europe, John points out GDPR is a concern. Before we go into possible solutions, let’s review what GDPR is.

GDPR (General Data Protection Regulation) is a new legislation. It  applies to all companies who collect, store, and process any data. While focused on data belonging to European Union citizens, it has wider effects since GDPR applies to all companies across the world. This means that it affects Americans, as well as EU citizens. GDPR went into effect on May 25, 2018 (source: video). American companies must comply, even if enforcement in the United States remains unclear.

Exploring Solutions

How do you safeguard sensitive information in a G Suite EDU environment? How do you add password protection to a file and send it via email in Chrome OS? To organize solutions, you first have to ask yourself a few questions:

  • Do I need to protect the content of the email itself?
  • Do I need to protect the file attachment?

Let’s look at a few tools you can use.

Protecting Email Message Text

If you need a solution to protect email content, the actual body of the message, use one of the following. Each offers AES-256 level encryption.

g suite encrypt

One solution to explore is Paranoia Works Text Encryption Tool PTE). It is a browser-based tool that makes it easy to encrypt an email’s message text. The interface works in an simple way and safeguards the content with encrypted text. It offers these steps:

Encryption:
1. Set a password.
2. Write or paste a text into the Unencrypted Text area (green bordered).
3. Press the Encrypt button.
4. An encrypted text will appear in the Encrypted Text area (red bordered).
5. Copy the encrypted text and use it however/wherever you want.

Decryption:
1. Set a password
2. Write or paste an encrypted text into the Encrypted Text area (red bordered).
3. Press the Decrypt button.
4. A decrypted text will appear in the Unencrypted Text area (green bordered).

For Chromebooks that can run Android apps, you might want to get the app. The app is Secret Space Encryptor for Android (shown below) via the Google Play Store. See the online tutorial.

An alternative text encryption tool you can use is FourmiLab’s browser tool. This latter tool provides a streamlined view (shown below) without documentation.

g suite encrypt

Your organization should standardize on either PTE or FourmiLab’s solution. Save either tool to the Chromebook for local use, even when not online. What’s more, you can use these within Google Docs, too. That is, you can choose to encrypt the text in a Google Doc, but you will have to copy and paste the content in and out of a Google Doc.

The main benefit of these tools is that they are free, no cost options.

Protecting Email File Attachments

John’s original question focused on files exported from G Suite. This could include DOCx, PNGs, JPGs, PDFs, PPTx, and many other formats. G Suite for Education provides for several via the SAVE AS option.  If you want to protect these files in transit via email to external parties, how can you do that? How do you encrypt them so that only the recipient, to whom you’ve provided the password, will be able to see them?

g suite encrypt

One web-based tool you can use includes FileLock.org. This works in a similar way to PTE and FourmiLab. You access a website, select a file on your Chromebook (e.g. DOCx you’ve saved from a Google Doc), and then encrypt it. Then you attach the encrypted file to your Gmail message (as shown below).

g suite encrypt

Note: Be sure to use secure passwords for encrypting text or files. You can use any variety of online tools to create unbreakable passwords. Password Generator, LastPass Password Generator, GRC Generator, or Packetizer will work fine.

Protecting Confidential G Suite Files

As you may imagine, there are a host of commercial solutions you can use to safeguard G Suite files. Both Boxcryptor and Cryptomator offer enterprise level solutions at different prices. You can also take the added step of preventing the sharing of confidential information. The main benefit of the solutions offered here is that they are free, open source, and available at no cost. Combine them with an organizational procedure to support effective use.

*Question adapted with minor readability edits from one posed to Google Certified Trainers (GCT) Google group.

1 comment
1 FacebookTwitterPinterestLinkedinEmail
cyber secure
CybersecurityDigital Literacy

Four Steps to Creating Cyber Secure Students

by Guest Blogger
written by Guest Blogger

It’s almost impossible to overstate the impact of technology on the lives of students today. With the ever-increasing popularity of social media platforms and online games like Fortnite, children are spending longer than ever before online.

Despite this, children and teenagers are often left with little-to-no understanding of basic internet safety and cybersecurity practices. Rarely covered in school, students at risk from a range of threats. From cyberbullying and screen addiction to inappropriate content and stolen personal information, it’s vital that educators help students become more cyber aware. This article will provide four steps to help create more cyber secure students.

1. Introduce the Issue Early

As many as 43 percent of children between the ages of two to four in the US now have access to a tablet. This makes teaching students about technology and cybersecurity from the start of their education essential. To explain the issues to young children in a way that they’ll understand, stay clear of complicated jargon and use real-life scenarios to explain how the internet works and the risks associated with it.

Advise your students against doing anything online that they wouldn’t do in real life. This could include a comparison between accepting a friend request from a stranger and talking to them online to talking to a stranger on the street. By using familiar concepts, your students will be able to grasp the fact that the internet, like real life, poses certain dangers that shouldn’t be ignored.

2. Teach Best Practices at School

While using technology in school, ensure that students carry out basic cybersecurity best practices. This way, it’s more likely to become a habit that’s maintained when outside of the classroom.

Creating strong passwords is a vital step to securing your information online. To help educate students, make sure that any accounts accessed on school devices require a strong password which contains symbols, uppercase and lowercase letters, and numbers.

Another essential piece of knowledge that students need to be armed with is that their activity online does not simply disappear. Posts on social media accounts and other digital activity will quickly build up. Though many students will not be concerned by this prospect, it’s imperative to educate students about how their digital footprints can lead to damaging repercussions relating to job prospects and college applications.

Finally, a lesser-known risk comes from the use of public WiFi networks. These can be found everywhere from libraries to cafes and pose a number of significant risks, including lost personal and financial information. To mitigate these risks, ensure that your older students understand what makes a trustworthy VPN and how basic internet encryption works.

3. Talk About Sensitive Issues

An incredible 95 percent of teenagers in the US now have access to a smartphone. This has resulted in the rise of a number of new issues that need to be addressed in school. From cyberbullying to sexting, it’s important to explain the dangers and repercussions of such activities to students.

Ignoring these sometimes uncomfortable issues does not solve them. Further, issues such as screen addiction can have a dramatic impact on a student’s academic potential, so it’s important to create an environment in which students feel comfortable and supported by their teachers.

4. Educate Parents

Educating children about how to stay safe online is not just something that has to happen at school. To create a truly holistic internet safety program, parents may also need to be educated. Holding online safety workshops at school to help educate parents about internet safety best practices is a good way of ensuring that when the student’s leave school, they remain safe online.

Advise parents on how best to restrict age-inappropriate content at home, such as installing a child-friendly browser or enabling Google safe search. Without educating parents, it’s unlikely that your strategy will be fully implemented or successful.

Conclusion

Ultimately, keeping students safe online requires ongoing attention and effort from educators. Throughout their education, they will be introduced to several different types of technology and the threats will change over time. However, with the proactive involvement of educators and parents throughout the process who understand basic internet safety and cybersecurity practices, there is a greater chance that students will remain cyber secure.

This is a guest blog by Sam Woodhams. Sam is a researcher at Top10VPN, an independent cybersecurity research group and VPN comparison website. He writes about issues of digital privacy and cybersecurity to help protect vulnerable communities from digital threats.

1 comment
0 FacebookTwitterPinterestLinkedinEmail
cyber security
CTO/CIOCybersecurityLeadershipTechnical Support

Resources for Cyber Security Awareness Month

by Dr. Bruce Ellis
written by Dr. Bruce Ellis

As of  2004, Cyber Security Awareness Month has been celebrated in October. This month is sponsored by a division within Homeland Security (the National Cyber Security Division) and the National Cyber Security Alliance. The goal is to encourage all technology users to be more aware of risks and potential online threats which typically target human behavior. You may notice various posts and updates this month across your devices and tools as it relates to cyber security. For example, you may have noticed the Presidential Alert on your cell phone on Wednesday, October 3. Though that alert is to warn of a more widespread disaster, it wasn’t a coincidence that it took place this month. To help you participate, we’ve collected resources, ideas, and activities that can be implemented and shared with students (and teachers).

Resources

Weekly Security Themes – The National Cyber Security Alliance has identified a theme for each week of this month in order to bring more awareness to specific aspects of online threats to consumers, educators/students, and businesses.

FBI Resources for Weekly Security Themes – In conjunction with the NCSA, the FBI has provided specific resources to help educate yourself and students.

CISCO Resources for Weekly Security Themes – CISCO has organized resources that provide more in-depth, relevant information for each week covering topics such as Machine Learning 101 and Data Protection and Privacy.

Science and Technology’s Cyber Security Division Overview Video [4:55] This video shares the major tasks of the Cyber Security Division and how this division brings together government departments and private sector organizations to develop innovative technologies and safer procedures.

Ideas and Activities

CyberSmart! Classroom Activities & Posters – The NCSA partnered with McAfee to distribute free cyber security posters along with accompanying activities to educators. Even if you aren’t able to incorporate the activities this month, consider using them at another time during the year as you discuss various aspects of digital citizenship.

GenCyber Teacher Camp Resources – The University of Tulsa has organized a GREAT list of lesson plans, units, activities, and resources for educators. Be sure to explore and share with others!

Cybersecurity Lab – Teens will find this a fascinating and intriguing game to play as they learn what fosters authentic scientific exploration.  The four major gameplay components consist of Coding Challenge, Password-Cracking Challenge, Social Engineering Challenge, and Network Attacks.

CERIAS Lesson Plans and Presentations – The Center for Education and Research in Information Assurance and Security (CERIAS) has gathered and organized an excellent list of lesson plans for educators. The categories of lesson plans include lesson plans for all grade levels, lesson plans for K-5, and lesson plans for 6-12.

eGFI Lessons and Activities – The Engineering, Go For It (eGFI) organization has put together several activities that you’ll enjoy sharing with your students. Along with the activities is a list of related lesson plans!

NICCS Resources for Engaging Students in Cybersecurity – The National Initiative for Cybersecurity Careers and Studies (a part of the Department of Homeland Security) has put together a helpful guide to lead educators in bringing awareness of careers in the cybersecurity field.

Winning the Cyber Security Game –  If you are a middle school teacher, you’ll enjoy using this lesson plan with your students. Canadian educators will appreciate that it is aligned to the Digital Literacy Framework for Canadian Schools. Anticipate the activity taking one hour for 5th and 6th grade students and up to three hours for 7th and 8th grade students.

Free Resources for Teaching Students Cyber Security – Orion Technologies provided an “ultimate list” of resources for teachers. To better assist you in finding the perfect resources, they have divided them into the following groups: for teachers, for administrators, for younger kids, for pre-teen and middle school kids, and for older kids.

Cyber-Security Starter Activities – STEM Learning provides two starter activities to help get you started with educating students age 14 to 19 in aspects of cyber security.

Unplugged Activities – Did you realize you can teach cyber security concepts without the Internet?! Bits N’ Bytes by Kyla provides you with a lesson plan for 4th through 8th grade students that will take up to two hours to complete.

Find More…

If you would like to search for more ideas and resources, consider doing a Google search using this as your search query [  cybersecurity site:.gov   ]. This query (without the square brackets) will limit your search results to websites that have the .gov domain. If you want to search for information provided by universities, then change the .gov to .edu. Here are the search results for each: using .gov and using .edu.

If you feel like you have the skills and interest to become an ethical hacker, then check out Penny Hoelscher’s post at comparitech, 6 courses to learn ethical hacking online. Other resources to investigate include #ethicalHacking, #hackerNews, #infosec, and #cybersecurity.  And, if you have high school students who seem to have a knack for ‘getting into things,’ then this may be a honorable career pathway for them to make good use of those talents.

0 comments
0 FacebookTwitterPinterestLinkedinEmail
Free WiFi inside sign with knife and fork on either side
AndroidChromebooksCybersecurityGoogle Tips and TricksiOS Tips and Tricks

Secure On the Go Connections

by Miguel Guhlin
written by Miguel Guhlin

Attending multiple conferences this summer? I have been. A certain fact has come to my notice. Devices people are slipping into their backpacks and sling bags aren’t bulked up computing monsters. You know, the laptop with the seventeen inch screen. Or, the ultra-light Macbook with a weighty power supply. Instead, tablets and Chromebooks predominate. The problem most of us face, unless we use paper (synthetic or natural) and pen, we face a security challenge. We must secure on the go connections. In this blog entry, we will explore several virtual private network (VPN) solutions you will want to invest in.

 If the hotspot you’re using…[is] simply unsecured, hackers nearby can eavesdrop on your connection to gather useful information from your activities. Data transmitted in an unencrypted form (i.e., as plain text) may be intercepted and read by hackers with the correct knowledge and equipment. This includes data from any services which require a login protocol (Source).

Wait, What About Securing Paper and Pen Notes?

Keep a pocket notebook? Then you may feel you don’t need to secure your paper notes. That’s because someone would have to mug you, tear the notebook out of your hands. Yet, it’s not hard to imagine that a notebook could be lost or left behind. In that case, a synthetic paper notebook may offer a better solution. In some cases, a small paper notebook like the Rocketbook (read the TCEA blog entry, Write to Remember) may fit your needs.  The Everlast Mini, shown in the video below, has me reaching for my wallet.

How does it work? You can write on synthetic paper with a special pen, snap a picture of it using an app. Once the content in a synthetic paper notebook has been captured via the app on your smartphone, you can erase it. Erasure secures your data. Keep your smartphone encrypted behind  a passcode, no one will be able to get into it. But you still face the challenge of securing WiFi connections in your hotel room, at a conference, or on a network lacking encryption. Resist the temptation to simply hop onto an open network.

Image Source: How a VPN Protects Your Data

Get and Use a Virtual Private Network (VPN)

Whether in your hotel, restaurant, or conference space, protect your device with a virtual private network. Here are some quick recommendations that you can put in place. Be aware that free VPN solutions offer little protection. Online publishers like PC Mag and CNET suggest NordVPN, StrongVPN, TorGuard, and  Private Internet Access (PIA) as the top-rated tools available.  This video provides a simple overview of the problem we all face. I urge you to use one of these solutions when on an open, unsecured network.

Not ready to invest in a VPN? Get Cloudflare, which features the Warp VPN built-in. It’s free, works on your iOS and Android smartphone. It will give you some protection while sitting at the coffee shop.

Update: This blog entry had new content added to it on 10/1/2019.

0 comments
0 FacebookTwitterPinterestLinkedinEmail
BYODCTO/CIOCybersecurityEducational TrendsLeadershipProfessional Learning

Should Voice Assistants be Banned?

by Dr. Bruce Ellis
written by Dr. Bruce Ellis

Based on several comments on a previous blog post, Alexa: Your New Teacher Assistant, along with a few questions I’ve received via email, it seems there is a definite knee-jerk reaction by some districts to incorporating voice assistants in classrooms. While voice assistants are new technology and evolving quickly, I don’t think that necessarily makes them dangerous despite the recent scare with the Alexa emailing a recording to a person on a connected contact list. In all reality, stories like that one should reinforce the need for what most schools are already doing: providing training in the effective use of technology for educational purposes.

Responding to New Ideas with New Policies

When I look at some of the knee-jerk reactions that have taken place, it seems very reminiscent of when BYOD (Bring Your Own Device) was being praised (or scrutinized) in districts across the nation within the last decade. Those that accepted BYOD as a viable environment within classrooms thought through making sure their networks were secure, reviewing their policies, procedures, and practices, and even tailoring professional development to help teachers understand how to have BYOD in their classrooms. Districts put together their list of best practices, had open discussions with teachers, principals, and parents, and recognized that some educators may need more time before they can confidently support students in a BYOD environment.

Join the Conversation

I think we should approach voice assistants in the classroom in the same manner. Regardless of whether we use Google, Amazon, or Apple, or some other off-brand that pops up, we need to make sure that good thinking precedes it and lays the foundation for why we are doing what we do and how we do it. Since I’m guessing that voice assistants aren’t going away, it would behoove us to be part of the conversation that helps develop this technology to be valuable to education. Instead of throwing the baby out with the bathwater, consider having open meetings to discuss uses of AI devices, their connection to the curriculum, and how they can be incorporated in meaningful ways. If we don’t encourage students to evaluate the information they receive based on its credibility, authorship, or accuracy, then we have shortchanged our students and only provided a newer, trendy way of mindlessly copying/pasting information.

When I was an Instructional Technology Director, I was frequently frustrated by the technical side of the house. It seemed like they just wanted to say no to everything. Once I realized that was an asset and their perspective was really to provide as safe of an environment as possible, it became easier for me to change my communication from, “This is what I think we should do.” to “This is what I think we should allow our teachers and students to do. How can we do that in a way that is safe?” If you are in a campus or district and find yourself in a similar situation of being surrounded by those that don’t want to change (no matter what the change is), consider approaching them from this perspective.

Share Your Expertise

Are you already using voice assistants in your office or classroom (even secretly)? Let us know what you see as the pros and cons of the technology. What would be your recommendation to a teacher wanting to jump in and run with it? What advice would you give that would hopefully be useful not just for this technology but for future technology yet to be conceived? Remember, at the end of the day, it’s not really about the device.

If you are a technology director (or a technology director wannabe), we’ll be starting a new cohort in September with our Technology/IT Director Certification where you will find helpful live webinars and online courses to keep you current and help you stay ahead of the curve. Let us know if you are interested or if you have any questions.

 

0 comments
0 FacebookTwitterPinterestLinkedinEmail
Newer Posts
Older Posts