Home Cybersecurity
Category:

Cybersecurity

Stay informed on cybersecurity in education. Discover tips, tools, and strategies to protect schools, educators, and students online.

digital citizenship week
CybersecurityDigital Literacy

It’s Digital Citizenship Week

by Andrew Roush
written by Andrew Roush

Civics classes can help students learn their rights, privileges, and duties as a part of a larger society. For that reason, we include civics in most education programs. But today, being a positive part of society includes not only our words, actions, and behaviors in “the real world” — but those online as well.

Helping anyone, including students, understand the potential and potential dangers of the online world can be tough. Luckily, many are working on spreading awareness of what it takes to be a good digital citizen.

Defining Digital Citizenship

It’s all about staying safe while staying connected and understanding the realities of the digital world that we spend so much of our time in. Being aware of one’s actions online is a lot like our behavior in face-to-face society. That is, a good citizen should also be a good digital citizen.

With so many aspects of our lives online — no less now because of restrictions to gatherings — from banking to schooling, it’s important to consider our digital behaviors, and for educators to help learners understand the potential and potential pitfalls of the connected life.

Here’s a simple, memorable definition:

“The quality of habits, actions, and consumption patterns that impact the ecology of digital content and communities.”

Terry Heick, https://www.teachthought.com/the-future-of-learning/the-definition-of-digital-citzenship/

Virtual Library offers this definition: 

Digital citizenship can be defined as engaging in appropriate and responsible behaviour when using technology.

It encompasses digital literacy, ethics, etiquette, online safety, norms, rights, culture and more.

A digital citizen is one who knows what is right and wrong, exhibits intelligent technology behavior, and makes good choices when using technology.

https://www.virtuallibrary.info/digital-citizenship.html

Good digital literacy could include using strong passwords and password managers, understanding our personal online “brand,” and ensuring that our actions and words online are safe and secure, and that privacy is maintained, especially for students. 

Defining the Event

Digital Citizenship Week is designed to promote awareness of sound digital literacy habits and inspire best practices in organizations and individuals. That means sharing ways to interact safely online. This year, it is observed October 19–23. 

Common Sense Education is sharing events you can take part in to better understand your role as a good digital citizen.

  • Digital Citizenship and Supporting Young People’s Lives Online (RSVP)
  • Helping Kids Use Social Media Responsibly: An Educator’s Guide to “Social Media TestDrive” (RSVP)
  • Workshop for Educators: Digital Citizenship and Supporting Young People’s Lives Online (RSVP)
  • And more!

You can also check out a planning calendar, activities organized by age and grade, and many other resources

More from TechNotes

Looking for more ways to understand this topic, and inform your students (and staff, educators, and families) about staying smart online? Check out more digital literacy resources from TCEA below, and don’t forget to share your ideas in the comments!

More Digital Citizenship Week Links

0 comments
1 FacebookTwitterPinterestLinkedinEmail
cybersecurity
CTO/CIOCybersecurityTechnical Support

October Is Cybersecurity Awareness Month

by Andrew Roush
written by Andrew Roush

We live much of our lives online, and security in the virtual world can be just as important as physical security. This is especially true in education, and that’s why, in October, educators, administrators, and students are observing Cybersecurity Awareness Month. 

Defining Cybersecurity

The history of keeping digital devices, records, networks, and more safe has seen many changes, twists, and turns in its relatively short span. Known variously as IT security or simply computer security, cybersecurity includes “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information,” according to the U.S. Cybersecurity and Infrastructure Agency

Common cybersecurity practices might include multi-factor authentication, keeping software up to date, managing firewalls, using strong passwords, and being aware of common email scams. The goal is to keep computer hardware and software safe for users, and to help protect privacy online. 

Getting Web Wise

National Cybersecurity Awareness Month is marked each October in the United States. The practice began in 2004 when the U.S. Department of Homeland Security and the National Cyber Security Alliance launched the event “as a broad effort to help Americans stay safe and secure online.” This includes awareness of common online scams and tips for keeping your digital presence secure. 

The theme of this year’s event is “Do Your Part. #BeCyberSmart.” The organizers hope to use the event to highlight a number of easy practices to keep information safe.

Here’s how the National Cybersecurity Alliance frames it:

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.

National Cybersecurity Alliance, https://staysafeonline.org/cybersecurity-awareness-month/

Getting Involved

The National Cybersecurity Alliance encourages people to stay connected by following them on  Twitter, Facebook, YouTube, and LinkedIn. You can even download images and messages about cybersecurity to share on your own social networks. Check out more suggestions, ideas, and resources here.

Further, a number of events are planned throughout the month. Here’s what’s on tap for the rest of October. 

  • Week of October 12 (Week 2): Securing Devices at Home and Work
  • Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
  • Week of October 26 (Week 4): The Future of Connected Devices

The organizers this year are sharing “Tip Sheets” for cybersecurity at work, while traveling, with connected devices and digital assistants (IoT), as well as more specialized topics, like “e-skimming,” phishing attacks, and connected home security. Institutions can also get involved as “champions” for cybersecurity awareness.

Smart Solutions for IT Professionals

Those looking to improve their personal, school, or district information security may be interested in TCEA’s System Administrator and Technical Support Conference, online October 20–21. This annual event is designed for CTOs, network managers, and tech support pros — and this year we’re bringing you up-to-the-minute solutions, all online and available on-demand following the live, virtual event.

Click the link here to see the list of topics, the schedule, and to register. 

More on Cybersecurity from TCEA

Image by methodshop from Pixabay

0 comments
1 FacebookTwitterPinterestLinkedinEmail
typosquatting
CybersecurityTechnical Support

Are You a Victim of Typosquatting?

by Dr. Bruce Ellis
written by Dr. Bruce Ellis
Image of mysterious hacker

Educators have made great strides in teaching digital citizenship to students. Many students now know the value of a strong password (that is, not shared with anyone), common phishing scams via email, and even how to spot fake news sites.

But few students realize that if they misspell a website URL, they may end up at a site that is more than they’ve bargained for.

Cybercriminals have figured out how to scam folks, even those who are trying to do all the right things. It’s likely that this has happened to you or someone you know. You type in the URL and hit Enter, not realizing that you made a small typo in the address. But you end up at the intended site, or so it seems, so you don’t catch your error.

Little do you know that those criminals have planned for your typo and created a mock site at which they hope to solicit personal information from you and/or gladly share malware with your system. The term given to this type of nefarious activity is typosquatting; you may have also heard of it by other names such as URL hijacking or cybersquatting.

To counter this, many retailers purchase misspellings of their own URL and have it automatically direct users to the intended URL. Those retailers who aren’t quite so savvy, or slow to purchase the misspelled domains however, may find that the criminals are getting free traffic each time a user accidentally makes that typo.

For example, Google’s main site is http://www.google.com. But they also have these other domains that, if you type, will automatically direct you to the correct page: gooogle.com (notice the additional “o”), googel.com (it should be “le”), and gogle.com (oops! an “o” is missing).

Strategies to Lessen the Likelihood of Being a Victim

Check Your Spelling

If you are typing the URL in the search box, be sure that you are typing the address accurately. Just a small typo can land you on a website that can be nefarious and damaging to your computer. If you have ended up at a typosquatting website, check to see if your browser allows you to block specific websites. If so, add the site to your list to prevent the mistake from happening again.

If you aren’t sure if your browser has this feature, check out Computer Hope’s post; you’ll find a variety of ways to block the website to protect you and others that may share your computer.

Verify Before You Click

If you are clicking on a link, be sure to check the spelling of the domain before clicking on the link. It is very easy to read what we think something says instead of what it really says, like the word puzzles that have “the the” in the sentence, but our minds only read it as one “the.”

If the URL is in a hyperlink in which the text is different than the URL, mouse over the hyperlinked text; you should notice the URL appear (typically in the bottom left of your browser). Paying attention to this can greatly reduce the chances that your computer is compromised by hackers who are creative enough to use typosquatting as one of their strategies.

Educate Your Users

If you are in a position that supports users and manages the network at your district, it is important to provide clear instruction and education to your employees. Though you probably already have SPF and DKIM included in your DNS and are utilizing anti-spoofing technology, don’t underestimate the creativity of hackers. After providing adequate training, make use of designated emails to catch those who are employing the strategies. All it takes is one user to infect their machine, which can then quickly spread to other users.

This education isn’t just limited to adult users. It is important for students to have appropriate information included as part of their digital citizenship curriculum. Also, it may be helpful (and appreciated) if basic information and strategies are shared with parents.

Are You Already a Victim of Typosquatting?

If you think you’ve been a victim, contact your information technology department. They can guide you in current strategies that are being used in the district, as well as specific recommendations for trusted browsers and possible browser extensions to use. They can also help make sure that your antivirus software is installed correctly and updates regularly without any effort on your part.

At TCEA, we want you to be safe as you surf the internet. For more information on how you can stay safe, check out our other posts related to cybersecurity, such as Five Cybersecurity Tips for Newbies and How to Adopt a Security Mindset, at https://blog.tcea.org/category/cybersecurity.

0 comments
2 FacebookTwitterPinterestLinkedinEmail
cybersecurity
CTO/CIOCybersecurity

How You Can Adopt a Security Mindset

by Ted Gruenloh, Guest Author
written by Ted Gruenloh, Guest Author

As the CTO or network administrator, you focus your valuable time on the health and integrity of the network so your staff and students can focus on their work. This may or may not allow you to spend the necessary time required to protect the network from intrusions, malware, and other cybersecurity threats. If you find yourself wishing for more time and resources to devote to security, you’re not alone.

Perhaps you need a new security mindset – one that can focus the resources you do have on what really matters. Here’s a suggestion: start looking at security from the inside out. It begins, strangely enough, with the assumption that you have been breached and now you must begin the forensic analysis of how it happened and what was lost.

A New Security Mindset

How would starting with the assumption you were breached change your overall philosophy about network security? First, you would know there was a serious problem to solve in your network, which would help to shape your thinking in terms of how to protect it, how you’d recover, and the tools you would need to do the job. The focus becomes “what is the most important thing on my network?” What are the crown jewels, so to speak, of your data and physical assets that could be most harmful to your district if they were compromised?

And if they were – despite all the security you have in place – how could it have happened? Looking at those scenarios will help you to determine two things. First, if there might be any weaknesses in your defenses after all. And second, if all else failed, how would you protect those vital assets? Maybe your highest priority would become network segmentation, reliable backups, a well-thought-out disaster recovery plan, or a more proactive prevention approach, backed by sophisticated threat intelligence.

Going Further

Assuming you’ve been breached is actually one of seven security mindsets that are the key to successful defense. Network security, after all, is not just about devices or hardware and security tools. Those all change over time. The right mindsets are what will keep you on track. And here they are, briefly:

1. It’s all about the people.

This one comes first for good reason. Awareness has improved over the years, but most security breaches still start with someone clicking on a bad link or falling for a phishing email. User training, including the basics of a strong password, and the implementation of 2FA might be the best investment of your time and resources, and the one with the greatest payoff.

2. There’s a new way to layer security.

It goes beyond protecting the perimeter and putting antivirus protection on endpoints. It’s about active threat intelligence that provides protection and visibility, a way to see and record network traffic for analysis and for detecting threats as early as possible. 

3. Know what’s normal.

Establishing a baseline for your network enables you to detect when something may be wrong. Reviewing the “Basic” CIS Controls is always a good start here, and Network Security Monitoring (NSM) tools can be an inexpensive alternative to complicated SIEM devices for setting that baseline and monitoring your network traffic.

4. Take action when things aren’t normal.

When you have the relevant data and can spot threats before they develop into something serious, you can be more proactive. An effective back-up solution falls under this category, too. Your awareness of what is normal and what isn’t becomes a huge advantage.

5. Don’t underestimate the importance of threat intelligence.

The more you know, the better you can defend. Taking advantage of threat intelligence vendors’ services, or of the many other available sources of information about security threats, sharpens your defenses. This helps correlate and make sense of the data you see going across your network. As a bonus, active threat intelligence can be applied on the network to block threats before they get a chance to get a foothold.

6. Stay current.

Don’t wait for some professional group or government organization to announce an emerging threat. Join industry groups that share threat information. And get connected via social media, following top network security professionals and journalists on Twitter, for instance.

7. Assume you’ve been breached.

Again, this mindset helps you prepare for the worst, recognizing not only your weaknesses, but moving to put solid plans into place for prevention and recovery.

This blog is based on Ted Gruenloh’s presentation at the TCEA 2019 System Administrator and Technical Support Conference. For a comprehensive explanation of these security mindsets, check out the eBook 7 Security Mindsets to Adopt Today.

unsplash-logoPhoto: Taskin Ashiq
0 comments
0 FacebookTwitterPinterestLinkedinEmail
mobile phone
ChromebooksCybersecurityGoogle Tips and Tricks

Maintain Teacher Privacy with Google Voice

by Miguel Guhlin
written by Miguel Guhlin

As an educator leading remote learning, you may need to call parents. But sharing your mobile number may cause you concerns. Giving students and parents your personal mobile phone number is unprofessional and you may find yourself

in an uncomfortable situation. After all, what if you are at home relaxing with family and you get a phone call to your smartphone? It will feel like a personal moment, but you have to be ready to put on your professional hat. Avoid that. Get another phone number at no extra cost with Google Voice.

Note: Educators should avoid using Google Voice to contact students. You should adhere to your school district’s or organization’s approved communications tool. For example, that may be Seesaw, Google Classroom, MS Teams, or another learning management system. Use Google Voice for contacts with colleagues, parents, and others from whom you would like to safeguard your personal phone number.

What Is Google Voice?

Google Voice is a free* to start service available to you if you have a personal Gmail account. You can make phone calls via the Voice app on your phone or through your web browser. It’s a boon to teachers who may need to speak to parents during the COVID-19 challenge. It’s also nice to be able to share your Google Voice number with strangers. Only you need know that it’s not your “real” phone number.

*Note: If you decide to use Google Voice, you may have to add credit to it. You can add credit to it as you need it. Since it features a billing history, you can keep a record and share that with your supervisor for reimbursement. Some school districts are offering to provide reimbursement for phone calls since teachers have to call parents. This will vary from district to district, so be sure to get clarification. Privacy has a price. That price in the United States is $0.00 per the Google Voice calling rates.

My Google Voice number is 210-617-3330. I’m comfortable sharing it with you because it’s not my smartphone number. And, if spammers get hold of it, I add them to my blocked list. In fact, I rely on the Should I Answer app on my phone to intercept robocallers.

google voice

Why Sign Up for Google Voice?

A close teacher friend keeps her students’ parents updated all the time via Seesaw but COVID-19 caught her and others off-guard during spring break. But her school district administrators want her to contact parents. Have you ever had to deal with parents or guardians who couldn’t maintain a professional distance? I know I did and I was always grateful that they didn’t have my number.

Worse, if you work with older students, it is inappropriate to share that number.  It opens you up to the charge that you are engaging in private conversations with students. That’s a violation of many responsible use agreements (RUAs/AUPs). How do you solve this problem?

Did You Know?

Sign up for one of our Google Certified Educator certifications. You’ll learn about more than Google Meet, as well as earn 12 CPE hours per course. Use these courses to get Google Educator certified. Find out more online.

Some small school districts who have poor phone systems that fail may want to get an “alternate phone.” The alternate phone (using a personal Gmail account) is one that works even when the district’s phone system goes offline.

The way to solve all these problems is get a Google Voice number based on a personal Gmail account, NOT a G Suite EDU. Follow these steps to get started.

Steps to a Google Voice Number

To get a Google Voice number, login with your personal Gmail account, then go online to the Google Voice website. Be sure to login with your personal Gmail account, NOT your G Suite EDU (school/work) account. If you don’t have your own Gmail account, then you may want to get one first.

google voice

Step 1- Get a Google Voice Account

Go to voice.google.com to get your account. Make sure to use the blue SIGN IN button in the top right and again, be sure to use your personal Gmail account.

Step 2- Select Your Phone Number

Google will provide you a list of available phone numbers in your area. Choose one that you would like to use. Make sure to write it down.

google voice

Once you have selected your phone number, you will VERIFY the number you want to connect it to.

google voice

Step 3- Make Phone Calls via Web Browser

You can begin making calls immediately via your web browser. Once the call connects, you will be able to have conversations via your computer’s mic/headset.

google voice

Note: Phone numbers pixelated to protect privacy.

Step 4- Make Phone Calls via the Voice app on Your Smartphone

Need to make phone calls via your smartphone? You can get the app for free via the Google Play store on your phone or iTunes. It’s easy to install. You will need to verify your phone one more time. When you are ready to make phone calls on the go, start with the Voice app on your smartphone.

Step 5- Customize Settings

One of the neat things about Google Voice is that you can customize the settings. Those settings include DO NOT DISTURB. You can turn on DO NOT DISTURB when you want all calls sent to voicemail, such as after work hours. Another neat feature is being able to record one or more professional greetings. For some, this might be an easy way to share daily announcements. You are also able to screen calls. When you do that, you are able to hear a caller’s name when you pick up.

google voice

If you don’t want to disconnect altogether, you can get your voicemails transcribed. Google will work as your assistant to send transcribed voicemails to your email. There are many other settings. Here are a few I recommend you set under Calls:

  • Turn on “Always use my phone to place calls.” This will ensure any calls you start on your computer end up on your phone. If you need to record calls using Audacity, you may want to leave this off.
  • My Devices. Decide what device you want to answer calls on. To push all calls to the web so that you don’t get bombarded on your smartphone, turn on the web, but leave others off. If you don’t mind calls beings forwarded to your smartphone, turn that on.

Google Voice Makes Calling Parents Easy

As wonderful as your parents in your classroom are, you may not be ready to share your number with all. And, with little ears listening, it’s better to keep your real phone number to yourself. Using Google Voice, you can be fearless about sharing your Google Voice number. And you can feel comfortable reaching out to students and parents.

Need a printable document? Share Hunter McConnell’s handout:

12 comments
6 FacebookTwitterPinterestLinkedinEmail
padlock on top of keyboard
CTO/CIOCybersecurityDigital Literacy

Five Cybersecurity Tips for Newbies

by Miguel Guhlin
written by Miguel Guhlin

A topic that remains evergreen is National Cybersecurity Awareness Month’s (NCSAM) “Own it. Secure it. Protect it.” While NCSAM offers this nice toolkit in portable document format (PDF) for you, I thought I might share a few more tips.

In this blog entry, you get access to two Wakelet documents full of information on encryption tools and cybersecurity concerns. Before I share those, let’s revisit one of the reasons why cybersecurity is so important.

Set Yourself Up

“I don’t take the time to change my passwords, filter through my subscription lists and my unused apps, etc. My degree has a focus in computer security, so it is a little disappointing that I do not take the time to have a better digital footprint,” shared one educator in an online forum. If you’re not taking the time to secure and protect what you own online, you are inviting malicious use of your data.

As educators, it’s easy to imagine that we safeguard student data. The truth is, we fail our students when our own practices fall short of modeling cyber-secure practices. Set yourself up for protected use of your data, not for theft by others.

cybersecurity tips

Encryption Tools for Educators – https://wke.lt/w/s/FZz-UX

View Wakelet featuring Encryption Tools for Educators and Students

Tips for Securing and Protecting YOUR Data

Let’s review a few tips that you can take as an educator to better protect yourself, and in turn, model appropriate strategies to students.

Tip #1 – Switch from debit cards to protected credit cards.

“Where did you use your credit card, sir?” asked the bank attendant. “Well, I stopped to get gas in that small town south of the city.”  His short nod confirmed that was the location where unauthorized purchases were made.  Gas station fraud due to skimmers is on the rise. Don’t be a victim.

Make a decision to NOT use your debit card or write print checks with your routing and account number on them. A few short years ago, I had to close all my accounts at a credit union that didn’t offer me better protection.  I would also recommend setting up a separate email for financial accounts. An encrypted email (e.g. ProtonMail) works even better. Never use the same Yahoo/Gmail account you use for signing up for Netflix or Disney Plus for banking and medical accounts. Keep that for common use, but rely on your encrypted account for financial and medical transactions.

You will want to set up two-factor authentication for all email, cloud storage, digital accounts. You will need to have your smartphone with you to receive text messages or run a simple, easy authentication app that will give you a number that changes every 60 seconds for the digital account. This works, as I’ve had attacks on my accounts and seen it action.

Tip #2 – Freeze your credit reports to prevent new accounts.

Want to stop new accounts being opened in your name? With the Door Dash, Equifax, and other data security breaches recently, it’s not hard to imagine someone having all they need to create an account in your name. Prevent others from opening new accounts as if they were you by freezing your credit unless a special PIN# is used. These approaches aren’t foolproof, but they do help. 

Quick Alerts: Get alerts via your bank mobile app for all transactions. I love knowing when funds come out of my bank account. Even if it’s my wife buying me a gift for my birthday.

Be sure to check your credit frequently. Annual Credit Reports provides a free service, but you may need to pay to get that more often. Here are a few credit freeze sites:

You’d be surprised at the peace of mind you get from securing your credit report. Before you freeze your credit reports, you may want to sign up for Experian and Credit Karma apps on your device. What’s nice about these is that they give you quick updates on your credit report status. Also, be sure to  notify credit agencies of potential identity theft if you know your personally identifiable information (PII) has been stolen.

Tip #3 – Online Social Security account.

Create the account before the bad guys do. Problem is, if you froze your credit reports, you’ll have to go in person to the Social Security Admin building. Be sure to file your tax return early, otherwise others may do it and get your tax return check.

Bonus Tip: Give the Password Checkup extension for Chrome a try. It will check your passwords as you use them against the list of passwords resulting from data breaches. Some may not want to do this because it means Google is checking every password you type. Fortunately, no passwords are sent out. Learn more.

Tip #4 – Manage your usernames and passwords.

You may be comfortable using the same password on all websites, but know that hackers are comfortable with your decision to do so as well. Here are some ideas to better manage your usernames and passwords.

  • Use secure passwords. I like to use secure password generator and then add my own twist to it. I end up with a secure password that I keep track of using a password manager (e.g. Keepass, Bitwarden).
  • Add a password or pin number to all bank account transactions. It takes an instant, but without it, it may make it difficult for bad guys to access your accounts. And, of course, change these from time to time.

If you are carrying a paper notebook with all your usernames and passwords, you’ve set yourself up for disaster. If you are trying to remember them and using cues from your life (e.g. middle name, birthdays, pet’s name), be aware that these are easy to get. Get Bitwarden and access your confidential data on the go.

Cybersecurity Concerns – https://wke.lt/w/s/OYHnn

Tip #5 – Encrypt confidential data.

If you’re not protecting medical records in a locked safe, then chances are you have yet to encrypt your cloud data. Make every effort to encrypt confidential data documents you have saved in cloud storage (e.g. Google Drive, OneDrive, Dropbox), as well as when they are “at rest” on your laptop, USB external drives, smartphone, and tablet. Doing so is easier than ever. Note that cybersecurity concerns often arise from unencrypted data (view Wakelet on Cybersecurity Concerns).

Another aspect involves encrypting data when it is in transit, that is, when you’re sitting at Starbucks working on your bank account or reviewing LabCorp medical test results. For goodness sake, use a virtual private network (VPN), such as Mullvad VPN. Take some time to secure your on the go connections.

Wish there was more you could do?  Read the NCSAM toolkit and make securing paper and digital resources of your life and work a top priority. You can never do enough to protect yourself.

Updated with new password management, VPN tool, and new content on July 25, 2023.

1 comment
0 FacebookTwitterPinterestLinkedinEmail
fingerless gloved hands on a laptop keyboard
CTO/CIOCybersecurity

Are Schools Easy Targets for Cyber Threats? The Latest Report Says “Yes”

by Miguel Guhlin
written by Miguel Guhlin

Ransomware attacks penetrated the defenses of 500 schools in 2019. The K-12 Cybersecurity Resource Center attributed only eleven incidents in 2018 to ransomware. When you think about schools, do you imagine an impenetrable fortress? Sixty-eight percent of IT leaders list cyber threats as a top priority. In spite of that, cybersecurity defenses are thin. A new report from Absolute Software describes just how thin. In July and August of 2019, the number of total security incidents jumped to 160. This exceeded the total number of incidents identified in 2018.  Here are some key findings from this report released in October 2019.

While the focus on technology delivers many benefits to students and educators, it also creates more complexity — and more work for resource-constrained teams. Within a few years, K-12 IT leaders have gone from managing a couple of operating systems, a handful of apps, and a few hundred devices to managing hundreds of versions of operating systems, apps, and extensions; and thousands of devices.

Finding #1: K-12 Schools Are Digital Now

In compiling data for their report, Absolute Software discovered some startling information. For example, ninety-four percent of schools have high-speed internet. In schools, technology spending has increased sixty-two percent from 2016 to 2019. And eighty-two percent of districts provide student devices in one-to-one or similar programs. But going digital has consequences for schools, exposing them to fresh dangers. For example, since 2016, there have been 700+ cybersecurity incidents. Schools are the second highest target of ransomware. See the interactive map below. Olive green bubbles represent education.

Did You Know?
To combat ransomware, the U.S. Senate and House have passed legislative bills to create the DHS Cyber Hunt and Incident Response Teams Act. DHS will “maintain cyber hunt and incident response teams to help private and public entities (like schools, students, employees, local government) defend against cyber-attacks.”

In spite of schools going digital, twenty-one percent of devices are used less than an hour a day. Approximately 60 percent of students don’t use devices at home. Putting devices in schools has resulted in 17,000 crime-related device losses in two years. Of those who use school devices, thirty-four percent fail to return them.

Students themselves are doing everything in their power to circumvent those protections. There may be no malicious intent — the students just want access to content that may be restricted on school devices — but their actions create gateways for malicious outsiders.

Finding #2: Staff and Students Open the Door

“Educators in all contexts need to open the door to authentic teaching and learning,” says Wes Fryer. Unfortunately, a lot has changed since 2006 when Wes said that. Forty-two percent of schools have students or staff that actively circumvent security. This often comes in the form of unique proxies or rogue virtual private network (VPN) apps.  When schools opened the door, more than authentic teaching and learning snuck in.

With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with applicable student safety laws.

Finding #3: Digital Tech, A Management Challenge

Spending time troubleshooting a device in class wastes instructional time. When devices fail, schools rely on native client/patch management tools. With so many different devices and operating systems in schools though, there is no one tool for all. For example, consider that Absolute Software found the following was true:

  • 93 percent of schools manage up to five versions of common apps
  • 137,000 unique application versions
  • 6,409 unique Chrome OS extensions
  • 11 device types
  • 258 unique operating system versions across Windows, Chrome, Mac, and others

cyberthreats

Managing that many different systems and devices could give anyone a headache. It’s no wonder technology departments like to standardize on platforms and tools. To manage them, they bring  in various client management systems. Of those, there is a fifty-six percent failure rate of client management tools. To close the gap and make things work, technicians have to engage in a manual resolution process. Worse, most departments are under-staffed. This means you have a perfect storm for data breaches.

Our study reveals that schools that have encryption in place experience agent failures on an average of nine devices per day — almost half of which never recover, leaving students and staff at risk of potential data breaches

Finding #4: Underutilized Devices

One of the most disheartening points in this report speaks to underutilized devices. Whether on or off campus, many devices are used for less than an hour a day. Twenty-one percent of devices fall into this category. Sixty percent of students don’t use devices schools have purchased for them at home.

In my own experience, this can mean that devices that sit idle are easy targets for theft. Thirty-four percent of users fail to return devices at school year’s end. That is, these devices are “lost or stolen.” Another eye-opening statistic? Forty-six percent of devices are stolen from cars. Some of those devices will contain sensitive data that is not encrypted (Learn more about Texas Safe Harbor and encryption via this Wakelet).

It is irresponsible to invest more public dollars into new security technologies if the basic measures — visibility, control, and resilience — are not operating effectively first. Getting the basics right will enable IT leaders to redirect this budget toward enhancing or expanding digital equity initiatives.

Finding #5: Solutions

The report offers potential solutions. It encourages schools to start by getting the basics right. With K-12 technology spending set to grow to $342 billion by 2025, the basics are important. Those basics include:

  • Visibility: Better awareness of what happens on student-managed devices
  • Control: Tighter controls over what gets put on devices
  • Resilience: Ensure basic tools work and use funding to get tools that fill the gaps

End-user training (e.g. staff, students) remains an ever-present high priority.

Critical Questions to Ask

How is your technology department strengthening the basics? How are you addressing the need for end-user training in a comprehensive way? How are you ensuring technical staff have the support and training they need? Yesterday, you could hire low-paid high school graduates. Today, they need a world-class education in cybersecurity and client management. How are you closing the gap?

Schools have gone digital, and with digital learning comes a host of problems. Chief among them are increasing ransomware attacks, difficult device management, and data breaches. To resolve these issues, schools need to get the basics down and close the gap in end-user training.

1 comment
0 FacebookTwitterPinterestLinkedinEmail
Legislature
AdvocacyCoding/Computer ScienceCTO/CIOCybersecurityDigital LiteracyProfessional LearningSTEM/STEAMTechnology Applications

86th Texas Legislature Wrap-Up

by Jennifer Bergland
written by Jennifer Bergland

All good things must come to an end, but only someone who loves politics would consider the legislative process a good thing. I’m one of those people. I love every minute of it, even the ones that go past midnight! Looking back over the past four months, I am happy to report that TCEA was able to move our vision of education forward through legislation and have some promising opportunities to help shape the future of Texas schools. I have created a 2019 Bill Analysis document that include the specifics about the bills that will impact digital education, but below is a quick summary of the more important bills.

Computer Science and Coding

LegislatureWe had some huge wins in the area of computer science and computational thinking this session. Our six-year goal of providing weighted funding for the 9-12 Technology Application courses has finally been achieved. In HB 3, the school finance legislation, the weighted funding for CTE was changed from grades nine through twelve to grades seven through twelve. In addition, the bill specified that CTE courses and programs include Technology Application courses. This means that Technology Application courses from grades seven through twelve will receive the same weighted funding as CTE courses, which is 1.35 (instead of the normal 1).  HB 963 requires the SBOE to consolidate the 9-12 Technology Application courses with similar courses found in the CTE curriculum. The goal is to eliminate duplicates and identify the purpose of each of the courses. Finally, HB 2984 requires the SBOE to update the K-8 Technology Application standards to ensure that they include coding, computer programming, computational thinking, and cybersecurity. It also establishes a committee to create a strategic plan for K-12 CS education to increase computer science instruction and participation in public schools.

Broadband

LegislatureThere are two pieces of legislation that are going to impact educational broadband. The first is HB 1960 which creates a Governor’s Broadband Council that will advise the governor on issues related to broadband access to unserved areas. This is progress, but not as much as we hoped for. There are few, if any, areas of Texas that are unserved. The original bill included underserved areas, but heavy lobbying by the large telecommunication companies eliminated that language from the bill. However, we consider this progress because we finally have some entity at the state level that will look at the state’s needs for broadband from a strategic perspective. For too long, all state entities have tried to provide affordable, scalable broadband for their own purposes when it would be much more cost efficient to survey the needs across agencies and entities and design a plan to meet all the needs. HB 1960 at least establishes a council that could do this in the future, if given the authority.

The second bill that may help with broadband is HB 3906. This is an assessment bill that requires online testing by 2022-2023. The bill requires TEA to evaluate the availability of Internet access for each school district and identify changes to state law or policy that are necessary to improve the availability of Internet access. This may open a door for more aggressive action in parts of the state that are “served” but are underserved.

Digital Learning

HB 3 established a Blended Learning Grant program and then funded it at $6 million a year. TEA’s Math Innovation Zones are how the agency is fulfilling this requirement. It is good to know that the agency has funding to continue these types of grants.

Legislature

I have already mentioned that HB 3906 requires TEA and the SBOE to implement online testing by 2022-2023. Before this can happen TEA and the SBOE must devise an implementation plan that is approved by the legislature. The planning for this type of implementation will require heavy district input, which will largely come from their technology departments. This has the potential to finally focus some much needed light on what the state must do in order ensure that all students have access to technology, not just for assessment, but for learning throughout the year. In order for students to be successful on an online assessment, they must first be technically proficient and familiar with the type of device they will be using when taking the assessment. This translates to more access to digital tools for all students.

Funding

HB 1 is the budget bill for the 2020-2021 biennium. Listed below are some of the appropriations that were made that will impact digital education:

  • Technology and Instructional Materials Allotment – $1,101,430,204
  • OER curation – $20,000,000
  • Blended learning teacher training – $2,000,000
  • Blended learning grants – $12,000,000
  • TxVSN administration – $800,000

HB 396 allows districts to use their TIMA on software that will help manage instructional resources, including the usage and effectiveness of digital materials. HB 4611 stipulates that 50% of the funds that the Texas General Land Office sends to the legislature for education must be appropriated to the TIMA. If this had been in place this biennium, there would have been $3 million more placed in the TIMA. In addition, the budget stipulates that the SBOE should restrict instructional material proclamations to 75% of the TIMA and should consider school district’s technology needs when determining the size of the percentage of the Permanent School Fund sent to the legislature. 50% of this distribution goes into the TIMA. In translation, this means the SBOE should be sending the legislature enough money from the PSF to fund both the instructional material needs of school districts and also their technology needs.

Cybersecurity

SB 820 requires each school district to establish a cybersecurity policy that determines the cybersecurity risks to the district and a plan to mitigate those risks. The district will also be required to designate a cybersecurity officer who will oversee the policy. In addition, the district will be required to report to TEA any cyber attack that breaches the system security and notify the parents of the students whose information has been compromised.

Professional Development

LegislatureThere are several opportunities in the bills mentioned above that will provide professional development in digital learning. The Blended Learning Grants are largely designed to provide professional development for educators in blended learning, not to mention the funding provided to UTeach to continue to provide this type of training to Texas teachers. Also, this is a good chance to remind districts that the TIMA may be used to provide professional development on the use of technology. In addition to these bills, the legislature passed HB 2424 that requires the SBEC to establish rules to create microcredentials in fields of study related to an educator certification class. This was one of TCEA’s legislative priorities, so we are excited to see this bill pass.

What’s Next

The legislative session has come to an end, but  the hardest work is ahead of us. Enacting legislation is the first step in changing things. Now we begin the process of working with the different agencies and entities to ensure they are enacted well. Stay tuned for more blogs about many of these legislative initiatives and how you can provide input.

Credits

Photo of the computer code taken by Sai Kiran Anagani on Unsplash. Photo of cables taken by Jordan Harrison on Unsplash. Photo of teacher interacting with students taken by Mimi Thian on Unsplash Photo of teachers taken by Kylie Haulk on Unsplash.

0 comments
2 FacebookTwitterPinterestLinkedinEmail
internet security
CybersecurityDigital Literacy

Internet Security 101: What Teachers and Students Need to Know

by Guest Blogger
written by Guest Blogger

As educators, you have a high expectation to provide a quality education for today’s youth. But you know that being an educator means much more than just being a teacher. You’re their mentor, their supporter, and someone they can look up to. Your role is ever-changing.

Over the years, we’ve noticed an increase in threats to both student and teacher safety. One less talked-about threat has caused a serious issue for many schools recently. In 2017, there were 455 reported cybersecurity incidents in the education sector alone, according to Verizon’s data breach survey. This number does not reflect unreported cases of problems such as cyberbullying and identity theft. With the expanding use of technology in classrooms, Internet safety has become an issue —and it’s time we start talking about it.

This article will provide tips to help you encourage safer and more responsible use of the Internet among your students.

Tip #1: Learn Your School’s Policy

The most important step is to familiarize yourself with the policy and regulations that your school has in place. There is likely a section on this topic within your employee handbook or on the district website. If there are resources listed for parents and students, check them out.

Having a strong antivirus program installed and knowing the signs of a phishing attack are some of the best mechanisms to protect your school from a cyber attack.

Ask your administrators the important questions. What disciplinary actions are taken when students or faculty break the rules? Are there materials on Internet safety lessons that are available to you? You should also ensure that your school has proper defense systems in place. Having a strong antivirus program installed and knowing the signs of a phishing attack are some of the best mechanisms to protect your school from a cyber attack.

Tip #2: Incorporate Internet Safety Lessons

Beginning the conversation in the classroom will help encourage responsible use, even outside of school grounds. These conversations need to be had, but limited support exists for teachers. Developing ways to incorporate Internet safety into lessons is often best. Important discussion points include appropriate behavior, protecting their personal information, and chatting responsibly online. There are many sites that offer lesson plans and activities, such as this one from BrainPOP.

Tip #3: Talk About Cyberbullying

It’s hard to always be aware of everything that is happening with your students online. One common issue is cyberbullying. Kids and teens are unfortunately more likely to participate in bullying their peers in an online setting. The Internet can be much more anonymous than face to face. That makes its occurrence more prevalent than traditional bullying. Teaching your children to be kind to one another is the best prevention method. It’s also important to build a relationship of trust with your students. This will help them feel comfortable notifying you when they are being cyberbullied or have witnessed a peer cyberbullying another peer. Be on the lookout for the warning signs by educating yourself.

Tip #4: Protect Your Digital Identity

When it comes to Internet security, children are often most at risk. Because of this, its crucial that they learn to protect their digital identity. The earlier students begin using the Internet, the sooner their digital footprint forms. Over time, a larger profile builds around them which can be revealed with a simple Google search. Future college admissions representatives and employers look into these digital profiles. Students wouldn’t want a simple mistake to hurt their chances of going to their dream school or getting their perfect job. Teach them the importance of being responsible with what they post and knowing how to properly remove anything harmful to their reputation.

Tip #5: Take Your Own Advice

The best way for your advice to resonate is to practice what you preach. Take precautions and protect your devices. When you hear your students talking about the newest craze, whether it’s a social media app or a video game, take the time to research it.

Use strong passwords and create an email address that is more professional than personal. You should also look into the privacy settings on your computer to ensure that you have the right protections enabled.

As an educator, there is a higher need to keep your own information secure. You wouldn’t want your students to access anything that is potentially embarrassing, or information you want to keep private. Use strong passwords and create an email address that is more professional than personal. You should also look into the privacy settings on your computer to ensure that you have the right protections enabled.

Together we can make the Internet a safe, responsible, and fun resource for students to use!

This is a guest blog post by Brent Scott. Brent works in the field of cybersecurity, educating the community on the best ways to protect their digital identity online. His goal is to work with teachers, parents, and educators everywhere to ensure that the Internet is a safe environment for all students to explore.  

0 comments
0 FacebookTwitterPinterestLinkedinEmail
padlock on keyboard
ChromebooksCTO/CIOCybersecurityGoogle Tips and Tricks

Protecting Confidential G Suite Files

by Miguel Guhlin
written by Miguel Guhlin

“I’m working with a few schools. They only wish to send password protected files. The files will go outside their organization,” says John M., a Google Certified Trainer*. “From a Windows machine, that’s fine. But we’ve moved to a Chromebooks-only environment. How do you add a password to exported files, like DOCx or PDF, that get sent via email?” In this blog entry, we’ll explore several no-cost (free) options for protecting file attachments. Ready to take a closer look at the problem and possible solutions?

The Problem

In organizations with Chromebooks only, how do you encrypt files? On a Chromebook, you can’t run traditional programs available on Windows or Mac. This means you have to find web-based solutions to share files and encrypt. For schools and organizations in Europe, John points out GDPR is a concern. Before we go into possible solutions, let’s review what GDPR is.

GDPR (General Data Protection Regulation) is a new legislation. It  applies to all companies who collect, store, and process any data. While focused on data belonging to European Union citizens, it has wider effects since GDPR applies to all companies across the world. This means that it affects Americans, as well as EU citizens. GDPR went into effect on May 25, 2018 (source: video). American companies must comply, even if enforcement in the United States remains unclear.

Exploring Solutions

How do you safeguard sensitive information in a G Suite EDU environment? How do you add password protection to a file and send it via email in Chrome OS? To organize solutions, you first have to ask yourself a few questions:

  • Do I need to protect the content of the email itself?
  • Do I need to protect the file attachment?

Let’s look at a few tools you can use.

Protecting Email Message Text

If you need a solution to protect email content, the actual body of the message, use one of the following. Each offers AES-256 level encryption.

g suite encrypt

One solution to explore is Paranoia Works Text Encryption Tool PTE). It is a browser-based tool that makes it easy to encrypt an email’s message text. The interface works in an simple way and safeguards the content with encrypted text. It offers these steps:

Encryption:
1. Set a password.
2. Write or paste a text into the Unencrypted Text area (green bordered).
3. Press the Encrypt button.
4. An encrypted text will appear in the Encrypted Text area (red bordered).
5. Copy the encrypted text and use it however/wherever you want.

Decryption:
1. Set a password
2. Write or paste an encrypted text into the Encrypted Text area (red bordered).
3. Press the Decrypt button.
4. A decrypted text will appear in the Unencrypted Text area (green bordered).

For Chromebooks that can run Android apps, you might want to get the app. The app is Secret Space Encryptor for Android (shown below) via the Google Play Store. See the online tutorial.

An alternative text encryption tool you can use is FourmiLab’s browser tool. This latter tool provides a streamlined view (shown below) without documentation.

g suite encrypt

Your organization should standardize on either PTE or FourmiLab’s solution. Save either tool to the Chromebook for local use, even when not online. What’s more, you can use these within Google Docs, too. That is, you can choose to encrypt the text in a Google Doc, but you will have to copy and paste the content in and out of a Google Doc.

The main benefit of these tools is that they are free, no cost options.

Protecting Email File Attachments

John’s original question focused on files exported from G Suite. This could include DOCx, PNGs, JPGs, PDFs, PPTx, and many other formats. G Suite for Education provides for several via the SAVE AS option.  If you want to protect these files in transit via email to external parties, how can you do that? How do you encrypt them so that only the recipient, to whom you’ve provided the password, will be able to see them?

g suite encrypt

One web-based tool you can use includes FileLock.org. This works in a similar way to PTE and FourmiLab. You access a website, select a file on your Chromebook (e.g. DOCx you’ve saved from a Google Doc), and then encrypt it. Then you attach the encrypted file to your Gmail message (as shown below).

g suite encrypt

Note: Be sure to use secure passwords for encrypting text or files. You can use any variety of online tools to create unbreakable passwords. Password Generator, LastPass Password Generator, GRC Generator, or Packetizer will work fine.

Protecting Confidential G Suite Files

As you may imagine, there are a host of commercial solutions you can use to safeguard G Suite files. Both Boxcryptor and Cryptomator offer enterprise level solutions at different prices. You can also take the added step of preventing the sharing of confidential information. The main benefit of the solutions offered here is that they are free, open source, and available at no cost. Combine them with an organizational procedure to support effective use.

*Question adapted with minor readability edits from one posed to Google Certified Trainers (GCT) Google group.

1 comment
1 FacebookTwitterPinterestLinkedinEmail
Newer Posts
Older Posts