A Few Thoughts About Online Security

Troy Hunt (no relation, but a really great first name) has a post explaining “Collection #1” on his blog. Rarely do people read about online security because it can be complex and confusing. However, online security is crucial. In the case of identity theft, it general takes between 100 to 200 hours and six months to fix. While it isn’t fun to protect your identity, it sure beats the frustration involved in spending hundreds of hours to fix.

Troy’s information is powerful and useful. I suggest that you take a few minutes to read the post.

What follows is some basic information and advice.

Collection #1

Collection #1 is a database of almost 773 million unique email addresses (there are actually 2,692,818,238 rows of data – some are duplicates). This means that almost assuredly your email and password combination (at least one the you’ve used somewhere) are known by hackers.

Action

How do you know for sure if your email has been leaked? Head over to Have I Been Pwned. Enter your email address. Click on the “pwned?” button. I’ll share that a couple of my email addresses are available to hackers/spammers (some on sites that I’ve completely forgotten about/not sure I ever went there) and some aren’t.  The results also include what was leaked. In some cases, the leaked information is demographic information; in other cases, user names and passwords were leaked. See the results below:

Email Address #1

Email Address #2

Credential Stuffing

So, how do hackers and spammers use this information? One way is credential stuffing. Essentially, they take the user names and passwords that have been leaked and try those on other sites. Since many people reuse passwords and email addresses, it is very likely that one combination will work in many places. Importantly, this doesn’t mean that you specifically were targeted, just that you were on the list. (Many people think that they are “safe” because they aren’t well known, aren’t especially “rich”, aren’t on a lot of sites, etc. Credential stuffing isn’t personal at all- to hackers. It become very personal for you if it works and you have to deal with the cleanup).

Next Steps

This is where I recommend to never reuse passphrases. In order to realistically do that, a Password Manager is a must. I’ve written about these before. Free options exist but are limited to a small number of devices. This is one of those things that I’m willing to pay for. (And I have. I purchased a family account of 1Password many, many years ago. 1Password has teamed up with Have I Been Pwned, but this isn’t a sales pitch for them. There are several good password managers available).

Most importantly, do not reuse the same password (passphrase) over and over.

Turn on 2 Step Authentication wherever possible. Although certainly not a cure-all, 2 Step Authentication can be a powerful assist in keeping you safe.

 

Requests

As you know, most of the time when you need help, you create a ticket within the Helpdesk system. However, there are a few things that are very specific and a form does a better job. In the past, these were located on the Technology blog (and still are). However, to streamline things for end users, we’ve now added a few requests to the login page of the Helpdesk system.

Screen shot of helpdesk login page

These are broken into two sections: User Requests & Administrative Requests. User requests include the Gmail picture correction/deletion request and phone extensions on multiple phones request. The Administrative Requests are for use by principals (administrators) or those acting on their behalf.

Remind

We are aware of some teachers using the Remind service. Please be aware of the following:

Verizon Wireless customers who use the free Remind service will not be able to receive or send text messages as of January 28, 2019.
If you communicate with your class on Remind: People who normally get your Remind messages as texts may no longer receive them.
If you have Verizon Wireless as your phone carrier: You’ll no longer receive Remind text notifications.

 

 

Phone System Update

We have reached a milestone! Installation is occurred at all buildings. We are ecstatic at reaching this milestone, but still have a massive amount of work to do. The phones that are seen and used everyday are but one part of the total system. The phone system also relies on complex server systems and settings. There are four different standards within the main connection standard that we use. No one (save a few of us network guys) should ever need to know that. However, technology frequently seems like “magic”. That magic really takes a lot of work.

Why did we do this?

Just a quick refresher. Our previous phone system was end of life. It was no longer being supported. We were experiencing many problems that the manufacturer was no longer will to resolve. Also, we had a large number of broken phones that we could no longer replace.

We need to meet a state law for 911 service. That law states that when someone calls 911, we must send not just the building address, but the specific area of the building. In our old phone system, we couldn’t do that. Not only that, but all 911 calls were only going out over POTS lines (these are the old copper connections that most people have gotten rid of by now).

Thus, we mounted most phones to assist with assurance that when 911 is called, the first responders can go the correct place.

With e911, we can no longer offer extension mobility. With extension mobility, we truly don’t know where the phone is at any time. Instead, we are setting up a bridged call system. This allows multiple phones to ring when a number is called. Importantly, each of those phones will have a discrete number that is reported to 911 if called.

What’s next?

We are hard at work on the following items:

  • Converting the actual connections to the outside world. This should be seamless for all users. Once this is complete, we will also be able to:
  • Configure Gmail – phone message syncing (this will mean that if you listen to a voice message in Gmail, that message will also be marked as listened to on your phone).
  • Reviewing phone numbers to email addresses.
  • Relocating of some furniture to complete the mounting of a phone.
  • Setting up phones for those with “personal numbers” on multiple phones (the old extension mobility) where the phone needs to ring.

Thoughts on phones

Phones have seen an interesting transition. Originally, phones were place right next to the door. Phones were used for internal calls only. Parents never called the classrooms, because there was no physical way for that to happen. All phones were wired and went to a location (house, business, etc).

We installed phones in 2003 as part of a bond. Phones by that time were connected to the outside. In fact, these phones (somewhat amazingly) ran over the “Internet”. However, long distance phone calls could be expensive. Thus, calls outside of the 313 area code needed to be limited to those with permission.

Today, there are no extra costs for “long distance” phone calls. Most people no longer have a “house” phone. We no longer call a house, but a person. However, we have a variety of types of phones in the district:

  • Position based – the Director of Technology is position. The office may move locations. The person in charge may change (hopefully not soon). But the phone number stays consistent. Or, think of a principal. A principal may move from one building to another. The phone number will change so that the contact from others is consistent (they want to reach out to the principal of Greatest Elementary School, but may not know who is currently in that role).
  • Place based – think of a classroom. Classrooms can be shared by many teachers (both at once and over the course of the day). Thus, the phone for Room 101 is the phone for room 101 no matter who is in the room.
  • Person based – these come in two flavors:
    • Those who are support people who may move specific jobs, but need to be contacted regularly.
    • Those who shouldn’t be interrupted with a phone actually ringing, but benefit from being able to be contacted (most teachers).

Each of the above situations calls for a whole different workflow and settings.

Appreciation

We greatly appreciate all of the wonderful teachers, administrators and others who have been so helpful and positive in this transition. The number of times that people have been happy because there would be space freed up on their desk because we are mounting the phones has been a joy. Many people have innately understood the value of what we are trying to do, and expressed appreciation for that work, that we are humbled. We truly do appreciate how universally people have understood that this isn’t about an individual, but about the safety and reliability for all of us. We are so grateful to work with such an awesome team.

NWEA Screen Resolution

Please be aware that NWEA needs to have a specific screen resolution. In some cases, students or others may have changed the screen resolution to something that is not  compatible with the NWEA test. This is an easy fix.

Simply use the keyboard shortcut below to reset the screen resolution to the default. This will bring the resolution in line with what the NWEA test needs.

ctrl | shift | 0

(Hold down the Control key (labeled ctrl), the Shift key and the zero key at the same time)

That’s it.

Free PD

It’s that time of year again! That’s right, it’s time for Free PD!

These courses and more are available through REMC:

Literacy Logo

OER to Support Early Literacy

Starts January 7, 2019
6 SCECHs available

Register for OER to Support Early Literacy»

 

Student-design OER for 21st Century Learning

Student-designed OER for 21st Century Learning

Starts January 7, 2019
6 SCECHs available

Register for Student-designed OER for 21st Century Learning »

 

Inquiry & Questioning: Igniting Student Curiosity

Inquiry & Questioning: Igniting Student Curiosity with Technology, Level 1

Starts January 7, 2019
6 SCECHs available

Register for Inquiry & Questioning: Igniting Student Curiosity with Technology, Level 1 »

 

Authentic Student Learning & Gamification

Authentic Student Learning & Gamification

Starts January 7, 2019
6 SCECHs available

Register for Authentic Student Learning & Gamification »

 

Efficiency Logo

Increasing Efficiency & Productivity

Starts January 7, 2019
10 SCECHs available

Register for Increasing Efficiency & Productivity»

 

Transforming Education - Maker Movement

Transforming Education – Maker Movement

Starts January 7, 2019
10 SCECHs available

Register for Transforming Education – Maker Movement »

 

Applying Google Apps for Education in Chrome

Applying Google Apps for Education in Chrome, Level 1

Starts January 7, 2019
6 SCECHs available

Register for Applying Google Apps for Education in Chrome, Level 1»

A few thoughts on the new phone system…

As you know, we are currently installing a new phone system. This is a massive project that is nearing completion. There are a couple of reasons why we needed to install a new phone system.

  • Our previous system was no longer supported
  • The phones from our previous system were breaking at a rapid clip. These were getting extremely difficult to replace
  • Michigan passed e911 legislation

e911

Michigan has passed e911 legislation. This essentially says that we need to be able to send first responders (police officers, EMS, fire, etc) directly to a room, not just a building. Under our old current system, only a building address is sent. With the new system, we will be able to send those first responders to the exact room that called. This could literally save a life. However, this also means that we need to know exactly which room every phone is in. I will be providing our first responders with a list of phone numbers, rooms and floor plans. This will allow our first responders to know which room to go to when 911 is called. The first responders will be able to review the building map on the way to the emergency.

Mobility Extension

We will no longer be offering mobility extension. This is due to the e911 legislation above. Mobility extension allows for a phone number to “travel” to different phones. Obviously, this would cause great confusion to our first responders. Not only could they go to the wrong room, but they could go to the wrong building.

However, we do understand that we have phone numbers that are assigned to people and not places. So, we will be assigning those “extension mobility” numbers as a second (or third, fourth, fifth) number on a phone in a room. This means that a phone may ring in multiple buildings.

Voicemail

Once we have just one phone system running, we will be able to turn on Gmail sync. This will allow for all users to listen to their voicemail right in their email. Once it is marked as listened to in email, it will also be marked as listened to in the phone system. If the voicemail is deleted in email, it will also be deleted in the phone system.

Currently, voicemails are delivered to email, but the sync is not yet active.

Main office personnel are set up as “delegates” for the main number and attendance number for their school. This allows them to easily check the main line and attendance line voicemails on their computer. Plus, the messages stay “in sync” for all members of the office.

Phone placement

We are mounting most phones. There are two reasons for this:

  • To comply with e911 laws
  • To reduce/prevent breakage

Phones are being mounted in most classrooms. This helps to make sure that phones remain where we placed them. Remember, for 911, we will provide a spreadsheet to the 911 call center with phone numbers and room numbers. This list won’t regularly change. It needs to be relied upon for life saving decision making.

As a side benefit, phones that are mounted suffer much less breakage.

Please remember that individuals move from room to room. Additionally, some teachers like to “change it up” in terms of the room layout and decor (that would be me in the classroom). However, we can’t regularly move phones due to individual preference. Thus, we established as much of a standard as possible.

Tips

To help new users, we have created a Classroom and Office Phone Basics Page. This page is still under development. It was the intent from the beginning to select a phone system that is easy to use. We didn’t want to be in a situation where users needed a ton of training.

Follow this blog

Get every new post delivered right to your inbox.


Skip to toolbar