Online Security

With the holidays fast approaching, a rise in phishing attacks is traditionally seen as well. Phishing attacks can be frustrating to deal with. The best defense is to not fall for them in the first place. Unfortunately, we are seeing phishing attacks because “better” (i.e. harder to detect) and more polished.

What Phishing Does

Phishing is an attempt to do one of two things

  1. Tricking users into revealing their credentials.
  2. Getting users to install malware.

Credentials

Quite frankly, your credentials are very valuable. For many of our users, district credentials lead to student information, lots of valuable district information and more. Plus, many users “reuse” passwords. So, learning a user name and password on one site can lead to the ability to log into other sites.

Protecting Against Phishing

We employ several strategies to prevent phishing attempts from ever reaching our users. However, even the best of all of these combined will not be perfect. Occasionally, phishing attempts will land in your inbox.

Tips to Identify Phishing Attempts

  • Be suspicious of “odd” grammar and punctuation
  • Be suspicious of “odd” wording
  • You probably didn’t “win” a gift card (especially if you never entered a contest)
  • Be wise about contests
  • Be aware of “urgent” deadlines
  • Watch out for shortened URL’s
  • Look at where the link is actually taking you
  • Carefully review the actual URL of the site that you are on

Spear Phishing

Spear phishing is targeted at specific individuals. Unlike phishing (which usually blankets a wide variety of users), spear phishing aims to trick high profile targets into giving up their credentials.

Preventing Becoming a Victim

It is important to prevent becoming a victim.

  • Use the Tips to Identify above.
  • Turn on 2-Step or 2-Factor Authentication.
  • Use a Password Manager.
  • Be suspicious (especially when on a mobile device).
  • Instead of clicking on a link, enter the URL of a website that you want to visit (or use a known bookmark)

Chromebooks: Keeping Them Up To Date

Screen shot showing "About Chrome OS" and "Check for updates" locations.

It is important to keep Chromebooks up to date. Many of our Chromebooks will automatically update every time that they are shut down and restarted. However, sometimes that doesn’t happen.

Out-of-date Chromebooks can cause the following problems:

  • WIDA Test won’t run
  • NWEA test won’t run
  • Security issues
  • instability

Fortunately, anyone (including students) can update Chromebooks.

  1. Sign-in to the Chromebook
  2. At the bottom right, select the time.
    Screen shot showing location of time panel to click.
  3. Select Settings .
    Screen shot showing Setting icon
  4. Select Menu   About Chrome OS.
    Screen shot showing "About Chrome OS" and "Check for updates" locations.
  5. Select Check for Updates.
  6. The result will be a message that the Chromebook is up to date OR the update will download. In the event of an available update, the Chromebook will need to be restarted. 

*Under “Google Chrome OS,” you’ll see which version of the Chrome operating system your Chromebook is using. Currently, Chromebooks need to be on at least version 74.

Security

One of the things that we take very seriously is security. The safety and security of our users and data are important. This responsibility is not just for the Technology Department but is the responsibility of every user. Some times, people do what is expedient, instead of what is safe. One example that we had this year was a teacher signing into a computer and then letting a substitute use that computer. Unfortunately, the substitute made some poor decisions. (Just a reminder to NEVER share your credentials with someone else or sign into a computer and let someone else use it. This can lead to many uncomfortable situations. It’s also against federal law).

Because we take security seriously, we frequently have to ask questions and seek clarification about accounts and access. Recently, I had someone ask why I cared, and what were the possibilities of a compromise (frequently called a “hack”, but hacking is more specific than a compromise) of our data.

The K-12 Cybersecurity Resource Center posted a map of Cyber Incidents:

Pins on a map showing K-12 cybersecurity reported issues.
K-12 Cyber Incident Map

*Note that these are only the reported compromises.

Compromises occur due to a wide range of conditions that include, but are not limited to:

  • a misconfiguration on a server
  • an employee giving out their credentials
  • a contractor who copies information
  • malware installed by a user
  • ransomware installed by a user
  • email phishing that was successful

These compromises happen to all different sizes of districts and background. While the districts vary greatly in terms of size, socio-economic status, funding and more, the impact is similar for all.

…the impact of publicly-reported K-12 cyber incidents is significant. During 2018, such incidents resulted in the theft of millions of tax payer dollars, stolen identities, tax fraud, altered school records, website and social media defacement, and the loss of access to school technology and IT systems for weeks or longer.

Recently, several other governmental agencies have been successfully compromised. The cost of recovering from those compromises can be expensive in terms of actual dollars, time to recover and lost data.

These are only a few of the city governments that have been compromised. There are a great many more agencies and businesses that have been compromised.

We anticipate attempts to compromise networks to continue to increase. Importantly, one of the most important defenses against compromise is every user. There are important steps that you can take:

  • NEVER share your passphrase with anyone
  • Do not reuse passwords on multiple sites
  • Be wise about making sure that you are not entering your user name and password on a scam site (you should be going to the site, not using a link)
  • Turn on 2-step authentication everywhere that you can
  • Report suspicious sites

Please bear this in mind the next time security questions come up. The Technology Department is being “mean” or “rude”, the stakes for online security are high.

Badges

Just a quick reminder that all badges expire as of June 30th. We are working on updating some of the courses, so Required Courses are currently unavailable.

We will let you know when the courses are once again available for completion.

Summer Updates

Summertime and the living is easy, but the work is hard. Some people think that we have the summer off. Summer is actually a very busy time for us. For example, we have the following projects scheduled for summer:
– Update the district web site
– Update iLearn
– Update iBlog
– Update OTRS
– Update Student Sites
– Update DEC
– Update Pin It
– Develop and implement internal Documentation system
– Develop training on Grackle Docs
– Review/Update all Required Courses (ADA,Bloodborne Pathogens,OCR,RBB, Title IX) with generating departments/groups
– Update Non-Instructional Evaluation Process
– Implement e911 on the new phone system
– Update individual school web sites
– Update departmental web sites
– Update RBB reporting
– Update School Specific Google Accounts
– Develop/Implement Workflow Approval Process

We’re actually working on even more. We’ll have more information to follow. Have a great summer!

Security on Chromebooks

The web remains a fascinating place. It is exciting and ever-changing. Recently, due to security concerns, we had to make some changes to Chromebooks. Any Chromebooks that are used by students are now limited to the DPS network. That is, any and all student Chromebooks can only connect to the DPS wireless network. If those Chromebooks attempt to connect to any other network, the user will see a message that the administrator has disabled this network.

Staff Chromebooks are not limited to the DPS network. Staff Chromebooks will work on any network.

Copyright

A recent ruling reminds us all of the importance of following copyright. HISD (Houston ISD from Texas) was recently ordered to pay $9.2 million dollars ($9,200,000) due to copyright infringement. (Just think about what that $9.2 million dollars could be used for).

Example of the material posted that was ruled infringing.

The staff of the school took willing steps to ignore copyright. However, this is also a reminder that we must follow copyright. Generally, we don’t post material that we didn’t create or that we don’t know is licensed under Creative Commons.

This includes not only print, but audio and video as well.

Thus, it is important to remember that Dearborn Public Schools believes in following copyright.

 

Grackle Docs

We believe in providing access to ALL of our users/parents/community members. In working toward that goal, we are offering every staff member access to Grackle Docs.

Grackle Docs will help make your Google Docs ADA compliant. This will assist you in implementing the wonderful things that you learned in the MyPD ADA course.

Using Grackle Add-ons is easy-peasy!

  1. From the Add-ons menu, select Grackle Docs/Sheets/Slides. (The first time that you use it, you will have to grant it permission to your Docs/Sheets/Slides).
  2. A sidebar will open up that will identify errors and warnings.
  3. Click on each error and warning for guidance on how to resolve each issue.
  4. Clicking the “Here” button on any flagged item will take you to that item in your document to review.
  5. Address each issue one at a time throughout the document.
  6. Select the “Re-Check” button at the top of the window when you have completed each task to receive an updated report.
  7. Continue to revise until all checks have passed.

Bonus Points!

  • With the Docs Add-on you can also select to create accessible PDF from the Export to PDF function at the top right of the Add-on
  • With the Sheets Add-on you can also select to create accessible HTML from the Export to HTML function at the top right of the Add-on

Follow this blog

Get every new post delivered right to your inbox.


Skip to toolbar