March 8, 2019

Engaging Digital Discussions

Class discussions are one of the better ways to help students develop the valuable skills of creativity, communication, collaboration, and critical thinking.  Discussions enable students to ask probing questions of each other, listen to and respond to classmates clearly and appropriately, challenge ideas and expand upon observations, and view topics with a circumspect lens.  The benefits of class discussions are numerous; however, there are some obstacles to productive discussions.

One is time.  By their nature, class discussions can take a while to develop.  Oftentimes, the most interesting parts of a discussion are discovered long into the examination of a subject.  A related obstacle is equal time for all students.  Some students speak a lot, and some speak a little, and some might not even get the opportunity to speak.  Also, some students may just be reluctant to speak in front of their peers.

Digital or online discussion boards have been used to mitigate these obstacles, but they can often lose focus the longer they go on and the further they become removed from the discussion topic.  Discussion or message boards make it difficult to retain the context of the conversation at hand simply by the user-interface of the board itself.  This brings me to an excellent solution:  NowComment.

NowComment is a free (yes, free) web app that allows for dynamic and engaging discussions of online documents, articles, videos, and more.  What sets this educational tool apart from the others are its unique user-interface and features.

NowComment uses a brilliant two-pane user-interface that contains the article or video on the left side of the screen and the discussion of it on the right side.  The article or video can be marked with annotations that link to specific discussions and comments about that particular sentence, paragraph, or section.  NowComment keeps everyone on literally the same page, and the discussions become more relevant and engaging.  Here are two short videos that demonstrate NowComment's awesome features.







January 25, 2019

Don't Fall for Phishing

Hackers and cyber criminals are trying to bait you.  They want to fool you, hook you, and then reel in your private information.  This is phishing - an increasingly common attack that attempts to gain someone's private information and/or credentials through realistic, but ultimately fake, emails.

How bad is phishing?  According to a 2017 report by PhishMe, Inc, the average cost of a phishing attack on a mid-sized company is $1.6 million.  That same report also found phishing attacks had grown by 65% in a year.  The 2019 State of the Phish Report by Wombat found that 76% of businesses were the victims of phishing attacks in the previous year.  Schools are also popular targets.  Just recently, hackers stole personal information of over 500,000 staff and students in a San Diego school district through a phishing attack.  The first line of defense to prevent these attacks is the user.

People must have training to identify phishing attempts and disregard them.  Jigsaw, a special part of Google that researches and develops solutions to technology issues, released a quiz on phishing to help people spot these potential attacks.  I got seven out of the eight scenarios correct.  I'm still kicking myself about the one I missed, which I thought was a phishing attempt, but it turned out to be safe.  Take the quiz here and see how many of the phishing attempts you can identify.

One final resource that can help both teachers and students become safer and more savvy online is Google's Digital Citizenship and Safety course.  This self-paced, online course trains teachers on incorporating digital citizenship and safety lessons in their classrooms, but it also provides many helpful tips on digital security that are relevant outside of the classroom.

Hopefully, these resources can help you to not take the bait.

   

December 19, 2018

Resolve to be Secure

With 2019 just around the corner, it's time to plan our resolutions for the new year.  Since 2018 seemed like a year of constant hacks, cyber attacks, and data breaches, here are the top ten resolutions you can take to be digitally secure in the new year.

1.  Protect Your Passwords

First and foremost, you should change your passwords to be long and complex (at least 10 characters, uppercase and lowercase letters, numbers, and symbols).  You should absolutely change them right now if any of yours is on the list of the most popular passwords of 2018.  Also, you shouldn't have any of your usernames and passwords written on paper or in a file on your computer.  It's much too easy for people to see or steal them.

Since the average person has several different accounts, usernames, and passwords, it is very difficult to remember all of them.  The best option is to use a password manager.  With a password manager, you only have to remember one master password.  All your other usernames and passwords are remembered by the password manager.  It works like this:  you use your master password to log in to the password manager.  When you get to a website, the password manager automatically fills in your username and password for that website.  Password managers will also generate long, complex, and different passwords for your accounts to further increase security.  Note:  once you install a new password manager, let it change all your passwords to ones it generates.  Also, password managers will sync your usernames and passwords across multiple devices.  Your master password should be long and complex, but that's the only password you'll need to remember.  The two best password managers are Dashlane and LastPass, and both have excellent free versions.



2.  Strengthen Your Security Questions

Many websites will ask you security questions as a way to further secure your account.  However, people may be able to guess the answers to your security questions.  How can they guess?  They can research you online to find out past addresses, schools, relatives, marriages (maiden names), etc.  They can check your social media to find out the names of your pets, hobbies, interests, etc.  An easy way to make your security questions un-guessable is to include a secret character (number, letter, or symbol) before or after your answer.  For example, if it asks for your mother's maiden name, then your answer could be !Smith or SmithX.  You should update all your security answers to include this secret character.



3.  Use Two-factor Authentication

So, you're using a password manager to not only remember your usernames, but also to remember and use long, complex, and different passwords for all your accounts.  Great!  However, these could still be breached.  It's virtually impossible for a person or even a supercomputer to guess the long, complex passwords randomly generated by these password managers, but there is still a microscopic chance.  That's why you need to use two-factor authentication (TFA).  Most commonly, this is set up through your phone.  Once you enter an account's username and password, the website will send a code to your phone that you have to enter on the website as a final step to log in securely.  Even if somebody has managed to figure out your username and password, they won't have the code that was sent to your phone.  Unless your phone was stolen, which brings me to the next resolution.



4.  Secure Your Phone

Forget fingerprint and face locks on your phone.  Those can be easily breached.  If you don't believe me, then read this article, this one, this one, and this one.  The most secure way to protect your phone is through a PIN or password because only you can know it.  Make sure you don't use easy-to-guess PINs or passwords.  Yes, this is another one to remember, but, if you also use a password manager, then you only have two things to remember:  the master password to your password manager and the PIN/password to your phone.  That's absolutely do-able.  If there's an option to encrypt your phone, do it.  Finally, set up the "Find My Phone/Device" feature on your phone, so if it were ever lost or stolen, you can try to find it or remotely lock/wipe it.



5.  Change Your Router and Home Network Username and Password

I bet I could log in to most people's home router.  Why?  Most people don't change the default username and password for their home routers.  I can just go to routerpasswords.com and find the default username and password for any router I want.  Once logged in to your router, I could do all sorts of nefarious things to your network and devices.  Yet, I would never do that because I'm a good guy.  But, to keep out the bad guys, you should change the default username and password to your router to something that's hard to guess.  It's okay to write down this information somewhere safe.  Finally, make sure you have a tough-to-guess password for your home network/Wi-Fi.



6.  Use an Antivirus Program

Don't bother with free antivirus programs because they often don't have necessary features, such as real-time threat monitoring and prevention.  It's worth spending the $50 or so per year to protect your devices.  The only ones I recommend are Webroot, Bitdefender, and Avast.



7.  Use uBlock Origin

Trackers, malware, potentially unwanted programs (PUPs), and other nasty digital stuff can lurk in ads and pop-ups online.  The best adblock extension you can use is uBlock Origin.  Not only will it block these bad things, but it will make browsing the web a cleaner, faster, and more enjoyable experience.



8.  Do Updates

Keeping your devices and programs updated is one of the simplest, easiest, and best ways to increase security.  Software engineers, developers, and even white hat hackers are constantly on the lookout for vulnerabilities and creating patches to fix them.  Updates will also enhance the performance of your devices and programs, so make sure to install those updates.  You can even set updates to install automatically, so that's one fewer thing to remember.  You can usually find update preferences in the "Settings" app or menu of a device or program.  Finally, make sure to turn your devices off and on a couple times a week.  This will help with updates and give the devices a chance to "reset" to fix or prevent some issues.



9.  Lock Your Computer

Even if you've followed all these resolutions, your computer will still be vulnerable if you log in to it and then walk away.  Anyone can then use it while you're gone.  A quick and easy way to prevent this is to lock it.  If you need to leave your computer, press the Windows key (looks like a four-pane window next to the Alt key) and the L key at the same time.  This will lock your computer and require your password to unlock it.  To unlock it, press Ctrl, Alt, and Del at the same time as you normally would to log in, and then enter your password.  Many organizations and businesses take this very seriously and will "write up" or discipline employees who leave computers or other devices logged in and unlocked.



10.  Think Before You Click

Finally, think before you click on something:  a link, a picture, a download button, an attachment, etc.  Take a moment to pause and question if it's safe.  Does it look legitimate?  Is there anything off or sketchy about it (incorrect grammar, sensationalism, bright/flashing animation, "too-good-to-be-true"-ness, etc.)?  Does it come from a secure and trusted source?  You can mouse over a link (without clicking) to see where it leads.  Don't download or install anything unless you know it comes from a safe, trusted, and secure source.  When it doubt, close it out.  And never ever give out usernames, passwords, account information, or any other personal/private information to any unknown, untrusted, or questionable people or services online.

The end of the year is also a good time to clean out and organize your emails.  Here is a post I wrote about five steps you can take to have a better email experience.

I wish you all a happy, healthy, and secure New Year!

  

November 30, 2018

Educational Software Evaluation

My school uses a myriad of educational software and online learning programs.  In order to see if these are meeting the needs of the teachers and students, I developed an evaluation rubric to conduct a comprehensive assessment of each and every one that we use.  I would like to share it with all of you, so that you can use it for your own evaluations, or even tweak it to reflect your unique needs.  You can download the rubric here.  Finally, I would like to give a brief explanation of how the rubric works.

I identified ten areas by which to evaluate a software application or online program:

  1. Curriculum & Standards Alignment:  How does the program align with our curriculum, standards, and learning goals?
  2. Depth of Knowledge:  What Depth of Knowledge level does the program mostly align with?
  3. Authenticity:  How is the content presented in an authentic, real-world manner?
  4. Personalization & Adaptability:  How does the program personalize learning and adapt content for students?
  5. Instructional Feedback & Reporting:  How does the program offer monitoring and reporting for the teacher?
  6. Relearning Opportunities:  How does the program offer opportunities to re-answer questions, and what helpful information does it provide?
  7. Ease of Use:  How easily can people use and navigate the program?
  8. Engagement:  How does the program engage students?
  9. Privacy:  Has the program signed the Student Privacy Pledge (studentprivacypledge.org)?
  10. Redundancy:  How redundant is the program based on any similar programs we use?

I also included detailed descriptors for each of these areas, so evaluators will be on the same page.  The final score is out of 50 points, and there is a space for comments at the bottom of the rubric.  You could also turn this rubric into a Google Form or online survey to enable faster data-gathering and more dynamic analysis.  Hopefully, this will help you conduct a comprehensive, objective, and methodical assessment of any educational software or online learning program you use.


October 19, 2018

Teaching Digital Citizenship and Safety

In honor of it being National Cybersecurity Awareness Month, I thought it would be apropos to share a somewhat-related story of how my school is teaching digital citizenship and safety in hopes that it may help other schools and teachers do the same.  I have a link to our program at the end of this post.  You can also read my previous writings on digital citizenship here.  Digital citizenship and Internet safety are critical concepts that students must understand and apply in their own lives as their access to web-connected devices and services begin earlier and earlier.  After all, these devices and online services are tools, and, as with any tool, we must teach the uninitiated how to use them responsibly, safely, and intelligently lest they get themselves in trouble via misuse.

Not long after I started working at my school, I recognized the need to gather feedback, insights, and questions from the staff about the technology used throughout the school.  The effective exploration and integration of technology (or any other thing) are predicated on open collaboration, detailed planning, careful execution, and thoughtful reflection.  To this end, I formed and headed up the Technology Committee.

Last year, our main goal was to develop a unified series of lessons in Grades 3-5 to teach digital citizenship and safety.  Some teachers were already teaching various aspects of this, but there wasn’t a common curriculum.  We, the Technology Committee, sought to remedy this by creating a consistent and scaffolded program of lessons, so there were no overlaps or gaps in teaching these integral skills and the lessons would build on each other throughout the grades.  We also wanted to schedule these lessons at the beginning of the school year to lay a solid foundation on which to build later and head off any student misuse of technology.  Finally, we understood teachers have much to teach already, so we focused on core lessons and divided the teaching of those lessons between the classroom teacher, the Library/Media teacher, and the Makerspace teacher.  I went into the classrooms to teach some lessons as well, which was very fun.  We thought it would be beneficial for the students to learn about digital citizenship and safety from different people, who could offer unique perspectives on the subject.

Like any good creator (or artist), we took bits and pieces from existing lessons and resources, modified them to meet our vision, and quilted them together in a final product.  We didn’t want to rely all on one source for these lessons.  To promote unification and scaffolding, we borrowed an idea from Google’s Be Internet Awesome program and put our lessons into four pillars or units that would cross all three grades:  Be Digitally Kind (Unit 1), Be Digitally Safe (Unit 2), Be Digitally Responsible (Unit 3), and Be Digitally Savvy (Unit 4).  Each grade would be learning lessons in the same pillar at the same time to bring a cohesiveness to the program.  We put three lessons in each of those units:  one for the classroom, one for Library/Media, and one for Makerspace.  We chose lessons that would complement the theme of those units, put them in an order that would build on each other, and ended each grade with a lesson that we felt synthesized all the units.  In total, we had twelve lessons for each grade.  Our goal was to complete one unit each month:  Unit 1 in September, Unit 2 in October, Unit 3 in November, and Unit 4 in December.

Thus far, our program has been going very well.  Of course, this is our first year implementing it, so we are actively reflecting on it and looking for ways to improve it.  Also, we will brainstorm ways to build on these lessons later in the year to reinforce the learning.  We are thinking of having each grade do some kind of project-based/real-world assignment that can authentically make use of what they have learned.

I wanted to share the program we developed with all of you in hopes that it may be of some help teaching these valuable and essential skills.  Click here to view it.  If you have any questions, please feel free to reach out to me via Twitter.  My handle is @BurchTech.