Hackers and cyber criminals are trying to bait you. They want to fool you, hook you, and then reel in your private information. This is phishing - an increasingly common attack that attempts to gain someone's private information and/or credentials through realistic, but ultimately fake, emails.
How bad is phishing? According to a 2017 report by PhishMe, Inc, the average cost of a phishing attack on a mid-sized company is $1.6 million. That same report also found phishing attacks had grown by 65% in a year. The 2019 State of the Phish Report by Wombat found that 76% of businesses were the victims of phishing attacks in the previous year. Schools are also popular targets. Just recently, hackers stole personal information of over 500,000 staff and students in a San Diego school district through a phishing attack. The first line of defense to prevent these attacks is the user.
People must have training to identify phishing attempts and disregard them. Jigsaw, a special part of Google that researches and develops solutions to technology issues, released a quiz on phishing to help people spot these potential attacks. I got seven out of the eight scenarios correct. I'm still kicking myself about the one I missed, which I thought was a phishing attempt, but it turned out to be safe. Take the quiz here and see how many of the phishing attempts you can identify.
One final resource that can help both teachers and students become safer and more savvy online is Google's Digital Citizenship and Safety course. This self-paced, online course trains teachers on incorporating digital citizenship and safety lessons in their classrooms, but it also provides many helpful tips on digital security that are relevant outside of the classroom.
Hopefully, these resources can help you to not take the bait.
Showing posts with label Online Security. Show all posts
Showing posts with label Online Security. Show all posts
January 25, 2019
December 19, 2018
Resolve to be Secure
With 2019 just around the corner, it's time to plan our resolutions for the new year. Since 2018 seemed like a year of constant hacks, cyber attacks, and data breaches, here are the top ten resolutions you can take to be digitally secure in the new year.
1. Protect Your Passwords
First and foremost, you should change your passwords to be long and complex (at least 10 characters, uppercase and lowercase letters, numbers, and symbols). You should absolutely change them right now if any of yours is on the list of the most popular passwords of 2018. Also, you shouldn't have any of your usernames and passwords written on paper or in a file on your computer. It's much too easy for people to see or steal them.
Since the average person has several different accounts, usernames, and passwords, it is very difficult to remember all of them. The best option is to use a password manager. With a password manager, you only have to remember one master password. All your other usernames and passwords are remembered by the password manager. It works like this: you use your master password to log in to the password manager. When you get to a website, the password manager automatically fills in your username and password for that website. Password managers will also generate long, complex, and different passwords for your accounts to further increase security. Note: once you install a new password manager, let it change all your passwords to ones it generates. Also, password managers will sync your usernames and passwords across multiple devices. Your master password should be long and complex, but that's the only password you'll need to remember. The two best password managers are Dashlane and LastPass, and both have excellent free versions.
2. Strengthen Your Security Questions
Many websites will ask you security questions as a way to further secure your account. However, people may be able to guess the answers to your security questions. How can they guess? They can research you online to find out past addresses, schools, relatives, marriages (maiden names), etc. They can check your social media to find out the names of your pets, hobbies, interests, etc. An easy way to make your security questions un-guessable is to include a secret character (number, letter, or symbol) before or after your answer. For example, if it asks for your mother's maiden name, then your answer could be !Smith or SmithX. You should update all your security answers to include this secret character.
3. Use Two-factor Authentication
So, you're using a password manager to not only remember your usernames, but also to remember and use long, complex, and different passwords for all your accounts. Great! However, these could still be breached. It's virtually impossible for a person or even a supercomputer to guess the long, complex passwords randomly generated by these password managers, but there is still a microscopic chance. That's why you need to use two-factor authentication (TFA). Most commonly, this is set up through your phone. Once you enter an account's username and password, the website will send a code to your phone that you have to enter on the website as a final step to log in securely. Even if somebody has managed to figure out your username and password, they won't have the code that was sent to your phone. Unless your phone was stolen, which brings me to the next resolution.
4. Secure Your Phone
Forget fingerprint and face locks on your phone. Those can be easily breached. If you don't believe me, then read this article, this one, this one, and this one. The most secure way to protect your phone is through a PIN or password because only you can know it. Make sure you don't use easy-to-guess PINs or passwords. Yes, this is another one to remember, but, if you also use a password manager, then you only have two things to remember: the master password to your password manager and the PIN/password to your phone. That's absolutely do-able. If there's an option to encrypt your phone, do it. Finally, set up the "Find My Phone/Device" feature on your phone, so if it were ever lost or stolen, you can try to find it or remotely lock/wipe it.
5. Change Your Router and Home Network Username and Password
I bet I could log in to most people's home router. Why? Most people don't change the default username and password for their home routers. I can just go to routerpasswords.com and find the default username and password for any router I want. Once logged in to your router, I could do all sorts of nefarious things to your network and devices. Yet, I would never do that because I'm a good guy. But, to keep out the bad guys, you should change the default username and password to your router to something that's hard to guess. It's okay to write down this information somewhere safe. Finally, make sure you have a tough-to-guess password for your home network/Wi-Fi.
6. Use an Antivirus Program
Don't bother with free antivirus programs because they often don't have necessary features, such as real-time threat monitoring and prevention. It's worth spending the $50 or so per year to protect your devices. The only ones I recommend are Webroot, Bitdefender, and Avast.
7. Use uBlock Origin
Trackers, malware, potentially unwanted programs (PUPs), and other nasty digital stuff can lurk in ads and pop-ups online. The best adblock extension you can use is uBlock Origin. Not only will it block these bad things, but it will make browsing the web a cleaner, faster, and more enjoyable experience.
8. Do Updates
Keeping your devices and programs updated is one of the simplest, easiest, and best ways to increase security. Software engineers, developers, and even white hat hackers are constantly on the lookout for vulnerabilities and creating patches to fix them. Updates will also enhance the performance of your devices and programs, so make sure to install those updates. You can even set updates to install automatically, so that's one fewer thing to remember. You can usually find update preferences in the "Settings" app or menu of a device or program. Finally, make sure to turn your devices off and on a couple times a week. This will help with updates and give the devices a chance to "reset" to fix or prevent some issues.
9. Lock Your Computer
Even if you've followed all these resolutions, your computer will still be vulnerable if you log in to it and then walk away. Anyone can then use it while you're gone. A quick and easy way to prevent this is to lock it. If you need to leave your computer, press the Windows key (looks like a four-pane window next to the Alt key) and the L key at the same time. This will lock your computer and require your password to unlock it. To unlock it, press Ctrl, Alt, and Del at the same time as you normally would to log in, and then enter your password. Many organizations and businesses take this very seriously and will "write up" or discipline employees who leave computers or other devices logged in and unlocked.
10. Think Before You Click
Finally, think before you click on something: a link, a picture, a download button, an attachment, etc. Take a moment to pause and question if it's safe. Does it look legitimate? Is there anything off or sketchy about it (incorrect grammar, sensationalism, bright/flashing animation, "too-good-to-be-true"-ness, etc.)? Does it come from a secure and trusted source? You can mouse over a link (without clicking) to see where it leads. Don't download or install anything unless you know it comes from a safe, trusted, and secure source. When it doubt, close it out. And never ever give out usernames, passwords, account information, or any other personal/private information to any unknown, untrusted, or questionable people or services online.
The end of the year is also a good time to clean out and organize your emails. Here is a post I wrote about five steps you can take to have a better email experience.
I wish you all a happy, healthy, and secure New Year!
1. Protect Your Passwords
First and foremost, you should change your passwords to be long and complex (at least 10 characters, uppercase and lowercase letters, numbers, and symbols). You should absolutely change them right now if any of yours is on the list of the most popular passwords of 2018. Also, you shouldn't have any of your usernames and passwords written on paper or in a file on your computer. It's much too easy for people to see or steal them.
Since the average person has several different accounts, usernames, and passwords, it is very difficult to remember all of them. The best option is to use a password manager. With a password manager, you only have to remember one master password. All your other usernames and passwords are remembered by the password manager. It works like this: you use your master password to log in to the password manager. When you get to a website, the password manager automatically fills in your username and password for that website. Password managers will also generate long, complex, and different passwords for your accounts to further increase security. Note: once you install a new password manager, let it change all your passwords to ones it generates. Also, password managers will sync your usernames and passwords across multiple devices. Your master password should be long and complex, but that's the only password you'll need to remember. The two best password managers are Dashlane and LastPass, and both have excellent free versions.
2. Strengthen Your Security Questions
Many websites will ask you security questions as a way to further secure your account. However, people may be able to guess the answers to your security questions. How can they guess? They can research you online to find out past addresses, schools, relatives, marriages (maiden names), etc. They can check your social media to find out the names of your pets, hobbies, interests, etc. An easy way to make your security questions un-guessable is to include a secret character (number, letter, or symbol) before or after your answer. For example, if it asks for your mother's maiden name, then your answer could be !Smith or SmithX. You should update all your security answers to include this secret character.
3. Use Two-factor Authentication
So, you're using a password manager to not only remember your usernames, but also to remember and use long, complex, and different passwords for all your accounts. Great! However, these could still be breached. It's virtually impossible for a person or even a supercomputer to guess the long, complex passwords randomly generated by these password managers, but there is still a microscopic chance. That's why you need to use two-factor authentication (TFA). Most commonly, this is set up through your phone. Once you enter an account's username and password, the website will send a code to your phone that you have to enter on the website as a final step to log in securely. Even if somebody has managed to figure out your username and password, they won't have the code that was sent to your phone. Unless your phone was stolen, which brings me to the next resolution.
4. Secure Your Phone
Forget fingerprint and face locks on your phone. Those can be easily breached. If you don't believe me, then read this article, this one, this one, and this one. The most secure way to protect your phone is through a PIN or password because only you can know it. Make sure you don't use easy-to-guess PINs or passwords. Yes, this is another one to remember, but, if you also use a password manager, then you only have two things to remember: the master password to your password manager and the PIN/password to your phone. That's absolutely do-able. If there's an option to encrypt your phone, do it. Finally, set up the "Find My Phone/Device" feature on your phone, so if it were ever lost or stolen, you can try to find it or remotely lock/wipe it.
5. Change Your Router and Home Network Username and Password
I bet I could log in to most people's home router. Why? Most people don't change the default username and password for their home routers. I can just go to routerpasswords.com and find the default username and password for any router I want. Once logged in to your router, I could do all sorts of nefarious things to your network and devices. Yet, I would never do that because I'm a good guy. But, to keep out the bad guys, you should change the default username and password to your router to something that's hard to guess. It's okay to write down this information somewhere safe. Finally, make sure you have a tough-to-guess password for your home network/Wi-Fi.
6. Use an Antivirus Program
Don't bother with free antivirus programs because they often don't have necessary features, such as real-time threat monitoring and prevention. It's worth spending the $50 or so per year to protect your devices. The only ones I recommend are Webroot, Bitdefender, and Avast.
7. Use uBlock Origin
Trackers, malware, potentially unwanted programs (PUPs), and other nasty digital stuff can lurk in ads and pop-ups online. The best adblock extension you can use is uBlock Origin. Not only will it block these bad things, but it will make browsing the web a cleaner, faster, and more enjoyable experience.
8. Do Updates
Keeping your devices and programs updated is one of the simplest, easiest, and best ways to increase security. Software engineers, developers, and even white hat hackers are constantly on the lookout for vulnerabilities and creating patches to fix them. Updates will also enhance the performance of your devices and programs, so make sure to install those updates. You can even set updates to install automatically, so that's one fewer thing to remember. You can usually find update preferences in the "Settings" app or menu of a device or program. Finally, make sure to turn your devices off and on a couple times a week. This will help with updates and give the devices a chance to "reset" to fix or prevent some issues.
9. Lock Your Computer
Even if you've followed all these resolutions, your computer will still be vulnerable if you log in to it and then walk away. Anyone can then use it while you're gone. A quick and easy way to prevent this is to lock it. If you need to leave your computer, press the Windows key (looks like a four-pane window next to the Alt key) and the L key at the same time. This will lock your computer and require your password to unlock it. To unlock it, press Ctrl, Alt, and Del at the same time as you normally would to log in, and then enter your password. Many organizations and businesses take this very seriously and will "write up" or discipline employees who leave computers or other devices logged in and unlocked.
10. Think Before You Click
Finally, think before you click on something: a link, a picture, a download button, an attachment, etc. Take a moment to pause and question if it's safe. Does it look legitimate? Is there anything off or sketchy about it (incorrect grammar, sensationalism, bright/flashing animation, "too-good-to-be-true"-ness, etc.)? Does it come from a secure and trusted source? You can mouse over a link (without clicking) to see where it leads. Don't download or install anything unless you know it comes from a safe, trusted, and secure source. When it doubt, close it out. And never ever give out usernames, passwords, account information, or any other personal/private information to any unknown, untrusted, or questionable people or services online.
The end of the year is also a good time to clean out and organize your emails. Here is a post I wrote about five steps you can take to have a better email experience.
I wish you all a happy, healthy, and secure New Year!
October 19, 2018
Teaching Digital Citizenship and Safety
In honor of it being National Cybersecurity Awareness Month,
I thought it would be apropos to share a somewhat-related story of how my
school is teaching digital citizenship and safety in hopes that it may help
other schools and teachers do the same. I
have a link to our program at the end of this post. You can also read my previous writings on digital citizenship here. Digital
citizenship and Internet safety are critical concepts that students must
understand and apply in their own lives as their access to web-connected
devices and services begin earlier and earlier.
After all, these devices and online services are tools, and, as with any
tool, we must teach the uninitiated how to use them responsibly, safely, and
intelligently lest they get themselves in trouble via misuse.
Not long after I started working at my school, I recognized
the need to gather feedback, insights, and questions from the staff about the
technology used throughout the school.
The effective exploration and integration of technology (or any other
thing) are predicated on open collaboration, detailed planning, careful
execution, and thoughtful reflection. To
this end, I formed and headed up the Technology Committee.
Last year, our main goal was to develop a unified series of
lessons in Grades 3-5 to teach digital citizenship and safety. Some teachers were already teaching various
aspects of this, but there wasn’t a common curriculum. We, the Technology Committee, sought to
remedy this by creating a consistent and scaffolded program of lessons, so
there were no overlaps or gaps in teaching these integral skills and the lessons
would build on each other throughout the grades. We also wanted to schedule these lessons at
the beginning of the school year to lay a solid foundation on which to build
later and head off any student misuse of technology. Finally, we understood teachers have much to
teach already, so we focused on core lessons and divided the teaching of those
lessons between the classroom teacher, the Library/Media teacher, and the
Makerspace teacher. I went into the
classrooms to teach some lessons as well, which was very fun. We thought it would be beneficial for the
students to learn about digital citizenship and safety from different people,
who could offer unique perspectives on the subject.
Like any good creator (or artist), we took bits and pieces
from existing lessons and resources, modified them to meet our vision, and
quilted them together in a final product.
We didn’t want to rely all on one source for these lessons. To promote unification and scaffolding, we
borrowed an idea from Google’s Be Internet Awesome program and put our lessons into four pillars or units
that would cross all three grades: Be
Digitally Kind (Unit 1), Be Digitally Safe (Unit 2), Be Digitally Responsible
(Unit 3), and Be Digitally Savvy (Unit 4).
Each grade would be learning lessons in the same pillar at the same time
to bring a cohesiveness to the program. We
put three lessons in each of those units:
one for the classroom, one for Library/Media, and one for
Makerspace. We chose lessons that would
complement the theme of those units, put them in an order that would build on
each other, and ended each grade with a lesson that we felt synthesized all the
units. In total, we had twelve lessons
for each grade. Our goal was to complete
one unit each month: Unit 1 in
September, Unit 2 in October, Unit 3 in November, and Unit 4 in December.
Thus far, our program has been going very well. Of course, this is our first year implementing
it, so we are actively reflecting on it and looking for ways to improve
it. Also, we will brainstorm ways to
build on these lessons later in the year to reinforce the learning. We are thinking of having each grade do some
kind of project-based/real-world assignment that can authentically make use of
what they have learned.
October 16, 2017
Developing Digital Citizens
Although the Internet as we know it has been around for over
25 years, it will always be a brave, new world to the latest generation of
children. The younger generations are
labeled as “digital natives”, having grown up with computers and the World Wide
Web at their fingertips. Yet, we must
not assume they are native digital citizens.
The digital world has its own rules, expectations, and customs that can
only be acquired and mastered through the guidance of those who know how the
digital world works. That’s us –
teachers, guidance counselors, parents.
We must welcome these new, young citizens to our digital land, and help
them to safely and successfully navigate its strange terrain.
Since this week is Digital Citizenship Week (October 16-20),
it is the perfect time to begin the journey to help students become respectful
and responsible digital citizens. We do
not have to go this journey alone as there are excellent resources to help us
teach digital citizenship. Since many
K-12 schools already use G Suite for Education, I will focus on Google’s
Digital Citizenship resources since they are easy to use and integrate.
Google wants students to Be Internet Awesome.
Be Internet Smart – Share with Care
Good
(and bad) news travels fast online, and without some forethought, kids can find
themselves in tricky situations that have lasting consequences. The solve?
Learning how to share with those they know and those they don’t.
Be
Internet Alert – Don’t Fall for Fake
It’s
important to help kids become aware that people and situations online aren’t
always as they seem. Discerning between what’s real and what’s fake is a very
real lesson in online safety.
Be
Internet Strong – Secure Your Secrets
Personal
privacy and security are just as important online as they are offline.
Safeguarding valuable information helps kids avoid damaging their devices,
reputations, and relationships.
Be
Internet Kind – It’s Cool to be Kind
The
Internet is a powerful amplifier that can be used to spread positivity or
negativity. Kids can take the high road by applying the concept of “treat
others as you would like to be treated” to their actions online, creating
positive impact for others and disempowering bullying behavior.
Be
Internet Brave – When in Doubt, Talk It Out
One
lesson that applies to any and all encounters of the digital kind: When kids
come across something questionable, they should feel comfortable talking to a
trusted adult. Adults can support this behavior by fostering open communication
at home and in the classroom.
The Be Internet Awesome program offers a free, ISTE-aligned curriculum with well-designed and detailed lessons and activities. There is also a very fun and engaging game
that reinforces the lessons.
Here are some other great resources for Be Internet Awesome:
Finally, Google offers a free Digital Citizenship and Safety Course for teachers to help them better educate their students on staying safe
and secure online. This course takes
approximately 75 minutes to complete.
March 30, 2017
Protecting Student Privacy
In the past, I have written about measures people and students can take to stay safe online with increased Internet security and safe search engines. Online privacy is a growing concern not only in our own lives, but also in our schools. In 2016, the TRUSTe/National Cyber Security Alliance released staggering statistics about online privacy in the United States. From 2015 to 2016, the number of people concerned about their online privacy increased by 45%. Before I explain the tool schools can use to help protect student privacy and data, consider these five facts from the TRUSTe/NCSA study:
In light of these dramatic figures and the rising risk of using online services, how do we ensure students' information is private and secure? How do we verify the vendors of software and other online services are protecting our students' data and privacy? We can use a tool known as the Student Privacy Pledge.
The Student Privacy Pledge was developed by The Future of Privacy Forum and The Software & Information Industry Association to "safeguard student privacy regarding the collection, maintenance, and use of student personal information." The two organizations go on to explain that the Student Privacy Pledge is "intended to concisely detail existing federal law and regulatory guidance regarding the collection and handling of student data, and to encourage service providers to more clearly articulate these practices."
Click here to read the pledge over 345 companies, vendors, and service providers have taken.
Click here to view a list of those that have taken the pledge.
As the Technology Coordinator for my school, I vet each and every vendor of digital or electronic services to ensure they meet our high educational standards. The Student Privacy Pledge provides me with an excellent way to verify these vendors are also protecting the personal information and privacy of our students. According to the TRUSTe/NCSA study, only 31% of people understand how companies share their personal information. The Student Privacy Pledge gives us much needed transparency to help make the best decisions for our schools and students. In the 21st century, creating a safe learning environment is not only about physical security, but also digital security.
- 92% of U.S. Internet users worry about their privacy online.
- People are more concerned about losing their online privacy (68%) than losing their income (57%).
- People's top concern about online privacy is companies collecting and sharing personal information.
- 89% of people say they avoid companies that do not protect their privacy.
- 36% of people have stopped using a website due to privacy concerns.
In light of these dramatic figures and the rising risk of using online services, how do we ensure students' information is private and secure? How do we verify the vendors of software and other online services are protecting our students' data and privacy? We can use a tool known as the Student Privacy Pledge.
The Student Privacy Pledge was developed by The Future of Privacy Forum and The Software & Information Industry Association to "safeguard student privacy regarding the collection, maintenance, and use of student personal information." The two organizations go on to explain that the Student Privacy Pledge is "intended to concisely detail existing federal law and regulatory guidance regarding the collection and handling of student data, and to encourage service providers to more clearly articulate these practices."
Click here to read the pledge over 345 companies, vendors, and service providers have taken.
Click here to view a list of those that have taken the pledge.
As the Technology Coordinator for my school, I vet each and every vendor of digital or electronic services to ensure they meet our high educational standards. The Student Privacy Pledge provides me with an excellent way to verify these vendors are also protecting the personal information and privacy of our students. According to the TRUSTe/NCSA study, only 31% of people understand how companies share their personal information. The Student Privacy Pledge gives us much needed transparency to help make the best decisions for our schools and students. In the 21st century, creating a safe learning environment is not only about physical security, but also digital security.
Subscribe to:
Posts (Atom)