Hackers and cyber criminals are trying to bait you. They want to fool you, hook you, and then reel in your private information. This is phishing - an increasingly common attack that attempts to gain someone's private information and/or credentials through realistic, but ultimately fake, emails.
How bad is phishing? According to a 2017 report by PhishMe, Inc, the average cost of a phishing attack on a mid-sized company is $1.6 million. That same report also found phishing attacks had grown by 65% in a year. The 2019 State of the Phish Report by Wombat found that 76% of businesses were the victims of phishing attacks in the previous year. Schools are also popular targets. Just recently, hackers stole personal information of over 500,000 staff and students in a San Diego school district through a phishing attack. The first line of defense to prevent these attacks is the user.
People must have training to identify phishing attempts and disregard them. Jigsaw, a special part of Google that researches and develops solutions to technology issues, released a quiz on phishing to help people spot these potential attacks. I got seven out of the eight scenarios correct. I'm still kicking myself about the one I missed, which I thought was a phishing attempt, but it turned out to be safe. Take the quiz here and see how many of the phishing attempts you can identify.
One final resource that can help both teachers and students become safer and more savvy online is Google's Digital Citizenship and Safety course. This self-paced, online course trains teachers on incorporating digital citizenship and safety lessons in their classrooms, but it also provides many helpful tips on digital security that are relevant outside of the classroom.
Hopefully, these resources can help you to not take the bait.
January 25, 2019
December 19, 2018
Resolve to be Secure
With 2019 just around the corner, it's time to plan our resolutions for the new year. Since 2018 seemed like a year of constant hacks, cyber attacks, and data breaches, here are the top ten resolutions you can take to be digitally secure in the new year.
1. Protect Your Passwords
First and foremost, you should change your passwords to be long and complex (at least 10 characters, uppercase and lowercase letters, numbers, and symbols). You should absolutely change them right now if any of yours is on the list of the most popular passwords of 2018. Also, you shouldn't have any of your usernames and passwords written on paper or in a file on your computer. It's much too easy for people to see or steal them.
Since the average person has several different accounts, usernames, and passwords, it is very difficult to remember all of them. The best option is to use a password manager. With a password manager, you only have to remember one master password. All your other usernames and passwords are remembered by the password manager. It works like this: you use your master password to log in to the password manager. When you get to a website, the password manager automatically fills in your username and password for that website. Password managers will also generate long, complex, and different passwords for your accounts to further increase security. Note: once you install a new password manager, let it change all your passwords to ones it generates. Also, password managers will sync your usernames and passwords across multiple devices. Your master password should be long and complex, but that's the only password you'll need to remember. The two best password managers are Dashlane and LastPass, and both have excellent free versions.
2. Strengthen Your Security Questions
Many websites will ask you security questions as a way to further secure your account. However, people may be able to guess the answers to your security questions. How can they guess? They can research you online to find out past addresses, schools, relatives, marriages (maiden names), etc. They can check your social media to find out the names of your pets, hobbies, interests, etc. An easy way to make your security questions un-guessable is to include a secret character (number, letter, or symbol) before or after your answer. For example, if it asks for your mother's maiden name, then your answer could be !Smith or SmithX. You should update all your security answers to include this secret character.
3. Use Two-factor Authentication
So, you're using a password manager to not only remember your usernames, but also to remember and use long, complex, and different passwords for all your accounts. Great! However, these could still be breached. It's virtually impossible for a person or even a supercomputer to guess the long, complex passwords randomly generated by these password managers, but there is still a microscopic chance. That's why you need to use two-factor authentication (TFA). Most commonly, this is set up through your phone. Once you enter an account's username and password, the website will send a code to your phone that you have to enter on the website as a final step to log in securely. Even if somebody has managed to figure out your username and password, they won't have the code that was sent to your phone. Unless your phone was stolen, which brings me to the next resolution.
4. Secure Your Phone
Forget fingerprint and face locks on your phone. Those can be easily breached. If you don't believe me, then read this article, this one, this one, and this one. The most secure way to protect your phone is through a PIN or password because only you can know it. Make sure you don't use easy-to-guess PINs or passwords. Yes, this is another one to remember, but, if you also use a password manager, then you only have two things to remember: the master password to your password manager and the PIN/password to your phone. That's absolutely do-able. If there's an option to encrypt your phone, do it. Finally, set up the "Find My Phone/Device" feature on your phone, so if it were ever lost or stolen, you can try to find it or remotely lock/wipe it.
5. Change Your Router and Home Network Username and Password
I bet I could log in to most people's home router. Why? Most people don't change the default username and password for their home routers. I can just go to routerpasswords.com and find the default username and password for any router I want. Once logged in to your router, I could do all sorts of nefarious things to your network and devices. Yet, I would never do that because I'm a good guy. But, to keep out the bad guys, you should change the default username and password to your router to something that's hard to guess. It's okay to write down this information somewhere safe. Finally, make sure you have a tough-to-guess password for your home network/Wi-Fi.
6. Use an Antivirus Program
Don't bother with free antivirus programs because they often don't have necessary features, such as real-time threat monitoring and prevention. It's worth spending the $50 or so per year to protect your devices. The only ones I recommend are Webroot, Bitdefender, and Avast.
7. Use uBlock Origin
Trackers, malware, potentially unwanted programs (PUPs), and other nasty digital stuff can lurk in ads and pop-ups online. The best adblock extension you can use is uBlock Origin. Not only will it block these bad things, but it will make browsing the web a cleaner, faster, and more enjoyable experience.
8. Do Updates
Keeping your devices and programs updated is one of the simplest, easiest, and best ways to increase security. Software engineers, developers, and even white hat hackers are constantly on the lookout for vulnerabilities and creating patches to fix them. Updates will also enhance the performance of your devices and programs, so make sure to install those updates. You can even set updates to install automatically, so that's one fewer thing to remember. You can usually find update preferences in the "Settings" app or menu of a device or program. Finally, make sure to turn your devices off and on a couple times a week. This will help with updates and give the devices a chance to "reset" to fix or prevent some issues.
9. Lock Your Computer
Even if you've followed all these resolutions, your computer will still be vulnerable if you log in to it and then walk away. Anyone can then use it while you're gone. A quick and easy way to prevent this is to lock it. If you need to leave your computer, press the Windows key (looks like a four-pane window next to the Alt key) and the L key at the same time. This will lock your computer and require your password to unlock it. To unlock it, press Ctrl, Alt, and Del at the same time as you normally would to log in, and then enter your password. Many organizations and businesses take this very seriously and will "write up" or discipline employees who leave computers or other devices logged in and unlocked.
10. Think Before You Click
Finally, think before you click on something: a link, a picture, a download button, an attachment, etc. Take a moment to pause and question if it's safe. Does it look legitimate? Is there anything off or sketchy about it (incorrect grammar, sensationalism, bright/flashing animation, "too-good-to-be-true"-ness, etc.)? Does it come from a secure and trusted source? You can mouse over a link (without clicking) to see where it leads. Don't download or install anything unless you know it comes from a safe, trusted, and secure source. When it doubt, close it out. And never ever give out usernames, passwords, account information, or any other personal/private information to any unknown, untrusted, or questionable people or services online.
The end of the year is also a good time to clean out and organize your emails. Here is a post I wrote about five steps you can take to have a better email experience.
I wish you all a happy, healthy, and secure New Year!
1. Protect Your Passwords
First and foremost, you should change your passwords to be long and complex (at least 10 characters, uppercase and lowercase letters, numbers, and symbols). You should absolutely change them right now if any of yours is on the list of the most popular passwords of 2018. Also, you shouldn't have any of your usernames and passwords written on paper or in a file on your computer. It's much too easy for people to see or steal them.
Since the average person has several different accounts, usernames, and passwords, it is very difficult to remember all of them. The best option is to use a password manager. With a password manager, you only have to remember one master password. All your other usernames and passwords are remembered by the password manager. It works like this: you use your master password to log in to the password manager. When you get to a website, the password manager automatically fills in your username and password for that website. Password managers will also generate long, complex, and different passwords for your accounts to further increase security. Note: once you install a new password manager, let it change all your passwords to ones it generates. Also, password managers will sync your usernames and passwords across multiple devices. Your master password should be long and complex, but that's the only password you'll need to remember. The two best password managers are Dashlane and LastPass, and both have excellent free versions.
2. Strengthen Your Security Questions
Many websites will ask you security questions as a way to further secure your account. However, people may be able to guess the answers to your security questions. How can they guess? They can research you online to find out past addresses, schools, relatives, marriages (maiden names), etc. They can check your social media to find out the names of your pets, hobbies, interests, etc. An easy way to make your security questions un-guessable is to include a secret character (number, letter, or symbol) before or after your answer. For example, if it asks for your mother's maiden name, then your answer could be !Smith or SmithX. You should update all your security answers to include this secret character.
3. Use Two-factor Authentication
So, you're using a password manager to not only remember your usernames, but also to remember and use long, complex, and different passwords for all your accounts. Great! However, these could still be breached. It's virtually impossible for a person or even a supercomputer to guess the long, complex passwords randomly generated by these password managers, but there is still a microscopic chance. That's why you need to use two-factor authentication (TFA). Most commonly, this is set up through your phone. Once you enter an account's username and password, the website will send a code to your phone that you have to enter on the website as a final step to log in securely. Even if somebody has managed to figure out your username and password, they won't have the code that was sent to your phone. Unless your phone was stolen, which brings me to the next resolution.
4. Secure Your Phone
Forget fingerprint and face locks on your phone. Those can be easily breached. If you don't believe me, then read this article, this one, this one, and this one. The most secure way to protect your phone is through a PIN or password because only you can know it. Make sure you don't use easy-to-guess PINs or passwords. Yes, this is another one to remember, but, if you also use a password manager, then you only have two things to remember: the master password to your password manager and the PIN/password to your phone. That's absolutely do-able. If there's an option to encrypt your phone, do it. Finally, set up the "Find My Phone/Device" feature on your phone, so if it were ever lost or stolen, you can try to find it or remotely lock/wipe it.
5. Change Your Router and Home Network Username and Password
I bet I could log in to most people's home router. Why? Most people don't change the default username and password for their home routers. I can just go to routerpasswords.com and find the default username and password for any router I want. Once logged in to your router, I could do all sorts of nefarious things to your network and devices. Yet, I would never do that because I'm a good guy. But, to keep out the bad guys, you should change the default username and password to your router to something that's hard to guess. It's okay to write down this information somewhere safe. Finally, make sure you have a tough-to-guess password for your home network/Wi-Fi.
6. Use an Antivirus Program
Don't bother with free antivirus programs because they often don't have necessary features, such as real-time threat monitoring and prevention. It's worth spending the $50 or so per year to protect your devices. The only ones I recommend are Webroot, Bitdefender, and Avast.
7. Use uBlock Origin
Trackers, malware, potentially unwanted programs (PUPs), and other nasty digital stuff can lurk in ads and pop-ups online. The best adblock extension you can use is uBlock Origin. Not only will it block these bad things, but it will make browsing the web a cleaner, faster, and more enjoyable experience.
8. Do Updates
Keeping your devices and programs updated is one of the simplest, easiest, and best ways to increase security. Software engineers, developers, and even white hat hackers are constantly on the lookout for vulnerabilities and creating patches to fix them. Updates will also enhance the performance of your devices and programs, so make sure to install those updates. You can even set updates to install automatically, so that's one fewer thing to remember. You can usually find update preferences in the "Settings" app or menu of a device or program. Finally, make sure to turn your devices off and on a couple times a week. This will help with updates and give the devices a chance to "reset" to fix or prevent some issues.
9. Lock Your Computer
Even if you've followed all these resolutions, your computer will still be vulnerable if you log in to it and then walk away. Anyone can then use it while you're gone. A quick and easy way to prevent this is to lock it. If you need to leave your computer, press the Windows key (looks like a four-pane window next to the Alt key) and the L key at the same time. This will lock your computer and require your password to unlock it. To unlock it, press Ctrl, Alt, and Del at the same time as you normally would to log in, and then enter your password. Many organizations and businesses take this very seriously and will "write up" or discipline employees who leave computers or other devices logged in and unlocked.
10. Think Before You Click
Finally, think before you click on something: a link, a picture, a download button, an attachment, etc. Take a moment to pause and question if it's safe. Does it look legitimate? Is there anything off or sketchy about it (incorrect grammar, sensationalism, bright/flashing animation, "too-good-to-be-true"-ness, etc.)? Does it come from a secure and trusted source? You can mouse over a link (without clicking) to see where it leads. Don't download or install anything unless you know it comes from a safe, trusted, and secure source. When it doubt, close it out. And never ever give out usernames, passwords, account information, or any other personal/private information to any unknown, untrusted, or questionable people or services online.
The end of the year is also a good time to clean out and organize your emails. Here is a post I wrote about five steps you can take to have a better email experience.
I wish you all a happy, healthy, and secure New Year!
November 30, 2018
Educational Software Evaluation
My school uses a myriad of educational software and online learning programs. In order to see if these are meeting the needs of the teachers and students, I developed an evaluation rubric to conduct a comprehensive assessment of each and every one that we use. I would like to share it with all of you, so that you can use it for your own evaluations, or even tweak it to reflect your unique needs. You can download the rubric here. Finally, I would like to give a brief explanation of how the rubric works.
I identified ten areas by which to evaluate a software application or online program:
I also included detailed descriptors for each of these areas, so evaluators will be on the same page. The final score is out of 50 points, and there is a space for comments at the bottom of the rubric. You could also turn this rubric into a Google Form or online survey to enable faster data-gathering and more dynamic analysis. Hopefully, this will help you conduct a comprehensive, objective, and methodical assessment of any educational software or online learning program you use.
I identified ten areas by which to evaluate a software application or online program:
- Curriculum & Standards Alignment: How does the program align with our curriculum, standards, and learning goals?
- Depth of Knowledge: What Depth of Knowledge level does the program mostly align with?
- Authenticity: How is the content presented in an authentic, real-world manner?
- Personalization & Adaptability: How does the program personalize learning and adapt content for students?
- Instructional Feedback & Reporting: How does the program offer monitoring and reporting for the teacher?
- Relearning Opportunities: How does the program offer opportunities to re-answer questions, and what helpful information does it provide?
- Ease of Use: How easily can people use and navigate the program?
- Engagement: How does the program engage students?
- Privacy: Has the program signed the Student Privacy Pledge (studentprivacypledge.org)?
- Redundancy: How redundant is the program based on any similar programs we use?
I also included detailed descriptors for each of these areas, so evaluators will be on the same page. The final score is out of 50 points, and there is a space for comments at the bottom of the rubric. You could also turn this rubric into a Google Form or online survey to enable faster data-gathering and more dynamic analysis. Hopefully, this will help you conduct a comprehensive, objective, and methodical assessment of any educational software or online learning program you use.
October 19, 2018
Teaching Digital Citizenship and Safety
In honor of it being National Cybersecurity Awareness Month,
I thought it would be apropos to share a somewhat-related story of how my
school is teaching digital citizenship and safety in hopes that it may help
other schools and teachers do the same. I
have a link to our program at the end of this post. You can also read my previous writings on digital citizenship here. Digital
citizenship and Internet safety are critical concepts that students must
understand and apply in their own lives as their access to web-connected
devices and services begin earlier and earlier.
After all, these devices and online services are tools, and, as with any
tool, we must teach the uninitiated how to use them responsibly, safely, and
intelligently lest they get themselves in trouble via misuse.
Not long after I started working at my school, I recognized
the need to gather feedback, insights, and questions from the staff about the
technology used throughout the school.
The effective exploration and integration of technology (or any other
thing) are predicated on open collaboration, detailed planning, careful
execution, and thoughtful reflection. To
this end, I formed and headed up the Technology Committee.
Last year, our main goal was to develop a unified series of
lessons in Grades 3-5 to teach digital citizenship and safety. Some teachers were already teaching various
aspects of this, but there wasn’t a common curriculum. We, the Technology Committee, sought to
remedy this by creating a consistent and scaffolded program of lessons, so
there were no overlaps or gaps in teaching these integral skills and the lessons
would build on each other throughout the grades. We also wanted to schedule these lessons at
the beginning of the school year to lay a solid foundation on which to build
later and head off any student misuse of technology. Finally, we understood teachers have much to
teach already, so we focused on core lessons and divided the teaching of those
lessons between the classroom teacher, the Library/Media teacher, and the
Makerspace teacher. I went into the
classrooms to teach some lessons as well, which was very fun. We thought it would be beneficial for the
students to learn about digital citizenship and safety from different people,
who could offer unique perspectives on the subject.
Like any good creator (or artist), we took bits and pieces
from existing lessons and resources, modified them to meet our vision, and
quilted them together in a final product.
We didn’t want to rely all on one source for these lessons. To promote unification and scaffolding, we
borrowed an idea from Google’s Be Internet Awesome program and put our lessons into four pillars or units
that would cross all three grades: Be
Digitally Kind (Unit 1), Be Digitally Safe (Unit 2), Be Digitally Responsible
(Unit 3), and Be Digitally Savvy (Unit 4).
Each grade would be learning lessons in the same pillar at the same time
to bring a cohesiveness to the program. We
put three lessons in each of those units:
one for the classroom, one for Library/Media, and one for
Makerspace. We chose lessons that would
complement the theme of those units, put them in an order that would build on
each other, and ended each grade with a lesson that we felt synthesized all the
units. In total, we had twelve lessons
for each grade. Our goal was to complete
one unit each month: Unit 1 in
September, Unit 2 in October, Unit 3 in November, and Unit 4 in December.
Thus far, our program has been going very well. Of course, this is our first year implementing
it, so we are actively reflecting on it and looking for ways to improve
it. Also, we will brainstorm ways to
build on these lessons later in the year to reinforce the learning. We are thinking of having each grade do some
kind of project-based/real-world assignment that can authentically make use of
what they have learned.
Chrome Extensions for Students with Special Needs
There are countless Google Chrome extensions that can help both teachers and students. I’ve written about some of them, and you can read about those here. For this post, I wanted to share four Google Chrome extensions that can be very useful for students with special needs.
OpenDyslexic Font
From its extension overview: “Open-Dyslexic is an open sourced font created to increase readability for readers with dyslexia. This extension overrides all fonts on web pages with the OpenDyslexic font, and formats pages to be more easily readable.
Your brain can sometimes do funny things to letters. OpenDyslexic tries to help prevent some of these things from happening. Letters have heavy weighted bottoms to add a kind of "gravity" to each letter. You are able to quickly figure out which part of the letter is down because of this feature. It aids in recognizing the correct letter and sometimes helps to keep your brain from rotating them around. Consistently weighted bottoms can also help reinforce the line of text. The unique shapes of each letter can help prevent confusion by flipping and swapping.
Open-Dyslexic has recently received favourable coverage from the BBC (http://bbc.com/news/technology-19734341) and is included in many iOS and Android apps. Unlike much other dyslexia or DRD typefaces, OpenDyslexic is completely free for individuals, companies, schools, and in short: everyone.”
Speech Recognition Anywhere
From its extension overview: “With ‘Speech Recognition Anywhere’ you can control the Internet with your voice. Use voice recognition to fill out forms and documents on the web! Dictate emails with speech to text! Use Voice Recognition to fill out any form and dictate email with speech to text. Control the Internet with custom voice commands!
No need to copy and paste your speech into a form input field. The speech you speak is automatically typed into any form on any web page handsfree. You can also browse the web and completely control a website with voice commands. It can be used like a virtual assistant. Speech Recognition Anywhere now includes text to speech, custom voice commands and scripting. See seabreezecomputers.com/speech for more information.”
Colorblind – Dalton
From its extension overview: “Dalton is software allowing people with different kinds of color blindness (colour vision deficiency) to see more colors. Dalton provides solutions to some of the everyday problems experienced by colour blind people. People with various types of colour deficiency could benefit from the use of Dalton software including those affected by Tritanopia (blue colour vision deficiency), Deuteranopia (green), Protanopia (red).
People generally have the assumption that if you suffer from blue-yellow color blindness these are the only colors you have trouble seeing. But that’s wrong. Color blindness doesn’t relate to just two color shades you can’t distinguish, it is the whole color spectrum which is affected. The extension is totally free. The main aim is to help people to see the world colorful.
BeeLine Reader
From its extension overview: “BeeLine's color gradient makes reading faster/easier for over 90% of people. How much will it help you?
Have a lot to read? Make reading easier and faster using BeeLine Reader! BeeLine uses a color gradient to guide your eyes from the end of one line to the beginning of the next. This seemingly simple tweak makes reading substantially easier and faster because it allows you to transition between lines quickly and effortlessly. Thousands of people have taken our online diagnostic test, and over 90% of them saw a benefit from BeeLine. Many people are able to read 20% or 30% faster with BeeLine, even on their first try.
Research by educators has shown dramatic reading fluency and comprehension gains for students, and research with adults is ongoing at Stanford Medical School. BeeLine has been adopted by the California Public Library System, Bookshare.org, and Reading Is Fundamental. The BeeLine extension works on millions of news websites and blogs, and you can even use read Kindle books, Google Docs, and Gmail with it. You can also get our PDF extension, which works on any text-based PDF.
You can read as much as you want with BeeLine for two weeks days. After that, you can use BeeLine up to 5 times every day for free, or subscribe to BeeLine Reader Pro for just $2/month (or less if you subscribe annually). Students and teachers can also apply on our website for our free Student Pass (certain limitations apply).”
OpenDyslexic Font
From its extension overview: “Open-Dyslexic is an open sourced font created to increase readability for readers with dyslexia. This extension overrides all fonts on web pages with the OpenDyslexic font, and formats pages to be more easily readable.
Your brain can sometimes do funny things to letters. OpenDyslexic tries to help prevent some of these things from happening. Letters have heavy weighted bottoms to add a kind of "gravity" to each letter. You are able to quickly figure out which part of the letter is down because of this feature. It aids in recognizing the correct letter and sometimes helps to keep your brain from rotating them around. Consistently weighted bottoms can also help reinforce the line of text. The unique shapes of each letter can help prevent confusion by flipping and swapping.
Open-Dyslexic has recently received favourable coverage from the BBC (http://bbc.com/news/technology-19734341) and is included in many iOS and Android apps. Unlike much other dyslexia or DRD typefaces, OpenDyslexic is completely free for individuals, companies, schools, and in short: everyone.”
Speech Recognition Anywhere
From its extension overview: “With ‘Speech Recognition Anywhere’ you can control the Internet with your voice. Use voice recognition to fill out forms and documents on the web! Dictate emails with speech to text! Use Voice Recognition to fill out any form and dictate email with speech to text. Control the Internet with custom voice commands!
No need to copy and paste your speech into a form input field. The speech you speak is automatically typed into any form on any web page handsfree. You can also browse the web and completely control a website with voice commands. It can be used like a virtual assistant. Speech Recognition Anywhere now includes text to speech, custom voice commands and scripting. See seabreezecomputers.com/speech for more information.”
Colorblind – Dalton
From its extension overview: “Dalton is software allowing people with different kinds of color blindness (colour vision deficiency) to see more colors. Dalton provides solutions to some of the everyday problems experienced by colour blind people. People with various types of colour deficiency could benefit from the use of Dalton software including those affected by Tritanopia (blue colour vision deficiency), Deuteranopia (green), Protanopia (red).
People generally have the assumption that if you suffer from blue-yellow color blindness these are the only colors you have trouble seeing. But that’s wrong. Color blindness doesn’t relate to just two color shades you can’t distinguish, it is the whole color spectrum which is affected. The extension is totally free. The main aim is to help people to see the world colorful.
BeeLine Reader
From its extension overview: “BeeLine's color gradient makes reading faster/easier for over 90% of people. How much will it help you?
Have a lot to read? Make reading easier and faster using BeeLine Reader! BeeLine uses a color gradient to guide your eyes from the end of one line to the beginning of the next. This seemingly simple tweak makes reading substantially easier and faster because it allows you to transition between lines quickly and effortlessly. Thousands of people have taken our online diagnostic test, and over 90% of them saw a benefit from BeeLine. Many people are able to read 20% or 30% faster with BeeLine, even on their first try.
Research by educators has shown dramatic reading fluency and comprehension gains for students, and research with adults is ongoing at Stanford Medical School. BeeLine has been adopted by the California Public Library System, Bookshare.org, and Reading Is Fundamental. The BeeLine extension works on millions of news websites and blogs, and you can even use read Kindle books, Google Docs, and Gmail with it. You can also get our PDF extension, which works on any text-based PDF.
You can read as much as you want with BeeLine for two weeks days. After that, you can use BeeLine up to 5 times every day for free, or subscribe to BeeLine Reader Pro for just $2/month (or less if you subscribe annually). Students and teachers can also apply on our website for our free Student Pass (certain limitations apply).”
Subscribe to:
Posts (Atom)