A handful of ed tech offerings

Ed tech tips

The 2021-22 edition of The Practical Ed Tech Handbook is a 75 page PDF that features Richard Byrne’s favorite tools, tips, and strategies for using a wide variety of educational technology tools in your classroom. It can be found at https://practicaledtech.com/free-handbook/ 


Tiny Tap is a free web service that lets you create web-based educational games or borrow from a gallery of teacher made educational and share them with students, including embedding them in Canvas if you want. Consider checking out Byrne’s post describing the service at https://www.freetech4teachers.com/2021/11/tinytap-create-your-own-educational.html


Josh Sowash’s October newsletter included

Safeguard your cell phone from hacks

hacked phone

Our cell phones are threatened by bad actors more than many of us may realize. Below are the most common and critical mobile security threats and a short synapse of examples and ways to safeguard against attack..

4 Different Types of Mobile Security Threats

Mobile security threats are commonly thought of as a single, all-encompassing threat. But the truth is, there are four different types of mobile security threats that we need to take steps to protect ourselves from:

  • Mobile Application Security Threats. Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Examples are spyware and malware that steal personal and business information without people realizing it’s happening.
  • Web-Based Mobile Security Threats. Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices.
  • Mobile Network Security Threats. Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks.
  • Mobile Device Security Threats. Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous.

Signs

Below are the most common examples of these threats, as well as steps to can take to protect ourselves from them.

1. Social Engineering

Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) in an effort to trick someone into handing over private information like their passwords or downloading malware onto their devices.

Reports by cybersecurity firm Lookout and Verizon show a 37% increase in enterprise mobile phishing attacks and that phishing attacks were the top cause of data breaches globally in 2020.

Phishing Attack Countermeasures

The best defense for phishing and other social engineering attacks is to teach youself how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.

2. Data Leakage via Malicious Apps

85% of mobile apps today are largely unsecured. Tom Tovar, CEO of Appdome, says, “Today, hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app.”

For example, when someone visits Google Play or the App Store to download apps that look innocent enough, the apps ask for a list of permissions before people are allowed to download them. These permissions generally require some kind of access to files or folders on the mobile device, and most people just glance at the list of permissions and agree without reviewing them in great detail.

However, this lack of scrutiny can leave devices vulnerable. Even if the app works the way it’s supposed to, it still has the potential to mine corporate data and send it to a third party.

How to Protect Against Data Leakage

Review permissions carefully and typically avoid third-party apps.

3. Unsecured Public WiFi

Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it.

For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack).

If this seems far-fetched, it isn’t. Creating fake WiFi hotspots in public spaces with network names that look completely legit is incredibly simple, and people are very willing to connect, as shown by experiments run at the Democratic and Republican conventions in 2016 and by an experiment run by a researcher in 2019 from Magic.

How to Reduce Risks Posed By Unsecured Public WiFi

Avoid connecting to public networks as much as possible, confirm they are legit, and do not conduct any sensitive activity while on them.

4. Spyware

Spyware is used to survey or collect data and is most commonly installed on a mobile device when users click on a malicious advertisement (“malvertisement”) or through scams that trick users into downloading it unintentionally.

Whether you have an iOS or Android device, these devices are targets ripe for data mining with spyware—which could include your personal as well as our district data if that device is connected to our network.

How to Protect Against Spyware

Dedicated mobile security apps (like Google’s Play Protect) can help you detect and eliminate spyware that might be installed on your devices. Ensuring you keep your device operating systems (and applications) up to date also helps ensure that your devices and your data are protected against the latest spyware threats.

5. Poor Password Habits

2020 study by Balbix found that 99% of the people surveyed reused their passwords between work accounts or between work and personal accounts. Unfortunately, the passwords that employees are reusing are often weak as well.

How to Reduce or Eliminate Mobile Password Threats

The NIST Password Guidelines are widely regarded as the international standard for password best practices. Following these guidelines will help protect you against threats from weak or stolen passwords. Password managers can simplify the work required to follow these guidelines.

Using more than one authentication factor (multi-factor authentication or MFA) to access mobile applications will also help reduce the risk that a bad actor could gain access to your systems since they’d need to verify their identity with additional authentication factors in order to log in.

Finally, implementing passwordless authentication will help you eliminate password risks altogether. For example, in the event that a mobile device is stolen or accessed illegally, requiring a facial scan as a primary (or secondary) authentication factor could still prevent unauthorized access.

6. Lost or Stolen Mobile Devices

Lost and stolen devices remain a threat.

How to Protect Against Lost or Stolen Device Threats

First and foremost, you’ll want to know what steps to take if you lose your device. Since most devices come with remote access to delete or transfer information, that should include asking you to make sure those services are activated.

7. Out of Date Operating Systems

Like other data security initiatives, mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.

However, these patches only protect if you keep your devices up to date at all times.

——–

See the pic below for common signs of a compromised phone and a recap of best practices to avoid falling prey.

Mobile hacks

Add a page break before paragraphs in Google Docs

Add page break

You can now mark a paragraph to always begin on a new page with the new “Add page break before” option in Google Docs. This is particularly useful if you want certain paragraph styles to always create a new page such as titles, subtitles, or headings. This also means that you can import and export Microsoft Word and other third-party documents that have “Page break before” applied to paragraphs and Docs will retain that formatting.

Add the new
Add the new “Add page break before” paragraph style in Docs

 

Classic Sites to new Google Sites migration reminder

Classic sites to close

Starting December 1, 2021: owners and collaborators of classic Google sites will no longer be able to edit any remaining classic Google Sites in our domain. Starting January 1, 2022: classic Google Sites will no longer be viewable unless they are converted to new Google Sites. If you own a classic Google site in our domain and wish to have your content remain viewable after January 1st, at some point before the new year browse to https://sites.google.com/classicsitesmanager and initiate the conversion process.

In some cases we note there are some teacher sites that receive hundreds of views a month even though they haven’t been edited in a year or more, so will suggest you review your site’s stats before possibly deciding to skip converting it. For those with lots of page views on dated sites, if you decide to convert to permit continued visitor access, you may want to at least edit your site by adding links for visitors to follow to also access content you are now more involved in curating on Canvas or elsewhere.

Put your cyber savvy to the test

Hacking quiz

Take the quiz: How vulnerable are you to cyber threats?
Are you putting the district or yourself at risk without knowing it? This security assessment will help you identify whether your cyber knowledge is up to par – or if you could use a little refresher. Take the next five minutes to see where you stand.

OA27_QUIZ_STANDARD

Two of this month’s Google updates

Google Updates

Every month tweaks and changes occur in one or more of our Google apps. Here are two of this month’s.

Create meeting notes in Google Calendar. Available starting in late October, quickly start and share a meeting notes document for your Calendar events.

 

Add image watermarks in Google Docs. You can now add image watermarks directly into Google Docs.

 

​Cybersecurity Awareness Month – Safety Tips Sheets, Posters, and Lesson Plans

Cybersecurity advice

STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online. They have a large collection of posters, tip sheets, and videos that you can use to promote good online safety practices. They maintain a resource page with tip sheets to posters to videos and more, to help you stay safer and more secure online and better protect your personal information. All of these resources are free to use, download and share at home, at work and in the community.  We have embedded two of the many videos they have below. Here’s also a link to one of their advice posters.

Free Lesson Plans
Google for Education’s Applied Digital Skills lesson library includes a couple of lesson plans that align with Cybersecurity Awareness Month.

  • Avoid Online Scams is a lesson plan for middle school and high school classrooms. This lesson includes a scenario in which students have to identify the signs of a scam phone call and email then decide how to respond.

Quick Tip: Create a QR code for any site you open in Chrome

Q

You can now quickly and easily generate a QR code for any site you have open in Chrome. Just click the URL bar (omnibox) and then click the QR code button to the right. Download it, and place it where you want people to scan it!

 

QR code steps

 

 

Google’s .NEW domains make for some great quick access to various sites and services

.New

Since our last blog post about Google’s .New domains, they have since opened registration up to 3rd party developers,  allowing you to quickly jump not only into several Google services just by typing into your browser’s address bar things like docs.new, sheets.new, slides.new, etc. but hundreds of other services etc. In another post our today, we mentioned spark.new. Below are just some of the other shortcuts you might appreciate knowing about — also consider visiting the domain directory to review the comprehensive and growing list:

Updates to Adobe Spark for Education Plan

Adobe Spark

Beginning in late October 2021, the K12 Adobe Spark for Education plan will start to include two additional applications, Adobe Photoshop Express and Adobe Premiere Rush. In or shortly after late October 2021, our users will have access to these applications.

Adobe Photoshop Express enables image editing and collage making and is available on both iOS and Android devices. To learn about this application’s capabilities, system requirements, and device compatibility, please visit the user guide.

Adobe Premiere Rush enables video editing and sharing and is available on both iOS and Android, as well as desktop devices. To learn about this application’s capabilities, system requirements, and device compatibility, please visit the user guide.

As a reminder, simply type spark.new in the Chrome browser and review these steps on how to access Spark for Education. 

And for more ideas on Spark, revisit our last blog post about it HERE.