This session will focus on several tools you can use to evaluate your “cyber-hygiene” as well as resources you can use to clean up your personal data sharing habits online. Join us to learn the basics of personal cybersecurity, best practices for keeping your data safe online, tips for becoming more cybersecurity aware, and recommendations for keeping yourself, colleagues, and students protected against new and emerging threats. Don’t be left in the dark!
Over the past two years, K-12 schools have grown more reliant on educational technology. This shift has fueled digital transformations across the country and made it easier for students to learn safely and effectively, both now and in the future.
But this shift toward digital learning as a mainstay has come at a cost – increased vulnerability to district networks and data. Many K-12 education and technology leaders are already begun taking steps to address this increased risk, but there’s still much more that can be done to stay ahead of tomorrow’s digital threats.
The best way to address vulnerability is a security posture built on the latest policies and best practices for cybersecurity and data privacy. At SecurED Schools, these imperatives and more will be on full display, with local, state, and national experts leading discussions on how K-12 districts can upgrade their security capabilities before an emergent threat takes hold.
This year’s fully virtual conference will also feature numerous hands-on presentations geared toward helping IT stakeholders comply with current state and federal mandates, including SOPPA, FERPA, and more.
That’s not all SecurED Schools 2022 has in store for you. Check out the full schedule now or take a peek below at some of this year’s most anticipated virtual sessions!
Two Days Full of Resources, Demos & Best Practices
With over 30 engaging sessions on this year’s agenda, SecurED Schools 2022 is set to be Illinois’ premier conference for fostering cybersecurity and data privacy excellence.
This year, we’re also welcoming over 40 presenters to the virtual stage, offering you the chance to learn from the best and walk away with a vision for improving your district’s security posture.
Future Privacy: Privacy Fundamentals for Uncertain Times
Presented by Linnette Attai
The world has changed, and nowhere has that been more apparent than in school districts. In a series of seismic shifts, classroom environments and technologies used to support instructional delivery have changed and changed again, leaving many racing to stay on top of whatever comes next. Edtech evolution isn’t slowing down any time soon, raising fresh concerns about what is being lost in terms of student data privacy along the way.
Now’s the time to address these concerns head on, starting with the privacy fundamentals you already know. Join us for a chance to brush up on the basics of FERPA, COPPA, PPRA, and SOPPA while learning how these bedrock elements can support more cohesive privacy efforts, both now and in the future.
Let’s Talk About the SDPC Database
Presented by Sean Mullins
Without a doubt, the SDPC database is one of the most useful tools K-12 school districts can reach for while striving to maintain full SOPPA compliance. But despite that, many districts don’t know about the database’s lesser-known features and their ability to streamline SOPPA workflows from start to finish.
Don’t miss out on taking full advantage of everything the SDPC database has to offer! Join this highly interactive session to learn new ways to harness the SDPC database as well as get your questions answered by one of the state’s foremost SDPC database experts.
Don’t Be Left in the Dark!
Presented by Holly Kelly & Lisa Schwartz
The rise of edtech in the everyday classroom has helped students learn like never before. But along the way, staff and students alike haven’t done well when it comes to maintaining their “cyber-hygiene.” In other words, our personal data sharing habits have grown troubling lately, putting both ourselves and our institutions at risk for cyber-attack.
Fortunately, there are a few sure-fire ways to get your personal data sharing habits back on the right track. Join us to learn about a few readily available resources that can help staff, colleagues, and students become more cyber aware and keep themselves protected against emerging threats to their personal data privacy.
Register for SecurED Schools Today!
SecurED Schools is only a couple weeks away, but there’s still time to reserve your seat at any of this year’s engaging, solution-oriented sessions. At only $25 a ticket (including access to a post-conference archive of recordings and resources), this year’s conference is an affordable way to grow your professional toolkit and help your district chart a course for a more digitally secure future.
Register today and start making plans to transform the way your district handles cybersecurity and data privacy!
When it comes to discussing the information we, as well as our students, share online, so-called “cyber hygiene” is a great place to start. This session will focus on several tools educators can use to evaluate cyber hygiene as well as several tools they can use to clean up their personal data sharing habits online.
This week on Be Connected, we’ll jump headlong into one of the chief concerns for all digitally-connected organizations (including schools) today – the threat of being hacked. In particular, we’ll look at the website www.haveibeenpwned.com and discuss how students and staff alike can use it to discover if their personal credentials have ever been hacked and dumped in a documented data breach.
Be Connected is a weekly webinar series from the LTC focused on facilitating open discussions about pertinent topics within Illinois’ edtech community. Hosted by the LTC’s Chris Wherley and Eric Muckensturm, each session will focus on a specific topic and provide space for participants to ask and answer questions in a relaxed, supportive environment.
Each week will feature a different core topic and a fresh opportunity to connect with your peers. So, be sure to check the LTC events calendar routinely so that you can join in the discussion and Be Connected.
Note: This article was originally published by the International Society for Technology in Education (ISTE) on February 5, 2021. It has been republished here with their permission, and the permission of the author. You can read the original here.
Today is Safer Internet Day, an occasion to recommit to best practices for protecting digital identity. In the spirit of this important celebration, we’re proud to feature an article by the LTC’s Nicole Zumpano, originally published by ISTE. Each of its timely resources and recommendation will help you make digital literacy and internet safety a cornerstone of your classroom year-round.
As adults, we do everything possible to keep our computers, bank accounts and families safe. Our list of to-dos continues to grow as our use of digital technologies increases. While these tasks are rote to most adults, we can’t expect that our students will follow our lead.
It is our responsibility as educators to make sure learners know how to do more than surf the web and consume media. All educators — from classroom teachers to technology coaches and school administrators — should lead the discussion on digital literacy. Here are some ways to make sure our students stay safe and secure online:
Teach students to conduct data mines (on themselves)
Students should do this every 3-6 months. While many will Google their names, we need to teach them to dig deeper. Here are some general guidelines to follow:
- Log out of internet browsers before searching (staying logged in can affect the results).
- Search (using quotation marks) full legal names, nicknames and usernames.
- Search Google Images with names/usernames.
- Use multiple browsers, such as Chrome, Bing, Yahoo, Safari and Firefox.
- Look beyond the first page of results. Go at least five pages deep until the name/username no longer appears. Take note of what kind of results appear (presentations/social media/images/etc.).
Here’s an exercise I give to graduate students, but it can easily be replicated for high school students.
Check privacy settings on social media accounts
Because many sites may be blocked during school hours, allow students to check privacy settings on those that are not. At a minimum, show students how to access privacy settings (perhaps through a screencast or screenshot). On each social media site, students should:
- Check privacy settings to see who can view posts.
- Go through “friends” lists and remove people who should not be there.
- Search posts and remove any that they wouldn’t want a parent, teacher, employer or college official to see.
- Look at tagged images that others have posted.
Watch the video below to seen how Katrina Traylor Rice taught students about digital privacy while teaching a unit on the Bill of Rights.
Teach digital literacies
Digital literacy is a term that has many moving parts. Students need guidance on varying types of literacy, including media (how to “read” media), social (how to interact in an online environment), and information (the ability to locate, evaluate and properly use information).
Safety falls into this category as well. Students need to know, understand and apply password algorithms as well as recognize scams and understand how their data is being tracked and used by companies.
Stress the importance of digital maintenance
This is the spelling list or cursive practice of the digital world. It’s not glamorous to teach but essential for students to know:
- Teach students how to download Google Drive files to an external drive.
- Remind them to backup Drive files, important emails, smartphone photos/apps/etc. at least once a month.
- Make sure parents have access to account passwords in the event of emergencies. Have them write the accounts/passwords on a piece of paper and place it in an envelope in a safe yet visible place.
- Reiterate the importance of logging out of accounts, not simply closing the browser window.
Teaching digital responsibility is not just for middle school teachers or library media specialists. It’s everyone’s duty, and we must start with kindergartners. Consider developing a digital media scope-and-sequence to address what should be taught at each grade.
This is something that can be developed by teachers, students and parents alike. At a minimum, make a commitment with grade-level colleagues that you’ll help teach students how to be safe and secure digital citizens. A good place to begin is by reviewing the ISTE Standards for Students.
Being alert — being aware of online actions, and knowing how to be safe and create safe spaces for others online — is one of the five competencies of the #DigCitCommit campaign. Watch the video below to learn how you can get involved in the movement.
Over the past year, classrooms in Illinois and around the world have become more and more reliant on digital resources to safely and successfully facilitate instruction. While remote and hybrid learning continues for many students, one important issue relating to digital learning deserves more attention – data privacy.
In short, data privacy describes the practice of prioritizing the secure maintenance and transfer of personally identifiable information within a digital network. When it comes to today’s students, this can include everything from their name and age to their grades and discipline record. Many educational apps and websites are able to collect this kind of information with minimal notice, making it essential for schools to know where their students’ data is being stored and when it is being accessed.
Current federal laws require schools to safeguard this type of information and prevent its unauthorized disclosure. In Illinois, new legislation known as the Student Online Personal Protection Act (SOPPA) will strengthen these requirements and establish new standards for maintaining student data privacy in the digital realm.
On July 1, 2021, all Illinois schools will be required to comply with SOPPA’s data maintenance standards. As this date approaches, the Learning Technology Center (LTC) is committed to supporting schools while they upgrade their student data privacy policies. This includes providing your district with timely, actionable information that can support your efforts toward full SOPPA compliance.
In recognition of Data Privacy Day, we want to highlight a few of the data privacy resources we already offer. As the year goes on, we’ll be adding even more useful resources, as well. So, don’t forget to check our data privacy and cybersecurity homepages on a regular basis!
Data Privacy Resources
This legislation brief outlines many of the most important student data privacy laws currently on the books, both at the state and federal level. This is a great place to start if you want an idea of the current state of legally-mandated student data protection.
This legislation brief focuses on the details of Illinois’ latest amendments to the Student Online Personal Protection Act (SOPPA). This brief includes information on data types covered by SOPPA as well as its larger impact on school districts.
Based upon feedback from Illinois school districts, this FAQ covers many of the most pressing components of SOPPA. In particular, this FAQ outlines the role teachers, vendors, and management all play in maintaining SOPPA compliance, as well as the ways in which existing privacy agreements are impacted by SOPPA.
This list of action items is a great starting point for schools that want to upgrade their current student data privacy regimen. Using these practices – all of which have been vetted by data security professionals – Illinois schools can ease their way into SOPPA compliance during 2021 and beyond.
This pair of online courses offer administrators and educators a focused look at today’s best practices for securing student data and more. These courses are free and self-guided, so participants can enroll at any time and complete course material at their own pace.
Starting February 9, the LTC’s Chris Wherley will host a weekly online chat focused entirely on helping tech leaders and administrators achieve SOPPA compliance. These weekly discussions are open to anyone with a stake in student data policy and will provide participants with a chance to obtain answers to their situation-specific questions.
The Illinois Student Privacy Alliance (ISPA) is a free consortium that allows school districts to access management tools and resources for data privacy agreements. When used in conjunction with clear policies and procedures, ISPA allows districts to comply with Illinois’ new Student Online Personal Protection Act (SOPPA). Membership in ISPA is free to Illinois school districts.
Interested in learning more about student data privacy? The LTC’s knowledgeable team is here to support you as you strive to create lasting, impactful policy decisions. Contact the LTC’s Chris Wherley at firstname.lastname@example.org to learn more.
The Student Online Personal Protection Act (SOPPA) requires all Illinois public school districts to provide additional guarantees to protect student data privacy, effective July 1, 2021 (105 ILCS 85/15). Among the requirements, the act directs schools to implement and maintain reasonable security procedures and practices that meet or exceed industry standards.
In preparation for SOPPA’s effective date, the Learning Technology Center selected 43 security best practices that all districts should implement to comply with this new legislation. The practices align with CIS Controls, a globally recognized cybersecurity standard, and are vetted by numerous Illinois school district technology leaders.
Although the Illinois State Board of Education will issue additional guidance throughout the coming year, these 43 security practices can form the foundation of a strong district-wide security program, starting today.
Own IT. Secure IT. Protect IT.
National Cybersecurity Awareness Month (NCSAM) started in October 2004, and from 2009 until 2018, the theme was “Our Shared Responsibility”. This means ensuring security is a collective responsibility between corporations, governments, and citizens. This year the theme is “Own IT. Secure IT. Protect IT.” Below are 5 ways we can all take collective responsibility and protect ourselves.
Password vs. PassPhrase
Sites like useapassphrase.com demonstrate the value of longer passwords versus short complex ones. A password like “Wave1234%” can be cracked in about 1 minute, but “wave ocean sun%” will take 18 centuries to crack! In fact, using a longer password in the form of a passphrase with the required uppercase and lowercase letters, numbers and punctuation makes it more secure and easier to remember.
Use Different Passwords
Do yourself a favor and don’t repeat the same password across applications or store them in your Notes app. How can you have a different password for the hundreds of applications and sites you use? Password managers such as LastPass and 1Password are examples of a better solution. To login to the manager, the user will choose one master password. When logging into applications, your device or the program’s browser extension will supply the specific username and password. For extra security, the manager will generate long and complex passwords.
2 Locks are Better than 1
You may have heard the terms, “Two-Factor Authentication”, “Two-Step Verification” or “Multi-Factor Authentication”. At its basic level, this is an additional password in the form of a code generated through a text message, an application, or a physical device in your possession. In addition to your password phrase, you have this second layer of protection to prove your identity. Sites such as G Suite for Education, Microsoft Office 365, Facebook, Twitter, and Instagram have this capability. For more information, visit https://twofactorauth.org.
If you suspect foul play, visit these sites to learn about security breaches:
You can also use these sites to monitor and protect yourself from future incidents. If your email or password are listed, change your password on the affected site(s) and anywhere else you may have used it.
Don’t Get Hooked by a Phishing Attempt
Phishing is generally an attempt through email to get you to click on an attachment or a link to gain access to your device or login credentials. This could also be attempted through social media, texting, or even a phone call. Take Google’s phishing quiz/tutorial and click through the Show Me prompts to learn what to look for. In case of any phishing-like attempt, notify your technical support team so that they can notify others and help protect you.
Here are some additional NCSAM resources
National Initiative for Cybersecurity Careers and Studies and Homeland Security
NCSAM 2019 Toolkit
Checklists are widely recognized as important tools for many professions. Atal Gawande, a surgeon and the author of The Checklist Manifesto: How to Get Things Right, writes about checklists used in medicine and aviation to achieve better and safer results by ensuring that all necessary steps in a process, no matter how small, are completed. The checklist principle can by applied technology in K-12 schools and specifically to the area of cybersecurity.
Cybersecurity issues are regularly in the news, as illustrated by the number of incidents (681 at the time of this post) reported on the K12 Cyber Incident Map. The quantity of incidents increases each year, and it is the responsibility of the school district technology leader to ensure that either these incidents do not happen in the first place, or that the impact on people, time, and money is lessened. For many of the same reasons that medicine and aviation professionals adopted checklists, technology leaders should consider adopting a checklist like the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), which provides the functions, categories, and subcategories to form a high-level checklist of cybersecurity measures needed at an organizational level. The 5 major functions of the framework are Identify, Protect, Detect, Respond, and Recover and there are 23 categories and 108 sub-categories. This is the ultimate checklist for cybersecurity.
The checklist is complex, and several organizations provide free resources to help technology leaders to understand and apply the framework. The Center for Internet Security (CIS) has a set of tools, controls, and benchmarks that can be used to help identify, protect, detect, respond and recover. CIS SecureSuite provides free membership to schools that include tools, resources, and webinars. The Multi-State Information Sharing & Analysis Center (MS-ISAC) is also available through CIS, and it provides advisories and notifications, webcasts, malicious domains/ip reports, and awareness/education materials.
Additional ways to learn about ways to begin checking the checkboxes of the NIST CSF are to attend workshops and conferences that are offered by organizations such as the Learning Technology Center (LTC), Illinois Education Technology Leaders (IETL, State Chapter of COSN), and Illinois Digital Educators Association (IDEA, formerly ICE and is the State Chapter of ISTE). In addition to learning about ideas and discovering resources, another reason to attend professional learning events is to build a network of people who are encountering and sharing many of the same experiences.
To give you a headstart, here is a checklist of items that you can use to begin the process of learning more about the NIST Cybersecurity Framework, so you can start checking the checkboxes and make an impact on your school environment.
Build Your Network
- Join the LTC Community, specifically the Data and Security Group
- Reach out to me at email@example.com with questions, comments, resources, and/or concerns.
Research and Learn
- Visit the Center for Internet Security
- Read reports from Nationwide Cybersecurity Review –
- Explore Cyber Resilience Review
- Learn about NIST CSF
- Use the NIST CSF Google Sheet
- Browse the K12 Cyber Incident Map
Sign Up for Memberships
Attend Professional Learning Events
- Watch the LTC’s on demand webinar, Checking the Checkboxes: NIST Cybersecurity Framework
- Request access to a free month of CBT Nuggets from the LTC
- Present, register, and attend SecurED Schools (January 2020)
- Attend Illinois Education and Technology Conference in Springfield (November)
- Attend IDEA Cybersecurity event (September)
- Attend CoSN’s Cybersecurity event (October)
- Attend IDEACon in Schaumburg (February 2020)
Doug Levin, the CEO and Founder of EdTech Strategies, kicked off the event by sharing his work tracking publicly school cybersecurity incidents as part of the K-12 Cyber Incident Map, driving home the point that schools across the county, including Illinois, are dealing with cybersecurity incidents.
Breakout sessions and whole group conversations throughout the day were facilitated by Ross Lemke, the Director of the U.S. Department of Education’s Privacy and Technical Assistance Center; Chris Hill, the Chief Information Security Officer for the Illinois Department of Innovation and Technology; and Chris Wherley, the Learning Technology Center’s Network and Technology Services Coordinator.
As the day progressed, common themes surfaced in many sessions: school districts are vulnerable, communication and planning
In case you missed the events, here are the presentations and resources:
- FERPA 201, Ross Lemke
- FERPA and Data Security, Managing Risk when Everything is Broken, Ross Lemke
- How to Prepare for the Unexpected, Chris Wherley
- Improving Baseline Controls, Doug Levin
- Keynote, Doug Levin
- Leaders Managing Risk, Doug Levin
- Progression Cybersecurity Strategy, Chris Hill
- Resources and websites shared during the day
Among our favorite tools referenced are: