TOP 10 things to consider when using a new service or online tool.

  1. What am I agreeing to?
    • Creating an account = signing a contract. Each time you accept or agree to “terms of service” (ToS), you sign a contract between you/the organization and the service. 
  2. What information am I sharing?
    • Each time you accept or agree to a “privacy policy,” you provide access to information/data. Who has access to the service? How is the data managed and deleted when the service is no longer used?
  3. There is no free lunch! 
    • Even if the technology tool or service says it’s “free,” there is still a hidden cost… the price is data you agree to share when you accept the ToS and privacy policy. 
  4. Wait… I need to upgrade to do that?
    • Free is the hook to get you to spend. Whether it’s a limited “taste” or a “free trial” to get you started, you must pay for the features you want, remove the ads, or keep using the product.
  5. They aren’t asking for much.
    • Whether it’s data or money, even a little bit adds up. Dollars add up for each account.  Data shared is data that can be exposed or used in unintended ways.
  6. Money doesn’t grow on trees.
    • We all have budgets and need to work within them.
  7. How many tools are enough?
    • There are a lot of apps, services, and tools out there that do similar things.  How do we choose which ONE to use, understand, and support? 
  8. Wait… how does that work? 
    • How many tools can someone use and still remember how they all work from one situation to the next? Management, support, consistency of use, and experience grow as we use more and more apps/services. 
  9. I forgot I have that account.
    • How many accounts do you have for service that you forgot you even had? What information did you share with them, and how long have they held on to it?
  10. It’s not the first domino to fall… the long game. 
    • Even data that may seem minor or insignificant if sold or part of a breach can be combined with other pieces to create a complete picture. This can happen immediately or after years of collecting data from various sources.



 
Posted in Administration & Management, Cyber Security, Data Management, EdTech, Teaching & Learning | Leave a comment

Using Common Sense Privacy Rating in Your School’s Vetting Process

As the conversations swirl around the application, services, vendor vetting, and AI data concerns (see Nick Marchese recent ATLIS post – AI tools that use data prompts and user data to train models), I am curious about the criteria used in the evaluation.

This has been an ongoing question for us at my school and one we continue to work on and explore – thanks, Erica Budd. As we look at how we will tackle this question, we have a few things to consider in our current process. It is the last I have wanted to ask this community their thoughts. 

  1. Has the application, service, or vendor been vetted against our existing vetting form? (included in the ATLIS 360 Compansion Manual)
  2. Are there other similar applications, services, or vendors we use that do similar, if not the same thing?
  3. If using “Sign in with Google,” is the app “Verified” by Google, and what services does it have access to? (more info on “verified third-party apps”)
  4. How do “Common Sense Privacy Ratings” score the application, service, or vendor? 

The Basic Question: How do you use the Common Sense Privacy Ratings in your vetting process, and what categories are most important to your process? Stop reading, skip the rest, and share your thoughts in the comments.

The Detailed Question: There are numerous levels and details with the Common Sense Privacy Ratings, and how do you leverage them with faculty and staff within your vetting process? How do you balance the base-level rating and score(s) against the individual category ratings? See the details below and share your thoughts in the comments.

Continue reading
 
Posted in Administration & Management, Cyber Security, Data Management, Schools, Teaching & Learning | Comments Off on Using Common Sense Privacy Rating in Your School’s Vetting Process

Gender Inclusive Forms and your School’s Information Systems.

Gender inclusivity is not a new focus for schools. The National Association of Independent Schools has posts and guidelines on the topic going back over a decade.

With a focus this long, it isn’t until recently that many of the information systems we use to track student and family data have adequately supported different options for accurately tracking gender-related data.

The NAIS post “Guidelines for Schools Working with Gender Variant and Transgender Students” by John Peterson (2010) states:

“Use school forms and applications that are inclusive of all gender and sexual identities and family structures. Make sure language that refers to identities and families is inclusive in all written materials.”

Many of the larger information systems now offer options for tracking gender (Blackbaud), the ability to add custom pronouns, and making pronouns more prominent (Veracross) within their systems and forms. Additionally, those systems that have deep data integrations (Veracross/Ravenna) between one another need to be able to support the types of data tracked and share between each.

When using forms independent of your information system, which support additional workflows, such as those offer by Finalsite, special attention should be made to ensure the data aligns with what is supported by your information system. This should be clearly defined, along with other data best practices, in your school’s data use guide.

What to ask?

With improved options for tracking gender-related data, what do we need to consider?

Continue reading
 
Posted in Randomness | Comments Off on Gender Inclusive Forms and your School’s Information Systems.

The Low Hang Fruit of CyberSecurity

The threats relating to cybersecurity are real and on the rise amid the COVID crisis. Phishing-related attacks are up over 600%, and users are 3x more likely to click on a COVID-related link and enter their user credentials.

Institutions small and large have to be vigilant when dealing with this threat, and for many, there is often a lack of both topical and technical knowledge of how to deal with the problem effectively. This is exacerbated in schools where there such a wide range of users, from students, staff, faculty, and administration.

The solutions are often present in ways full of technical jargon or have high price tags associated with them to make them difficult to implement, given the often limited budgets for which schools have to work.

Cybersecurity needs not to be confusing or expensive if you focus on the “low hanging fruit.” These are the things anyone can be easily pick off to protect your institution better. They often come with little to no expense, require a minimum of technical expertise, and can ve achieve relatively quickly.

I have broken these pieces of “fruit” into what I refer to as the 5P’s of cybersecurity – people, policies, passwords, phishing, and protection.

Continue reading
 
Posted in Cyber Security, Data Management, Schools, Technical | Tagged | Comments Off on The Low Hang Fruit of CyberSecurity

Don’t forget about bandwidth in your remote and hybrid learning plans.

There is a lot of talk about what school is going to look like in September and a lot of questions that have come with it.

Will we open online? What will our schedule look like? Will we have some kids or teachers in the building and some at home? Blended? Hybrid? Synchronous? Asynchronous? The questions go on and on…

One clear thing is that we will be using some form of technology to connect people that are in one place to those in another. With this, there are many hardware pieces to consider and how they will fit a school’s unique learning plan.

What all of these technologies will have in common is they will all need a platform to run on and bandwidth to make it all connect.

You may be using ZOOM, Google Meet, WebEx, or Teams… whatever it is you use, there are bandwidth requirements for each of these.

As we are all doing remote learning from home, the bandwidth requirements may not be all that noticeable. You may see a slow down while someone is working, and someone else is streaming a movie, on YouTube, playing Fortnite. Still, nothing like you will know when you are in school and have multiple classrooms all trying to connect to their own video stream for two-way communications.

Before you get started on all of these plans, it will be essential to get a better understanding of if you’re ready for these bandwidth requirements, and there are a few things to consider to get started.

Continue reading
 
Posted in GSuite, Schools, Teaching & Learning, Technical | Tagged , , | Comments Off on Don’t forget about bandwidth in your remote and hybrid learning plans.

10 Website Tips for 2020 – My Takeaways from FinalsiteU.

There are numerous things that you can learn while attending a conference, and the best are the things you can take away that apply across several areas.  

This past week I attended the Finalsite user conference – FinalsiteU – in Orlando. I was able to come away with ten takeaways that apply to the design, content, organization, and data of your institution’s website, whether you are a Finalsite client or not.

Here are the ten tips I came away with from FinalsiteU:

1. Sites need to elicit an emotional response. 90-95% of decisions are based on emotion. By focusing on Emotional Intelligence, you can connect with people on all five levels of social awareness, self-regulation, motivation, empathy, and social skills. 

2. Form length is critical. Only ask for what you truly need. Five or fewer fields on forms equal 13.5% better conversion rate. A single column equals fast completion. New Forms will have Google Sheets integration. Don’t ask for phone numbers unless needed.

Continue reading
 
Posted in Communications & Marketing, Conferences, Data Management, Design, Schools, Social Media | Tagged , | Comments Off on 10 Website Tips for 2020 – My Takeaways from FinalsiteU.

Another thought on fighting Phishing with a footer.

Recently my school had an audit of our G Suite for Education domain and one of the findings was for a footer/disclaimer/confidentiality statement to be appended to the emails sent from the school.

For those of you unfamiliar with what this it, it would place a block of text at the end of every email sent by the school (Google) without user intervention and regardless of where it was sent from. Whether it was the Google web interface, a desktop mail client or a mobile device, every email would have the footer appended to it.

It could be applied to any domain/organization unit (OU) within the system. Faculty, staff, administrator or students could be included.

The auditing firm provided examples for the footer text for employees and students:

EMPLOYEES

“This is a staff email account managed by [[SCHOOL]]. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender.”

STUDENTS

“This is a student email account managed by [[SCHOOL]]. The contents of this email are governed by the laws of the state and the board policies of the school district.”

This is something I have seen other school and organizations do but hasn’t been considered or discussion here.

The is also some litigation around whether these clauses protect the confidentiality of these emails, but this wasn’t what interested me or how I was considering the recommendation.

As I thought about the recommendation something struck me… this could help our efforts to fight phishing!

How you ask?

Continue reading


 
Posted in Cyber Security, GSuite, Schools, Technical | Tagged , | Comments Off on Another thought on fighting Phishing with a footer.

Which to use… Evernote, Moodle & GSuite?

Evernote-Moodle_GSuite

For a very long time we have been using Evernote and Moodle at my school. We started with each tool over 10 years ago.

After conversations with Phil Libin & Andrew Sinkov sitting in our Middle School computer lab, we were the first school to provide Evernote Premium accounts to all of our faculty and students. My colleagues and I presented at Evenote events in NYC and at their trunk conference in San Fransisco in 2012.

Moodle has been a staple at the school for such a very long time it is hard to remember a time when we didn’t have it. It is the one foundational tools that is part of our learning program and the only tool faculty are required to use for the posting of their syllabus and homework. It’s the home base for all faculty and students.

In relative terms GSuite is new to the block, but it has come in gangbusters! We now use the Suite set of tools (Docs, Sheets, Slides, Forms, Classroom, Calendars & Email) throughout the school. The real-time collaborative nature has been a boon for collaboration which is part of the learning goals set forth in our program.

With these three tools there is often questions about what to use and when? Should I being using one or the other? What is the right tool to use?

Continue reading


 
Posted in Evernote, GSuite, Moodle, Schools, Teaching & Learning | Comments Off on Which to use… Evernote, Moodle & GSuite?

Using HelpDesk data to choose the next device.

Data is all around us and can help guide the decisions we make in all aspects of school.

As we prepare for the next cycle of devices for our 1:1 program I wanted to get a better look at the repairs we’ve had on our current model (Macbook Pro – 13″) as compared to the same time frame for the previous model of device (Macbook Air – 13″).

It’s important to know that we standardized on the same device for a three-year period in order to provide the same experience and level of support.

I looked at the number for the first two years for each and relying on our HelpDesk (SolarWinds WebHelpDesk) numbers for repair counts and my budget database for actual dollars spent by the school on repairs. The dollar totals do not include the deducible charges ($250.00) that a family/student would have been charged, only the amount we (the school) would have had to have paid.

The number of repairs for the 2013-2015 timeframe were 168 with a dollar total for these and other related items (screws, required tools, etc.) of just over $17,000.00

Repairs_2013_2015

The number of repairs for the 2016-2018 timeframe were 364 with a dollar total for these and other related items (screw, required tools, etc.) of just over $52,000.00.

Continue reading


 
Posted in 1to1, Technical | Tagged , , , | Comments Off on Using HelpDesk data to choose the next device.

Another day, another PHISHING attempt

It seems like you can’t get through a day without hearing about a new phishing scam out there and today there were actually two that we were hit with. I shared these with the employees at my school along with two more examples of common phishing emails.

1. The “Headmaster” email.
When you get an email from your Headmaster you generally want to answer it right away… but hold on. One recent scam that we have seen using the actual name of your school’s headmaster, but upon close examination, you can see that it is indeed not an organizational address.headmaster_email_01But what if you reply, what might happen? You’d be surprised, just as I was to see the level of interaction that can go on before the person realize this might be a scam.headmaster_email_02

2. FBI Warnings
A major new agency in my home state, NJ.com, was reporting that the FBI has issued a warning to NJ residents about phishing emails targeting people login credentials for payroll systems – “There’s a scam to steal your paycheck that the FBI wants everyone in N.J. to know about”.As we talk to our employees about phishing scams we always put it in the context that these topics we are discussions are not just a school-related issue, but those that can help you outside of school as well. This is a prime example.

3. Common Occurrences
Below are two more examples of some of the common phishing emails that come into your inbox on a daily basis. They include the familiar indicators such as suspect email addresses, URLs for the links are not associated with the actual company, spelling errors and in the Apple example, the details were in an attached PDF.

 

As technology leaders, we all need to constantly remind those within our organizations to be vigilant when it comes to questionable emails. All too often we simply hit reply and provide the requested information in an effort to keep up with the constant flow of email. We need to work with our organizations to set aside time for training and keep up with updates on how to recognize risks and how to report them.

 

 


 
Posted in Cyber Security | Tagged , | Comments Off on Another day, another PHISHING attempt