I am interested in becoming a member of CoSN Remove Me from the Secure District Listserv
Cyber Security for the Digital District Quarterly Newsletter
Brought to you by CoSN Taking TCO to the Classroom 3D: Data-driven Decision Making CoSN's Annual K-12 School Networking Conference CoSN Accessible Technologies for All Students

Cyber Security for the Digital District
CoSN Newsletter, Fall 2007

Welcome to the Fall 07 edition of the Cyber Security for the Digital District newsletter. Usually this newsletter focuses strictly on resources regarding cyber security for your district, but this issue includes information for staff development to help ensure your district teachers understand the importance of personal security. We hope this information is helpful to you and we welcome your suggestions for future editions. Contact linda@cosn.org.

National Cyber Security Awareness Month

October was National Cyber Security Awareness Month. We hope that you participated in activities to promote internet safety with your schools. While schools are aware of and ensure they have updated security software installed, it may be worthwhile to spend time with your staff to help them understand the importance of cyber security on their own computers, especially if you allow staff to bring their own computers to school. There were interesting statistics released during the National Cyber Security Awareness Conference in October. First, 212 million Americans are now using the internet. It has become an everyday activity for most Americans.

Also, did you know that there is $105 billion in revenue from cyber crime (more than the drug business)? A survey conducted by National Cyber Security Alliance and McAffee indicates that most technology users are not as security savvy as we assume. The survey indicates that there is a large discrepancy in consumer perception of safety vs the reality. The following chart indicates what consumers thought was installed and operating on their computer when asked through a phone survey, as opposed to what was actually installed when their computers were scanned.

  Phone Survey Computer Scan (reality
Anti-Virus Software 87% 52%
Firewall 73% 64%
Anti-Spyware 70% 55%
Anti-Spam 61% 21%
Anti-Phishing 27% 12%

78% of consumers don't have full protection on their computers and 48% have expired anti-virus software installed. It may be worthwhile to help your staff understand the importance of cyber safety on their own computers as a way for them to understand why schools are so focused on network safety.

10 Tips for Smart Holiday Shopping Online

Please share this with your staff as we approach the holiday season.
Going online to shop for the holidays this year? Some of us do it to avoid crowds, some to save gas, and some for the convenience of shopping at any time of day or night. Experts are predicting that consumers will spend more online this holiday season than ever. In fact, a recent Forrester study reports that 11 percent of online shoppers said they would do three-quarters or more of their holiday spending online, translating to an estimated $33 billion in 2007, up from $27 billion in 2006.

The Federal Trade Commission (FTC), the nation's consumer protection agency, and the National Cyber Security Alliance (NCSA), a non-profit organization devoted to cyber security education and awareness, want you to know that scammers follow the money and will be online this holiday season, too. To reduce the risk of a rip-off -- and to protect your personal information and your computer from identity thieves and hackers -- the FTC and NCSA offer these tips for safer and smarter online shopping this holiday season:

Check out the seller. If you're thinking about shopping on a site with which you're not familiar, do some independent research before you buy.

  • If it's your first time on an unfamiliar site, call the seller's phone number, so you know you can reach them if you need to. If you can't find a working phone number, take your business elsewhere.
  • Type the site's name into a search engine: If you find unfavorable reviews posted, you may be better off doing business with a different seller.
  • Read the site's privacy policy to learn how it uses and shares your personal information.
  • Consider using a software toolbar that rates websites and warns you if a site has gotten unfavorable reports from experts and other Internet users. Some reputable companies provide free tools that may alert you if a website is a known phishing site or is used to distribute spyware.

Read return policies. Despite your best intentions, some gifts may need to be returned or exchanged. Before you buy, read the return policy. Some retailers give customers extra time so gifts can be returned or exchanged after the holidays; others give purchasers as little as a week -- if they accept returns at all. A number of retailers offer shorter return windows for certain products and some charge "restocking" fees. Find out who covers the shipping cost -- the customer or the merchant -- on a return or exchange, and if your online purchase can be returned to a brick-and-mortar store.

Know what you're getting. Read the seller's product description closely. Name-brand items at greatly reduced prices could be counterfeit.

Don't fall for a false email or pop-up. Legitimate companies don't send unsolicited email messages asking for your password or login name, or your financial information. But scammers do. In fact, crooks often send emails that look just like they're from legitimate companies -- but direct you to click on a link, where they ask for your personal information. Delete these emails. They're an attempt to get your information and to facilitate identity theft or other crimes. In addition, just clicking a link in a fraudulent email could install spyware on your computer.

Look for signs a site is safe.When you're ready to buy something from a seller you trust, look for signs that the site is secure -- such as a closed padlock on the browser's status bar -- before you enter your personal and financial information. When you're asked to provide payment information, the beginning of the website's URL address should change from http to shttp or https, indicating that the purchase is encrypted or secured.

Secure your computer. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Security software must be updated regularly to help protect against the latest threats. Set your security software and operating system (like Windows or Apple's OS) to update automatically. Visit OnGuardOnline.gov and staysafeonline.org to learn more about security software, firewalls, and other ways to secure your computer. To sign up for free cyber alerts and tips from the Department of Homeland Security visit: US-CERT.gov.

Consider how you'll pay. Credit cards generally are a safe option because they allow buyers to seek a credit from the issuer if the product isn't delivered or isn't what was ordered. Also, if your credit card number is stolen, you generally won't be liable for more than $50 in charges. Don't send cash or use a money-wiring service because you'll have no recourse if something goes wrong.

Know the full price, and check out incentives. If you're looking for the best deal, compare total costs, including shipping and handling. The holiday season is prime time for online retailers, and many are offering incentives like free shipping. But some "free" shipping deals may come with strings attached, such as requirements to spend a minimum amount or buy certain products. Consider whether one company offers a more generous return policy. If you use a price comparison site to find a bargain, enter the product's model number, and be as specific as you can about its features.

Keep a paper trail. Print and save records of your online transactions, including the product description and price, the online receipt, and copies of any email you exchange with the seller. Read your credit card statements as soon as you get them to make sure there aren't any unauthorized charges.

Turn your computer off when you're finished shopping. Many people leave their computers running 24/7, the dream scenario for scammers who want to install malicious software on your machine and then control it remotely to commit cyber crime. To be extra safe, switch off your computer when you are not using it.

Teachers warned about MySpace Profiles
Another important topic of staff development must be the use of posting personal profiles online. There have been numerous instances where teachers have posted something on their MySpace pages that have been inappropriate. Teachers need to review anything they post to ensure it is appropriate for students or parents to read. Ohio Education Association sent a memo to their members that says "the dangers of participating in MySpace outweigh the benefits." Make sure your staff is aware that nothing in cyberspace is private.

Security Suggestions
We are happy to share this article by Jeffrey L. Hunt, Ed.D., Director, Instructional Technology & Jay Johnson, Network Designer.  Indian Prairie Community Unit School District 204, Aurora, Illinois.

Supporting Schools in a Digital Age. School Districts have advanced into the areas of providing high-quality, technology-supported curricula in their schools to advance teaching and learning in this digital age.  They have found it necessary to develop close associations between the curriculum function and technology support.  Curriculum requires equipment that meets the very highest standards of functionality, consistency, reliability, and safety.  Additionally, a continual need exists to balance practical use of technology in an educational environment and "computer security."  Two areas where we have experienced major successes are in "reboot to restore" software and virus suppression.

Reboot-to-restore software, available from many different vendors, serves as a shield to protect the operating system and all programs from any permanent changes. The software operates behind the scenes and does not restrict or limit users in any way during a session; however, when the computer is restarted, any and all changes written to the computer hard disk during the session are discarded. This effectively restores the computer to the precise working configuration needed to support its many functions. Any software problem with the computer can be immediately fixed simply by restarting it. This provides an incalculable benefit to students and teachers.

But like most technological innovations, reboot-to-restore software has several challenges for your technology support group. First, security best practices generally include the delivery of regular computer software updates. These are needed to protect the computer and its users from continuously evolving threats such as viruses, worms, spyware, Trojan horses, etc. The delivery of updates to computers that are normally "frozen" by reboot-to-restore software must be carefully planned.  Ideally, the updates should be delivered automatically during regularly scheduled maintenance intervals.

Providing updates to frozen computers is a major work subset of this feature.  The task can take considerable planning, testing, and oversight by committed personnel.  During the maintenance period, typically, the computer must be started, "thawed," updated with patches, "refrozen," and shut down.  Our maintenance period is typically overnight.

Second, many software programs rely on storing data on the computer hard disk as part of their normal operation. Obviously this type of software will not function as designed if the program data is discarded after every computer restart. Provisions need to be made to save program data in other places, such as on a network server, USB drive, external media, etc. Additionally, users need to be aware of the proper places to save in order to prevent accidental loss of data.

Managed antivirus software is especially important for shared computers in high risk environments such as schools. Students love to experiment with many different programs and applets from many sources. Very often this software contains embedded viruses or other malware. When students bring their files from home to school, typically on a USB flash drive, the antivirus software on the school computer should not only scan and if necessary clean the infected files, but also inform the student (through a message on the computer screen) and alert the IT support staff (through an automated network alerting system) that a threat has been detected. This not only protects the student (and indirectly, the student's home computer) by informing her of the virus, but also the
entire school network, by mitigating the threat in real time and reporting these actions immediately to IT.

While the vast majority of detected viruses result from inadvertent actions, occasionally students do deliberately attempt to compromise school computers by using malicious software. In these cases, armed with detailed threat detection data from the antivirus system, the technical department can inform the school staff, who can then follow up immediately with correcting the student's behavior. Once students are aware that deliberately "hacking" school computers will result in a high probability of being caught, the actual number of such attempts drops off to a small trickle, which helps keep the computers, servers, and network running smoothly for everyone.

Our experience points to high up-times for our systems. The development and implementation of reboot to restore systems and virus suppression have been major successes in our district to keeping computer labs, classroom computers, and administrative computers running so that teachers can teach and students can learn.

About CoSN

The Consortium for School Networking (CoSN), a national non-profit organization, is the premier voice in education technology leadership. Our mission is to advance the K-12 education community's capacity to effectively use technology to improve learning through advocacy, policy and l eadership development. Our members represent school districts, state and local education agencies, nonprofits, companies and individuals who share our vision. To learn how membership in CoSN can make a difference in your district, click on www.cosn.org/join or contact us at either membership@cosn.org or 866/267-8747 x115.

You are receiving this e-newsletter because you visited www.securedistrict.org and requested information about CoSN's Cyber Security Leadership Initiative. Please share this e-newsleteter with others who share your interest in this topic. If you have any questions, please contact:

Linda Sharp
Project Director, Cyber Security for the Digital District
ph: 303-771-1271

 


Founding Government Sponsor

US Department of Education



You are receiving this e-newsletter because you visited www.securedistrict.org and requested information about CoSN's Cyber Security Leadership Initiative. Please share this e-newsleteter with others who share your interest in this topic. If you have any questions, please contact:

Linda Sharp
Project Director, Cyber Security for the Digital District
ph: 303-771-1271
linda@cosn.org