Author: Site Administrator

by Rich Wilson – Director of Technology – Francis Howell School District

School districts across the U.S. quickly shifted gears from in-person face-to-face learning to a remote learning environment during the COVID-19 pandemic. We all became very familiar with new terms, such as social distancing, community spread, droplets, flattening the curve, and alternate methods of instruction (AMI). In addition, terms such as Zooming, Google Hangouts, e-learning, digital citizenship that are familiar to us, as technology leaders became common vernacular for our administrators, teachers, students, and families. Along with these new terms for our districts and communities came a quick learning curve around such digital tools.

In my district, we have a variety of subscriptions to software and online resources. Yet we did not universally utilize many of those resources we paid for or promoted. The reasons varied from lack of interest to learn, hesitancy or no desire to learn, and not having time to learn. Many in my district lamented the fact there was not time to learn, nor felt as though they needed to be trained first before using. As “tech people”, we have learned many of our skills by doing. I like to say, contrary to popular belief, I did not have a college course to learn Adobe Acrobat, Excel, or pick any software package. We have learned through our experiences by exploring and out of necessity to learn a system as part of our desire to learn more and our work responsibilities.

During our school closures, hundreds of our faculty and staff learned not only what Zoom was, but also how to use it. As we allowed Zoom and other resources, our teachers rose to the occasion with some guidance and learned in a very short period of time how to effectively use Zoom and other online resources. The need and desire of our teachers to serve and connect with their students and classes was the driving force. Most learned on the fly (with some instructional videos and guides) how to video conference with their students and classes to continue teaching and learning during the pandemic closure. One day during the closure, I was at a school for device and hotspot distribution. I listened in as a group of teachers, paras, and staff were trading Zoom tips and tricks. Most said they had “not ever heard of this Zoom thing just until a couple of weeks ago.” I was ecstatic to hear about their successes in learning and the collaboration around their new learning.

Through this experience, folks in my district and community have a deeper desire to learn more about technology and how it can be leveraged to enhance both teaching and learning. Moreover, with the increased level of implementing digital resources during AMI, I have witnessed a higher confidence level around learning new technology skills in our faculty and staff. No longer can we see technology as a tool to implement if one wants to, but many more see technology resources as an integral part of teaching and learning of our students. Through the years, we have preached this message. Now more members our districts and community are seeing this need and are more receptive than ever to the message. Now is our time to shine even brighter to further advance technology integration in our districts for the betterment of our staff and students.

by Melissa Tebbenkamp – Director of Instructional Technology – Raytown Quality Schools

As I ponder recent conversations I’ve had around data and cybersecurity, I can’t help but recall several energy-driven discussions on the Internet of Things (IoT). These discussions revolve around several key questions: What really is IoT? Why does it matter? How is IoT used in education? And, is IoT really a risk?

When schools think about the Internet of Things (IoT), many think about a teacher using a digital assistant, laptops or maybe even cell phones.  It is true that IoT includes personal devices and items around our homes, such as video doorbells, home automation, networked thermostats, smart televisions, and now even my blender, but it is so much more than these personal devices. 

In school, IoT devices are everywhere and can include student learning and assistive devices, glucose monitoring devices, security cameras, access control doors, networked HVAC and lighting control, vending machines, freezer/refrigerator monitors, and projectors, just to name a few. When overlooked, they can lead to network and data privacy vulnerabilities. If not managed properly, these networked devices can open a door to your network that may allow a malicious person to leverage them for a DDOS attack or mine your network and servers for valuable data. An example can be found in the EdScoop article Ransomware used HVAC to infect Michigan K-12 district.

The requests for IoT on our networks are not slowing down. Advances in technology make these devices easier to deploy, which at times, makes them harder to manage. There is hope, by following a few best practices, you can minimize your risk and begin embracing the devices that help to make the business of education more effective and impactful.

 

• Adopt a data security framework that includes these five steps: Identify, Protect, Detect, Respond, Recover. For risk mitigation, your focus should be on the first 3 steps. 
  • Have a procurement process in place that requires someone to evaluate all devices that attach to the network prior to purchase and installation. Knowing what is on your network is critical, evaluating the devices before purchase is even better.
  • Protecting your network from IoT devices can be as much of an art as it is process-related. Know your network and determine the best path for your system.
    • Segment IoT devices on their own virtual network so they cannot communicate in your production (computing, servers, etc) environments.
    • Ensure that new or stray devices cannot connect to your production environments. 
    • Change the password on all IoT devices from the manufacturer default. If the device does not allow a root password, do not allow it on your network or isolate it so that it cannot be reached from other devices.
    • Stay current on software and firmware updates. If the manufacturer does not release firmware updates, you may want to question their security practices and how the device is connected to the network to determine your level of risk. 
  • Ensure you have the correct tools to detect “rogue” devices or services on your network. This may include network monitoring to alert to new traffic as well as reviewing log files. If you know your “normal” network traffic, it is much easier to identify a new device and/or abnormal traffic.
• Explore Cyber Malpractice insurance and ask your vendors what coverage they offer if their device is compromised on your network.
• Note that consumer devices are just that, intended for consumers, not institutions. Check the terms of service and privacy policy to see if commercial/educational use is allowed and what protections they offer.
• Check for privacy concerns. Determine what data a device is collecting and if it could potentially cause an exposure of biometric, PII or FERPA data.
• If the device allows or requires a vendor to connect to your network, be sure to secure that connection and ensure that they can only access the necessary equipment/systems to manage the device.
• Manage staff, student and vendor personal devices separately. These may include smart/fitness watches, voice assistants on phones and glucose monitoring devices. School systems should have a policy and procedure around these devices and limit the level of access they have on the network.

To help educational leaders navigate this complex challenge, the Consortium for School Networking (CoSN) recently released a guide on Securing IoT Devices on School Networks that discusses these practices as part of their cybersecurity initiative. More information can be found at https://cosn.org/cybersecurity. 

 

About the author: Melissa Tebbenkamp has served as the director of Instructional Technology for Raytown Quality Schools since 2006.  Raytown Quality Schools is a tier one suburb of Kansas City, Mo. and educates 9,000 students a year. Melissa is a CoSN national Board member, a founding member and chair-elect of CoSN’s Missouri state chapter and was one of the first people in the U.S. to attain certification as a Certified Education Technology Leader. She also led the Raytown Quality Schools (Missouri) to becoming one of the first cohort to receive the CoSN Trusted Learning Environment Seal.