"He who learns from one who is learning, drinks from a flowing river."
Five Anti-Malware Tips for Schools to Share with Staff
Every other week, I read or hear about a school district that has suffered a phishing attack, an approach distributed by email designed to trick you into giving your email username and password to criminals. Dealing with ransomware (a form of software that infects your machine when you double-click on it and encrypts your files, then demands you pay them for decrypting them) can be embarrassing, since it may result in the district having to pay to get its data. Or lose the data and tell only the federal auditors coming to evaluate your records for the last five years. Oops!
In addition, ransomware may alsobe distributed to district users via email. Several districts and Texas education service centers have allegedly faced some of these challenges (allegedly because ransomware infestations travel through word of mouth):
It’s…thrown a kink in the school district’s scheduled…exams…The crypto-ransomware “has affected the district’s entire operations from internal and external communications to its point-of-sale for school lunches. It also has prevented any students from taking the scheduled…exams, which are entirely computerized.” Source:Network World
Follow these tips to safeguard your hard work in computer documents and files on your computer:
Look before you click! Avoid clicking on email attachments that come from people you do not know. Email attachments with “exe” and “zip” are suspicious. Also, do NOT go into your SPAM folder and click on the email attachments.
Connect before opening. Ask yourself, “Was I expecting a file from this person?” If yes, connect with them via phone, social media, or email and ask, “Did you send me this file?” If the answer is “no,” then delete it.
Avoid clicking on email attachments via your personal email on a work computer, especially if it’s a Yahoo email account. Multiple types of malware spread ads via that one service alone.
Scan files before opening them. You can right-click a file, save it to your computer, and then choose to virus scan it before opening it.
Backup your data to a cloud drive storage provider (e.g. OneDrive, Google Drive, Dropbox). Ransomware can spread via cloud storage where your files are automatically backed up when you place them in a certain folder (e.g. Dropbox), so be aware that ransomware WILL encrypt those files and the encrypted files will be backed up. Back up manually to the cloud and/or to external USB drives. Avoid leaving the latter connected to your computer.
Staff that succumb to phishing attacks open the organization’s virtual doors to a ransomware infestation. For example, in my inbox, I received an email purporting to be from a colleague sharing some files with me via Dropbox, but this looked like a phishing attack. Let’s go through the process I went through together.
Knowing that my colleague did not send this email, I opened up a fresh browser where I’m not logged into anything and tried the link: It didn’t work. That’s good! But if it had been a phishing scam, something like this would have popped up: When you examine the “Click here to view” link, you will find as I did that the link is to a non-Dropbox web site in the UK. That suggested to me that this link did NOT originate with Dropbox. As a result, I contacted my colleague via Twitter and asked, “Did you send me something via email that originated on Dropbox?” He responded after a short delay, “No, I didn’t.”
Notice how the screen to the left offers you the opportunity to compromise your login and password for multiple email providers. This suggests that the goal is to steal ANY email account credentials you have. This can be potentially catastrophic since school district personnel often save student/staff confidential content in the cloud.
Actual Example: One principal was shocked when her Google Apps for Education account started sending out phishing attacks to all the email lists she was a member of, including the district-wide principals’ list, her campus staff list, and district-wide news list. And her shock turned into horror as colleagues clicked and were infected themselves. Horror shifted to shame as her colleagues grew angry, inquiring why she had inflicted them with this plague of phishing. And all the principal had done was fall prey to a phishing attack from a dear friend.
Fortunately, this can be avoided with the five tips above. Raise expectations for staff to take responsibility for their email communications, and their technologies.
Bonus Tips for Home Users
While many of us have district-purchased software to protect us at work (although even that will not help you if you deliberately ignore the warnings), our home computers may not be so protected. Below are a few software tools that I use on my Windows and/or Mac computer(s) to protect against infestation. Note that this does not constitute a purchase recommendation since these tools are available for free, personal home use:
I have all of the following on my personal Windows computer and wouldn’t dream of using it without having them installed. In spite of the fact that Windows Defender comes standard on Windows 10 computers, it’s important to have anti-malware and antivirus software loaded and working.
As I have shared in the past, I've been exploring how to best accomplish tasks that I would usually use a laptop or desktop computer with an iPad. One of those tasks includes creating narrated slideshows that can be used to illustrate a concept and/or share information. BTW, allow me to acknowledge Dr. Tim Tyson's term, rough and ready quickcasts, which I stole from this blog entry. Thanks, Dr. Tyson!
Classroom teachers might find the creation of narrated slideshows--whether those are created with Powerpoint or a series of images arranged to effect--useful as a result of the recent reflection about the Flipped Classroom:The flipped classroom model encompasses any use of using Internet technology to leverage the learning in your classroom, so you can spend more time interacting with students instead of lecturing. This is most commonly being done using teacher created videos (aka vodcasting) that students view outside of class time.It is called the flipped class because the whol…
Did you miss the announcement yesterday about the EdTech 2020 Virtual Conference? It's not too late to find out more about this exciting, first time event for Texas State University. The virtual, graduate student organized conference offers engaging virtual sessions. The sessions are available in both synchronous (Saturday, April 25, 2020) and asynchronous (video recordings) formats.
Wait, wait, there's more! You can interact with speakers via live chat from 10:00 AM to 2:00 PM (Central) on the day of each event.
Watch the Interview with the Organizers
Curious about the planning that went into this event? Get the inside scoop. Watch this 23 minute video available via YouTube: