Be CyberSMART!

Addressing Safe and Appropriate Technology Use in Northside

Administrator Institute July 26, 2006

Kelly SmithAssistant Superintendent for Technology Services

Ripped from Recent Headlines!

Students behind grade changing Employee fired for data breach at health care facility Teen who hacked into school files takes deal Consultant hacks way into FBIs computers; even director's password

was obtained Identity theft victims tell of job loss, red tape that follows when

someone assumes your ID, spends in your name Tipster leads FBI to laptop loaded with veterans' files; personal data

on the stolen device apparently wasn't accessed, VA told Franklin schools chief suspended for 4 days: further action possible

after complaint about e-mails Teacher charged with corrupting minors; allegedly had sex with a

student in his truck and sent explicit e-mails to another Arrest sought after fight; police pursue a warrant linked to a fight

shown on myspace.com Tougher laws urged for web predators; AG expresses concerns about

repeat offenders who solicit minors Employee fired over blog; private blog wasn't; man fired for blasting

boss

CyberSMART Principles  

S = SecurityM = MannersA = Acceptable UseR = ResponsibilityT = Training

Scenarios for Discussion

Classroom Scenario

1. What kind of issues does Mr. Carter need to be aware of regarding safe and acceptable use of technology in the classroom?

2. As a CyberSMART teacher, what kinds of things can Mr. Carter do to protect himself and his data?

3. How can Mr. Carter address the parent's fear of pornography? What should he tell his students to do if they accidentally encounter it?

4. What are some specific actions Mr. Carter could / should take to address what has happened?

5. What kind of penalties should students face for misuse of school technology?

Office Scenario

1. What kind of issues does Ms. Gates need to be aware of regarding safe and acceptable use of technology in the workplace?

2. As a CyberSMART employee, what kinds of things can Ms. Gates do to protect herself and her data?

3. What options are there for the Winocular and Groupwise situations?

4. What are some specific actions Ms. Gates could / should take to address what has happened?

5. Has Ms. Gates done anything wrong for which she could be reprimanded or fired?

(print version)

(print version)

S = Security

M = Manners

A = Acceptable Use

R = Responsibility

T = Training

Security: Why Worry?

• Security breaches can compromise:– student and staff safety and

vulnerability– the district’s ability to function– public support and legitimacy– liability

Security: Why Now?

• NISD is a “digital school district”– Data-driven, information-rich,

“open” environment– Inviting target for hackers of all

kinds, even students!

Security: Your Role

• Understand the risks• Understand the policies• Make security a high priority – be

proactive! • Educate employees and students• Treat all security incidents /

violations seriously and report them promptly

– Students Technology Services– Staff Human Resources

Passwords and Security

Passwords and Security

• Passwords can be the weakest link or strongest defense in our data and network security arsenal

• Choose strong passwords (TEC-02)• Don’t share passwords (TEC-01,

TEC-02)• Change passwords frequently, at

least every 120 days (TEC-01)• Password protect mobile devices,

too! (e.g., flash drives, laptops, PDAs, etc.) (TEC-10)

Passwords and Security

• Why so many passwords?!?– Life online means living with--and managing

-passwords (work, bank, personal e-mail, online newspaper, shopping, etc.).

– Using the same password for multiple sites and applications compounds the likelihood that someone will take control of your accounts!

– If you record your passwords, recognize that there is truly no safe location to store passwords. One idea: an encrypted password-protected Word or Excel file (Tools > Options > Security)

• Technology Services is working to “synchronize” NISD user-IDs and passwords, where possible. The vision one user-id and password to access many different systems at work

Protect that Data!

• Data on mobile equipment (e.g., flash drives, laptops, PDAs) – exercise extreme caution! (TEC-10)

• Physical security, especially for mobile equipment (TEC-10, PUR-03)

• Lock workstation (TEC-02)• Be wary!

– Keyloggers

– Dumpster diving

– Phishing

– Social engineering / pre-texting

Student Safety

• Internet filtering in place – see online document for more information (CQ Legal & Local, TEC-01)

• Employees with students under their supervision must educate them about safety and security issues and actively monitor them! (CQ Legal & Local, TEC-01)

• Social networking websites may put students at risk for exploitation and harm (e.g., MySpace, Xanga)

– Visit NISD Web Warning website

S = Security

M = Manners

A = Acceptable Use

R = Responsibility

T = Training

Effective E-mail NetiquetteSource: TEC-08 DISTRICT E-MAIL USAGE REGULATION

• Treat all electronic messages the same as written, hard copy communications in regard to decency, courtesy, and openness

• Be professional and exercise good taste!

• Avoid misunderstandings – remember electronic text is devoid of any context clues which convey shades of irony, sarcasm, or harmless humor

• Make subject headings as descriptive as possible

• Restate the question or issue being addressed or include the original message in your response

Effective E-mail NetiquetteSource: TEC-08 DISTRICT E-MAIL USAGE REGULATION

• Include the most important fact / idea / issue first or very near the top of the message

• Proofread / edit each message and use the system’s spell check prior to sending a message

• Check the facts in your message before sending it; do not spread rumors via e-mail

• Think twice before CC’ing and forwarding (privacy issues, need to know, inbox clutter, etc.)

• Remember the human – don’t hide behind e-mail (or voicemail)!

Discussion Break

Let’s discuss those

scenarios!

Great idea! What do you think about Mr. Carter?

S = Security

M = Manners

A = Acceptable Use

R = Responsibility

T = Training

• Digital Citizenship = The expected standard of behavior with regard to technology use

• We should all teach, model, and expect exemplary digital citizenship!

Acceptable Use: AKA “Digital Citizenship”

Digital Citizenship at Work: Principle #1

Access to all District technology is made available to employees primarily for instructional and administrative purposes in accordance with Board Policies and District Administrative Regulations.

Digital Citizenship at Work: Principle #2

Employees are responsible at all times for their use of the District’s electronic communications system and must assume personal responsibility to behave ethically and responsibly, even when technology provides them the freedom to do otherwise.

There are consequences for NOT being a good digital citizen (i.e. violating acceptable use policies)• Access to technology denied• Reprimand• Termination• Legal action

Digital Citizenship at Work: Principle #3

System use is electronically monitored.

E-mail Acceptable Use

• Do not send or forward e-mail messages or images that are abusive, obscene, pornographic, sexually oriented, threatening, harassing, damaging to another’s reputation, or illegal.

• Users may not send or forward any e-mail messages that are for personal-profit use.

• District-wide e-mail broadcasts must be approved by the Executive Director of Communications. (Use the BC field.)

• Campus/site-wide e-mail broadcasts must be approved by the campus Principal/Site Administrator.

E-mail Acceptable UseSource: TEC-08 DISTRICT E-MAIL USAGE REGULATION

• Do not send or forward chain e-mail messages or images.

• Use the e-mail system’s proxy capabilities whenever out for extended periods of time only if someone needs access to your e-mail. The Helpdesk can provide assistance.

• Send e-mail to appropriate (i.e. need to know) parties only.

E-mail Acceptable UseSource: TEC-08 DISTRICT E-MAIL USAGE REGULATION

• Open e-mail on a regular basis (at least daily, if possible)

– delete unneeded items

– file items needed for future reference appropriately to prevent filling up your mailbox

• Refrain from storing attachments in the mailbox (i.e. spreadsheets, slide shows, documents, pictures, etc.)

– Attachments should be saved to your network home directory, hard drive, or external storage media

• Comply with mailbox size limits, as determined by the District due to technical requirements

• Do not waste mail system resources (i.e., spamming, distribution of videos or photos, etc.)

E-mail Acceptable UseSource: TEC-08 DISTRICT E-MAIL USAGE REGULATION

• E-mail messages, created or received in the transaction of official Northside Independent School District business, can be categorized as public records based on the content and topic of the message, and therefore are subject to Texas Public Information Act

• Each user is individually responsible for maintaining the public accessibility of his/her own incoming and outgoing e-mail messages as required by law (See http://www.nisd.net/its/records)

• Another reason to “be professional” in e-mail correspondence!

E-mail as a Public RecordSource: TEC-09 DISTRICT E-MAIL RETENTION REGULATION

S = Security

M = Manners

A = Acceptable Use

R = Responsibility

T = Training

• Increased electronic systems increased access to data (i.e., “open” environment)

• Confidentiality of data is addressed in FL (Legal) Student Records and DH (Exhibit) Employee Standards of Conduct

• An employee shall not reveal confidential information concerning students or colleagues unless disclosure serves lawful professional purposes or is required by law

• Avoid sending e-mail to colleagues or parents that contain personally identifiable information about students

Model and Emphasize Data Confidentiality

Know the Acceptable Use District Policies & Regs • CQ Legal and Local, TEC series• Other important topics

– Copyright– Campus, classroom/teacher,

extra-curricular and student websites

– Personal hardware and software

Educate Others

• Provide acceptable use training for all staff and students under your supervision

• Enlist the help of your campus technologists, technology teachers, librarian, & district technology trainers

• Lots of great NISD-developed resources are available online

• Promote and model Digital Citizenship!

Report Incidents / Violations

• Treat all acceptable use incidents / violations seriously and report them as appropriate

– Staff Human Resources– Students Technology

Services • Administer consistent

consequences, especially for students’ inappropriate use

Manage the Paperwork

• Collect and manage student acceptable use agreement forms promptly

• Ensure that the AUP data is entered into the Region 20 student system by September 1, 2006 (10 days after the first day of school)

– Direct your Library Assistants to help the Attendance Secretaries perform the AUP data entry at middle schools and high schools (optional at the elementary schools)

– AUP data is automatically “pushed” nightly to populate several other systems

• Professional and classified staff will acknowledge and agree to acceptable use online, with the online handbook process. Auxiliary staff will complete and submit the paper form to their supervisor.

S = Security

M = Manners

A = Acceptable Use

R = Responsibility

T = Training

Online Acceptable Use Class

• Available to all employees

• Required for all new employees with access to technology, within 3 weeks of employment

• Online, takes 45 minutes to complete

• All users will receive an e-mail in August with specific instructions

• Online course completion will be tracked and reported in ERO (Electronic Registration Online)

Discussion Break

Let’s discuss those

scenarios!

Great idea! What are

some important points?

Classroom Scenario Points

• Monitor students when using computers (gum, software installation, flash drives)

• Be aware of keyloggers and safeguarding password (grades). Change password; report it.

• Don’t e-mail IEPs (wrong recipient; confidentiality)• Be able to explain how Internet filtering works in NISD; if

inappropriate material is viewed accidentally – move on immediately and tell teacher

• Refer student and parent to Web Warning; counsel student

• Harassing e-mail – forward to abuse@nisd.net and report it to supervisor

• Follow Student Code of Conduct for students who violate AUP

– more serious examples: cyberbullying; hacking and other malicious activity; purposely accessing materials that are abusive, obscene, sexually oriented; proxy avoidance

– less serious example: non-school related Internet use

Office Scenario Points

• Don’t use others’ passwords (access to certain applications such as Winocular must be limited to administrators/supervisors)

• Be professional in e-mail correspondence (Hr policy situation)

• Report acceptable use violations to supervisor (co-worker wasting time and resources – maybe it is business related)

• Don’t respond to the phishing scam; forward message to abuse@nisd.net

• Do not forward jokes; could be offensive; waste resources

• Keep laptop physically secure; encrypt data• Don’t share GroupWise password; grant proxy if

you want someone else to keep up with your messages

Be CyberSMART!

Addressing Safe and Appropriate Technology Use in Northside

Administrator Institute July 26, 2006

Kelly SmithAssistant Superintendent for Technology Services