We've begun to prepare for new teacher orientation that will start in less than a month. (Anybody else get a little rattled seeing the Back to School ads in last Sunday's paper?). Anyway, I'm in the process of reviewing some materials we share with new teachers and thought others might benefit from the document below. Yes, it is more than 500 words long, but hopefully it is short enough that teachers will actually read it.

You are welcome to modify and use this in your district if you wish. (Source attribution is always nice.)

As you read, think  

What doesn't need to be in here?

What should be added/strengthened?

Should we be encouraging teachers to make back-ups of documents stored in the cloud (on GoogleDocs, for example)?

Teacher Guide to Computer Network Security

Mankato Area Public Schools
Fall 2010

Recommended security manuals for school districts are about 200 pages long. Here are the most critical things, as a teacher in the Mankato Area Public Schools, you need to know and practice – in two pages. Please read them carefully.

An increasing amount of critical, confidential data is transmitted and stored electronically in our district. Despite its intangible nature, digital records, communications, and intellectual property, whether owned by the school or you as a professional, is as valuable and important as physical property. Safeguards to protect it are essential and using them is a professional obligation.

High security and high convenience are incompatible. Our district attempts to achieve a sensible balance, placing a high degree of faith in the professionalism of our staff, rather than technological fixes to insure data security. So far, this has worked well.

Passwords
As a teacher in ISD77, you have the responsibility of a variety of passwords including those for Infinite Campus, your e-mail/MAPS Apps accounts, your Lodestar online file storage account, your computer’s screensaver, and your voice mail. All passwords should:

• Be unique for each application.


• Be changed on a regular, frequent basis.


• Be composed of both letters and numbers for highest security.


• Be composed of a string of characters not found in a dictionary.


• Be kept in a secure place if written down.


• Never be given to anyone else, especially students


• Never be given to a tech support person who is unknown to you.


• Be written on only yellow sticky notes when attached to the computer monitor. (No, don’t do that - just wanted to see if you were really reading this.)

Treat passwords with the same care you would a paper gradebook, the key to your classroom, or the code to your ATM card.

Back-ups
It is your responsibility to maintain at least one back-up copy of your your self-created school documents (word processing files, presentations, etc.) The district provides online file space on the Lodestar server for you to do this. You may also choose to use writeable CD-ROM or DVD disks to create copies of your files if your computer is equipped with a writeable CD or DVD drive. These back-up disks should be kept in a secure place, preferably not in your school building. You can also keep copies on your home computer. Unless your data is stored on MAPS Apps, you need to have a copy in two different places. Two copies on one computer is NOT a back up.

We recommend backing up all personal files on at least a monthly basis; more often if you are working on a critical project. You need to ask yourself, “What would I lose if my computer’s hard drive were to die right now?”

The district is responsible for creating back-ups of data from district-wide applications (your e-mail, MAPS Apps documents, and Infinite Campus data.)

Viruses
Computer viruses (as well as worms and Trojan horses) are small pieces of computer code that may have the ability to destroy data on your computer or on computer networks. Needless to say, our district takes extreme precautions to protect our computer users from these programs that are spread as e-mail attachments, hidden in programs downloaded from Internet websites, and as macros in word processing and other documents. While our firewall (a computerized filter that screens all data coming into the district) and our spam filter catch many of viruses, new ones are being constantly created and no filter is perfect. Our district to date has been less susceptible to viruses since the majority are written to hurt Windows computers, but viruses also are written for the Macintosh operating system with OSX becoming an increasingly popular target.

As a teacher, you can minimize your exposure to viruses by:

• Never opening an attachment you were not expecting, even from someone known to you. (E-mail addresses can be spoofed.)


• Never download programs from unknown sources on the Internet (or let your children download them).


• Turn the “macro” feature off or turn “macro security” on in word processing and spreadsheet programs.


• Scan your computer regularly using a virus protection program, especially if you have a laptop or desktop computer you use both at home and at school. Our district uses Sophos and if it is not running on your school computer, visit with your tech.

Data Privacy
The protection of the privacy of our students is a professional responsibility. This means knowing the laws, district policies and building guidelines about what student information can be shared and with whom. Increasingly this also means indirectly protecting student records and personal information by following the password guidelines listed above. Under no circumstances should library records be displayed that link the student name to specific titles that the student may have used.

We recommend that you use a screen-saver that automatically starts after a short period of inactivity on the computer in your classroom so that screen contents are not easily viewed when you are away from your desk. For added security, a password to quit the screen saver should be set.

Parental permission forms need to be completed prior to posting photographs or student work on the school’s website. No students’ last names, e-mail addresses, or other identifying information should appear on the school website. Readers wishing to comment on student work that may appear on the district website should do so through a teacher and his/her e-mail account.

Student need to recognize that school provided e-mail accounts, file storage space (YODA), and login and usage logs may be viewed if necessary. Our district Internet Acceptable Use Policy (524) VIII.A states: “Users should expect only limited privacy in the contents of personal files on the school district system.” To date, we have only had to exercise the right to view student files when there has been suspicion of wrong doing, rather than employing a continuously running monitoring program. We hope to continue the “only as needed” approach.

Personal Privacy
As e-mail and Internet users, teachers also need to follow guidelines to protect their personal data and privacy. As district employees, we are subject to the same Acceptable Use Policy as are our students, including the “limited privacy” rule. As with students, we only use the “only as needed” approach to viewing staff e-mail and files.

If you use the Internet to purchase goods, sign-up for newsletters, or complete forms or surveys, you will be asked for personal information. Do so at your own risk. Some guidelines:

• Never give your social security number over the Internet. Be very careful to whom you supply your telephone number, e-mail address, mailing address, and other personal information.


• When making a purchase using a credit card on the Internet, make sure the site is reputable and “secure.” A secure site’s address will begin with https rather than simply http.


• Limit the “cookies” your Internet browser will accept.


• Maintain two e-mail addresses: one that is used only for business or with those people you know; one for commercial transactions, surveys, etc. The second e-mail address can be a free account from a provider such as Yahoo and can be easily changed if too much spam is being sent to your account.


• When using a Windows computer, regularly run a “spyware” detection program such as the free SpyBot to detect and eliminate hidden programs on your computer.


• Outside of school, use caution about what you share on social networking sites. See Guidelines for Educators Using Social and Educational Networking Sites

Hardware Security
Computers and other hardware can also be stolen and damaged through both carelessness and maliciousness.

• Computers should be on a firm surface, well away from desk and table edges to prevent them from being accidentally pushed off.


• Computer cords and cables should be in molding, raceways or cable trays to prevent damage both to the computer and anyone who might trip over them.


• If your computer is a laptop, use a security cable to lock it to your desk if it is left unattended.


• All hardware needs to be purchased through District Media and Technology Services so it can be inventoried and engraved with a school ID.


• If you use your school computer at home or take it to meetings or conferences, be sure your homeowners’ insurance covers it if lost or damaged. Take special precautions at airports (especially at security), hotels and in meetings to make sure your computer is not left unattended. Most hotels will provide an in-room safe or a secure area at the front desk where you can safely store a laptop computer. 


• Under no circumstances should you open (or attempt to open) your computer’s case. Touching the wrong gizmo may not only hurt the computer, it may seriously damage you. Let a district technician handle any repairs that require the case to be opened.

Tim Holt at Unintended Consquences writes:

...the overwhelming volume of [educational technology] causes a “paralysis of choice” where those that are trying to become techno-literate teachers throw up their hands in disgust and just say “too much!”  Another issue is support. Too many choices require too much professional development. While it is nice to think every teacher everywhere can be self motivated to learn, I have found that many do not have the time.

And then asks:

...how many of us use multiple social networking sites Plurk, Twitter, Facebook and Myspace? Do we really need that many sites? How many of us read multiple news sites that actually have the same information? CNN? Fox News?  Drudgereport? Multiple email accounts? Multiple Blogs? How many of us maintain multiple websites?

(Fox News? Drudgereport? I don't think so, but ...)

And Tim offers a challenge:

 

Could you cut yourself down to just six essential websites and two gadgets for an entire week?

OK. I think I could.

My essential websites are:

1. Gmail/Calendar/Contacts
2. GoogleDocs
3. GoogleReader
4. Squarespace (my blog)
5. Twitter (OK, let the teasing begin.)
6. Pulse on my iPad (which is kind of a cheat since it is a news aggregator)

My essential device(s):

I could get by with just my MacBook Air, but I am using my iPad more and more.

Our district has moved reluctantly into throwing too many tools at our teachers at one time for the reasons Tim suggests - overload is counter productive. And I am not too sure why, once people are comfortable with the sharing and co-editing features of GoogleDocs, why access to wikis, Moodle, and other social networking sites is critical for 90% of teachers.

Remember the days of "memes?" Blog this challenge on your site! What are your 6 essential tools and 2 essential devices?

Thanks to Miguel Guhlin for the heads up on this post. His own reaction is well worth reading.

My suspicion is that everybody picks his or her nose. Those of us who consider ourselves more "cultured" will do so in private, use a tissue, and not speak of such acts in polite company. Those acts of which we may not necessarily be proud, we make private. And nostril grooming is not the only, nor necessarily the least admirable act, many of us commit or have committed in the past.

Yet privacy itself may well be a thing of the past, if you believe law professor Jeffrey Rosen's Reading The Web Means the End Forgetting in the New York Times.* Rosen takes a fairly comprehensive view of what sharing our lives online might mean, how much control we may (or may not) have over what others see, and what some technological and legal solutions to controlling the web's tenacious memory might look like.

The conundrum most of us face, writes Rosen, is:

... how best to live our lives in a world where the Internet records everything and forgets nothing — where every online photo, status update, Twitter post and blog entry by and about us can be stored forever.

He goes on to say...

We’ve known for years that the Web allows for unprecedented voyeurism, exhibitionism and inadvertent indiscretion, but we are only beginning to understand the costs of an age in which so much of what we say, and of what others say about us, goes into our permanent — and public — digital files. The fact that the Internet never seems to forget is threatening, at an almost existential level, our ability to control our identities; to preserve the option of reinventing ourselves and starting anew; to overcome our checkered pasts.

And much of this "checkered past," of course, is of our own making, and we may never be able to pick up a move on - to another town, another job, or another partner.

...the Internet is shackling us to everything that we have ever said, or that anyone has said about us, making the possibility of digital self-reinvention seem like an ideal from a distant era.

Rosen suggestss some solutions: using a company like ReputationDefender to monitor and scrub your online persona; an "expiration" date added to online information; and even a "reputation" report, modeled after a credit report with the ability to declare "reputation" bankruptcy. (Check sci-fi writer Daniel Suarez's Freedom to see this might actually look like.) Although most likely impractical, employment discrimination based on online information about an individual may be made illegal. Hey, and how about suing your peeps when they post that photo with you with your finger inserted to the second knuckle? Or an avatar that pops up just before sending off a photo asking you to think twice about doing so?

It's heartening to know that Net Gens seem to be aware of and dealing with this issue. Again Rosen:

Plenty of anecdotal evidence suggests that young people, having been burned by Facebook (and frustrated by its privacy policy, which at more than 5,000 words is longer than the U.S. Constitution), are savvier than older users about cleaning up their tagged photos and being careful about what they post. ... A recent Pew study found that 18-to-29-year-olds are actually more concerned about their online profiles than older people are, vigilantly deleting unwanted posts, removing their names from tagged photos and censoring themselves as they share personal information, because they are coming to understand the dangers of oversharing.

Are our educational efforts making a difference? One might hope.

Some things this article made me think about..

With this, as much as anything, control is probably mostly an illusion. Rosen reports:

...the Facebook application Photo Finder, by Face.com, uses facial-recognition and social-connections software to allow you to locate any photo of yourself or a friend on Facebook, regardless of whether the photo was “tagged” — that is, the individual in the photo was identified by name. At the moment, Photo Finder allows you to identify only people on your contact list, but as facial-recognition technology becomes more widespread and sophisticated, it will almost certainly challenge our expectation of anonymity in public. People will be able to snap a cellphone picture (or video) of a stranger, plug the images into Google and pull up all tagged and untagged photos of that person that exist on the Web.

I remember a very interesting conversation recently with a lady who dislikes her daughter's photo being taken in public without her permission and a colleague giving his lawyerly response that when in public, we give up our privacy rights. The added dimension of the daughter's photo winding up online was what was particularly upsetting to the mother. And I could see both sides of the issue.

I wonder how many of us who write publically practice self-censorship, realizing that one day a future employer may decide to hire or not hire us based on our blogs or tweets or wikis? Are there "truths" that simply don't get spoken, or spoken of by enough of us, often enough?

It also made me wonder if eventually employers, college admissions, and even romantic partners might lower their expectations of what may constitute "normal" youthful indiscretions? And just how many years can count as "youth?" (My own lasted well into my 40s, I believe.) Might we just "wait this out" until what is now considered shameful might be deemed acceptable?

I suspect there are many of us (me, anyway) who have not been particularly well-behaved, but have been just clever/lucky enough not to have those bad behaviors go public. It sounds to me like no matter how clever or lucky we may be in the future, most of our acts will be public. Rosen concludes:

Our character, ultimately, can’t be judged by strangers on the basis of our Facebook or Google profiles; it can be judged by only those who know us and have time to evaluate our strengths and weaknesses, face to face and in context, with insight and understanding. (Sounds familiar in some respect.)

I suppose there is also the option of only leading a sin-free life, but where's the fun in that? And how practical is advising kids to just "never, ever do anything wrong - ever?" I'm guessing they would listen to us adults giving such advice even less than they do already - if that's possible.

So readers, go forth and pick no more. At least when there are cameras around.

*Thanks, Jeri Hurd, for head's up.At Bib2.0.