k12 cybersecurity

We discuss with our guest Amy McLaughlin, COVID-19 and tips and tricks for homeschooling cybersecurity to stay safe when schooling and working at home.

Protect Your School from Cybersecurity Threats

SecurityStudio helps schools ensure they’re protected against cybersecurity threats with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:07] Ryan Cloutier: Welcome to the K 12 cybersecurity podcast. I’m your host Ryan Cloutier. Today we’re gonna be talking about Covid 19 and its impact on distance learning, remote school and school closures joining me today is Amy Mclaughlin. Did I say that? Right, Amy

[00:00:50] Amy Mclaughlin: yes, he did.

[00:00:51] Ryan Cloutier: Amy is an experienced information technology and information security professionals. She has over 20 years experience including the last 10 years in K 12 and higher education. She holds a master’s degree in Science and information technology management and a masters of arts in marriage and family therapy. Amy currently serves as a project lead for the COz in cybersecurity and smart education networks by design and as the director of information services information student health services at Oregon State University. Did I pronounce that? Right? Amy

[00:01:24] Amy Mclaughlin: Yes, pretty darn good. Thanks so

[00:01:26] Ryan Cloutier: much for joining us. Um it’s really some wild times out there and you and I have been, you know working through this the last week more intensely, but even from the week before and you know, as we were talking, it kind of dawned on us both that what people really need right now. It’s just kind of a short, simple list of actions and things that they can be doing as they prepare for remote work, remote school. You know, we’re looking at, you know, 14, 15 days here in some cases, but I think a lot of people are starting to prepare for longer. Um, and so you know what we were thinking is we would put this list together for you guys and give you some some pro tips if you will and how you can stay safe and stay calm during this crisis. So the number one thing that we came up with was that really you need to stay calm. Um being panicked makes you more susceptible to digital risk. You’re more likely to click on a link if you’re in a state of panic. So really think before you click or share. Um amy can you share with us a little bit of what you’re seeing with some of these phishing scams and and how they’re kind of exploiting this Covid 19

[00:02:38] Amy Mclaughlin: Sure. I think one of the biggest challenges of course is that every, there a lot of there’s a lot of panic around covid 19. So obviously opens the door for a lot of exploitation uh, in the school area. What we’re seeing is a lot of emails coming out that are pretending to be from school district authorities or principles coming with logos say things like, hey, I need you to immediately felt the storm to give me your cell phone, contact information um, or provide us additional information on how to reach you. Uh they’re actually going for a two layer attack which is a little bit more sophisticated than the standard click here and enter your username and password because they’re collecting cell phone numbers for later exploitation, which means that the person won’t necessarily associate the later attack with the original email. So we’re seeing a pretty complex and uh well thought out approach also really exploiting people’s fear and concern about my work my school, are my kids going to be safe? Am I going to have enough hand sanitizer? Those kind of phishing scams coming through um in large volumes right now or an increasing volumes, they’re going to start increasing even more I think over the next few days,

[00:04:00] Ryan Cloutier: you know, and it’s interesting that you bring up the multi factor authentication exploit angle if you will, excuse me not corona um the M. F. A. Side of it where they’re trying to get that cell phone number um that’s really so that they can come back later and send you a phishing email that requires a multi factor authentication. So when you get that text message or that um alert pop up on your on your authenticator app. Um a lot of times if they have already gained access that information it makes it much easier for them to do another type of exploit that allows them to get access to your system. One of the things that were really stressing is you know, verify before you share any data. Financials before you make any purchases with a lot of us moving towards remote school and remote home or sorry remote work from home. Um Those activities where we would normally be able to walk down the hallway and verify with the person you know directly obviously as we’re all kind of self quarantining here that’s not really a reality for us. Do you have some tips on other ways that people could verify um when they’re asked to share this data or sensitive information You know make purchases.

[00:05:15] Amy Mclaughlin: You know I think that the alternative to walking down the hall right is picking up your phone and calling uh And I think as you move to work from home and school from home options um having a phone number of who to call to verify, making sure that that’s a valid number not one that came off the bottom of the false email uh to confirm the purchase or a lot of people are going to video conferencing options so you know hitting uh your video conferencing option with the person who you need to verify with and looking at his face to face and saying hey I just got this request. Did you really want me to purchase this or um am I really like supposed to send you all the W. Two S for the whole quote company um and making sure that that is actually confirmed by somebody at the other end.

[00:06:04] Ryan Cloutier: That’s a great great tip and I think you know, video is definitely becoming more prevalent and I think a little bit later here we’re going to talk about video and some considerations for it. Um, the other big thing right now that we’re seeing a lot of in the information security community is coronavirus scams that are attached to coronavirus maps. Um, you know, all of us want to know what’s going on and and most of us are trying our best as much as our sanity will allow us to keep up with all of this information. And it’s incredibly important to only get your information from reputable sources. We are seeing not just viruses, you know, being attached to coronavirus maps, but we’re also seeing a lot of disinformation and misinformation um kind of floating around rumors and conjecture. Um as one would expect to see in a situation like this. So really do try to stick to those reputable known national sources. You know, World Health Centers for Disease Control, your state health officials, your local health officials. Um really be very cautious and verify those U. R. L. S. If you are going to those coronavirus maps myself. I just go directly to john Hopkins website. Um, that way I can get to the map that everybody’s kind of using anyways. Uh, and I don’t run the risk of falling victim to a scam. So with that. Um, I think we, you know kind of segue here too. Okay, we’re all stuck at home. What are the security considerations that we need to be thinking of at home? Um amy what are your ideas there? Where do we start?

[00:07:46] Amy Mclaughlin: Well, I think you know, we can start with some basic cleaning, right? Uh you’re at home um time to do some digital cleanup. So first thing is check all those devices that you’re using are updated quick and easy. Run through, run updates on your computer, your, your cell phone, um, your router, that’s the one people always forget And for a lot of people that means digging the manual out of a box where you stuffed it when you first step thing up. But just make sure all those home devices are running the most current version of their operating systems and have been updated and patched because that will protect you from quite a lot of basic exploits And it’s step one and it’s relatively simple just to go through and do update.

[00:08:33] Ryan Cloutier: I know when I went to update my devices here this week, um, I couldn’t find that manual, who knows what box it’s buried in. So I hit the Youtube and I was quite surprised and happy when I found there’s there’s an extensive amount of of how to videos out there already. Um as well as those manufacturer instructions. So if you can’t find the paper, manual laying around a lot of times your manufacturer will still have a manual on the website, just type that model number into google and take it from there. Um you know, as we, as we talk about, you know, getting those things up to date. One of the things that a lot of us aren’t thinking about is how things might operate differently at home than they do in the school setting or in our office setting. And one of those things that’s especially important for parents to be aware of is that the content filters so that that piece of software that is keeping the bad and ugly part of the internet if you will away from the kids. Uh some of those content filters don’t work when the devices are are out of the schools network. Um some do, it all comes down to the type of content filter the manufacturer, the in the way it’s configured. Um but that’s just something to be aware of. Is that the the uh internet access at home a lot, a lot of times is a lot more wide open than the internet access at school or at work. Do you have any tips for a Sammy on things we can do at home to kind of help keep an eye on that.

[00:10:01] Amy Mclaughlin: You know, I think one thing is to trek in regularly with your students and know what they’re doing, you know what they’re working on another is to take a look at your home routers, a lot of home routers have some basic firewall set ups where you can send set parental controls um again if you’ve lost the manual just got to youtube look up your device number and look for parental controls. Usually there’s just a switch flip on and it says you know low medium or high level of control. Uh and you just want to make sure that you said it just right your your family and what your needs are but it can put a nice basic safety net in place to help protect your family. Um And there are some actually some reputable um low cost or no cost online content filters, software content filters, the parents can load onto machines for their students. So if it’s home machine that’s personally on device you may be able to load your own content filtering on as well now. So I’d note too that doesn’t do any good to lead the content filter on and then give your student the override password. Yeah, because you might as well not have it on there at all.

[00:11:20] Ryan Cloutier: Yeah, we definitely want to be careful about about passwords and who has them um you know, and that leads me to to a privacy concern that we have at home and that’s IOT devices. Right. So we have a lot of us have these smart devices in our home that will respond to their name right? Maybe we, you know have an Alexa and okay google or or some other type of smart device, Maybe it’s our cell phone um series something along those lines. Generally the rule is if the device responds to its name, uh that means that it’s listening all the time. So we need to take extra care when we’re having those at home school conversations at home work conversations. Um you know, are we around these devices, you know what what potentially might they inadvertently be picking up? Um that we’re saying we want to exercise extra care there and try to mute them if we can or maybe hold those conversations in a room that doesn’t have that device in it. Is that something you’re hearing as well? Amy?

[00:12:17] Amy Mclaughlin: Oh yeah, I think that is true for both for IOT devices and the other device that people don’t necessarily think about until it’s too late is cameras, webcams on laptops and what all they show of somebody’s home. So if you’re working or attending school through an online interface and you have a webcam enabled and you’re having a meeting or you’re in a classroom, what is showing up in your workspace in your school space that maybe isn’t something you wanted to share with the public, you know? Um

[00:12:58] Ryan Cloutier: Well I think you’ve got a great

[00:12:59] Amy Mclaughlin: that’s is inviting people into your private home space. Well, very visible way.

[00:13:03] Ryan Cloutier: And the other thing to be aware of um I have unfortunately seen a growing trend of teachers screen Shotting their classrooms and and posting it as a matter of pride on how they’re successfully navigating this remote schooling and you know that presents a different set of privacy considerations right? We want to be careful and thoughtful about you know sharing that type of online learning environment because we are you know looking into the private homes of these students. We are you know in a lot of cases um potentially doing so without direct consent. I don’t think the directory information policy covered um group chat on zoo. So I think there’s there’s definitely new considerations there. Um pro tip is cover that webcam if you’re not using it. The other thing is is we want to make sure that you’re aware of virtual private networks and that as much as possible and this is to any district technologists that might be listening here. Um as you roll out your remote school plan really take great care and caution to set your VPns up correctly and ensure that the VPNS are enforced on any district owned device. Uh For those that are you know at home remote workers a lot of your companies already have this in place if you work for a larger company. But if you work for a smaller company and you don’t have a VPN you might want to talk to your I. T. Team about what it would take to get one in. There’s a lot of great and inexpensive options out there. Um and it really is that extra layer of protection that helps keep you and the school and and company data that you’re handling safe. We’re going to move on. Yes.

[00:14:46] Amy Mclaughlin: Just for those folks who aren’t aware, um VPN helps encrypt your data so that other people on the same local network can’t see what you’re doing. That’s the simple explanation.

[00:14:58] Ryan Cloutier: Absolutely. Thank you for that. It’s it’s about trying to keep things well, just like coronavirus. Right? So we’re practicing social distancing distancing. So we can think of a VPN as digital distancing. It’s a way to keep uh individuals separated from each other so that it’s harder to spread infection. Uh into that point, let’s let’s move on to keeping clean um, physically and digitally, you know, that’s a really hot topic. Um you know, around the world over the last week, we have seen a hygiene product in extremely high demand. Uh folks definitely want to make sure that a certain part of them is is very clean and and have acquired all the necessary supplies to do. So, some of us are referring to it as the TP crisis of 2020. Um it’s getting a bit silly out there and I think, you know, most of us have had some kind of personal experience now with a completely sold out TP I’ll, but to that point, you know, how do we keep these digital devices digitally clean but also um keeping them physically clean. So we know antivirus and anti malware are are must have I like to think of them as the hand sanitizer of the computer world. Um you know, the important part about that though is to make sure that you’re actually scanning so when you do install this stuff set it to auto scan. Um the other thing that I would encourage you to do is is think about um how often you know you’re doing updates, do you have automatic updates? You know, these types of things will definitely help keep you digitally clean. Amy in a in a education setting. You know, one of the things that we’re hearing a big amount of talk around is is kind of device support and device recapture. Can you kind of share with us your thoughts around you know, safe ways when that tech support needs to actually recapture device safe ways to not just keep it physically clean but digitally clean.

[00:16:58] Amy Mclaughlin: Yeah. You know, the interesting thing about devices is quite frankly um phones and laptops are some of the most dirty devices out there. Uh so this is a really big recommendation for anybody but especially protecting two will be re capturing devices, redeploying them and handling them extensively. Um really working hard to keep keyboards and touch screens clean and well kept um before deployment and when you receive them back and also at home. Right. Uh you know, we were laughing earlier about tp but you know, think about how often you’re touching your cell phone or your laptop um while eating or while doing some other activity that can transfer germs onto viruses onto the device or transfer anything onto the device into you. So um I’ve done quite a lot of research actually on cleaners lately because there’s a long list of things that you don’t want to use. So for a keyboard. I mean easy options uh take a if you can find them uh you know an antibacterial wipe and squeeze out most of the moisture and wipe the keyboard. There are also keyboard cleaner specific wipes. Actually there are a little easier to find right now than just your standard antibacterial wipes because you can get them through computing catalogs. Um And online retailers and they haven’t quite sold out in the same volume as your standard grocery store issue. And then you’ve got you know, soap and water and I don’t mean like a ton of water. I mean like a lightly damp cloth to wipe off the keyboard. Do not scrub your keyboard with like dish soap. Just take a light damp cloth wife over the keyboard and the screen and dry it again with another damp cloth. And when I say a cloth, I mean like micro fiber cloth, something soft, avoid using tissue paper, paper towels, anything scratchy that’s going to damage your monitor surface or your phone surface because that’s going to end up damaging your device and making it not last as long whatever you do do not use abrasive cleaners. I know there’s a real temptation to grab like Windex or um, you know, you

[00:19:29] Ryan Cloutier: want to keep, you want to keep the Ajax away from the keyboard, right? Don’t

[00:19:33] Amy Mclaughlin: know, Ajax, no toilet scrubbers on your keyboard. Well,

[00:19:38] Ryan Cloutier: and one thing I would I would call out to is just use reasonable pressure when touching the monitor. Right? So when you’re cleaning the screen, no need to pretend that you’re the hulk, right? Take it easy, give it a good wipe, give it a thorough white, but really want to be cautious, not depressed too hard. And, and that kind of leads me to the next point, uh school administrators. Um, and you know, I. T. Professionals, uh, if you’re responsible for the support of these devices, you really should consider putting together care sheets. Uh, while we would like to assume that everybody kind of knows how to do this. Um, a lot of folks actually don’t. And you add panic into the mix, you add stress into the mix. You know, kids are at home now, parents are trying to work. I’m looking forward to the cavalcade of, of hilarious videos where the, where the toddler burst into the board meeting. Right? Um, we’ve seen a few of these on youtube, it’s only going to increase with time. Um, you know, while that’s going to be, you know, a good source of entertainment when we’re stuck inside ourselves. Um, I think it’s important to get a care sheet out with those devices, especially for districts that are going to be hold

[00:20:53] Amy Mclaughlin: on and say well and I think you want, as districts are recapturing repurposing and working with large volumes of devices, I think it’s important to work on protecting tech staff from um, the transfer of anything that could be on those devices. So thinking about issuing gloves for tech staff, working with a large volume devices, reminding people to wash their hands routinely, especially when handling devices that have been in other people’s hands have been coming in and going out. So those kind of basic health and safety precautions in order to keep district technology stuff safe are also going to be really important,

[00:21:33] Ryan Cloutier: completely agree. And I think to um lastly on that topic, um, when communicating to parents, you know, how to, you know, safely maintain these devices. It’s also important to communicate to them. Any changes that potentially have occurred with regards to any content filtering or uh, internet access availability that may exist or any additional responsibilities that the parent that now needs to take as the at home tech support if you will for the student. I think some districts are exploring a hybrid model of educating mom and dad on some basic tech and troubleshooting tips through through video through different uh papers if you will. Um, you know, think, think long and hard about how you’re going to engage the parent because you know as we go to a more isolated state, they really are going to be that first line of physical tech support. Um Obviously we want to limit the amount of, of devices that need to be brought back to the school wherever possible. We want to limit the travel of those individuals and those devices um so really give deep consideration too, you know, how you’re going to work with the parents in a in a tech support situation that leads us to our next point which is keeping accounts safe. Um Number one, we really want to limit the sharing of passwords via email. We in the security industry understand that that is a practice that unfortunately is probably going to increase but it should be noted that email that is not encrypted is easily read by just about anybody um if they’re looking to read the email and it’s going across the net and clear text it is, it’s relatively easy to intercept and read. Um so really try not to share passwords via email if you can and as much as it’s practical leverage automated password resets. Um Most of us these days are operating the majority of our district in the cloud from a learning perspective from uh in a lot of cases a student information systems perspective um so we wanna, we wanna, you know leverage those automated resets wherever we can. Um the other big yes,

[00:23:56] Amy Mclaughlin: I’m going to jump in here and just point out a couple key differences between passwords that can be email is like sitting, you’re putting your password on a post garden and sending it in the post because the postcard isn’t protected by even an envelope, it’s just text wide open. Whereas when you’re using a leveraging an automatic password reset option, those are usually encrypted connections back to the host of the application. So that password, the automated reset is done through encrypted format as opposed to a postcard.

[00:24:29] Ryan Cloutier: So more like the security envelope that my check would come in, right? So 11 would be like a postcard and the other would be more like a like a bank security envelope.

[00:24:40] Amy Mclaughlin: Exactly. So when you think about it, that’s why leveraging the automated reset is such a superior option.

[00:24:47] Ryan Cloutier: I like it, you know, and one of the other things we want to think about um as we congregate together uh and this will be an interesting social experiment. There’s a lot of families that are either going to get closer together or less less enjoyable to each other with with close confinement for for all day every day. But we want to try to limit sharing those devices. It can be tempting sometimes um some of us are work devices is much more powerful than our home device. Uh Sometimes uh we’re in a situation where maybe that is the only computer in the home and and so we do end up using it for non school or work purposes but we want to try to limit sharing of devices as much as we possibly can. Um Amy do you have any tips for us on how to kind of implement that practice in our lives if you will. Especially if it’s something that we’ve been previously doing and we’re comfortable with.

[00:25:49] Amy Mclaughlin: You know, I think one of the challenges of course is that as you mentioned, a lot of people may only have the one device. So I think if you can use separate devices for separate functions, it’s a really good idea to do that. If for some reason you can’t then look into the device that you have and think about how you can use the operating system on the device to segment out the functions. So maybe creating separate user profiles based on the function to try to limit the crossover between your work and your personal or your work in school will be one way of handling that. Uh That way when you’re logged in into a work environment you’re working and you’re not acting using personal things where you could contaminate your workspace.

[00:26:39] Ryan Cloutier: That’s really great advice. And on a personal note for those of you that are going to be working at home, um showers and hygiene and dressing for your day is still greatly appreciated. Uh While I have developed a bedhead bingo card for the various meetings I’m going to get on that have gone beyond casual. Uh you know, think, think and treat this digital time as you would your physical in real life, because it is, I mean, the reality is is even though we’re gonna be stuck in our houses and we’re going to be having to make all these, you know, accommodations and changes to what we’ve grown accustomed to his daily life here. Um try to keep in perspective that, you know, a fresh look and, you know, being hygienic, um helps really set morale and tone um for as much as I had enjoyed to get a tour of all the various, you know, forms and formats of people’s, you know, at home loungewear. Uh I don’t know that that that’s going to help us maintain the professionalism and so as you as you think about how to dress for your day for your students, as you think about how to dress for your day for your co workers, um that’s just kind of a personal thing, because I’ve already started to see a bit of a trend towards uh towards the super casual if you will. And to that point actually, I

[00:28:01] Amy Mclaughlin: think there’s a really good psychological reason to do that. And here, let me, you know, my old my old psychological life here um is that, you know, by getting dressed for work and setting the tone that okay, I’m sitting down and I am at work or I am at school, you’re putting yourself in a physical and mental mindset and space that says the behaviors that I’m doing right now need to be work appropriate. So if I’m reading my email, reading it in the context of work and thinking in terms of, is that an email I should be responding to in my work environment, Is this an appropriate, you know, is this sufficient attack? Is this appropriate for how we interact at work as opposed to, you know, feeling like I’m casual, I’m at home and they need relaxing a bit, not actually thinking as critically, right? Because that’s great advice place we go to relax, so

[00:28:59] Ryan Cloutier: yeah, no, I think that’s great advice and you know, to that to that end, I think having a as much as is reasonable and practical in your space, having a dedicated area for work. I myself, I work from home a lot. I’m doing this podcast from home. Uh my workspace is a sacred space. It is for work, it’s not really for entertainment or, or being at home. Um and that helps me stay very focused to what I’m trying to do um as much as you can do that, I know some people are just setting up camp in the kitchen because that’s what they’ve got to work with and you know, I I encourage you to do your best to make whatever space you have available, um be kind of focused and dedicated to work and our school it is going to help you be more successful in this remote setting and to that end? Um We’re going to close out on our last point which is not to take shortcuts. Uh we’re all in a mass scramble right now to do whatever we can do to keep this pandemic if you will. Um at bay right. It’s you know, how do I we’re practicing social distancing. We’re working from home or you know, some states are closing bars and restaurants. The guidance I heard this morning uh coming out of the C. D. C. Now is no more than 10 people should be gathered together at any given time which kind of starts to change what daily life looks like and and so on. Our rush to re adjust to this new reality. We want to be careful, we’re not deploying technology so quickly. We’re not able to take basic security measures. And this is especially true, especially true in the world of schools where we are, you know, moving our classrooms to these, you know distance learning virtual learning environments where giving devices to students that maybe previously didn’t have them. Uh we’re having staff work from home which you know in a school setting is is relatively new. Some districts have had the learning days to kind of dry run this. But as I’ve heard from several uh district leaders that I’ve been speaking with an E learning day is not equal to long term distance learning and so amy can you kind of tell us a little bit more about, you know, that long term distance learning but also what are some of the steps and and things we want to think about is we are deploying this technology to to make sure we’re not missing some of the basics.

[00:31:42] Amy Mclaughlin: So yeah, I think, you know, one of the things we need to think about when we look at long term distance learning is that we have to make sure that we’re studying up environments for the for the long haul. It’s not a hair get this out to you. So you can be at home for a day or two. It’s really a more thoughtful products us. So I think one of the challenges as I see people ordering large volumes of chromebooks and laptops and ipads is um not deploying so quickly that we forget to take really basic security measures because once those devices are out the door, once those systems are set up for home learning, if we haven’t thought through the security requirements beforehand, it’s going to be really hard to bolt security on, on the back side. So thinking through really simple basics, did we change default credentials on the devices or can our students break into these and make these devices, whether there are hotspots or um laptops, ipads, can they get in and add applications or change, you know, web content filtering. So um making sure those default credentials are turned are are reset are changed to a password that isn’t available to students um that the drives are encrypted so that if if faculty member teacher loses a laptop or it’s stolen has student information on the drive is encrypted and they’re protected, the data doesn’t get exploited. Um And using the simple tools that already come with the devices, right, turning on automatic updates. Let the device manage itself.

[00:33:22] Ryan Cloutier: Yeah, I think those are

[00:33:23] Amy Mclaughlin: students to accept them.

[00:33:25] Ryan Cloutier: Right. I think those are all very valid points. You know, one of the, one of the things I’ve heard kind of coming out of the private sector right now. Um

[00:33:33] Amy Mclaughlin: and there, you know, there

[00:33:34] Ryan Cloutier: are a couple steps ahead. Uh some, you know, as early as two weeks ago some of the larger organizations began to transition non essential employees to remote work. Um And I know when speaking to one of my colleagues um just just here today, uh their organization has put out some pretty aggressive measures all employees are to remote work if they’re unable to remote work, they’ve they’ve gone to kind of a deferment program if you will. Um as far as I know everybody’s getting paid. But the big issue that they’re having, there’s a lot of the systems that were set up for remote access to to kind of manage the day to day uh weren’t set up for long term remote access and and they’re having issues where they’re kind of kicking each other off the systems, they’re, they’re trying to remote in and do their daily work. But those remote access setups were really designed for kind of middle of the night, emergency access, not multiple employee long term use. And so you know, as you’re, as you’re setting up these environments and a lot of, you may be setting them up for the very first time or you may be expanding what was once just a handful of VPN users to now encompass your entire district. Really be planned fel and thoughtful about ensuring that each employee has a unique credential um that you have the appropriate type of remote access set up. Um, so that they’re not all terminating to a single jump box And this is more to my tech directors. Right. As you guys are getting into managing servers and databases, insists and you know, um, you know, meals, meals and fees and activities type services. Um really look at, how is your remote access setup? Are you just going on a shared account into a single jump server or do you have unique credentials? Are you remote in directly into the boxes? In some cases? You know, there could be additional security concerns for remote. Ng direct into the box, definitely by no means am I advocating direct internet exposure for any sensitive system. I think that is unwise move while it might be the easiest way to get access to that system. It is also the most unsafe way. So as you, as you set these things up, make sure you’re taking all that into consideration that you’re setting up automatic updates that you are doing the local firewall that you are encrypting drives. If you can do that if you’ve got a Windows environment it’s you know, make sure turn on that bit locker um in chromebook, go into your G suite administration console and see if you can configure encryption on those chromebooks. Amy do you have any kind of pro tips if you will around drive encryption because I think that’s a that’s a huge component here as we take these devices out of our schools and out of our offices is maintaining that physical security should that device be stolen or compromised?

[00:36:36] Amy Mclaughlin: Well, you know I think the first tip is that now most devices come with encryption options already built into the operating system. So the easiest thing is to actually leverage what comes with the device and then make sure that you have a really solid plan for how you’re going to store the encryption key for each device because you’re going to get an encryption key when you encrypt the device and you’re going to want to um store it now in my environment, we actually record the encryption key and our active directory so we can track the encryption key back to the device and that way we know the device name and the encryption key and it’s in our inventory and we know where it’s deployed. So that’s my pro tip. Um I think making sure it becomes part of your inventory is really key so that you lock yourself out of the device. That’s going to create a lot of extra work.

[00:37:31] Ryan Cloutier: Yes definitely. So to kind of recap stay calm, think before you click your share, focus on your at home security, make sure you’ve done all you can to ensure your devices are up to date and you’re doing your part. So just like with social distancing, covering your cough, coughing into your elbow, you know all these different things that we’re doing right now to protect ourselves, our families, our loved ones in each other. Um we’re gonna make sure we’re doing those steps digitally as well and we want to keep our devices clean, we want to keep ourselves clean. Um we need to keep our accounts safe and take whatever measures are necessary to do so and we want to avoid taking shortcuts and you know my personal take on all this uh to all of you and to you amy as well as is to say this is the time to be kind to be calm, to be thoughtful and to be considerate. I know these might seem like foreign concepts given the current generations and times that we’ve lived in but no time in my lifetime has it mattered more than now to show a little kindness to each other. You know, people are going to get sick. People are going to be stressed. People are going to have challenges financially emotionally. This is an unprecedented time that we live in and I think it calls for unprecedented kindness and consideration. Amy in closing, do you have any kind of tips for folks on, you know, especially given your background in in mental health and and family therapy? Any tips for how to manage? I mean being stuck inside for you know, 14 plus days can be quite challenging. I know living in Minnesota just the winners alone. I mean we have a saying for it. It’s called cabin fever and most of us have been inside all winter already. So it’s, it’s even more intense for some of us,

[00:39:35] Amy Mclaughlin: it’s like an extended snow day. Right? So you know, my tips for folks with this. Um, first of all, give yourself adequate rest, make sure you’re getting enough sleep, make sure getting plenty of light and fresh air while we say, you know, stay home and socially distance. That doesn’t mean that you can’t sit out on the back porch. That means it doesn’t mean you can’t take a walk around the break, getting, you know healthy fresh air exercise. Um, and also finding ways to have social interaction. So we are fortunate that we live in a time where there is technology available to us pick up the phone and call your friend, pick up the phone and call a family member. Um you know, one of the interesting things is right now, there’s unprecedented levels of loneliness already. And then we’re now telling people to isolate themselves, but we’re talking about physical isolation, uh not um not social isolation in terms of conversation. So find other avenues to connect with people, right? Um and set up a video conference call or face time on the phone um and and take the time to get in touch and stay in touch with friends and family. And you know, I’m going to say that if you have pats, take the time to pat your pets. Um there’s some good data out right now that for example, covid doesn’t spread through dogs. You got a dog hide your dog. Physical touch is really healthy for us, petting cats and dogs and horses, goats, whatever you have access to is um very therapeutic. It’s been shown to reduce blood pressure and improve mental and emotional health. So uh and it’s important for us as social beings. So leverage that as an option as well. I think, you know, this is also a chance to um if you’re not for example commuting an hour each day each way each day, you know, take the time to spend time on relationships, you may not be able to see people in person, but connecting will help really ease some of that cabin fever.

[00:41:44] Ryan Cloutier: I think that’s just fantastic advice. I know my dog lucy has been a tremendous uh place for me to, to go to kind of decompress from the day, just giving her some pets and belly rubs. Um you know, it’s, it’s good for me, it’s good for her and and it just kind of improves the overall quality of life. So I think that’s really great advice. Well with that we’re gonna close uh this inaugural episode of the K 12 cybersecurity podcast, very serious topic today. But as we move forward, we’re going to continue to give you pro tips on how to keep yourself and your family safe from cyber crime, how to help your school organization get going and continue along on their security journey. You can follow along on social media. I’m @CloutierSEC on twitter amy, what’s your twitter handle?

[00:42:42] Amy Mclaughlin: My twitter handle is @LumosGravitas.

[