Online Safety with Email

Lessons on online safety often focus on cyberbullying, predators and privacy. But there’s another realm of digital citizenship that’s equally vital for students to understand: online scams and hacking.

Internet hacking, which costs consumers and companies an estimated $445 billion dollars a year, rarely has anything to do with your computer’s hardware or software. Most of these scams rely on social engineering, where hackers dupe people into opening attachments or clicking links in email. 

Some hackers are looking to steal identities while others are skilled at tricking people into sharing sensitive financial information. Regardless of the type of scam, most are not that sophisticated and can be prevented by taking simple precautions. 

Share these five email red flags with students so they know how to stay secure online.

1. Not even PDFs are safe. If you receive an attachment from an unknown sender, be wary. Even if your antivirus scanner reports the file safe, there could be macros embedded in the file that launch malware or Trojans, which let hackers see and control all your files and keystrokes. The only file type that is always safe to open is TXT.

2. Closely examine the URL. One clue that an email is malicious is if a company name in the URL is misspelled. But it’s not always easy to tell. An “r” next to an “n” looks a lot like an “m.” So make sure that the email in your inbox is actually from Microsoft not rnicrosoft.

3. Check the time. Was the email sent at an odd hour? If you receive an email from a friend or colleague at 4 a.m. and that seems out of character, look for other clues that the email is phony. 

4. Don’t be fooled by urgency. If an email message demands immediate action, slow down and think. Take the time to verify the request. When in doubt, throw it out!

5. Hover over the link. Does the sender’s logo look legitimate but the email still seems fishy? Rest your mouse over hyperlinked words to see the actual URL. You might be surprised that it looks nothing like the address of a legitimate sender.

Minecraft 102 (or The Family that Plays Together, Learns Together)

So by now, most have heard of Minecraft. Many have seen their children playing it at home and may have even heard kids talk about playing it at school. I first saw my grandkids using it eight years ago, when the game arrived on the scene.

For those unfamiliar with Minecraft, it’s a block-building game designed to engage kids on various adventures in the process of building structures in the Minecraft world. Watching my grandkids play intrigued me, and I did what anyone with curiosity would do; I asked the kids questions, like, "What are you doing?" and "Why are you doing it that way?" My interest in learning and teaching prompted me to ask them what they were learning while playing. They almost always answered, "I don't know" or "nothing."

That’s not an unusual response. The fact is, kids don't always realize they are learning critical thinking skills as they "play" the game. For example, building certain structures in Minecraft requires trial and error. I watched as my kids struggled through several iterations to complete a bridge-like structure. The process taught them how to layer and stagger bricks to make the construct stand up, a basic engineering concept not easily articulated to elementary school children. But they learned it by doing it.

This is why teachers will always be a necessary component of the learning process, not as a “sage on the stage,” but as a "guide on the side." Learning by doing, or project (or problem) based learning is often used by teachers to supplement and enrich students’ learning.

Today, my youngest grandson is 7 and recently started to play the game and figure out how it works. In order to play alongside his son, his dad researched and learned how to setup a Minecraft Server. Now father and son collaborate and work together, building and exploring in the world of Minecraft.

I continue to be amazed at the engagement of the program, the numerous elements of STEM incorporated in the learning, and how this engagement and learning spanned any age or generation. While Minecraft can help students learn many academic skills, it does so much more. It builds collaboration among students and even within families. I highly encourage families play games together, whether online or in real life, as whatever new thing we do together builds familial ties (or collegial ties in the business/education world), strengthens our relationships and makes us all collaborative life-long learners together.

Are You Ready for the Next Disaster?

Lately the news has been rife with disasters: fires, floods, hurricanes, earthquakes and mudslides all within just the last few months. And then there is the looming threat of terrorist attacks including nuclear missiles from North Korea, not to mention a hardware failure of your critical server(s). Is your business ready to sustain any of these events, and remain viable, continuing operations? Even more insidious, and with a much higher likelihood of happening on your network systems, are the threats from the internet, such as spyware, ransomware, worms, virus’s, DDoS, and data leaks or breaches.

One thing we learned from 911: the businesses that came out OK were those that had business continuity plans that included maintaining off-site backups of their data. Many companies without usable backups never recovered and were out of business. In the last few years, the threat of cyber-crime in the form of spear-phishing, phishing, CEO fraud, hacking and ransomware have been in the headlines usually resulting in many large corporations reporting data loss, data leakage, and huge financial losses. Costs for ransomware have grown 350% since 2015, up from $350 million to $5 billion in 2017.

Today many options are available to mitigate the risk of disaster. Individuals can use tools like Carbonite, whereas enterprise organizations might want to look at DRaaS (disaster recovery as a service) or complete hosting in a private, virtualized cloud network, such as IaaS (Infrastructure as a Service). In between there are solutions, such as backing up your data to an off-site warm location using Veeam. The best of these solutions involve moving data to the cloud, which is no longer an option; it’s a requirement.

To protect against cyber threats, anti-virus/anti-malware software should be implemented, but even with those protections, it is likely not enough. With social engineering tactics used by cyber-criminals, through phishing and spear-phishing exploits, as well as the “drive-by” payload dropped on your systems simply by visiting a compromised website, your only real defense is training staff to be vigilant and aware of the tactics the hackers use. Annual security awareness training and regular inoculations of staff are the only way to maintain a human firewall.

In order to choose the right solution, there are many considerations, such as cost, how much of your critical data is necessary to recover from a disaster and how quickly you need to resume operations. These are measured by RTO (recovery time objective) and RPO (recovery point objective). To determine these objectives, analyze your data transactions. For example, how frequently does your data change? If it’s minimal -- on a hourly or daily basis – then your RPO can be longer than an organization whose data changes by the second. The other question is how quickly do you need to be back up and running (RTO)? If you are losing millions of dollars per minute, then your systems need to be back online within minutes or less.

Once you have determined which method of backup to use, whether it is a real-time set of systems running in tandem from two disparate locations (always on availability groups) or high availability, or simply running a nightly Veeam backup to a warm site, you’ll want to make sure you select a vendor who can meet your SLA (service level agreement) based on your RPO and RTO.

Some of the larger cloud hosting companies (Amazon’s AWS, Microsoft’s AZURE, Google Cloud) can do quite well, but you may have difficulty getting the support you need from a larger provider. Finding the right balance between a reliable host who can meet your needs and provide you with the level of hands-on expertise and support is a challenge. Research the vendors thoroughly so you are comfortable with their capabilities and establish a working relationship. A high availability system running in tandem in two disparate locations will give you the best RPO and RTO but it can be costly. A thorough cost/business analysis is definitely in order.

When starting out, consider moving to the private cloud using Veeam backups to a warm site. You may be tempted to start replacing your data center hardware as the refresh cycle comes around. Don’t! This is your opportunity to have your provider spin up some virtual servers, saving you hardware replacement costs going forward and improving your disaster readiness footprint. Over time, you can become completely virtualized in a private cloud environment. Once that has been completed, you can upgrade to a high availability, fully synchronized, real-time live secondary system with automatic fail-over. That is the ultimate solution for a company that requires up-time no matter what happens and data that is as current as can possibly be.

Remember, the IT component of your disaster recovery plan is only one small but important piece of the plan. If you don’t have a DR Plan, get one. The main components of a DR Plan are: safety and security of staff and visitors, communications (to staff, customers, public), and finally, business resumption. You won’t be able to resume business without a solid IT backup solution.