Embedded Files
Wish you knew encryption better? Come discover tools you can use. Safeguarding sensitive data is everyone's business. Don't wait for an "enterprise level solution" that you are unable to afford. Protect confidential info with free tools you can start using today.
Wish you knew encryption better? Come discover tools you can use. Safeguarding sensitive data is everyone's business. Don't wait for an "enterprise level solution" that you are unable to afford. Protect confidential info with free tools you can start using today.
Resources
Resources
Protecting Confidential, Personally Identifiable Information (PII)
Protecting Confidential, Personally Identifiable Information (PII)
District Tools for Securing Confidential Files for Transfer
District Tools for Securing Confidential Files for Transfer
If you are an IT Director, you may be called upon to transfer files in a secure manner. In school districts, there are several ways to accomplish that. Each way is briefly explored below and solutions offered.
If you are an IT Director, you may be called upon to transfer files in a secure manner. In school districts, there are several ways to accomplish that. Each way is briefly explored below and solutions offered.
1- Secure FTP Solutions (Automated)
1- Secure FTP Solutions (Automated)
This approach entails creating an encrypted conduit through which unencrypted files will be transferred from a server or your computer on a nightly basis. You will need to be able to automate this process and rely on a secure File Transfer Protocol (sFTP) solution or FTPs (read how sFTP is different from FTPs). This may entail you purchasing and implementing a secure FTP solution on a district server outside the firewall.
Server Side sFTP Solutions
Client Side sFTP Solutions
WinSCP (other clients)
Some of the features most need include:
Automating the transfer of files from one server to another
Securing the files with encryption (e.g. GPG/PGP)
Verification that files were sent and received
Encrypted transfer of files
2-PGP/GPG File Encryption (Automated / Manual as needed)
2-PGP/GPG File Encryption (Automated / Manual as needed)
Using a Pretty Good Privacy (PGP) or open source equivalent (GPG), such as OpenPGP Encryption Tool (GoAnywhere MFT for automated encryption). You can write scripts that automate this using PowerShell if on Windows or other solutions if on GNU/Linux or Mac. Exploring the use of scripting solutions for data encryption is beyond the scope of this webinar.
Some have eschewed this approach in the favor of an sFTP solution or simply encrypting data using a tool like 7zip or SSE (Step 3) with AES-256 encryption (more on that below).
3-Virtual Private Network (VPN)
3-Virtual Private Network (VPN)
"A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network" (Wikipedia).
When we talk about using a VPN in a school setting, we're not discussing consumer-level VPN tools like those used for individual protection.
Some solutions in use in Texas schools:
Cisco VPN or appliance (Cisco Firepower 2110)
Microsoft Direct Access (popular)
Palo Alto Networks (popular)
How Secure Is Your Email? Data?
How Secure Is Your Email? Data?
Turn On Two-Factor Authentication Tutorials
Protecting Confidential, Personally Identifiable Information (PII)
Protecting Confidential, Personally Identifiable Information (PII)
Personal Tip: Try Firefox with the Multi-Account Container, which allows you to group your browser cookies. This prevents one site from spying on you while you are looking at another (Facebook does this, as do many other sites). Try privacy add-ons, too.
Encryption+SecureFTP in Schools
Encryption+SecureFTP in Schools
Need to encrypt using public/private key encryption tools that are compatible with PGP/GPG? Consider GoAnywhere's Open PGP Studio for Windows, Mac, or GNU/Linux computers. GoAnywhere also offers a Secure File Transfer Protocol (FTP) solution.
Protect Yourself on the Go
Protect Yourself on the Go
Virtual Private Network (VPN)
Virtual Private Network (VPN)
"Virtual Private Networks provide an important element of privacy protection for users," Electronic Frontiers Association says. . .VPNs [are] one of the most effective tools for protecting privacy when using the Internet, due to the degree of anonymity they provide when accessing online services.
Computer (Mac/Windows)
Computer (Mac/Windows)
Encrypted Files/Folders...
On a hard drive (external/internal): Veracrypt
Individual files/folders: Secure Space Encryptor
Encrypted End to End Messaging via Your Computer: Signal
Encrypted Email: ProtonMail.ch* via web or Thunderbird
Virtual Private Network (VPN): Private Internet Access
Browsers and Tools:
Tor Browser: Offers protection. Use with VPN
Duck Duck Go: Offers protection from searches and malware, includes browser extension and app for phone
Chrome Browser with LockPW Free: Lets you lock your browser when you're away from it and upon startup:
Password Management: Keepass2
File/Folder Shredding: Use File Shredder or Eraser
*Cost associated, usually approx. <=$50 annual
Mobile Phone (Android/iOS)
Mobile Phone (Android/iOS)
Encrypted End to End Messaging: Signal
Encrypted Files: Secure Space Encryptor app
Encrypted Email: ProtonMail.ch*
Virtual Private Network: Private Internet Access*
Search Engine/Secure browser: Duck Duck Go
Block RoboCallers/Spammers: Should I Answer, TrueCaller, and Hiya
Password Management: KeepassDroid
Check vulnerabilities on your phone: NYC Secure
*Cost associated, usually approx. <=$50 annual
Chromebook
Chromebook
Encrypted Email: ProtonMail.ch via web
Virtual Private Network: Private Internet Access
Lock Your Chrome Browser: LockPW Free
Duck Duck Go Privacy Essentials for Chrome: Offers protection from searches and malware, includes browser extension and app for phone
Encrypted Emails and Email Click Tracking Tips
Encrypted Emails and Email Click Tracking Tips
Privacy
Virtru Email Encryption - Encrypt email messages you send to anyone (e.g. Gmail, Yahoo, etc.)
Flowcrypt - Encrypt email using public/private key encryption (a.k.a. GPG/PGP)
Mailvelope - Another way to encrypt email using public/private key encryption
Protect Yourself Against Click-Tracking Tools
Protect Yourself Against Click-Tracking Tools
Pixelblock - Block others from seeing if you've read their messages.
Uglymail - Works similarly to Pixelblock. "Ugly Email is a Gmail extension that allows you to see if the email is being tracked before opening it. It seamlessly integrates with Gmail."
Click-Tracking Tools (only first two are free)
Click-Tracking Tools (only first two are free)
Sidekick Email Tracking - A free tracking tool for your email, as well as scheduling when emails are sent. 200 emails for free.
GetNotify.com - Add .getnotify.com to the end of email addresses your writing to (e.g. mreynolds@gmail.com.getnotify.com) and this will track emails sent. You'll need to get a free account. Has a different approach but works! And, no cost!
MxHero - This was my favorite for a long time, but the time came to pay for it, and I wasn't willing to do that."features include open and URL click tracking, attachment tracking, self-destructing emails, email read receipts and the ability to schedule an email for later"
MixMax - Another nice tool that allows you to embed polls as well as do all sorts of neat stuff.
Boomerang Read Receipts for Gmail - Just like the other services, you can take advantage of a free feature.
Bananatag - Another click-tracker. "It's free for 5 messages a day, but $5 a month gives you unlimited tracking" viaLifeHacker
ContactMonkey - Free version includes 100 emails a month.
Bananatag - An aggressively priced email tracking tool. Check their pricing!
Yesware Email tracking - A Chrome add-on, includes free two month trial with limited features afterwards at no cost or at great cost otherwise! (smile)
MailTrack for Chrome - This is another alternative. It didn't work all that well for me, but I had several others going at the same time.
Protecting Confidential Email Attachments
Protecting Confidential Email Attachments
“I’m working with a few schools. They only wish to send password protected files. The files will go outside their organization,” says John M., a Google Certified Trainer*.
“I’m working with a few schools. They only wish to send password protected files. The files will go outside their organization,” says John M., a Google Certified Trainer*.
“From a Windows machine, that’s fine. But we’ve moved to a Chromebooks-only environment. How do you add a password to exported files, like DOCx or PDF, that get sent via email?”
One web-based tool you can use includes FileLock.org. This works in a similar way to PTE and FourmiLab. You access a website, select a file on your Chromebook (e.g. DOCx you’ve saved from a Google Doc), and then encrypt it.
One web-based tool you can use includes FileLock.org. This works in a similar way to PTE and FourmiLab. You access a website, select a file on your Chromebook (e.g. DOCx you’ve saved from a Google Doc), and then encrypt it.
Then you attach the encrypted file to your Gmail message (as shown below).
Then you attach the encrypted file to your Gmail message (as shown below).
How Do I secure an entire G Suites for edu?
How Do I secure an entire G Suites for edu?
My district uses Google Forms to collect parent and student data. This includes names, birth dates, phone numbers, and emails. Should I be worried? I know Google says it’s the school’s responsibility. Do you see any issues with security regarding sensitive data?
My district uses Google Forms to collect parent and student data. This includes names, birth dates, phone numbers, and emails. Should I be worried? I know Google says it’s the school’s responsibility. Do you see any issues with security regarding sensitive data?
--Christi
Option #1 - Cloud Encryption Tools (client-based)
Option #1 - Cloud Encryption Tools (client-based)
The easiest solution (which isn’t that easy) is to avoid placing sensitive, personally-identifiable information online in a public folder where it is unknown who has access to it. If you must place sensitive data in the cloud, encrypt the file first. Once the person has obtained the file, remove the file. At no time should a decrypted file be placed online in cloud storage or emailed as an attachment.
Two commercial solutions districts can use for encrypting data stored in the cloud include Cryptomator and Boxcryptor.
A free solution is Secure Space Encryptor (SSE) from Paranoia Works. It’s free, open source, and works on Mac/Win/Linux/Android. It also features text encryption for iPad.
You could use this because it allows you to encrypt files/folders. If the files/folders you are encrypting save to a “sync to cloud” folder (e.g. Dropbox, Google Backup & Sync, OneDrive), then that data is encrypted.
Option 2 – Invest in a Solution that Scans Your G Suite Domain
Option 2 – Invest in a Solution that Scans Your G Suite Domain
Both solutions offer a variety of features, essentially scanning your cloud storage provider (e.g. Google Suites for Education or Office 365) for sensitive data. What’s more, additional rules can be set up to restrict placement of sensitive data online to prevent or quickly catch rule violations.
You will want to explore these solutions through an official request for proposals (RFP) process aligned to your particular district’s processes and procedures.
Did you knowb4?
Did you knowb4?
A big part of protecting data involves avoiding situations, like phishing expeditions, that attempt to capture your username and password. Some school districts are turning to solutions like KnowB4, which provides security probing and awareness training. For example, a false spear phishing attack is launched against employees with the organization’s permission.
This simulated attack is done without notifying the employees first. One district, for example, “sent out a baseline test to 4,390 staff and 924 clicked on it.” The district later reported that they suffered an actual attack, not simulated by KnowB4. Only one person was compromised. From 924 to one is quite an improvement.
Page updated
Report abuse