Ed Tech in Action: Panopto Playlists

Looking for a way to share multiple Panopto videos with a specific group?  Consider a Panopto Playlist.  Below are just a few examples of different Panopto Playlists used at DMU.

• Multi-part Videos – Several programs have used Panopto Playlists to combine lectures that were segmented into multiple recordings. This may have been due to a technical issue or a situation where the topic was just too large to cover in one 50-minute lecture.
  
  
• Trainings or Orientations – Clinical Affairs has provided their students videos to orient them for their clinical years, as well as training videos for some of our online tools. Student Affairs has also created training playlists for their student club leaders. In this approach, creating a series of videos that each cover a different segment of an overall topic, can help your viewers digest content at their own pace.
  
  
• Promotional Videos – Admissions has used playlists to group a series of promotional videos they send to incoming students. These videos were created with the help of current DPT students to show different areas at DMU, as well as points of interest in the surrounding area.

While these are a few notable examples of using Panopto Playlists, the options are limitless! Review our knowledge base articles to learn more about using Panopto playlists.

If you need any assistance, please submit a ticket with the Help Desk, or reach out to Kevin Peck on the Educational Technologies team.

Ed Tech in Action: D2L Assignment Types

Considering new ways to assess student learning?  Check out some of the different assignment options now offered in Desire2Learn! D2L recently added 3 new assignment type options: observed in person, text submission, and on paper submission. These assignment types will allow you to link a rubric and objectives and choose when to publish feedback to students just like file submission assignments.

Dr. Shannon Peterson has introduced “observed in person” assignments in the DPT CA Musculoskeletal Lower Quad course to assess two practical assessments. Having both the rubric and comments on one page makes it easy to use. Both can be accessed without extra clicks helping with the efficiency during testing situations. The rubric is simple to use and has two viewing options if you want to see the details of the grading criteria.

One challenge from a course coordinator perspective is viewing overall performance on the assignment before feedback is published for the students. A solution to this challenge includes “hiding” the assignment and the gradebook item from student view. Once you have reviewed the results and wish to make the feedback visible to students you again adjust the visibility settings for both the assignment and gradebook item.

Additional Tips:

• Rubric Permissions. When setting up the rubric for these assignments you can specify if the rubric should be visible for students to view before feedback is published. If a rubric needs to be kept private, you can also specify that a rubric should never be visible to the student.
  Rubric Permissions
  
• Groups. If you have multiple graders for an assignment split up the work using user groups. You can filter the list of students by user group using the View By options in the user search parameters within assignments.
  Create a Group
  Filter User Search Criteria

If you have any questions or would like to work through an idea for a future assessment, please contact the DMU Help Desk and we’d love to collaborate!

---

Ed Tech in Action: Zoom Polling

Feeling confident hosting your Zoom sessions and ready to try something new?  Give Zoom polls a try!  It’s an easy way to add an additional layer of engagement and interaction to your Zoom lectures and meetings.  Zoom’s polling feature allows you to add multiple choice questions and launch them directly in the Zoom application for formative assessment or to gather quick feedback from your students or meeting attendees.

The DMU Anatomy Department has shown great resilience in their ability to adapt instruction to an online format during the COVID-19 pandemic, including the use of Zoom polls.  Dr. Matz presented “Adapting Human Anatomy Instruction During a Pandemic: Lessons Learned and Future Directions” on February 16, 2021, as part of the CEE Faculty Development Series.

The Anatomy Department expanded use of Visible Body virtual anatomy software to supplement synchronous lab instruction delivered virtually through Zoom.  Lectures have also been delivered synchronously through Zoom, and Dr. Matz shared that many of the Anatomy faculty have had great success with Zoom polling for formative assessment.  Adding Zoom polls to a lecture helps break up the presentation, and students reported feeling more engaged.

Here are some tips for using Zoom polls in your courses:

• Practice.  Schedule a time with other faculty to take turns managing and responding to polls so you can see what Zoom polls look like from both the faculty side and the student side.
• Set expectations.  Let your students know you’ll be using Zoom polls and explain how they work the first time you use one.  If you’ll have a time limit for each question, let students know what it is or give a final warning before closing the poll.
• Generic/reusable poll question.  If your PowerPoint slides already contain multiple choice questions, you can create a generic Zoom poll to reuse, rather than creating a separate Zoom poll for each question.

Image from Dr. Matz’s Faculty Development Series presentation

For more information about Zoom polling, view our Zoom polling knowledge base article.  Or click here to request assistance with Zoom polling or other Zoom features.  To access a recording and slides from Dr. Matz’s presentation, visit CEE’s Faculty Development Series archive.

Increased Cyber Threats Due to COVID-19

Security agencies around the world are sounding the alarm as hacking groups and nation state threat actors are taking advantage of the COVID-19 crisis.  A joint advisory published last week by the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) shows that cyber-criminal groups are increasing attacks against individuals and organizations around the world with ransomware and malware.

Many of these attacks are phishing campaigns appearing to come from high level members of organizations tasked with fighting the threat of COVID-19.  One such attack appeared to be from the Director-General of the World Health Organization (WHO).

Preying on Fear

One of the main reason attackers have shifted tactics is related to the fear that this global pandemic has created.  The daily news cycle has given us plenty to worry about with stories of death, food and equipment shortages and an unknown timeline for resolution.

This climate of fear and uncertainty gives attackers a lot of leverage using our human behaviors and impulses.  It’s easier for attackers to trick users into making a mistake.  We are being overwhelmed with information and news that comes from the communications about the pandemic.

Remote Work Force

With stay-at-home orders and organizations moving non-essential personnel out of the office, we have a significant increase in full time remote workers.

Under normal circumstances IT departments with a focus on security work hard at keeping the corporate network safe.  Many layers of security controls are considered and constantly being re-worked to keep employees and information safe.

A lot of this changes with remote workers.  Organizations are less able to control what types of threats exists on home networks.  Attackers know that more workers are at home where the level of security is much lower.  They also know that since remote workers are connected directly to the organization via cloud applications and VPN’s, if they are able to compromise workers home networks, they can often get access to the connections being made to the organization.  This is why digital hygiene is so important not only in the workplace but also at home.

So, you may also be asking yourself how does this affect me and my work at DMU?  The short answer is that we have implemented some key measures to ensure that home networks are not a security vulnerability when accessing our organizational resources.  This is one reason why we require the use of DMU-issued hardware so that we can configure many of the security controls that keep you and the organization’s network safe.  The recent addition of two-step verification to our Office 365 environment and applications significantly reduces the risks associated with connections being made from home networks.  Our VPN also requires the same two-step verification which protects from attackers gaining access to our network.  Please be vigilant and contact our Help Desk if you notice anything out of the ordinary.

Healthcare and Education are Targets

Cyber-criminals are using the pandemic for commercial gain by using ransomware and malware to gain access to systems for profit.  Basic social engineering tactics are used by threat actors to trick users into carrying out a specific action.  For instance, phishing messages which automatically install a CryptoLocker ransomware application.  The phishing message is the social engineering, taking advantage of human error, and CryptoLocker is the malicious software.

The most lucrative businesses continue to be healthcare, finance and education.  These industries have valuable information.  Couple that with a distracted workforce from the pandemic and you can see why our industries (healthcare and education) are the among the most targeted sectors.

Your Responsibility!

You have a responsibility to help keep our organization safe and we can’t do it without you.  By working together, we can all increase our awareness and pay attention to the details in our digital communications.

By now we should all have some basic understanding of how threats enter our environment and what potential harm they may create.  Where our vigilance comes in, is understanding what attackers are going to try to use against us.  Right now, they are increasing the use of COVID-19 messaging to prey on our fears. This causes us to react quickly and make a mistake by clicking that button and giving away our personal information or installing something malicious.

Examples of phishing email subject lines from CISA and NCSC included:

• 2020 Coronavirus Updates,
• Coronavirus Updates,
• 2019-nCov: New confirmed cases in your City, and
• 2019-nCov: Coronavirus outbreak in your city (Emergency).

Our best line of defense is YOU.  Educate yourself on threats and take a step back to assess every digital interaction you receive to determine if it’s a threat.  Always verify you are on a company’s legitimate website before entering login details or sensitive information.  Through your diligence, you keep your personal information and our organization safer.

Here are some excellent tips for staying safe: https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats

https://www.us-cert.gov/ncas/alerts/aa20-099a

https://www.inforisktoday.com/uk-us-security-agencies-sound-covid-19-threat-alert-a-14085

by: Andrew Violet, Sr. Security Analyst
andrew.violet@dmu.edu

 

 

 

Differentiating Reality: The Difference between Augmented and Virtual Reality

Check out a recent blog post by Visible Body, which provides a great overview of virtual, augmented, and mixed reality.  Visible Body is currently available for all students in the zSpace labs here at DMU (SEC 211 and SEC 215)!

Want to learn more?  Contact Kevin Peck or Carlyn Cox.

Be Smart! Protect Your Connected Devices

Smart/IoT devices may be the panacea for consumer convenience. Do you want to know and change the temperature of your house or even your fridge remotely? There’s an app for that. Such devices also raise extreme privacy concerns about the data collected about you. Devices can track or discern details about your life based on usage and interaction. And that data could potentially be aggregated with data coming from other smart devices, painting a fairly robust and accurate profile of you and your life. My fitness-tracking device serves as my wake-up alarm. Not only does it track the time that I set for the alarm, it also tracks my interaction when I shut it off. Maybe your coffee maker tracks when you start the brew (mine doesn’t because I’m Coffee Old School). My car tracks what time I start it, how far I drive it, and the GPS location where I park it. These data points are provided to me as the consumer but are also presumably stored by the device provider. It’s only 9:00 a.m. and my smart world already has collected or observed several key privacy factoids about me. And where data exist, risk to data exposure also exists.

Devices geared toward consumers will continue to push convenience over privacy, and consumers will continue to call for greater connectivity and convenience. That means more connected devices and ongoing evolution for more information, interaction, integration, and automation. It’s no longer a question of whether your home devices should be connected. Instead, we need to proactively assess the risks of such connectivity. When those risks are greater than our threshold risk tolerance, we need to take steps to minimize those risks.

Take the following steps to protect yourself when you start using a new device:

• When you bring home a new consumer device, check to see if it’s transmitting. Ask whether you need that device to be connected. What are the advantages of having your fridge broadcast the whereabouts of your cheese? Is the potential to activate remote maintenance with the device provider important to you? Do you want to interact with that device remotely? Then by all means, keep that connection. If you don’t need the maintenance options or to monitor or interact with the device remotely, turn off the device’s connectivity.
• Periodically scan your networks to make sure you know and manage what’s online. If you want devices to be connected, be proactive. Find out how they connect; how devices are patched; what the default security settings are; and what data are collected and how/when/where the data are transmitted. Protect your home wireless network(s) with strong password management, active maintenance practices, and vigilance.
• Use the same cybersecurity hygiene on your smart devices that you use on your computer. While it may be revolutionary that your car is now essentially a computer on wheels, it’s still just a computer. You don’t have to become a cybersecurity expert, but you may want to find a few trusted sources of security advice for consumers.

It’s time to get smart about your devices, manage them appropriately, and reap the rewards of their convenience.

Mobile Device Security Tips

As you embark on a new school year, it is a good idea to pay attention to the security of your mobile device.  With an increasing amount of sensitive data being stored your personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your mobile device is stolen or misplaced.

• Encrypt sensitive information. Add a layer of protection to your files by using the built-in encryption tools available on your phone or tablet.  Some phones just need a password to enable encryption.  Others require you to specifically turn on encryption.  Refer to your device documentation for more details.
• Secure those devices and backup data! Make sure that you can remotely lock or wipe each mobile device. That also means backing up data on each device in case you need to use the remote wipe function. Backups are advantageous on multiple levels. Not only will you be able to restore the information, but you’ll be able to identify and report exactly what information is at risk. (See Good Security Habits for more information).
• Never leave your devices unattended in a public place or office. If you must leave your device in your car, place it in the truck, out of sight, before you get to your destination, and be aware that the summer heat of a parked car could damage your device.
• Password-protect your devices. Give yourself more time to protect your data and remotely wipe your device if it is lost or stolen by enabling passwords, PINs, fingerprint scans, or other forms of authentication. (See Choosing and Protecting Passwords.) Do not choose options that allow your computer to remember your passwords.
• Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing them away.
• Be smart about recycling or disposing of old computers and mobile devices.Properly destroy your computer’s hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
• Verify app permissions. Don’t forget to review an app’s specifications and privacy permissions before installing it!
• Be cautious of public Wi-Fi hot spots (e.g., hotels or coffee shops). Avoid financial or other sensitive transactions while connected to public Wi-Fi hot spots.
• Keep software up to date. If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities. (See Understanding Patches and Software Updates.)

What can you do if your laptop or mobile device is lost or stolen? Report the loss or theft to the appropriate authorities. These parties may include representatives from law-enforcement agencies, as well as hotel or conference staff. If your device contained sensitive institutional or student information, immediately report the loss or theft to the ITS Help Desk so we can act quickly.

Safeguarding the Nation’s Critical Infrastructure

Our essential utilities, food production and communication services all make up the nation’s infrastructure, which we use every day and often take for granted. These services are made possible by having a robust, available and ubiquitous internet.  Without the internet these services cannot work together.

So what do we do to help?  Few of us are tasked with the responsibility of managing functions that are part of the cyber infrastructure.  As an individual the best thing we can do is make sure we don’t become part of the problem or become a “vector of compromise” that may put other people or businesses at risk.  Personal computers and mobiles devices are what make everything run.  It is our responsibility to ensure our personal habits make these devices secure.

Endpoint Security {Formerly Antivirus Clients}

While we have all heard of antivirus software, cybersecurity attacks have gotten more sophisticated and we need these services to step up their game.  Modern endpoint security now includes functions of antivirus, malware detection, browser security, VPN, forensics etc.  Hence why we no longer call them antivirus clients and instead call them endpoint security clients. I mentioned that our devices are what make everything run and by themselves are not inherently secure.  Many devices such as our phones and personal computers do not come with any sort of security, thus requiring us to ensure we have this in place.  There are a lot of choices ranging from free to paid, and having something is better than nothing.  Take some time to properly secure your personal devices.

Virtual Private Networks {VPNs}

Many of us have had the opportunity to use a VPN at work to safely remote in and access sensitive resources.  VPN’s are a security technology that create a secure encrypted tunnel between your device and a remote network.  A VPN ensures that any traffic you send over the internet cannot be seen while in transit.  These same technologies are available for you to use at home at minimal cost.  A personal VPN can perform a lot of functions such as hiding your IP address and location, encrypting all of your communications and preventing third parties from tracking your behavior.  VPN’s can be a really great tool for protecting yourself while online.

It’s Everyone’s Job to Ensure Online Safety at Work

Security awareness training is one of the most critical components of an educated workforce when it comes to cybersecurity.  The university has both a compliance requirement to train our employees and also a responsibility to give you the tools necessary to be safe online citizens.  We want to teach everyone to be good information stewards that protect you and our information systems.  Our security awareness training covers topics ranging from password basics, email and messaging safety, and general cybersecurity.  Take security awareness training a step further by having conversations with your colleagues and other professionals on how they stay safe online.

Email continues to be one of the most dangerous vectors for attack in our organization.  One of the tools that we have for education is monthly phishing training.  These phishing simulations are designed to mimic real world emails that are attempting to gain your valuable information.  According to the Symantec 2018 Internet Security Threat Report, by the end of 2017, the average user is receiving 16 malicious emails per month.  We need all members of our organization to be proactive in the ongoing battle against phishing.  It’s a big risk and why we take phishing very seriously.  Take some time to learn more about phishing methods and what you can look for to avoid being the victim of an attack {Check out our Blog Post on Protecting yourself from phishing attacks!} .

Here at DMU, we have dedicated staff who understand our technology and needs for security.  If you ever have a question related to security you can always reach out to our Help Desk, Security Officer (Keith Grey) or Security Analyst (Andrew Violet) to point you in the right direction.

Cybersecurity Risk and Safeguarding Our Data

Cybersecurity risk has increased exponentially as the business applications and tools that we use store more of our data.  Strong cybersecurity practices are vital within today’s organizations.  There a few important areas that our organization can focus on to increase overall cybersecurity effectiveness.

The Human Element

Des Moines University is certainly not immune to the possibility of attack and is in fact, frequently a target. While we have many systems in place to stop and prevent attacks from having an impact, other types of attacks such as phishing and social engineering are extremely effective in gathering information that malicious attackers can use against us.  This is why education and training are so important when dealing with attacks that target people.  Train yourself to always be vigilant and always question emails or people who ask for your personal information.  Using multifactor authentication (MFA) to access your personal and business resources, mitigates your risk almost completely.  We strongly encourage use of MFA whenever possible.

Data Classification

As a business we also need to realize that cyber security is expensive, and not always completely effective.  One effort that everyone can get behind is data classification.  Data classification allows organizations to determine the most critical types of information and design security controls that use financial resources wisely.  For instance, data with a public classification is going to be much different than data with a confidential classification.  The organization will only need to focus on security for confidential data and the places where it lives, whereas public data needs little to no security.  This is an extremely simple example of data classification but important to point out as an organization continues to develop and mature with regards to cybersecurity.

Incident Response

It’s inevitable that incidents will arise in our organization.  It could be something as simple as an accidental record disclosure, a disgruntled employee or a complex and massive data breach that makes thousands of confidential records public.  While we have many systems, polices and training that help safeguard data, it’s important to have an incident response plan.  The goal is to handle any incident in a way that limits damage and reduces recovery time and costs.  By having a well thought out and tested incident response plan, the organization can be better prepared when an issue is presented.  If you suspect a malicious attack reach out to helpdesk, IT security or a leadership member. We want to get the incident responders involved as soon as possible.  This will lower the overall impact to the business.