Technology Tips: February 2023 Edition

#Tips

Skyward IT Services

by Skyward IT Services

Skyward IT Services Network and Infrastructure Security Specialists

Read time:

Follow the 3-2-1 backup rule

Do you have a solid disaster recovery plan in place? The time to answer that question is now—not when you find out you need it. If you want high security for your data, we recommend following the 3-2-1 rule. It’s a best practice suggested by the United States Computer Emergency Readiness Team for all computer users who want their data secure and protected (and we think that’s all of us!). Here’s how it works:

3: Keep three copies of any important file—one primary and two backups.

2: Store the files on two different media types to protect your data against various types of hazards.

1: Be sure to store one copy of your data offsite.

If you’re looking to up your security game, make sure you and your team are aware of these 5 security threats.

Apple Activation Lock

For anyone who has ever had their Apple tech lost or stolen, Activation Lock sounds like a dream come true. When setting up your Find My, Activation Lock turns on automatically, preventing anyone else from grabbing your device, wiping it, and reactivating it for themselves. Where this starts turning into a nightmare, however, is when trying to offload these devices in private sales. Without the original Apple ID and password, the devices may as well be bricked, and thousands could wind up being scrapped or landfilled.

Here are a few best practices to remember:

For work-managed devices, invest in a mobile device management system that can handle the deactivation of multiple devices. Ensure that staff and students aren’t using their own private Apple IDs on their devices.
Check for Activation Lock before finalizing a purchase from a third party or private seller. Before finalizing your own sale, ensure that you’ve deactivated Find My/Activation Lock yourself.
If you suspect you may forget your personal device password at any point, use an encrypted password-keeper app to keep your Apple ID (and the dozens of other passwords you use across the web) safe, but available.

SH1MMER update

Last month we talked about a Chrome OS exploit called SH1MMER. In an interesting turn of events, K12TechPro reached out to the group of students (yes, students) responsible for creating and distributing information about this exploit, which allows the user to unenroll their Chrome device from the school’s org management.

Go read their fascinating takeaways, but for the tl;dr folks with things to do, here’s an actionable summary:

Students felt their privacy was invaded
Students devised an ill-advised workaround
It caused a bunch of problems

As K12 IT pros, and adults in charge of students in general, there are guidelines we follow to keep kids safe. FERPA, COPPA, CIPA, and more govern the policies and systems we build to accommodate digital education. But two things can be true at once, and while what these students unleashed was deeply uncool, we can still listen to the “why” behind it all.

While preserving the ins and outs of device security, take an opportunity to discuss how device monitoring keeps students safe online. You might just head off the next big exploit reaction from teens feeling stifled by rules (but if not, you tried).

Malware of the month

Everyone’s favorite AI is making malware.

With the massive surge in popularity that OpenAI’s ChatGPT has been seeing over the past few months, questionable uses for the AI bot have been cropping up just as fast. Security researchers at an identity protection firm were able to get functional malware code by using ChatGPT’s API and demanding that the bot provide specific answers to requests that would normally get rejected by the content filter. Not only that, but if a target was able to set up defenses against the malware, additional commands to ChatGPT could create different mutations of the code to bypass security measures as many times as needed.