Multi-factor authentication for Office365

You’ve probably seen a wealth of reports in the past couple of months regarding the stealing of intimate photos of celebrities and the subsequent posting of these images online. It’s believed this was made possible through the use of third party software which obtained the users’ login id and password, one way of preventing this from happening is to implement multi-factor authentication (or two-step verification) to stop the tool from being able to infiltrate the relevant service’s internet storage.

Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.

This addition of multi-factor authentication is part of Microsoft’s ongoing effort to enhance security for Office 365, and they’re already working on Office desktop application improvements to Multi-Factor Authentication for Office 365. Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customise their security preferences.

After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at the next login. Each subsequent login is enforced and will require use of the password and second factor of authentication, any of the following may be used for the second factor;

  1. Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
  2. Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
  3. Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
  4. Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
  5. Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.

mfa_01

It may not be intimate photos (we hope not!) that are stored in your Inbox or OneDrive but the risk is the same – could you afford for your account to be compromised, what are the consequences of somebody obtaining your user id and password? To find out how multi-factor authentication for Office365 can help eliminate this risk contact us on 01695 731233 or drop us an email to sales@virtuetechnologies.co.uk

Anti-bullying Week – Supporting schools with e-safety and Ofsted best practice

In light of Ofsted’s 2014 e-safety briefing and inspection framework, Impero considers:

  • Why is it important to support pupils and staff facing e-safety issues?
  • What mechanisms should a school have in place to facilitate this?
  • How can schools improve learning in line with Ofsted’s framework

Facilitating Ofsted best practice

Ofsted identifies key areas for inspection, including the behaviour and safety of pupils; the learning and achievement of pupils; the quality of teaching, learning and leadership; and a strong focus on moral, social and cultural development. Born in the classroom, Impero Education Pro has been specially developed in direct response to Ofsted best practice, e-safety concerns, and the changing demands of modern education.

Improve the behaviour and safety of pupils

Research carried out by Impero suggests that adopting a managed approach to technology is better than blocking access altogether. Ofsted shares this view of accountability. Allowing access encourages students to learn how to navigate the web safely and take responsibility for their own behaviour, whilst monitoring ensures tutors are in control of their classroom and prepared to act, if required. With Education Pro, acceptable use policies can be displayed to reinforce the school’s rules for acceptable use.

Monitor progress and check pupils’ understanding

Ofsted are keen to see that tutors undertake effective methods to track pupils’ progress, both throughout lessons and over time. Monitoring on-screen activity provides a quick view of student progress against a session’s learning objectives. The functionality to set exams in a controlled digital environment, receiving live feedback throughout, also helps tutors to monitor progress; this quick snapshot means tutors can alter tasks, tailoring them to the specific abilities of each individual. Electronic exams are automatically marked and can be saved, and the results of quick questions are instantly presented in a pie chart, enabling tutors to evaluate learning from a centralised record over time.

Capture, document and report evidence

Ofsted judge behaviour based on evidence documented over time to determine whether schools manage behaviour effectively. Using Education Pro, schools can record a complete log of all network activity, including any inappropriate behaviour or misuse, to be used as evidence. Video recordings and screen shots can be used to prove misconduct, and the Confide system stores all reports from concerned students, to help schools analyse change practice.

Engage learning and increase communication

Low level class disruption is also considered by Ofsted during inspections. Live thumbnails of student screens provides a bird’s-eye-view of classrooms and computer suites to ensure technology resources are being used appropriately. Tutors can discreetly send a message to a misbehaving student to prevent disruptive behaviour from escalating, or check their understanding from afar. Conversations can be created for selected groups of students to aid collaborative learning and group discussions.

Prevent and tackle discriminatory and derogatory language

The effectiveness of a school’s actions to prevent discriminatory language is also highlighted by Ofsted. Impero Education Pro’s key word abuse libraries scan for terms, phrases and acronyms to help identify abusive or concerning use of language. Schools can actively monitor for localised trends specific to the school, recognising patterns, such as gang-related terminology, or equally, a student at potential risk.

Ofsted and e-safety

Young people are becoming more deeply engaged with technology at an earlier age than ever before. In Ofsted’s 2014 briefing ‘Inspecting e-safety in schools’, it was reported the time spent online by children aged 12-15 had risen from 14.9 hours a week in 2011 to 17.1 hours in 2012. The briefing also documents that 28% of Key Stage 3 and 4 students had been deliberately targeted, threatened or humiliated by an individual or group through the use of mobile phones or technology; for over a quarter of these students, this abuse was classed as ongoing. These statistics prove that as technology becomes more accessible to young people from an earlier age, the potential for associated online risks is magnified.

The Ofsted briefing also refers to research executed by Ofcom, which reports that 83% of young people aged 8-11 and 93% aged 12-15 feel confident that they know how to remain safe online. So, if this is true, why should schools still be concerned with e-safety? It is important to consider that although young people may feel confident staying safe whilst navigating the web, this confidence is not necessarily teamed with due caution.

Supporting pupils and staff when dealing with e-safety

E-safety has always been held at the core of Impero’s software products for education, and in recent years the classroom management software company has developed a specialism in the field of e-safety. The latest developments to the e-safety functionality available in Education Pro and Classroom Manager enables teachers, students, and schools as a whole, to manage e-safety in line with best practice.

Ofsted believes in ‘the promotion of safe practices and a culture of safety, including e-safety’. It categorises e-safety risks into the three following areas: content, conduct and contact. And with 40% of Key Stage 3 and 4 students admitting to witnessing a ‘sexting’ incident and 40% of the same group not considering topless images inappropriate, recognising these areas has never been so vital.

Ofsted’s three areas of risk

ofsted_infographicss_export68000

  • Content: ‘being exposed to illegal, inappropriate or harmful material.’
  • Conduct: ‘being subjected to harmful online interaction with other users.’
  • Contact: ‘personal online behaviour that increases the likelihood of, or causes, harm.’

Impero’s work with the Internet Watch Foundation (IWF), the Anti-Bullying Alliance (ABA), Beat, and partnership schools has also raised these e-safety areas of risk. This research revealed that young people have easier access to potentially harmful material, such as ‘pro-ana’ websites (websites encouraging the eating disorder anorexia). This first-hand information has helped with the development of keyword detection libraries based on bullying, grooming and concerning behaviour. The software cleverly highlights when a user has typed a word, phrase or acronym that may suggest exposure to potential risk, whilst the glossary of key word definitions means educators don’t need to be experts in 21st Century slang to identify a risk.

In Impero’s recent e-safety survey conducted through Facebook (link), it was discovered that an alarming 35% of students had circumnavigated online blocks designed to prohibit access to websites of an inappropriate nature. As an alternative, monitoring helps schools to take a managed approach to technology, as opposed to locked-down. Students can be entrusted with access to resources, whilst monitoring of activity fuels a change in behaviour, deterring misuse in the first instance. E-safety risks are not unique to the internet, however, so Impero’s key word detection monitors everything on a school’s network, and the logviewer keeps a centralised record of this. 

Effective reporting channels

Ofsted’s briefing goes on to highlight a sexting survey conducted by South West grid for Learning (SWGfL) which revealed that 74% of 11-16 year olds would prefer to report issues to their friends rather than a ‘trusted adult’. For this reason, Ofsted encourages robust reporting channels. It can be difficult for vulnerable young people to speak up if they are being bullied, feel threatened, or if an issue is worrying them. This is reinforced in Ofsted’s briefing, which reports that pupils with special educational needs are 16% more likely to be victims of online abuse, and those from lower socio-economic backgrounds are also 12% more likely to be bullied online.

Available in the latest version of Education Pro, the Confide button provides an anonymous method of disclosure to give vulnerable students a voice. It enables pupils to report any concerns they may have about themselves or another student, with the choice to remain anonymous if they wish. The option to include staff photographs shown on the Confide system provides a personalised feel, without the need for face-to-face communication, encouraging students to share their concerns with an adult they trust in a way that’s comfortable for them.

A whole school approach to e-safety

Ofsted promote ‘a whole school approach’ to e-safety and this is mirrored in the functionality of Education Pro. The real-time monitoring enables educators to deal with issues as and when they occur, helping them to be both reactive and proactive in the ways they deal with e-safety issues. Education Pro also helps schools to pick up on trends that may be localised to that specific school, such as racist language in an ethnically diverse establishment. This information can then be recognised and used to inform the school’s acceptable use policies. Monitoring staff’s activity on the network helps professional boundaries to be established, educating staff to support their students.

How Impero’s Classroom Management Software can support schools with e-safety and Ofsted best practice

website editedit edit

A cautionary true tale

I’ve just reconnected a 1TB external hard drive to my laptop and I now feel sick to the stomach.  Every single file, photo, family video and other bits have gone.  Completely.

I used to feel an enormous sense of well-being safe in the knowledge that I wasn’t going to be one of those poor devils for whom dataloss was inevitable.   To save space on my laptop I also stored years of video snippets of my young family on there too plus a huge iTunes library of music.

All was going well until about a month ago.

I hope you have a backup

I started to receive some worrying emails from Western Digital, the back-up drive manufacturer, saying that a recent upgrade to my laptop’s operating system was causing complete and total backup data loss for many users with the same set up.

Was this spam?  The birth of an urban myth?   No.  It was quite real but impressively two emails later WD had sorted some fixes out for the poor folks who’d fallen victim.

Western Digital released a firmware update and shared the link in their email but I had no need for their fix.  I was an elite back-up ninja who had successfully dodged the bullet.  A month passed and it looked like I’d got off scott free, right up until 30 minutes ago when the drive just formatted itself and caused me to write this post.

I reconnected the USB cable and noticed that the backup wasn’t mounting and after much Googling I remembered the WD emails, dug them out and forlornly followed their instructions.

Within the last 3 minutes after a firmware update, a restart and much sweat the empty hard drive has literally just re-populated itself.  From nothing came something and like anyone who has ever had something precious returned to them I don’t know or really care how this worked but I’m just glad I can see my family growing up again.

The moral?

You think it’ll never happen to you but it probably will.  Hard drives break and software will go pear-shaped.  Perhaps I need to sort out a Cloud based back up solution that’s more than just the free version of Dropbox though it is does do a very good job and this last hour I was very glad to have it. Time to go and watch some videos now that I thought I’d lost but if you’d like to share any backup horror stories or successes do feel free!