Thursday, June 15, 2017

Security for Online Teaching and Learning

Online Safety


The Wannacry/Wannacrypt worldwide cyberattack excitement is already a dim memory (I hope). Before the threat-inspired interest in online security also fades, let us take this opportunity to address some of the issues raised by NLU's digitally engaged faculty and students.

Your D2L Learning Environment

Our community asked, how secure is D2L itself? Authentication protocols are in place. The network centers have protection for the ports where data is passed. Backups, with encrypted transfer to other locations, protect us in the event of disaster. In other words, your courses are protected. If you would like to know more, visit D2L Security.

Electronic Materials Exchanged in Teaching and Learning

D2L makes sure that D2L is clean. D2L does not, however, patrol the material exchanged between users within the learning environment. Let us explore potential threats from user content and files and what individuals can do to mitigate and prevent potential damage.

You've got mail!

Email is the most common source of reasons to cry. Your NLU Outlook or Office365 email is filtered and scanned for security threats; the filters are constantly updated because so are viruses, malware, and other threats. Reminders of good email hygiene and potential security issues are frequently provided BY your NLU OIT team. Follow recommended best practices. This Blog post is, however. specific to security threats in the context of our online Learning Environment. What, then, about D2L mail?

External mail into our D2L environment is scanned at the Brightspace Network Center, but occasionally things can get through. Simply reading an expected D2L mail message in D2L without clicking links or downloading documents is not expected to harm your computer. Email notifications forwarded from D2L mail to your NLU email pass through the NLU email filters.

D2L mail, or any email system, regardless of any security issues, is not an appropriate method for submitting assignments. Student attachments to email messages should not, therefore, be a common occurrence. Most instructors who receive an assignment in email will redirect the student to the Assignment tool.

D2L Assignments

What about documents that you download from the Assignment tool in D2L, such as papers for instructors to mark up with feedback, and for students to read the feedback? here are some things you can to limit your exposure to malicious embedded macros in documents.

  • Set your security software to scan downloads.
  • Instructors should do a do a quick visual scan through the submission list before downloading in bulk to make sure they are getting only the expected file types. (D2L does limit the file types, and you have the option to place further limits on what file types students can upload to your assignments.) Students should also check that a file that is to be downloaded is of an expected filetype.
  • Be cautiously brave! There may be times when it is necessary to download a theoretically dangerous macro-enabled Excel document in order to grade homework for a course in economics or accounting. Teachers of these courses and students who receive marked-up version of the graded documents will be the ones who make sure their downloads are scanned.
  • Or don't download!
    • Did you know that an assignment submission that is a Word or PDF document or an image can be viewed online, and comments entered directly into a D2L comment field?
    • Instructors with an iPad or Android tablet can use the relevant Grader app to mark-up papers in-app.
    • Another option for marking up a paper in-line without downloading is Feedback Studio (available on your Turnitin-enabled Assignment folders). For this last, we do ask that you make sure that the grade is recorded in D2L and that the D2L rubric is used for grading purposes, with at least a summary comment in D2L.


Protect yourself when you click links in submitted work, in Discussion posts, or anywhere else you might go! You have security settings in your browsers and their plug-ins. Find your own balance between caution and convenience. We all know not to click links in unexpected emails or on sites we have no reason to trust, but it is easy to forget when engrossed in an Internet research project. Here, then, is my last and best safety tip: I hover links before clicking to make sure the target is what I expect it to be, and occasionally view the page source directly.

The End?

Sometime it will happen. You will be engrossed in surfing and throw caution to the wind. Or the email that appears to come from a collaborator looks like something you expect, but it isn't. Don't ignore what happened or wait until your next scheduled scan. Deal with it immediately. Reach out to LITS campus desktop services if you need support.