In early March, a large school district (over 250,000 students) was a target of a ransomware attack. What that means is that criminals hacked the computer system of the school district and threatened to erase student records and release student and staff personal information, unless the school district paid them off.
As outrageous as this sounds, the threat is real. Schools, not only K-12 districts, but colleges as well, have become targets for hackers. There is big money in stealing personal data, and, unfortunately with the move to remote learning, schools have become bigger targets.
How can you help? Change your password.
What else can you do? Change your password.
What would be the best practice for our staff to follow? Change your password.
When you finally change your password, here are some best practices:
- Never tell anyone your password. If you receive an email asking you for your password – it is a scam. Your tech department would never ask you for this information; actually no entity at all should ask you to reveal your password, if they do, they are not who you think they are – NEVER ENTER YOUR PASSWORD THROUGH A LINK SENT THROUGH AN EMAIL. It may send you to a site that looks like a site you know, but to be sure, link directly to the site – check the URL!!!!
- Length is better than complexity – it is harder to hack a long string of characters – still mix it up with capital letters, lowercase letters, numbers and symbols – but the longer the better!
- Use a password manager. A password manager will not only store your passwords for many sites, but it can also help you create a complex, random password. The only password you need to remember (which you should update every couple of months) is the password for the password manager! Since I use Chrome and Google most often, I have my passwords created by, and stored in passwords.google.com
If you receive an email and you are not sure about the authenticity of the sender – DO NOT RESPOND. Look closely at the email address; it may seem like a staff member, but upon closer inspection the domain does not match your school. For example, your school domain may be @browardschools.net, so staff emails would end in @browardschools.net. You get an email from ITSUPPORT@browardschools.com – asking you for your password for a security reason. DO NOT ANSWER!! If you look closely, the domain is different. Check everything twice, trust nobody!!