In an increasingly digital age, school districts rely on technology for collaborative learning and facilitate communication among all stakeholders. Evanston Township High School District 202 works to comply with all regulatory and statutory requirements for protecting the privacy and safety of students, their families, and staff.
With technology transforming the way we teach and learn in the 21st century, cyber threats are an important concern. ETHS takes seriously the importance of protecting and securing the personal information that we maintain. It is also important for individuals to take steps to help protect their personal information.
Phishing Emails Attacks
In order to help protect your personally identifiable information, please be cautious and aware of phishing email attacks.
Phishing Email Definition
A phishing attack is a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague. The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware.
How to Identify Phishing Email Attacks
Phishing Email Scams are one of the most common tools used for Cybercrime. Here are three tips that can help you:
- Always confirm the sender email address. It is very easy to portray that you are someone else when sending emails, both by saying that you are someone else and by changing the FROM: field. The address used is not easy to change, however, so you should always confirm the sender address. Here is a link to an article with tips on verifying the sender address.
- Don’t reply with personal/financial information. Phishing scams are mostly looking for personal information, name, address, login and password, credit card, social security number, and/or W-2 info. These requests can come in many flavors, so be cautious and always challenge yourself when you are sent to a link for login or information.
- Check for grammar and spelling errors. We’ve all seen them. Be particularly vigilant when emails arrive with unusual grammar or misspelled words.
See additional 10 tips on how to identify phishing email to help you identify phishing attacks.
Defend Your Password
Strong, protected passwords are critical to defending your identity and our ETHS network. Here are a few tips:
- Never share your passwords with anyone. Technology support staff should never ask you directly for your password for the systems they administrate.
- Never share your passwords with anyone. Your login credentials are your own personal keys into technology application systems. However convenient it may be to let others log in as you, please do not do this.
- Don’t keep a written copy of your password. Having a Post-it under your keyboard or on your monitor is not strong enough protection to stop others from using your account.
- Don’t use the same password for everything. Generally speaking, using the same password for every site is a great way to let a hacker have the keys to your digital life. Even large, secure tech companies can be compromised. Once a hacker has your login and password to one site, they may try this in other places, including an email account that is needed to reset other passwords.
- Use strong passwords. Using a password of 12345678 is sure to make things easy on your opponent. Password hacker programs are set up to find patterns. If a password cracker finds the first 5 letters of your password, such as spagh****, it won’t take much effort to expose the rest. Use letters, numbers, capitals, specials (!@#*), and a minimum of 8 characters to secure your password. Here are a couple examples of strong passwords:
- !Spaghetti1 (special character !, uppercase S, lowercase p, number 1, and 11 total characters)
- Iwte5adl! (Use the first letter from each word of a phrase - I want to eat 5paghetti all day long!)
- Change your passwords frequently. Many hackers that gain your password won’t use it for weeks or months. If you change your password regularly, that can help stop an attack before it starts.
- Limit personal information shared online. Change privacy settings and do not use location features.
- Keep software applications and operating systems up-to-date.
- Use antivirus solutions, malware and firewalls to block threats.
- Use a password manager, use upper and lowercase letters, numbers and special characters, as well as, two-factor authentication (two methods of verification).
- Watch for suspicious activity that asks to do something right away, offers something that sounds too good to be true or needs personal information. When in doubt, do NOT click. Do not provide personal information.
- If you click a link and get prompted for authentication… Pause, make sure you know what you are logging into before supplying your login information. Fake web pages that require authentication are a commonly used tool by hackers to capture your credentials.
- Only share personal information on secure sites (e.g. “https://”). Do not use sites with invalid certificates.
- Protect a home network with a strong, secure Internet connection and Wi-Fi network.
- Protect a home network by changing the administrative and Wi-Fi passwords regularly. When configuring a router, use either the instruction manual or speak to a internet-cable provider, to setup the Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES) setting, which is the strongest encryption option.
- Check account statements and credit reports regularly.
- Regularly back up computer files in an encrypted file or encrypted file storage device.