Page tree
Skip to end of metadata
Go to start of metadata
Recommendations for Securing your Data & Protecting your Privacy

ALWAYS

NEVER

  • Be skeptical and carefully review every email
  • Lock your laptop screen before leaving unattended
    • Windows icon + L
  • Restart your laptop weekly
  • Check Google Drive sharing permissions
  • Be very careful if accessing District & personal Google accounts on same device
  • Assign students specific device and login/logout after EVERY use
  • Allow students to login to staff devices 
  • Login to student devices with staff accounts
  • Write passwords down or keep close to computer 
  • Access District email links/attachments on mobile device
  • Use your District email to register for personal programs or services; social media, banking, etc. 
  • Connect to a projector or interactive board while having email open, regardless of using the Outlook client or webpage, SEE BELOW.


October 2019 Phishing Training Campaigns

41.3% failure rate, over 240 individuals clicked on the link, many provided their District login and password.


How does a computer become infected with Ransomeware? - Often spread through phishing emails that contain malicious attachments or unknowingly visiting an infected website where the malware is downloaded and installed within the user's knowledge.

What's the impact? - Passwords, accounts & data compromised, (personal and district), files encrypted and possibly lost, downed network services; including internet, phones and access controls for days or weeks, loss of instructional time, not to mention potentially tens if not hundreds of thousands of dollars. 

Why should we worry? - The frequency and severity of cyber attacks targeting school districts has increased significantly this year, not to mention become increasingly challenging to detect. 

Previous Phishing Email Look-Fors

 2018-2019 District Training Campaigns . . . What did we miss?

Actual Recent District Phishing Attack

Phishing Attacks - Being Aware & Being Vigilant!

More Significant Than Ever!

Spring 2019: Over 20 staff members fell victim to the recent Phishing attack targeting our District entitled; "District Proposed Salary Schedule". Most of those involved downloaded the .pdf attachment while a few went as far as accessing the website linked within the attachment and inputting confidential information, resulting in their District accounts being compromised. Remember to be skeptical of every email and when in doubt, contact the Tech Dept. 
    
What happened as a result?

  • Close to 300,000 emails were generated from the compromised accounts to various accounts around the world.

  • Our email domain was "blacklisted" on two global SPAM filters forcing us to remediate until removed from lists.

  • Our Internet Service Provider threatened to block all district, email traffic due to receiving multiple complaints from other Districts & organizations.

What could have happened?

  • All data on the devices related to the compromised accounts completely lost. 

  • Any programs or services related to the accounts, including data & information available within each program, could have also been compromised. 

    • This includes any sites with login credentials stored using Google Password Manager such as banking, credit card & other personal websites

Moving Forward 

  • Increasing efforts to heighten staff awareness and vigilance, including more frequent & challenging Phishing Training Campaigns 

  • Increased accountability for those succumbing to Phishing attacks, both real and District generated 

  • Improved communication and remediation efforts related to actual Phishing attacks 

  • Improved security procedures and strategies at all levels 

 

Be Aware! - Review every email with skepticism

Ask yourself the "Key Three" questions below. When in doubt, ask the Tech Dept! 

  1. Who is the Sender and what is the email address listed?

  2. Is the Sender asking me to open an attachment or click on a link? Hover over the link/attachment

  3. Does the email seem odd? Is there an urgent message / not typically something the Sender would write? Mistakes? 

Student Device Management & Work Order Expectations

Student Device Management Expectations

Document and assign students the same computer to use whenever possible. Remember, the 1st login on any device takes more time.

  • Be vigilant. Actively monitor student use and assess the laptop/desktop after every use. Can be accomplished in less then 1-2 minutes.

  • Report negligent or malicious behavior and submit a work order IMMEDIATELY if there is an issue.

  • Students MUST LOGOUT after every use. 

  • Laptops should be rebooted, (powered off) at least once a week if not daily. 

  • Designate a staff member to be a Cart Manager to assure all the laptops have been returned, are plugged in and the cart secured at the end of each day. 

  • Be sure that the cart is plugged in and ALL laptops are charging after use. 


The Cost for damages exceeding normal wear and tear will be charged directly to the building/department and repeated damages to the same cart/cabinet will result in the removal of devices from use. Damages & repairs will be tracked by the Technology Department within the new Web Helpdesk Asset Manager.

To reiterate . . .The cost for replacing (3) Dell 3340 student laptop keyboards = one new Chromebook

COPPA Compliance Initiative

Image result for coppa logo

Information related to the Child Online Privacy Protection Act (COPPA) is provided via the link below. This new federal law requires that websites notify parents and obtain parental consent when collecting personal information from children under the age of 13. Under the law, schools are permitted to provide consent to the collection of personal information on behalf of its students, eliminating the need for individual parent consent be given directly to the web site provider. For more information on COPPA, please visit; https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.

Educational web-based tools and applications provide our teachers with resources to enhance, enrich and differentiate curriculum delivery and instruction to our students. Our district carefully reviews online resources for  the program's ability to meet our students’ needs while protecting the confidentiality of personally identifiable information.

Some web-based programs require some student data to create accounts. KCSD does not require nor encourage students to provide additional personal information beyond what is required to create student accounts. Each provider offers information about their organization's collection, use, protection, and disclosure of data through their unique privacy policies, which can be found on their websites.

  • For parents/guardians of children under the age of 13, you are required by COPPA to agree to the online consent form included within the KCSD Parent Portal in order for the District to allow your student to access online educational services for the upcoming school year.
  • For KCSD Staff, any programs not included on the KCSD Educational Services list must be pre-approved by a Building Administrator before acquiring parent consent to create accounts for children under the age of 13. 


Related Resources


What Steps Are We Taking to Be More Secure (Devices & Accounts)

Already Implemented

  • District wide randomly generated, student password reset 
  • Substitute Laptop Restrictions - Accessed using Substitute Guest Accounts only, refreshed on a weekly basis 
  • Local Administrator Access Revoked on Staff Devices 

To Be Implemented 

  • Annual District wide randomly generated, student password reset
  • Annual District wide staff password reset (individually created during staff laptop assessment) 
  • Progressive consequences for staff with multiple failures from Phishing Attacks (Real/Training), “3 strikes & out” 
    • Restricted email access to internal email only then restricted internet access

Future Consideration

  • Staff Devices - Access restricted to staff only; no student access allowed 
  • Student Devices - Access restricted to students only; no staff access allowed 
  • Reduce Auto-Lock duration for staff and students 

When is the last time you restarted your laptop?



Current Cyber Safety Topic

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Scam of the Week; Protect Yourself Against Card Skimmers

With the convenience and seemingly secure way of paying at the gas station pump and using drive-up ATMs, cybercriminals are now targeting these locations. They are using this technology called Card Skimmers to read and record your card information in a matter of seconds. With each Card Skimmer being able to hold details on about 80 cards, protecting yourself at gas station pumps and ATMs should be a priority now more than ever.


How Does It Work?

Card Skimmers are physical devices that cyber criminals attach to the credit card reader. The card skimmer then reads the magnetic strip on the card to gather your full name, the card number and the expiration date. Once the skimmer reads your card information, the cybercriminals can then sell your information or use it to gain access to your bank account. These skimmers are designed to fit tightly over the real card reader at the gas station and ATM making them undetectable if you don’t know what to look for.


How To Avoid Card Skimmers?

To protect yourself against the cybercriminals that are using Card Skimmers, follow these helpful tips:

  • Pay with cash. Paying with cash will completely eliminate the risk of coming in contact with a Card Skimmer.
  • Shake and pull the card reader. If it doesn’t seem right, pay inside and report it.
  • Go inside. Paying inside of the gas station or going into the bank will reduce the risk of coming in contact with a Card Skimmer since it is less likely that the card readers inside have been tampered with.
  • Use mobile payment options if they are available. Use options like Google or Apple Pay to eliminate having to use your card.
  • Download a Skimmer Scanner app. These apps, which are available on both the App Store and Google Play, will warn you about where Card Skimmers are located in the area.

Be Aware, Be Vigilant, Be Skeptical!


Security Tips of the Week Archive

 Coronavirus Phishing Attack

KnowBe4 Tip of the Week

KnowBe4 Security Tips -  Scam of the Week; Coronavirus Phishing Attack

The global threat of the coronavirus has everyone’s attention, and the cybercriminals are already taking advantage of it. The bad guys are using the coronavirus as clickbait so they can spread malware and steal your personal information.

They’ve crafted their phishing emails to look like they’re coming from health officials such as doctors or national agencies, such as the Center for Disease Control and Prevention. Some of these emails suggest clicking a link to view information about “new coronavirus cases around your city”. Other emails suggest downloading the attached PDF file to “learn about safety measures you can take against spreading the virus”. Don’t fall for it! If you click the phishing link, you’re brought to a webpage that is designed to steal your personal information. If you download the PDF file, your computer will be infected with malware.

Always remember: Never click on a link or download an attachment that you weren’t expecting. Because of the alarming subject matter, the bad guys expect you to click or download without thinking. STAY ALERT! Don’t be a victim.

Be Aware, Be Vigilant, Be Skeptical!

 Multi-factor Authentication

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Multi-factor Authentication

What is it?
Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your work computer, you probably logged in to your computer - that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.

Be Aware, Be Vigilant, Be Skeptical!


 Holiday & Seasonal Scams

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Holiday and Seasonal Scams


With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays.

Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.

 
Fake Shipping/Postal Notifications: End of the year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.

What can I do? To check the legitimacy of these types of claims, always log in to your online account or service through your browser–not through links in unexpected emails.

 
Travel Deals and Offers: Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.

What can I do? When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.

 
Social Media Deals and Sales: All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more-than-likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.

What can I do? Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.


 Post-its are not for Passwords!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Staying Safe Around Always Listening Devices

With the overwhelming popularity of always-listening devices such as Alexa, Google Home, and smartphones, you’ve probably heard stories of these devices joining in on conversations without being prompted. Perhaps it’s even happened to you!

While this idea can be alarming and unsettling, there are ways to protect your private information, and conversations, from these always-listening devices. To help you stay safe from these devices, here are some tips:


  • Review and delete voice recordings: Your device will store your search and activity history to create a customized experience for you. However, you can review and delete these recordings from the device of your choice in order to protect your privacy.


  • Mute the microphone: You can mute your microphone to ensure that your device is not listening and recording when you are not using it. The recording capabilities will remain off until you turn them back on.


  • Don’t link accounts with sensitive information to your device: If you have any accounts containing your sensitive information in them, it is best not to link those accounts to your device. This will keep your sensitive information secure from potential data breaches.


  • Change the settings to automatically manage data stored by the device: Personally managing what data is being linked with your account will give you more control on the information that is being stored by your device and will save you time when deleting your history.


  • Turn off your device when you’re away: When in doubt, turn it off. If your device does not have a power button, simply unplug it.

By creating a habit of unplugging and deleting voice recordings from these always-listening devices, you can help to make sure that there is an extra layer of protection between your always-listening device and your private information.

 Post-its are not for Passwords!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Post-its are not for Passwords!


Do you keep a login and password written down on a Post-it or piece of paper near your desk?

If so, you should get rid of it immediately! You should use a paper shredder to dispose of the Post-it.

Do not simply place the Post-it in the trash.
While it may be tough to remember a login and password for all of the sites and portals you belong to, writing the passwords down on a piece of paper, or keeping them in an unsecured document on your computer, is a bad habit to have.

This can put you and the entire District at risk.
Try to use passwords that are easy for you to remember, but hard for others to guess.

 Think Before You Shop!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Think Before You Shop!


The bad guys are taking advantage of mobile shoppers this holiday season! By using mobile apps, they can trick you into giving your personal information or installing malware onto your smartphone. This can give them access to your credit card information or lock your smartphone with ransomware, forcing you to pay a fee to unlock it. To stay safe this year, never download apps from offers that sound too good to be true, never download from unofficial app stores, and do your research. Make sure to check for any fake reviews, the number of downloads the app has, spelling errors, or strange logos. When in doubt, only use retailers you trust through their official sites or apps.

Stop Look Think - Don't be fooled  

 Beware Look-Alike Phishing Sites

 KnowBe4 Security Tips - Top 5 Facebook Scams . . . UPDATED!

Facebook now has over a Billion users, that's a mind-boggling number of people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the Top 5 Scams they are trying to pull off every day of the year.
  • Who Viewed Your Facebook Profile: This scam lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.
  • Fake Naked Videos: There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!
  • Viral Videos: Viral videos are huge on social media platforms. If you click on one of these "videos" you'll be asked to update your video player (similar to the scam above) but a virus wil be downloaded and installed instead. To avoid this, type the name of the video into Google and if it doesn't have a YouTube or other legitimate site link, it's likely a scam. 
  • Fake Profile Scam: Scammers are stealing the name and pictures from an existing profile and "friending" the real person's friends in efforts to scam friends and family by faking an emergency. Be very cautious of accepting friend requests from someone you're already friends with.
  • Romance Scams: A specific type of "Fake Profile Scam" where con artists create a fake profile using the photos and stories of another person, and then develop "relationships" with their victims over posts, photos, and Facebook messenger. These scammers typically shower you with romantic language, promise happiness, and eventually con you into giving up personal information, or even money. Avoid personal and financial heartbreak, don't "friend" people you don't know in real life.
Facebook is used for connecting with people you know. Be especially cautious of "friending" strangers, and of clicking on links in suspicious posts, and in messages. Stay away from these traps if you want to avoid giving away personal information or getting your PC infected with malware. 

Stop Look Think - Don't be fooled  

 Beware Look-Alike Phishing Sites

KnowBe4 Security Tips - Beware Look-Alike Phishing Sites

The bad guys are changing their tactics and you need to be aware! They are now creating phishing sites that resemble the sign-in pages of popular companies.

They will try anything to get you to authenticate on their fake site. Some phishing sites will even try to fool you by appearing in your:

  • Pop-ups
  • Ads
  • Search results
  • Social media
  • Chat and IM applications
  • Rogue browser extensions
  • Web freeware
  • “Trusted” apps downloaded from app store

Don’t fall for this trick - the bad guys want you to give up your login credentials so it can be used as part of a larger attack! Make sure to always check a website for any signs that it may not be legitimate, or type in the company’s web address yourself.

Stop Look Think - Don't be fooled  


 Social Engineering Red Flags: Don't Trust Pop-ups

KnowBe4 Security Tips - Don't Trust Pop-Ups 

If you’re known to dabble in a little online browsing, odds are you’ve encountered a pop-up once or twice. There are times when a user may think, “Wow, that’s a great deal!” and click on a pop-up. To those users: put down the mouse. Why? That pop-up could be malicious or dangerous.
There used to be a time when malicious pop-ups were only on questionable sites, but those days are gone. Hackers are smart and develop ways to inject malicious malware into pop-ups and online advertisements - even on the most trusted sites.
One of the most common attacks we see occurs when you visit a site and a pop-up appears that says, “Your computer is infected! Download our antivirus now!” If you click on this, a bogus virus scan will start. After the “scan” completes, you’ll be asked to pay for a full-version of the software or to call a helpline to connect with a support representative.
Spoiler alert: The software is not real and the fake support representative will take control of your computer to try and “fix” the issue, but end up causing more damage.

How to prevent
Although hackers are smart, you can be smarter. Here are some tips to protect yourself from these types of attacks:
  • Avoid clicking on pop-ups.
  • Update your operating system regularly
 - don’t postpone or snooze updates!
  • Use web-filtering software to warn you before accessing potentially harmful sites.
Remember, these attacks are only successful if we fall for them. Stay alert and be cautious!

Stop Look Think - Don't be fooled  


 Social Engineering Red Flags: Email Body

KnowBe4 Security Tips - Social Engineering Red Flags: Email Body 

The prevalence of phishing scams is at an all-time high. Because you are the key to preventing a cyberattack within your organization, it is important to question the legitimacy of every email you receive. Below is a list of questions to ask yourself about the content and body of the email that may help you realize that you are being phished.

Review the content of the email. 

  • Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors?
  • Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
  • Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know? 

If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to phishing attacks.

Stop Look Think - Don't be fooled  

 KnowBe4 Security Tips - That's Suspicious!

 KnowBe4 Security Tips - That's Suspicious!

 

Have you ever encountered a situation at work that was suspicious?
Perhaps this was a suspicious person, a suspicious email, or even a phone call that didn't seem right.
Most organizations have a policy regarding how to handle these suspicious 'events'.
These 'events' could potentially put the organization and/or the computer systems of the organization at risk.
Some of the more common events are listed below:

 Suspicious persons - Trespassing

When it comes to physical security (securing the building and its assets from unauthorized access), identifying suspicious persons is key.
If you notice someone that you do not recognize, you should ask who they are and what they are doing.
It is possible they are a new employee, or on a short term work contract... or it is possible they are not authorized to be there.
- Attackers will try to enter the building posing as an employee, or a contractor. From inside the building they can gain access to internal computer networks

 Suspicious Emails - Phishing

The majority of all recent cyber attacks have been a result of social engineering via an email.
These phishing emails can be designed to be sent to: everyone in the organization, a division within an organization (accounting, sales), or YOU specifically.
- Using social networks like Facebook and LinkedIn, attackers can gather just enough personal information about you to make a very convincing email

 Suspicious Phone Calls - Vishing(Voice Phishing)

The oldest trick in the book, and has been in use by hackers, fraudsters, and scam artists for decades.
This involves someone calling you and pretending to be someone they are not: (IT Dept, Insurance Company, Bank, etc).
The attacker will try to build credibility and a good rapport with you before asking for sensitive information such as a password, social security number, or bank account information.
With the latest in technology, attackers can now change the caller-id to show whatever number they would like (adding more credibility).
- You get a call from a number that appears to be the IT department. They claim there is an issue in IT that is too technical to explain, but they require you to give them your password over the phone to fix it.

Always remember to follow your organization's security policies when it comes to suspicious events. If your organization does not have a specific policy regarding these situations, escalate ANY suspicious events to the IT or Security department.
Security is a team effort. Every employee has a responsibility to the organization to report these events.

Stop Look Think - Don't be fooled


 KnowBe4 Security Tips - Protected Health Information (PHI)

 KnowBe4 Security Tips - Protected Health Information (PHI)


What is sensitive information? Sensitive information is privileged information which – if compromised through alteration, corruption, loss, misuse, or unauthorized disclosure – could cause serious harm to an individual or organization. You must always give the highest level of protection to privileged information. Here we discuss one example of sensitive information, Protected Health Information, or PHI.

What is Protected Health Information?
For the purpose of data protection, PHI is defined as: all recorded health information about an identifiable individual that relates to that person’s health, health care history, provision of health care to the individual, or payment for health care.

Is it PHI? Here are a few examples of PHI. 
  • Social Security Number
  • Medical record number
  • Health plan beneficiary number
  • Biometric identifiers, including finger and voice prints
  • Full Face photographic images and any comparable images – and more

 

Employees who do not take care of sensitive information can lead their organizations into fines, increased operating costs, loss of customer confidence, and even more governmental regulation. Do your part to keep sensitive information safe at all times.

The tips included in this message are meant to remind you to keep sensitive information secure. Remember, your organization's privacy, security, and compliance policies for handling sensitive information should be followed first and foremost. 

Stop Look Think - Don't be fooled

 KnowBe4 Security Tips - Malvertising

 KnowBe4 Security Tips - Malvertising

Visit any website these days and it’s very likely that you will be viewing ads as well.  Sometimes these ads can be tempting, with many offering sales, promotions, or freebies to attract more clicks. Ads on certain websites can even be targeted specifically to you based on past browsing history, making you even more likely to click! 

Remember this: just because you are on a reputable, well-known website, it does not mean that the ads on the website are safe to click as well.

How adspace can become infected: Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

So there can be a problem because of this. Cybercriminals can fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites can be poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which can hold your computer or your entire network hostage until you pay the cybercriminal a ransom.

Tips to prevent the effect of harmful ads:

  • Disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which can block the automatic infections.
  • Keep up-to-date with all the security patches and install them as soon as they come out.
  • Download and install a reputable ad blocker plug-in for your browser. These prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular with hundreds of millions of people using them.


Stop Look Think - Don't be fooled 

 KnowBe4 Security Tips - Top 5 Facebook Scams

 KnowBe4 Security Tips - Facebook Tips

Facebook now has over a Billion users, that's a mind-boggling thousand million people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the Top 5 Scams they are trying to pull off every day of the year. 

1.     Who Viewed Your Facebook Profile lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.

2.     The Facebook Color Changer App tries to trick you to personalize your Facebook page, but it also leads you to phishing sites, deceives you to share the app with friends, and infects your mobile devices with malware. Stay away from it. 

3.     Fake Naked Videos There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!

4.     Facebook Videos With Come-On Titles The bad guys often try enticing titles like "Not Safe For Work" or "Scandalous" to lure you into clicking on these videos and get redirected to phishing sites that steal your personal information.

5.     Check my status update to get free Facebook T-shirt Messages from your Facebook friends to go to their page, and get a free Facebook t-shirt. It's a scam and remove any access to rogue applications if you have clicked on something like this.

Facebook is what it is. There simply is no way to change the colors of your profile or change the theme. Stay away from such messages if you want to avoid getting your PC infected with malware. 


Stop Look Think - Don't be fooled 

 KnowBe4 Security Tips -Safe Email Attachments

 KnowBe4 Security Tips - "Safe" Email Attachments


You may already be aware that you should not open email attachments with an extension such as ".exe", but did you know that even PDFs or Word Documents can be rendered unsafe to open? Opening these attachments from senders with malicious intent can cause your computer (and any networks to which you are connected) to be compromised, hacked or even riddled with ransomware.

What are the unsafe file types to look out for?  This question is better answered by listing file types that are generally considered to be safe to open. The truth is that most file types are at risk of being “booby-trapped” to attack your computer or device. The general rule is to NEVER open any email attachment if you do not know who it came from or why you received it

You should always be on guard with any email attachments that are not .TXT files. 


How can I tell if an attachment is safe to open?


  • Ask yourself: Was I expecting to receive this attachment, and did it come from who I would expect it to come from? Check email addresses for any “red flags” that may indicate the email address has been spoofed or faked.
  • Never open an email attachment if you don’t recognize the sender that it came from.
  • If you recognize the person or email address sending you the file, but it was still unexpected, contact them first through a different form of communication (such as by phone) to ask them if they intended to send you the file.

Stop Look Think - Don't be fooled 

 Know Be4 Tip of the Week - Fiendishly Clever Gmail Phishing Scam You Need to Know About

Know Be4 Tip of the Week

 Fiendishly Clever Gmail Phishing Scam You Need to Know About

 

There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account. If you did not request a password reset, they tell you to respond with STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don't fall for it.

 

Remember, Gmail will never ask for confirmation to NOT make changes to your account. You didn’t ask for a password reset, so you shouldn’t be asked about one. Do not reply to the text (doing so will tell the scammers that they have reached a valid number). To prevent losing your account to bad guys, it's a very good idea to have 2-step verification set up on your Google account. For more information about Google 2-step verification, copy and paste the link below in to your browser:

 

Let's stay safe out there!

Stop Look Think - Don't be fooled


 Know Be4 Tip of the Week - Responsible Social Networking

Know Be4 Tip of the Week - Responsible Social Networking
 

Facebook, Twitter, LinkedIn
Chances are you are a member of one or more of these social networks.
Chances are you have posted something about work (positive and/or negative).
Chances are you have friends/followers/connections that are co-workers or your supervisor.

 

You have the right to remain silent . . .
Anything you post may be used against you, so be careful.
Consider that what you post online to social networks is a body of evidence. If a someone sees negative things being posted about work, it may trigger a meeting. Be mindful of what you post regarding the district. Do not post anything sensitive about your employer online.

- Attackers use social networking sites to gather information about you and your company and use it against you.

Interview over
Potential and current employers can research your posts and pictures. If you post pictures of you doing illegal things, or acting overly irresponsible, it could hurt you and your career. Be mindful of posting strongly opinionated views. This could cause coworkers to feel uncomfortable around you if they do not feel the same way.

- Think carefully about what you are posting and who can see it. It could come back to bite you.

Use what you are given
Most of the social networking sites allow you to only show specific groups of people specific information.
Use this feature. Make as little as possible 'public.' Consider separating work relationships from personal ones online.
Be careful what you post online. It could come back to hurt you, or the district. It is perfectly fine to make use of social networking, just make sure to be responsible about it.


Stop Look Think - Don't be fooled

 KnowBe4 Security Tips - HTTPS The 'S' stands for Secure

KnowBe4 Security Tips - HTTPS The 'S' stands for Secure


If you have ever signed in to a website such as Facebook or Amazon, you will notice that on the login page, the URL will change from 'http' to 'https'.

What that little 's' stands for is secure. It means that your web browser and the website have both agreed to communicate securely so that no other individuals will be able to 'listen in' on our conversation.

If you needed to communicate some sensitive information such as a password to someone else, you would not shout out in the open 'HERE IS MY PASSWORD'.Typing sensitive information into a browser when the URL does not have https, is like shouting out that information for others to hear.

Just remember to look for that little important 's' when transmitting any sensitive information through a web browser.


Stop Look Think - Don't be fooled 


 KnowBe4 Security Tips - Hovering Over Links


How can you tell if an email is safe? Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email?

An immediate step you can take is to watch out for one of the most critical tell-tale signs of a phishing email—a mismatched or fake URL.

Why is hovering important? What can it do for you?
Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they'll go.

When you hover, check for the following to ensure you're staying safe and secure: 

  • If the email appears to be coming from a company, does the hover link match the website of the sender?

  • Does link have a misspelling of a well-known website (Such as Micorsoft.com)?

  • Does the link redirect to a suspicious external domain appearing to look like the sender’s domain(i.e., micorsoft-support.com rather than microsoft.com)?

  • Does the hover link show a URL that does not match where the context of the email claims it will take you?

  • Do you recognize the link’s address or did you even expect to receive the link?

  • Did you receive a blank email with long hyperlinks and no further information or context?


If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you're still not sure–verify! Ask your IT team or leadership if the email is legitimate before proceeding.

Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.
 

Stop Look Think - Don't be fooled 

 KnowBe4 Security Tips - Lock Your Screen

 KnowBe4 Security Tips - Lock Your Screen

Locking your screen when you get up from your desk is a security action that is often overlooked. District computers are setup to automatically black out your screen (issue a screen saver) after a certain amount of inactivity. That screen saver is a password protected one. This means you need to enter your password to get out of the screen saver.

Failing to lock your screen when leaving your desk can open you up to several different vulnerabilitites, some more serious than others. If you get up from your desk for 5 minutes, a lot can happen. Let's assume a student, coworker, or someone who sees an open laptop sits down at you desk as soon as you get up:
  • Files can be downloaded from the Internet and executed on your computer (malware, spyware, etc.)

  • Emails can be sent or read

  • If you save passwords in your browser (another no-no), they can now access your online banking, facebook, etc.

 

Locking your laptop or computer before you get up is very simple, and it can prevent you from ending up in a bad situtation. Here are a couple of easy ways to lock your screen:
 
  • Pressing the Windows Key + the L key at the same time on your keyboard

  • Pressing Ctrl+Alt+Del then choosing Lock This Computer


Method one is preferred since it's two easy keys to remember. Get in the habit of locking your screen.

Stop Look Think - Don't be fooled
 KnowBe4 Security Tips - It's not your personal computer.

 KnowBe4 Security Tips - It's not your personal computer.

  • Should you be doing that on your work computer?
Personal pictures, social networking, online banking... These are the kind of things that you should try not to have/do on your work computer. Work computers are for work, visiting work-related web sites, researching, emailing, generating Powerpoint slideshows, etc. Much like posts to social networking sites... everything you say or do can be used against you.
 
  • Acceptable use policy
Visit our District's Acceptable Use Policy, (Board Policy 816), but basically, be aware that "Users have no privacy expectation in the contents of their personal files or any of their use of the School District’s CIS systems. The School District reserves the right to monitor, track, log, and access CIS systems use and to monitor and allocate fileserver space." Visited web sites, how much time is spent on Facebook, playing solitaire, instant messenger chat... technically all of this can be monitored.

- Think about what you are doing... and realize, that it can be logged. Anything you post on the internet is there forever.
 
  • Be safe online
Especially when it comes to visiting web sites or opening personal email... those actions that take place on your work computer can affect other work computers. If you happen to visit a site that has malware on your work computer, you may now have exposed the rest of the company to a malware infection.
It is difficult to explain why you were doing what you were doing when its against the policy to be performing non-work related activities on your work computer.

 

Try to be aware that you are using a computer that is not yours, things you do on that computer are not private. Lawyers say that anything that happens on the district network, the district owns and can monitor. The Tech department does not have the time and resources to monitor everything, but if you give them a reason to, administrators may ask them to.

 Stop Look Think - Don't be fooled

Vision of Connected Teaching and Learning


  


*Click images to enlarge








Stay Kennett ConnectED

Visit Connect.kcsd.org to stay "Kennett ConnectED"

Bancroft Elementary School:  https://twitter.com/KCSDBancroft   

Greenwood Elementary School:  https://twitter.com/KCSDGreenwood   

New Garden Elementary School:  https://twitter.com/KCSDNewGarden

Mary D. Lang Kindergarten Center:  https://twitter.com/KCSDMaryDLang

Kennett Middle School:  https://twitter.com/KCSDKennettMS

Kennett High School:  https://twitter.com/KCSDKennettHS

Kennett High School Sports: https://twitter.com/KCSDKHS_Sports


Contact Us

More more information please contact:

Dan Maguire, Supervisor of Technology Services dmaguire@kcsd.org or 610.444.4136

  • No labels