Cyber Security & Data Privacy

Cyber Security

We take the security of our network and computer systems very seriously and follow the CyberSecurity & Infrastructure Security Agency (CISA) best practices.

Cyber Hygiene

Definitions:

Cyber Security: Is security focused on IT and protecting the enterprise.

Cybersecurity is the protection of Internet-connected systems, including hardware, software, and data, from cyber attacks. In a computing context, security

comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.

Cyber Hygiene: Is security focused on personal behavior.

Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted. Much like physical hygiene, cyber hygiene is regularly conducted to ward off natural deterioration and common threats.

Hacking: Generally refers to unauthorized intrusion into a computer or a network or access to information.

The person engaged in hacking activities is known as a hacker. This hacker may alter the system or security features to accomplish a goal that differs from the original purpose of the system.

Spoofing: A fraudulent email that looks like it was sent from a trusted account.

Fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

Impersonation: Sending an email as someone known to the target but from an unknown email address.

Phishing: An attempt to fraudulently obtain information. Usually part of a massive campaign targeting thousands of random people.

Ransomware: Malware that encrypts a targeted hard drive rendering it useless to the owner combined with an offer to restore the drive for a price to be paid in a cryptocurrency.

What steps can you take to protect yourself and others?

Files in email attachments or up or downloaded to your GSuite drive are scanned if they are 100MB or less. If they are larger then you cannot count on Google to scan it.
If you are suspicious of an email check the SPF and DKIM score
Trust your instincts – If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.

Dos and Don'ts

Dos

Call IT when anything is suspicious. Listen to that inner voice when it whispers that something seems odd.

Use a password manager. We recommend Bitwarden. Why keep track of numerous passwords when all you need to remember is the password to your password manager.

Use a VPN to connect to any public wifi or use the hotspot built into your phone when traveling.

Change your password ASAP if you are concerned that you may have been compromised,

Pay attention to the URL before you login. The letters before last. (dot) in the address is critically important i.e www.BankofAmerica.com.ru/whateverText.html. In this example you would be looking at a Russian site. B of A may have a web site in Russia but if you are not then its most likely fraudulent.

Donts

Don't click on links from emails to go to any network-based account.

Don't use the same password for multiple accounts.

Don’t click on any supplied link or respond with any requested information from anyone you were not expecting to contact you. Instead, go directly to the web site of the requesting party or call them with a phone number you have looked up. In other words should your bank contact you out of the blue requesting information and a proved link. Go the their website instead.

Don't click on unsubscribe links for services you did not subscribe to.

CISA Best Practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Train end-users to exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
Monitor users' web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Cyber.org Cyber Security Videos

To view the "Ransomware Video" please click here
To view the "Phishing Video" please click here
To view the "Making Strong Passwords" Video please click here
To view the "Online Gaming Safety" Video please click here
To view the "Video Call Safety" Video please click here

To see the "Ransomware Tip Card" please click here
To see the "Phishing Tip Card" please click here
To view the "Making Strong Passwords" Tip Card please click here
To view the "Online Gaming Safety" Tip Card please click here
To view the "Video Call Safety" Tip Card please click here

Student Data Privacy

We believe it is essential for our students to efficiently and effectively access digital tools that empower them in all phases of the learning process, including research, critical thinking, creativity, problem solving, content creation, communication, and collaboration.

We treat data confidentiality and the privacy of student educational records very seriously. We comply with the requirements of PA 16-189 and PA 17-200 in establishing contracts with all our vendors that process student data. Please refer to the Region1 Student Data Privacy page at http://www.region1schools.org/main/student-data-privacy for more details.

Below is an embedded spreadsheet that contains a list of the software in use as reported by our schools as well as the contract status of software and services that has student PII information external of the schools networks.

Information and Software Security Audit

Report abuse