Overview

It’s more important now than ever to ensure your accounts are kept safe and you are aware of your browsing activity.  Schools are being targeted by ransomware, DDoS attacks and malware injections. 

With school relying heavily on technology for synchronous and remote learning it could be detrimental if our district was compromised. 

Please read through below on what you can and should be doing to ensure the integrity of our district’s technology and network.

Use a secure password, change it often

Passwords that are short, use only numbers or letters are easily compromised. You should always use a secure password for your accounts, use different passwords for each system if possible and change it often.

Accounts can be attacked by bots (brute force) to guess your password. Once your account is compromised anywhere you used that password is also compromised. Your account information may be sold or accessed by malicious users and can inadvertently give someone access to our district.

Check your password, how secure is it?

How secure do you think your password is? Use this table to see how long it would take for your password to be guessed by a bot.

  • Anything in red, orange, and yellow are extremely weak passwords and are easily guessed.
  • Anything in blue can be used but should be changed frequently.
  • Anything in green is secure.

Your passwords should ideally be a combination of numbers (0-9), Upper & Lowercase letters (Aa-Zz), and symbols (~!@#$%^&*()_+, etc.) with a suggested minimum character count of 12 characters.

Email Security

If the email contains a link or attachment or asks you to reply…

Verify the sender. It is very easy to pretend to be someone in an email by using their name.

All emails from an outside source will show this in the subject line.
ALL Hopedale emails will show this in the subject if it is verified to be someone from within HPS

Here’s an example email pretending to be me. Google automatically flagged this email as suspicious but there are other ways to verify this that you should do, especially if it contains a link, attachment, or asks for something like a password or information.

  • The email is flagged as EXTERNAL.
  • Click the down arrow below the sender’s name, it will open up more information about them.
  • Here the reply-to is a fake email address.
  • The mailed-by is not accurate

Don’t click a link or download an attachment if you weren’t expecting one.

Were you expecting a link to be sent to you? Were you expecting a file to be attached?

If no, DON’T CLICK THEM! A lot of bots attach unsolicited malicious links and files hoping you will click on them.

Check links BEFORE you click on them

Always check links before you click on them. Hover over the link and look in the bottom left corner of your browser. The URL the link goes to will be shown without clicking on it allowing you to decide if you should proceed or not.

See a demo of this in action:

Web Browsing Security

In addition to email, browsing is the second easiest way for malware to enter our district. Please do your best to pay attention, read and don’t click before thinking.

Don’t ever click “Okay” or “Accept” on popups, notifications, alerts, etc. before reading.

Many malicious downloads, extensions being added, notifications that bring more malware and more happen due to a popup or window appearing and users quickly clicking OK to get it out of the way and off their screen.

In almost all cases you should never do this and should always close it, select BLOCK, NO or simply close the browser tab if you aren’t able to close the popup.

Chrome won't download multiple files

Check links BEFORE you click on them

Always check links before you click on them. Hover over the link and look in the bottom left corner of your browser. The URL the link goes to will be shown without clicking on it allowing you to decide if you should proceed or not.

See a demo of this in action (look in the bottom left corner for the URL as the mouse hovers over links):

Google Account Security

As your Google/Email account is used as a method for various authentication systems you should always ensure it is secure.

Check where else your account is logged in and where it has been used

Go to your email and navigate to the very bottom. you will see a link that shows “Last account activity: X hours ago.. Details”. If you click on this you can see your login history and where else your device is signed in.

It will pop up with a new window showing how your account was accessed, where and when. Review this information and if you find anything suspicious you should submit a helpdesk ticket for assistance.

Do a Google Account Security Checkup regularly (once per month or more)

Google has a built-in security checkup tool. It will show you information and bring you through a guided wizard to check and verify information. Visit https://myaccount.google.com/u/0/security-checkup to start the checkup.

Once there, click each tab (you want all green checkmarks!) and verify the information such as…

Devices

Do these device names, locations and dates make sense? If not and something looks suspicious you should submit a helpdesk ticket for assistance. Are there old devices still authenticated for your account? Remove them!

Recent Security Events

Do the locations, device types and dates/times make sense and you can verify this was you?

Third-party access

Do you know what all of these are? If you do not recognize one, click REMOVE ACCESS. A third-party site/app having access to your account means it can control it, read email/drive/etc. data and/or modify or send it as you.

Do a password checkup (bottom of the security checkup)

Do a password checkup (demo below) to see if your password has been compromised or is weak. If so you should change it immediately. You can change your password remotely anytime, here: https://password.hopedaleschools.org/