Email Security Awareness

Do you lock your home doors each night? Do you lock the doors of the car that sits in your driveway? Do you leave a few lights on in your home when you are away? Most adults would say "yes" to these simple home security questions. Most of these home security steps have become habits as we have each developed a security awareness when it comes to protecting family, home, and property.

As a district, we must also develop a similar security awareness when it comes to email messages, the origination point for the highest percentage of cybersecurity attacks. Where do you begin?

Question every email message that hits your inbox.

• Does it seem legitimate? 
• Were you expecting the message? 
• Is the message from a person you know. 
• Is it asking you for credentials or asking you to download a file? 

Pause and reflect on the email message in your inbox that wants you to provide username and passwords. Question the message and then delete it. Question every message that asks for an Internet-based payment to a vendor. Pick up the phone and call the sender if you have doubts about a message. Do not call the person using the phone number they provided in the message. Instead, look up the phone number using other means. When in doubt, delete a suspect email message.

In early September, the Rockford Public School District 205 was hit with a cyber attack that crippled their technology systems. Phones went down. The student information system was rendered unusable. File and print systems were destroyed. Many weeks have gone by and the Rockford school district is still trying to recover from the attack. Many records and files may never be recovered. Attackers encrypted the district’s data, rendered it inaccessible, and demanded a ransom payment to be paid through online cryptocurrencies. The root cause of this attack has not yet been released to the public, but statistics would suggest that it was an email phishing message that started this successful attack.

Please pay close attention to the email messages that land in your inbox. Here is a great example of a message designed to penetrate our systems:



Messages like this should be deleted. If you are using a web browser to view your mail, click the three dots in the top right corner of the message and mark the message Report Phishing. This will alert the Technology Department and Google that there is a potential problem.

We need every staff member to pitch in and use their Barrington 220 email account with a security awareness mindset. Question every email message. When in doubt, delete the message. Of course, you may also call x.1500 if you need assistance or an expert opinion on potentially harmful messages.