Skip to content

Cyber Header

CyberShield

Welcome to the ACSD1 Cybersecurity Hub!

This hub is designed to provide our school district community with the tools, resources, and knowledge needed to protect personal and student data from cyber threats. Whether you're a teacher, staff member, or student, you can use this hub to explore educational materials on cybersecurity best practices, learn how to recognize and avoid phishing scams, and stay informed about the latest security updates. You’ll also find helpful links to cybersecurity training, tools to improve password management, and ways to report suspicious activity. Together, we can ensure a safer, more secure digital environment for our school community.

Cybersecurity Basics

In an increasingly digital world, protecting sensitive information and school data is more important than ever. Cybersecurity refers to the measures taken to safeguard computers, networks, and data from unauthorized access or attacks. This page provides you with basic but essential cybersecurity practices.

Data Privacy & PII Protection

Data privacy is the practice of ensuring that sensitive information, particularly Personally Identifiable Information (PII), is safeguarded against unauthorized access and disclosure. In a school setting, it is crucial to protect the PII of students, faculty, and staff. This information can include names, addresses, phone numbers, email addresses, and other identifying data that could be misused if not properly secured.

  • What is PII?: PII refers to any data that can identify an individual, either directly (such as a full name or social security number) or indirectly when combined with other information (such as a date of birth or email address). For example:

    • Direct identifiers: Full names, social security numbers, passport numbers.

    • Indirect identifiers: Gender, date of birth, and geographic indicators like zip codes, when combined, could potentially identify someone.

  • Why is Protecting PII Important?

    • Compliance: Schools are legally obligated to protect student and staff information under laws like the Family Educational Rights and Privacy Act (FERPA). Failing to do so can lead to penalties, loss of trust, and data breaches.

    • Prevention of Identity Theft: By protecting PII, schools reduce the risk of unauthorized individuals accessing sensitive information that could be used for identity theft or fraud.

    • Security: Keeping data private protects against cyber threats and breaches that could disrupt the educational environment.

  • School Data Policies: Data privacy is a critical component of Albany County School District #1 (ACSD#1) operations. The protection and management of the various types of student and staff Personally Identifiable Information (PII) is critical to ACSD#1 operations.  ACSD#1 computer systems and related devices collect and record data as required for educational delivery, management, and reporting purposes.  This key information should never be disclosed to unauthorized individuals. More information on ACSD1 Policy #8001 can be found here.

  • Best Practices for Protecting PII

    1. Encryption: Always ensure sensitive information is encrypted when stored or transmitted.

    2. Minimal Data Collection: Only collect and store the data that is absolutely necessary for educational purposes.

    3. Access Control: Limit access to sensitive data to only those who need it for their job functions.

    4. Regular Audits: Conduct regular data audits to ensure that PII is properly managed and secured.

    5. Data Disposal: Properly delete and destroy sensitive information when it is no longer needed.

    By following these best practices, schools can ensure that they are taking proactive steps to secure PII and protect the privacy of their community members

Phishing Awareness

What is Phishing?

Phishing is a type of cyber attack where attackers attempt to trick individuals into providing sensitive information like usernames, passwords, or credit card details by pretending to be a legitimate entity. These scams often occur through email but can also be carried out via text messages (SMS phishing or "smishing") or phone calls (voice phishing or "vishing").

Common Phishing Tactics

  1. Fake Emails from Trusted Sources
    Attackers create emails that appear to come from trusted entities, such as a school district, government agency, or online service like Google or Microsoft. These emails often contain urgent requests, asking recipients to click on a link or download an attachment. Example: "Your account will be suspended unless you verify your identity. Click here to confirm your credentials."

  2. Spear Phishing
    A more targeted approach where the attacker customizes the phishing attempt, typically focusing on a particular individual or organization. These emails may include personal details that make the attack appear more credible. Example: "Dear Mr. Smith, based on your recent password reset request, please click this link to update your login details."

  3. Link Manipulation
    Phishing emails often include links that appear legitimate but redirect the user to malicious websites designed to steal login credentials or other sensitive information. Example: An email asks you to click on a URL like www.bankofamerica-secure.com, which is a deceptive look-alike to www.bankofamerica.com.

  4. Impersonating School or IT Support
    Emails may claim to be from the school’s IT department, asking for passwords or personal details to resolve a technical issue. Example: "Your account has been compromised, and we need your username and password to secure it."

Red Flags to Watch Out For

Understanding phishing tactics is the first step, but being able to spot red flags in suspicious emails is key to preventing a phishing attack.

  1. Urgent Language or Threats
    Phishing emails often use language that creates a sense of urgency, such as "Your account will be deactivated unless you take immediate action."

  2. Unexpected Attachments or Links
    If an email contains an unexpected attachment or asks you to click on a link to update your information, be cautious. Always verify the legitimacy of the sender.

  3. Incorrect Grammar or Spelling
    Phishing attempts frequently contain poor grammar or unusual sentence structures, which is a major indicator that something is wrong.

  4. Unfamiliar Sender Email Address
    Even if the name in the email looks legitimate, the email address may be slightly off. For example, instead of admin@school.com, the phishing email may use admin@sch00l.com.

What to Do If You Suspect a Phishing Email

  1. Do Not Click on Links
    If an email looks suspicious, do not click on any embedded links or attachments. Instead, hover over the link to check the URL or manually type the web address into your browser.

  2. Verify the Sender
    If the email claims to be from someone you know or an organization you trust, reach out to them directly (without replying to the email) to verify its legitimacy.

  3. Report Suspicious Emails
    Always report potential phishing emails to your IT department. At Albany County School District, we encourage you to forward any suspicious emails here or put in a help desk support ticket at https://kace.acsd1.org. You can also report phishing and spam email right in your Outlook email by selecting the Report button.

Phishing Awareness Best Practices

  • Enable Multi-Factor Authentication (MFA)
    Adding an extra layer of security with MFA can help protect accounts even if your password is compromised.

  • Keep Software Updated
    Ensure that your computer’s operating system, browser, and security software are up-to-date with the latest security patches.

  • Train and Stay Informed
    Cyber threats evolve quickly, so it's important to stay updated. Regular training sessions on phishing can help users recognize attacks more effectively.

  • Use Strong Passwords
    Strong, unique passwords for each account can limit the impact if one of your passwords is exposed in a phishing attack.

Examples of Real-World Phishing Scams