How does a data breach happen and can it happen in Highline?
Yes, this can happen in here in Highline. It’s important to review email messages closely. A data breach typically starts with a bad email--something we call PHISHING. The email redirects the user to a fraudulent website where they ask for personally identifiable information.
What has and will Highline do to prevent this type of breach?
We are moving to a new process that uses two-factor authentication to secure access. We have implemented many features within email to identify inaccurate accounts and we delete many messages that are known to be fraudulent. If you are uncertain if a message is legit, please do not reply.
When our new system is implemented it will use STRONG passwords and two-factor authentication. This will require a mandatory password change.
We have also implemented a warning message that shows at the top of all emails that come from an email address other than Highline Public Schools.
This sample of our CAUTION message shows Jeff Brown's name and email address as jbrown@ganev ents.com. But in the message, it states the email came from no firstname.lastname@example.org.
What can I do to protect my information?
- Carefully review all email.
- Make sure you know who the email is from and do not blindly accept that someone is who they say they are.
- Example: Some of our staff have received an email from the address email@example.com. At first glance, this may look legit, but it is not. Typically, the person sending the message is trying to get you to purchase iTunes cards. None of our administrators have this email address. Our addresses follow the following format: firstname.lastname@example.org, with a few deviations. If you do not reply, the person may try again. If they don't, you were successful. Please be diligent—our IT staff spends many hours a month rectifying a simple click by an end user.