Safeguarding Your School in the Digital Age: Lessons Learned from Personal Experience

In this digital age, even if your school emphasizes stepping away from digital life, it’s inevitable that digital technology plays a role in its operations. However, with the convenience and efficiency of digital tools comes a potential downside—vulnerabilities that can pose a threat to your school’s security. Today, I want to share my personal experience and the insights gained from my own encounter with digital vulnerabilities, as well as the research I conducted in response.

It all started when I received a notification of an unknown charge on my school’s bank account while running a day camp. Before I could reach out to the bank, another charge was applied, plunging my funds into negative numbers. I had fallen victim to a hack, and I was left wondering how it happened in the first place. The unauthorized purchases were traced back to my Amazon account, and I immediately took action to freeze everything and dispute the charges. It took two weeks, but I managed to recover the stolen funds. Little did I know that this incident was more extensive than I initially thought.

Not only had someone gained access to my Amazon account, but they had also infiltrated my school’s Gmail account and my school’s PayPal account. The reason I didn’t notice the PayPal charges until a week later was because the hacker had set up filters in my Gmail to automatically delete any emails from PayPal. By the time I realized what was happening, nearly $600 had been taken from my PayPal account. I spent over a month fighting to get the money back, but my claims were denied five times. Each attempt required days of waiting for a response, with each denial assuring me that the issue would be resolved in my favor. Exhausted by the thirteen hours I had spent on the phone, I ultimately decided to give up.

Sharing this personal account may seem overwhelming, but it underscores the real danger that exists in our digital lives. Despite my efforts to be cautious and stay safe, there were additional measures I could have taken. One glaring vulnerability was the absence of two-step authentication on my PayPal account. This simple security feature could have made a significant difference. Fortunately, I was lucky that I hadn’t stored any student information on my compromised Google account; the consequences would have been far more severe had sensitive data been exposed.

To protect your school and yourself from similar incidents, here are some crucial steps to consider:

1. Enable two-step authentication or use an authenticator app for all platforms containing personal data. This ensures an additional layer of security by requiring a verification code or text in a secondary location for login.
2. Avoid using PayPal, as they often fail to take responsibility for fraudulent charges. A quick search will reveal numerous examples of their subpar customer service. Instead, explore alternative payment processing programs like Omella, Stripe, or Quickbooks, which offer higher levels of security and better service.
3. Utilize long passwords with a combination of letters and characters. Length is one of the factors that make passwords stronger.
4. Never reuse passwords across multiple sites. Password managers can assist in generating and storing strong, unique passwords, but keep in mind that they also need to be secured with a strong password. Two-step verification is the only line of defense if a hacker gains access to the password manager.
5. Avoid logging into any accounts on public Wi-Fi, including hotel networks. If necessary, use a VPN to add an extra layer of protection, but remember that the other recommendations should still be in place.
6. Exercise caution when downloading and installing software. Key trackers, which record keystrokes, are a prime method for hackers to steal information.
7. Access log-in sites directly by typing in the website address, rather than following links from other pages or emails.
8. Stay informed about new threats, as hackers are constantly inventing new techniques. For example, be cautious with .zip files as they can be used to hide or mislead users into downloading hacking software. Avoid opening .zip files from emails or unknown sources on the internet.
9. Consider using a dedicated work device if feasible. By separating personal activities such as email, shopping, and browsing from sensitive work-related tasks, you can enhance the security of your important information.

It’s important to acknowledge that there are malicious actors out there, and no one can be completely safe online. However, implementing the practices outlined above can help you take proactive steps toward protecting your school. By staying vigilant, keeping up with evolving security measures, and sharing knowledge within our educational community, we can better navigate the digital landscape and ensure a safer environment for ourselves and our students.

Learn more about password safety by checking out this article from USA Today:

Hackers are using AI to crack passwords: How to choose better passwords to keep them out

https://www.usatoday.com/story/tech/columnist/komando/2023/05/25/hackers-using-ai-to-crack-passwords-how-to-stop-them/70244176007/

Find out more about .zip from this YouTube video 

https://www.youtube.com/watch?v=V82lHNsSPww&pp=ygULYmV3YXJlIC56aXA%3D