IT Security - Cyber Safety Best Practices
As the largest K-12 computing network in the United States, users of the LAUSD computing environment have a responsibility to do all they can to protect themselves, their accounts, the systems they use, and the secure data they deal with. For more information, review the District's Responsible Use Policy (RUP) for District Computer and Network Systems.
- Set strong passwords, change them regularly, and don’t share them with anyone.
- Keep your operating system, browser, and other critical software up to date by installing updates.
- Maintain an open dialogue with your friends, family, colleagues and community about Internet safety.
- Use privacy settings and limit the amount of personal information you post online.
- Be cautious about offers online – if it sounds too good to be true, it probably is.
- Find out more about the types of messages that should trigger red flags for you
Set secure passwords and don't share them with anyone
Remember that in LAUSD, your password is more than just a way to access your email securely, it may provide access to student records, employee payroll information, District programs, or anything else you might deal with as part of your job or partnership with the District. Therefore, keeping your password secure is extremely important. Avoid using common words, phrases, or personal information and update regularly.
Keep your operating system, browsers, antivirus, and other critical software up to date
Security updates and patches are usually available for free from major companies. Remember that companies often stop providing regular updates and support for older versions of their products, so having older versions of things on your computer tends to put you at greater risk.
Verify the authenticity of requests from companies or individuals by contacting them directly
If you are being asked to provide personal information via email, you can independently contact the company directly to verify this request. If you are not 100% certain the the request for information is legitimate, then you should never take any action except to verify independently, and if you cannot, delete and ignore the request.
Pay close attention to website URLs
Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users. Email
Always be suspicious of an email message that doesn't "feel" right
Never, ever access a web link or open a file attached to any email unless you are completely certain it is safe to do so. If you are expecting an email or know that the material linked to the message are legitimate, then you should be fine. If you have an inkling of a doubt, however, you should always err on the side of caution.
Things that should raise red flags for you include:
- Any message sent to "undisclosed recipients" or not personally to you.
- Any message that really stresses the urgency of responding (e.g., "provide your password in two days, or your account will be deactivated").
- Any message sent from an email address that is from outside the District or from a source that you cannot identify.
- Any message that asks you to link to a website that is outside of the District or otherwise not affiliated with LAUSD (especially those with .edu. .com. .org, or websites from other countries...be especially cautious with any of these!).
Do not provide account or personal information to an untrusted source
If you ever get a message asking you to "update your account information" or otherwise provide personal information about yourself or your District accounts, always question its intentions. If you know for a fact that this message was generated by District systems, then you should be okay, but if you have doubts, you can always check by calling the individual who sent you the message or contacting firstname.lastname@example.org for help.
Never open an attachment you are not 100% certain is safe
If you have to open an attachment before you can verify the source, take the following steps:
- Be sure your anti-virus software is up to date.
- Save the file to your computer or a disk.
- Run an anti-virus scan using your computer’s software.
- Turn off the option to download attachments automatically
- This probably goes without saying, but it's important to be familiar with how your computer deals with email attachments. You should always make sure you have a system that allows you to check email attachments one-by-one and deal with them in a secure fashion.
Take advantage of junk mail folders and other anti-SPAM tools
Many email clients (for example, Microsoft Outlook, Entourage, Mac Mail, Eudora) offer junk mail folders and filters that allow you to control how your incoming email is sorted, particularly messages from people in your contact lists from those sent by unknown sources, to help facilitate your efforts to keep junk mail separated from the messages that are important to you. Take advantage of these tools and configure them in a way that enables you to get what is important while minimizing clutter from junk mail and unwanted content. Learn More about Email Safety At the Workplace
Restrict access and secure the personal information of employees and customers to prevent identity theft.
Be suspicious of unsolicited contact from individuals seeking internal organizational data or personal information.
Verify a request’s authenticity by contacting the requesting entity or company directly.
Immediately report any suspect data or security breaches to your supervisor and/or authorities.Whenever you are suspicious of a possible cyber security threat, don't hesitate to let the IT Division know. You can email us at email@example.com or call (213) 241-5200 to alert us. When in doubt, it's always best to err on the side of caution!
Social Media, Video Games, Forums, Chat Sites and more...
Take advantage of privacy and security settings
Use site settings to limit the information you share with the general public online. Most services (e.g., Facebook. Twitter, MySpace, etc.) allow you to limit the information that the public or anyone not on your trusted lists can see. Take advantage of these.
Limit the amount of personal information you post
Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers. After all, you wouldn't hang a banner in front of your house that announces who you are and your phone number. Posting this information publicly online is virtually the same thing.
Be wary of strangers and cautious of potentially misleading or false information
If you don't know someone or are not "friends" with someone in real life, then you should not be "friends" with that person in cyberspace easily. Cybercriminals commonly exploit public spaces such as social media sites to befriend others they don't know to learn compromising information about them.
Download the District's Social Media Policy
Only access the Internet over a secure network
Maintain the same vigilance you would on your computer with your mobile device.
Be suspicious of unknown links or requests sent through email or text message
Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
Download only trusted applications from reputable sources or marketplacesCyber criminals love to set up companies and organizations that may appear to be legit but are actually entities designed to steal your information or cause some type of damage to computing systems. Always contact companies by phone or otherwise to verify the legitimacy of downloadable content if you are ever less than 100% certain.
Need additional help? Contact the IT HelpDesk