Connect Canyons
Learning is about making connections, and we invite you to learn and connect with us. Connect Canyons is a show about what we teach in Canyons District, how we teach, and why. We get up close and personal with some of the people who make our schools great: students, teachers, principals, parents, and more. We meet national experts, too. And we spotlight the “connection makers” — personalities, programs and prospects — we find compelling and inspiring.
Connect Canyons
Episode 65: Computer Security: Becoming the First Line of Defense for Cyber Security
National Computer Security Day is November 30th. As our education system continues to develop, computer security is top of mind. Our computers are becoming faster and more advanced. They fit in our pockets, we use them in our schools, and seemingly every facet of our lives. On this week’s episode of Connect Canyons, Director of Information Technology for the Canyons District, Scot McCombs, says the first line of defense when it comes to cyber security, is us.
Welcome to Connect Canyons, a podcast sponsored by Canyon School District. This is a show about what we teach, how we teach and why we get up close and personal with some of the people who make our schools great Students, teachers, principals, parents and more. We meet national experts too. Learning is about making connections, so connect with us.
Speaker 2:National Computer Security Day is November 30th. As our education system continues to develop and our holiday shopping shifts into a digital age, computer security is top of mind. Our computers are becoming faster and more advanced. They fit in our pockets, they're in every school and seemingly in every facet of our lives. Welcome to Connect Canyons. I'm your host, frances Cook, for this week's episode. I'm joined by Scott McCombs, our director of information technology for the Canyon School District. Scott, thanks for joining us today.
Speaker 3:I'm happy to Thanks for the invitation.
Speaker 2:What would you say is the first line of defense when it comes to computer security?
Speaker 3:My response to that is our first line of defense is all of us. It really amounts to the people we often talk about. We are only as strong as our weakest link and cybersecurity really follows that paradigm. Both students and staff. We really rely on them making good, sound decisions, being vigilant with their own security, and that vigilance really carries over into the district and helps us remain safe.
Speaker 2:Can you speak to some of those measures that are in place when it comes to computer security, cybersecurity, all of that here in the district?
Speaker 3:Education is really becoming a prime target in cybersecurity and one of the reasons being is we have very critical data, from employee information and payroll information to student information and, as such, keeping all of that critical data. Everyone knows we have it and so we are a target. So one of the things that we do to really try to protect ourselves as much as possible is not fully divulge all of the things that we do to try to keep the district safe. But we go through a lot of different steps. We've got security measures that are hardware, like firewalls. We've got firewalls for email that include phishing and spam detection. We have segmented our network, trying to make sure that we're keeping critical aspects, the critical components of our network, secure and away from maybe less secure and critical components of the network.
Speaker 3:We have tried to implement sound password measures, both with our students and our staff, making it so that passwords don't need to be changed as often, but those passwords are longer and more complex and really trying to keep the security at a top level. We do a lot of training on cybersecurity. We train both students and staff, trying to make sure that students understand really their role in keeping things safe and secure, and part of that really goes back to digital citizenship, which is a focus for our students, and then with our staff, we really do try to teach that vigilance and ask them. If they see something, say something. If they have a question about something, bring it to our attention. We'll do everything we can to make sure that we're answering their question and if it's something that is a vulnerability, that we're patching and securing that vulnerability.
Speaker 2:Let's go back and talk a bit more about digital citizenship. It's something that we focus an entire week on here in the district. Can you talk to what that means and what it means to be a good digital citizen For?
Speaker 3:sure.
Speaker 3:Yeah, so IT gets involved in this, but certainly so does our ISD, our curriculum department and all of our schools.
Speaker 3:We have digital citizenship coordinators in every one of our locations who really tries to make sure that it's not even just focused on this week, but making sure that it's focused throughout the school year, that we're teaching students the right way to use technology, that really they should be using the technology to create rather than consume. That's part of digital citizenship making sure that they are making appropriate decisions, whatever that decision is on social media whether it's appropriate for them with their parents to be on social media or maybe it's not time for a student to be on social media how to interact with each other with technology. Making sure that they are keeping their device secure and that their passwords are unique. One thing that we find often in cybersecurity is if employees or students are using that same password across multiple platforms. That is a big vulnerability, and actually part of everything that we as individuals should be doing is trying to maintain our own systems and keeping our own passwords unique and private. So some of that goes into the digital citizenship teaching, for sure.
Speaker 2:Let's dive deeper into passwords. We hate having to change them as often as we do, but it's a bit of a necessity. Can you give some advice on how to generate and remember your passwords and avoid those password one, two, three go-tos.
Speaker 3:My best advice on that is to find a good password manager. As a district, we are moving forward with a password manager that we're gonna be rolling out to departments and to teachers. One of the great things about it is it allows the employee to share that password manager with their family. Employees will be able to have their whole family using good, safe, secure passwords. For me, I let my password manager help me pick a very strong unique password on different applications and then my password to my password manager is very long and secure and as long as I can maintain that one password, my password manager helps me to remember all of my hundreds of unique passwords across all of the different systems. I'm excited that we're gonna be able to offer that to all employees rather than writing it down on a sticky note and putting it on the back of your bottom.
Speaker 3:Yeah, we've seen too many keyboards with a sticky note taped to the bottom with someone's password and that is not a secure solution. That's not a great password, Right.
Speaker 2:You mentioned that your password is very long. It used to just be. You have to have so many characters and a capital letter and a number and things like that, but now length of password seems to be what's keeping the hackers at bay.
Speaker 3:Length is important. So computers are really good at decrypting, they're really good at math, and so if a person is able to try to crack a password using a computer, the length really does become really important, as well as the special characters and the spaces and the caps in the lowercase, because they are case sensitive. So the more complex and the longer we can make our passwords, the more secure they become.
Speaker 2:You mentioned online shopping. We have the holidays coming up, you have Black Friday of Cyber Monday All of our shopping is going online. The Federal Trade Commission found consumers reported losing nearly $8.8 billion in fraud in 2022. And a lot of that is digital. That's more than 30% from the previous year. That's a big spike. Any advice there when it comes to protecting your data financially?
Speaker 3:My advice is be skeptical If something seems too good to be true. It usually is. And then the other bit of advice that I would give is have a sounding board. Have trusted advisors, whether it's your spouse or whether it's a colleague that you work with or whether it's the IT department. Have individuals that you can trust and make sure that you're vetting some of those ideas through those trusted advisors.
Speaker 3:We talk about a Christmas time at the holidays. We've talked for a long time about packages being stolen out of cars and being vigilant about don't leave a package in a car, put it in the trunk, and some of those small, simple things will help us from physical theft. And really it's the same kind of thing with cybersecurity and fraud that if we will just take a few simple steps whether it's having a sounding board or whether it's going out and double checking a site there are lots of things that you can do just by googling things If you get an email that says, hey, here's a print from Africa somewhere right now. It's been a while since I've got one of those.
Speaker 3:Maybe it's a good time to Google that and see all the other millions of people that have been invited to that same campaign. Even just double checking yourself can help keep things safe. One of the real critical things that hackers and fraudsters try to do is create a false sense of urgency. If you don't click on this button right now, your account will be deleted or your opportunity to buy this will be gone. That urgency is to really try to rush us through the thinking process and the sound board that talking to someone who we trust and can help us, that false sense of urgency is really one of the ways that they can get us. So if you see something that you're feeling, oh, I've got to do this now, that actually should be a red flag that maybe I don't need to do it now or ever.
Speaker 2:And it's not just in our emails and our text messages, it's on social media now as well, right? I mean you have the prince sending you a message, or you won a trip to, and it's not just happening in our emails and our text messages, it's on our social media. You have the print sending you a message on Facebook, or you have won a trip to Hawaii, and I think a lot of that probably has to do with what information we're putting out on Facebook as well. One of the things that I see is people sharing you know those lists of questions, right what was your, the name of your high school or the street you grew up on, and they seem fun and innocent, but there can be a darker side to those too.
Speaker 3:For sure. Social engineering is really a key component that many fraudsters and those trying to take advantage of us use, and that social engineering we make it really simple, because we go out and we put our favorite baseball team on our Twitter feed, or we show our favorite restaurants, or we show when we're on vacation and all those types of things. Us sharing all of that information gives someone that's trying to gain access to our personal information so many avenues to be able to try to attack us. You know an attack vector and what we really want to do is try to keep those attack vectors as small as possible. Share just the right information with the right people.
Speaker 3:My daughter fell for a fraudster. She had an Instagram friend who was hacked and the Instagram friend, the hacker, posted that hey, I've got a great way to get at college tuition taken care of and she, being concerned about our finances and her finances, thought this is a great way to get tuition done. And in the end, they emptied her bank account and I had a long conversation. I actually called the individual who was taking her money and he and I had a not very pleasant conversation and he assured me that he is driving around in a Lamborghini and that he will enjoy my daughter's money. We have to be really careful about what we see and about even if it's someone that we trust. We need to question the things that they're saying because we don't absolutely know that it was that same person who posted.
Speaker 2:I think the same can be said for watching out for phishing right. It's the tool of choice for a lot of hackers. They grab that personal data, that valuable information, or they're spreading malware. What's there some other tips to keep ahead of those?
Speaker 3:hackers. Phishing is really concerning, especially for the district. As I said at the very beginning, we're only as strong as our weakest link and if we have employees or students or family members, even outside of canyons, who are getting tricked into phishing, that opens the door for them to be compromised and then for that compromise to spread out further. And as an organization we really do try to trust each other and that trust conflicts with trying to keep things secure. So for phishing, the one thing I would say it used to be really easy to see phishing and we'd look for poor grammar, we'd look for misspellings, missing periods, missing commas, but now AI really is taking care of that. Where a hacker doesn't have to use great grammar or the right spelling, they can put it into AI and get a new me in prints that can look correct and sound correct and pass all the sniff tests.
Speaker 3:We can't look at that necessarily, but again, we should be very vigilant that if something seems too good to be true, it probably is. And if there's a false sense of urgency, if somebody gets an email saying, hey, you have $1,000 on an iPad that's going to your credit card, and if you don't recognize this, call this number now. Again, that's that false sense of urgency that, oh my gosh, I don't want $1,000 on my credit card, I better call now. But that call is actually where you give the information to the hackers, to the cyber criminals. So really it goes back to trying to be very thoughtful, being vigilant, kind of question everything which is hard because we would like to be able to trust everyone and yet really for cybersecurity we should trust no one. And that goes back to being vigilant and asking the appropriate people if something seems strange.
Speaker 2:And when in doubt, just delete it. Or I think one of the things that I've found I'll do is, if it looks like it is from someone it has their same name or a very similar email address that they may have changed or maybe they got a new number find another way to reach out to that person. It can happen to all of us. Technology is ever evolving and growing and we just have to learn to grow with it, and that involves some stumbles here and there.
Speaker 3:It does, trying to do better today than yesterday. Then everything will work out.
Speaker 2:That's a pretty great way to put it. Keep growing right.
Speaker 3:Keep growing. Yep, Keep growing, keep learning and don't be afraid of mistakes. Mistakes happen as part of learning. I learn more from my challenges than I do my successes, so recognize that, embrace that and, if you stumble, look around for somebody to give you a hand up, and IT is happy to do it.
Speaker 2:That's awesome. Well, Scott McCombs, thank you so much for joining us. You've given us some great insights and advice on how to keep our devices safe in this growing age of technology.
Speaker 3:Thank you, that was a pleasure.
Speaker 2:And thank you for listening. If there's a topic you'd like to hear discussed on Connect Canyons, send us an email to communications at canyonsdistrictorg.
Speaker 1:Thanks for listening to this episode of Connect Canyons. Connect with us on Twitter, facebook or Instagram at Canyons District or on our website, canyonsdistrictorg.
