# Device & Internet Safety for Teachers & Employees Technology keeps our classrooms, offices, and community connected—but it also creates opportunities for attackers. Protecting your device and data helps protect our entire school network. ### Why This Matters * Compromised devices and accounts can expose **student records, financial information, and internal systems**. * Phishing emails and social engineering attacks target **people first, not machines**. * Strong habits create a safer workplace for everyone. ### Device Safety * **Keep software updated** * Enable automatic updates for your operating system, web browsers, and apps. * Updates patch vulnerabilities that hackers often exploit. * **Use strong, unique passwords** * Minimum of 10 characters, mix of uppercase, lowercase, numbers, and symbols. * Avoid reusing passwords across personal and work accounts. * A password manager can help keep them secure. * **Enable multi-factor authentication (MFA)** * Always enable MFA where available, especially for email, HR portals, and finance tools. * **Lock your device when unattended** * Press `Windows + L` (Windows) or `Control + Command + Q` (Mac) before stepping away. * Never leave devices logged in and unlocked in classrooms or offices. * **Separate work and personal devices** * Avoid logging into work accounts on personal devices when possible. * Never install unapproved apps or browser extensions on work machines. ### Internet Safety * **Use only trusted Wi-Fi** * Connect only to the school’s secure Wi-Fi or a trusted network at home. * Avoid sensitive work tasks on public Wi-Fi (e.g., airports, cafés). * **Watch for HTTPS** * Always look for `https://` in the address bar before entering any sensitive data. * Be wary of websites with misspellings or unusual domain endings. ### Phishing Attacks Phishing emails are the most common threat to schools. They’re designed to trick you into clicking a link, opening an attachment, or sharing login credentials. **Red flags in emails:** * “Urgent” language (e.g., *Your account will be disabled unless…*) * Unfamiliar senders or email addresses that look “close but off” * Unexpected attachments or links * Requests for sensitive info (passwords, W-2s, financial details) **What to do if suspicious:** * Do **not** click or reply. * Use the “Report Phishing” option in Gmail/Outlook (or forward to IT). * When in doubt, call the sender at a known phone number to verify. ### Social Engineering Attackers may use **phone calls, texts, or in-person tricks** to manipulate employees into revealing information. **Examples:** * Caller pretending to be IT support asking for your password. * A “delivery” person asking for access to staff-only areas. * A fake survey or urgent “system update” request. **How to respond:** * **Never share your password** with anyone (including IT—legitimate staff will never ask). * Verify identities before giving access to systems, accounts, or spaces. * Trust your instincts—if something feels wrong, report it immediately. ### Reporting Suspicious Activity * **IT Helpdesk:** * **Phone Extension:** 4357 (HELP) * Report ASAP—quick action can prevent larger security issues.