SAU19 takes cybersecurity and data privacy seriously. As such we monitor the web for cyber incidents that may impact sau19.org user accounts. Below are some answers to frequently asked questions about data privacy and security:
- What should I do if I get notified that my students sau19.org email account was found in a data breach dataset .
- First off the impacted account should have the password changed to be a "strong" password. According to CISA (Cybersecurity & Infrastructure Security Administration), A strong password is defined as:
- Long: At least 16 characters long (more is better)
- Random: A mix of upper/lowercase letters, numbers and symbols or a passphrase of 5–7 unrelated words
- Unique: Used for only one account
- Another option in place of a password is a passphrase. According to NIST (National Institute of Standards and Technology), A passphrase combines multiple real words together to create something that’s easier to invent and remember.
- NIST recommends length over complexity, so the longer the password and the larger range of characters, the better.
- For example, “Cassette lava baby” is 18 characters long, memorable, and random enough to be hard to guess. (Of course, you should create your own passphrase not use the example)
- Any other platform that uses the same email address and password should also be changed.
- First off the impacted account should have the password changed to be a "strong" password. According to CISA (Cybersecurity & Infrastructure Security Administration), A strong password is defined as:
- Should I have MFA added to the student's account?
- While SAU19 does NOT require students to have MFA (Multi Factor Authentication) implemented on their accounts, (Mostly because MFA typically requires a separate device or app to validate the account, and students don't have access to cell phones at school) we strongly encourage users to protect non-school accounts with MFA. You can learn more about MFA here. SAU19 does implement additional safeguards around student accounts (such as Geofencing and Geo-blocking). While these are not as strong as MFA, they do provide some additional protections.
- Should I be worried that other home accounts may be compromised?
- There are multiple ways an account can be compromised, such as a cyber-attack, phishing, or malware.
- If the compromise was the result of a cyber-attack against a website provider, than any account on that site may be compromised. It most likely will not impact accounts on other sites. You can learn more about common cyber-attacks here.
- If the compromise was by phishing, then the student most likely tried to log into a "fake" website, and that "fake" website was used to obtain account information. You can learn more about phishing here.
- If the compromise was due to malware, there there is a good chance that any sensitive information on that device was compromised. You can learn more about malware and how to address it here.
- The district utilizes a service called "Have I Been Pwned" to monitor data breach data and notify the district when accounts are identified. While the district pays for this service, it is available for anyone to search the list of compromised websites and check to see if their account has been involved in any of their monitored data breaches.
- There are multiple ways an account can be compromised, such as a cyber-attack, phishing, or malware.