Unique, long passwords are a first line of defense; long, random, one-of-a-kind passwords dramatically reduce the chance of a breach. A password manager handles the “remembering,” so you don’t reuse passwords across accounts. In schools, one weak or reused password can cascade into access to gradebooks/SIS, HR/payroll, transportation, vendor portals, etc. Making strong/unique passwords “standard practice” protects students, staff, and families district-wide.

What you Can Do

• Make long passphrases (4–5 unrelated words) for important accounts.
• Don’t reuse passwords—separate home and school.
• Start using a password manager; save your top 5 logins today.
• Run your manager’s “password health” check and replace weak/reused items

Example Scenarios

• A reused personal password is exposed in a breach and unlocks a payroll portal; a unique passphrase in a manager would have stopped it.
• An afterschool club’s “shared” password leaks and circulates around campus to non-club members; switch to individual accounts or a shared vault entry with limited access.

MFA adds a quick second check (Push Notification, passkey/security key, One-Time Password, yubi-key) so a stolen password alone can’t be used to log in to your account. It shuts down most account takeovers. In K-12, MFA is critical for email/SSO and especially for roles handling money or student data (finance, HR, registrars, front office, technology, etc). 

What you Can Do

• Turn on MFA for your email and any other account that supports it.
• Store backup codes securely (in your manager or printed and locked away).
• If you’re subbing or traveling, confirm your default MFA method works on the go.

Example Scenarios

• Someone tries to log in to your bank account using a stolen password, but your bank sends you an SMS one-time code to verify the login attempt. This tips you off to the compromise, and you’re able to alert your bank.

Updates fix known security holes in operating systems, browsers, and apps; skipping them leaves doors open in your systems. In schools, keeping browsers, testing apps, device OSs, and classroom tools current prevents instruction disruptions and helps mitigate potential ransomware incidents. Think of updates as routine maintenance that keeps learning and business operations running.

What you Can Do

• Restart devices weekly and accept updates when prompted.
• Force a browser update to grab the latest security patches.
• Update critical classroom/home apps (video tools, doc viewers, drivers).
• At home, update phones, tablets, computers, and smart devices tied to school accounts.

Example Scenarios

• A widespread browser 0-day exploit appears, and overnight auto-updates close the hole early that same morning. This prevents a potential PSU-wide service interruption.
• An outdated testing app locks up during exams. If the application was updated beforehand, the PSU could have avoided the resulting downtime and need for retests.

Phishing and social engineering attacks prey on urgency, curiosity, or fear to make people click, share info, or move money. Recognizing and reporting suspicious messages quickly helps defenders isolate threats and protect everyone. In schools, scammers typically target front offices, principals, coaches, parents, and vendors with lures like gift-card requests, fake “shared documents,” FAFSA/fee scams, and “please update bank info” emails.  

What you Can Do

• Pause before you click; check the sender, hover links, and distrust surprise “urgent” requests.
• Use your mail app’s Report button or forward suspicious messages to your PSU’s security address.
• If you clicked or entered info, report it right away! Speed limits damage.
• Verify money/data changes via a known phone number or in person, not just email.

Example Scenarios

• A registrar gets a “state audit” request for student records; reporting it prevents a privacy incident where PII was potentially disclosed.
• An athletics gift card email “from the principal” is flagged and blocked because staff report it promptly. This saves numerous PSU members from potentially sending their money to the bad actors.

• Interactive Module – Insights from a Hacker: Social Engineering Red Flags
• Video Module – Security Culture and You
• Downloadable Assets
  • Infographic – Power up your Password Security
  • Poster – Power up your Password Security
  • Awareness Tips – Stay Alert for Messaging Scams

• Interactive Module – AI, Phishing, and Cybersecurity
• Video Module – AI and Sensitive Info Don’t Mix
• Downloadable Assets
  • Infographic – Cybersmart Safety Tips
  • Poster – Deepfakes
  • Awareness Tips – Protect Your Digital Data

• Interactive Module – Ransomware Ready
• Video Module – Cloud Ransomware Demo
• Downloadable Assets
  • Infographic – Major Keys to Ransomware Protection
  • Poster – Jaws: Don’t Be a Victim
  • Awareness Tips – Your Role

• Interactive Module – Links and Attachments: Think Before You Click
• Video Module – QR Codes Safe Scanning
• Downloadable Assets
  • Infographic – Don’t Get Hooked: Report Every Phishing Attempt
  • Poster – Catch Sight of a Concern? Help Others Learn!
  • Awareness Tips – Phishing, Physical Security, and Data Breaches, Oh My!