Please ensure Javascript is enabled for purposes of website accessibility Data Privacy and Security at GUFS
PLEASE NOTE:
You are using an outdated browser that is no longer suitable for modern web standards.
Please update (or change) your browser to view our site as it is intended to be seen. Thank you.

Data Privacy and Security

Our first technology-related priority is always the safety and well-being of our students. As such, we carefully consider the role of technology in their educational experiences and monitor usage on a regular basis to ensure privacy of information and appropriateness of resources. Please explore the links below to learn more about our efforts to keep personal data secure and private.


Michael Sammartano
Data Protection Officer (DPO)
845-424-3689 x227
msammartano@gufs.org


Additional Information and Resources

Research shows that 95% of data breaches are the result of human error! One of the most common schemes hackers use to access accounts is phishing. In the few short months I have been in Garrison, I have seen multiple attempted phishing emails make it through to our inboxes. It's so important that faculty and staff are aware of this tactic and able to recognize it.

Should you click? Should you reply?

  1. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
  1. Messages may say that they’ve noticed some suspicious activity or log-in attempts
  2. Messages may claim there’s a problem with your account or your payment information.
  3. Messages may say you must confirm some personal information
  4. Messages may include a fake invoice
  5. Messages may want you to click on a link to make a payment
  6. Messages may say you’re eligible to register for a government refund or grant offer a coupon for free stuff

Tips to Help you Avoid Phishing Scams
  1. Be mindful of branding and logos. Strange links and unfamiliar branding are a sign that the email could be part of a phishing attempt
  2. Look before you click. Hover over links with your cursor to see the target URL. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website.
  1. Never Give Out Personal Information. As a general rule, you should never share personal or financially sensitive information over the Internet. When in doubt, visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. Never send an email with sensitive information to anyone.
  2. When in doubt, ask. If an email appears to be from a legitimate source, but you are unsure contact that person or department to verify it's from them.

Do you think you would be able to spot a phishing scheme? Take this test to find out!

Malware refers to any intrusive software developed by cybercriminals to steal data and damage or destroy computers and computer systems. The topic for this week’s Cybersecurity blast is a review of types of malware and how to avoid them. Feel free to print out, post and share with your staff as we work together to build a culture of cybersecurity and data protection in our districts.
Check out all the different types of malware here.

Tips to Avoid Malware

  1. Install antivirus and anti-malware software
  2. Keep your OS, browser, and other programs updated
  3. Back up your files
  4. Don’t Click on pop-ups or malicious links
  5. Learn how to identify suspicious sites
  6. Search for information about the site
  7. Check the address bar in the URL bar
  8. Run a Google safe browsing diagnostic test on the site

Remember hacking a human is easier than hacking a computer! People being mindful and smart about technology and data is the best defense!

Area of Risk: Phone
Hacker Tactic: Impersonation, caller is in a panic or angry
Defense Strategy: Never give out passwords or other confidential information by phone

Area of Risk: Typosquatting
Hacker Tactic: Similar to a phishing attack, but the hacker sits on a similar domain name and waits
Defense Strategy: Double check the web adddress to be sure there are no typos or added characters

Area of Risk: Building Entrance
Hacker Tactic: Unauthorized Physical Access
Defense Strategy: Badge security, discourage piggyback entry, and security officers present at entrance

Area of Risk: Office
Hacker Tactic: Shoulder Surfing
Defense Strategy: Don't type in passwords with anyone else present. If you must log-in, do it quickly

Area of Risk: Dumpsters
Hacker Tactic: Dumpster Diving
Defense Strategy: Shred documents, erase all device data before discard

Tools/Policies