Technology Announcements, Programs and Services
March 9-12 outage for CEO, ILT, and EWI dashboards
The Tableau server will be upgraded between 6:00 a.m. on Friday, March 9 and 6:00 a.m. on Monday, March 12. During this time, users will not have access to the CEO, ILT, and EWI dashboards.
For assistance, contact 443-984-2000.
Expires: March 12, 2018
ALERT: Hackers using Winter Olympics to target internet users
Cyber criminals may attempt to use interest in the Winter Olympics to target internet users: City Schools employees are asked to use caution in order to avoid the below tactics.
Phishing: It is highly likely that malicious actors will capitalize on the 2018 Winter Olympics by sending phishing emails with links to malicious websites which advertise information such as live coverage, news stories, or ticket sales. These websites often contain malware or attempt to steal login credentials. State and Local government employees are likely to receive these emails as part of larger campaigns. Users who follow phishing links or open malicious attachments risk compromising City Schools' network by disclosing their credentials or downloading malware.
False websites: Malicious actors will likely recycle the tactic of creating malware-laden websites masquerading as legitimate platforms to attract users looking for information about the Olympic Games. Cyber criminals are domain squatting and registering domains similar to legitimate ones; for example, domains with themes relevant to live streaming the 2018 Olympic Games or containing “Olympics”, “winter”, “games”, PyeongChang”, or “2018," such as winterolympics2018live[.]com, nbcolympics-live[.]com, and statsolympics[.]com. These websites are not confirmed as malicious, but they are not the official domains some of them pretend to be.
Mobile apps: Malicious actors are likely to upload Olympics-themed mobile apps with collection capabilities that are likely to cause data breaches if downloaded to City Schools' devices. During the Rio Olympics, researchers identified over 4,500 mobile apps pertaining to the Games that also performed risky or malicious activities such as hijacking social media accounts or collecting data.
Widespread service outage
Access to all internet and network-based resources (e.g., Infinite Campus, ERP, district website, Blackboard) will be unavailable on Thursday, Feb. 15, from 12:01 to 2:00 a.m.
For questions, call the IT service support center at 443-642-3000.
Phishing/spam email awareness trainingEmployees are encouraged to participate in email awareness training to learn how to identify and deal with potentially harmful and malicious emails. These emails mislead employees into sharing login credentials or other sensitive information which may compromise personal records or employee identities.The training is available on the staff and administrator training app modules on Blackboard.
Sending encrypted emails with Outlook or Office 365
City Schools employees can now securely send encrypted emails to external or internal recipients by including the "BcpssSecure" tag in the subject line of an email. For example, if a subject line is written as "Update to dress code policy - BcpssSecure," the related email will automatically be encrypted and will require a pass code or secure sign-in to be read.
Click here for more information about sending and receiving encrypted emails.
For questions, contact the IT Service Support Center at 443-642-3000 or ServiceDesk@bcps.k12.md.us.
Annual technology inventory
The annual technology inventory begins on Monday, January 8. This year, there will be a few changes to the process to improve the accuracy of records documenting the district’s technology devices. As in the past, school leaders must identify inventory managers responsible for updating the inventory; the deadline for doing so via Principal’s Dashboard is Friday, January 19. A team from the Information Technology Office will be scheduled to visit each school to assist inventory managers with data collection, verify accuracy, and answer any questions.
Please review this milestone chart, which also includes information on the process and instructions regarding identification of inventory managers.
For questions, contact the IT Service Support Center at 443-642-3000 or ServiceDesk@bcps.k12.md.us.
Reducing the risks of online shopping
At this time of year when online shopping hits its peak, it’s important to remember that when you shop online, you may attract phishing attempts, expose yourself to identity theft, and raise the risk of cyberattacks on network systems.
Please follow these recommendations to protect yourself at all times of year, and particularly in this season if you are increasing your online shopping activity.
- Manage your online privacy and passwords.During the online shopping season, you are more likely to open emails, create new accounts, share your email address, or reuse a password. This can result in your receiving and opening emails that you do not realize are malicious and you may then inadvertently share password information with cyber criminals. For this reason, you should use different passwords for different accounts. Note that your City Schools password should not be used for anything other than logging into your City Schools network accounts.
- Do not use your work email address when online shopping. Never register for online accounts with your City Schools email address. This discloses where you work and may increase your risk of being targeted and City Schools’ chance of being targeted by cyberattacks. Note that the district’s Internet Safety/Acceptable Use of Technology policy indicates that use of City Schools’ email system is limited to City Schools’ business purposes only.
- Use caution when opening unfamiliar emails or visiting unfamiliar websites. Opening suspicious emails and attachments, clicking on links to infected websites, or clicking on malicious advertising (“malvertising”) can introduce malware into your account and into the network. When in doubt, delete and don’t click.
- Use your home computer or personal mobile device for online shopping. Help protect the City Schools network by doing your online shopping at home or on your own mobile device. Note that the Internet Safety/Acceptable Use of Technology policy allows only limited personal use of district systems.
Scam alert [Posted: November 13, 2017]A phishing attempt is using a screen-shot of a City Schools web page to lure employees to enter their user ID and password (log-in credentials) in order to gain access to other sensitive information. This is a fictitious website. Individuals may email you this link in an email as an attempt to lure you into entering your credentials. This is simply a screen shot of our web page (with the hackers web address) in an attempt to gain private credentials. ITD has blocked this site, but all users must be mindful of web addresses when accessing City Schools resources from external devices or computers.As a reminder, ALWAYS access City Schools’ resources via our main page.
Baltimore City Public Schools does not solicit personal information (e.g., social security numbers) from employees over the phone or through email. Employees should not participate in any call which seeks this type of personal information or respond to any email seeking the same.
Click here for more information on how to protect yourself from these attacks.
If you see any suspicious activity, contact ITD Service at (443) 642-3000.
Computer safety alert [Posted: October 25, 2017]
A new ransomware outbreak ("Bad Rabbit") is spreading across the globe. The Information Technology department is working to ensure that all systems are protected, we want to show you what to look for in case you encountered it here at work or at home.
The ransomware is often delivered via a compromised (and possibly legitimate) webpage. If you see a pop-up message about updating Adobe Flash like the one below, do not click anywhere on it. Instead, call the IT support desk immediately at 443-642-3000.
Clicking on the above will load the malware may onto your system where it could encrypt/destroy files. If you encounter this at home, log out without interacting with your browser, log back in, and immediately clear the browser history. You should also avoid the infected website for a few days.
If your machine is encrypted after the malware process completes, you will see:
Followed by a payment page:
NOTE: If you see either of the two images above on your system, immediately shut down your computer and call the IT support desk at 443-642-3000.
The malware will sometimes attempt to connect with the following passwords. If you’re using one of these anywhere, change it to something else immediately.
Password resetsCity Schools employees are encouraged to use the password reset tool to reset Network passwords and Employee Self Service passwords. Network passwords are used for features such as logging into workstations and Office 365. Employee Self Service passwords are used to access paycheck statements, for open enrollment, to register for professional developments, or to apply for new positions.
The password reset tool can be accessed by visiting https://reset.bcps.k12.md.us or by clicking on the password reset icon found on most school computer desktops.
For assistance, view this tutorial video.Deadline: Ongoing
Protecting against "ransomware" attacksCriminal hackers recently released a strain of ransomware, WannaCry, that spreads itself automatically across all workstations on a network. As of mid-May, this attack had impacted approximately 150 countries. Although the initial spread of the virus has slowed, modified versions are still being released across the globe.
Be very suspicious when you get an email from an unknown sender or when you get an unexpected attachment. If you accidentally open one of these phishing email attachments, you might infect not only your own workstation, but other workstations as well. If there is a .zip file in the attachment, do not click on it: Delete the whole email. Remember, "When in doubt, throw it out!" Also, be careful with any external devices (i.e. thumb drives, storage devices, etc.) that you plug into your workstation. These external peripherals can carry viruses that easily migrate to your workstation.
Please watch this video which outlines fraudulent emails and steps to take to ensure security. Additional helpful information can be accessed using the links below:
Phishing attacksEmail phishing attacks are attempts to steal personal information, such as usernames and passwords, and can appear to come from legitimate email accounts. Recent phishing messages have included the below examples:
- “This is your last warning. You will not be able to receive or send mail in the next 8 hours. Click here to increase your Outlook mail box quota limit.”
- “Your SD has exceeded its storage limit. CLICK HERE and click on FINISH to get more space or you won’t be able to send mail.”
- “Kindly send list of W-2 (tax and wages) copy of all employees for 2016 in PDF here.”
Because City Schools’ email servers have been experiencing increased phishing attacks, staff members are encouraged to delete all suspicious email messages and avoid opening attachments from unknown sources. They are also encouraged to watch this video, which outlines fraudulent emails and steps to take to ensure security. (Click here if you experience technical difficulties when viewing the video.)
How to Access and Use the Guest Wireless NetworkVisitors to City Schools schools and offices can now access the internet by connecting to the BCPSS-GUEST wireless network. After connecting to the network, visitors will be redirected to a registration page. Guest access requests will be approved by a City Schools staff member who is a wireless approver.
Using public wi-fi safelyLocal coffee shops, airports, or public gathering places that provide free wireless networks are convenient, but are often not secure. Follow these guidelines when using public wi-fi.
- Use caution and be aware that public wi-fi is inherently insecure. Laptops, smartphones, and tablets are all susceptible to wireless security risks.
- Treat all wi-fi links with suspicion and avoid connecting to unknown or unrecognized wireless access points.
- Use a virtual private network (VPN) when you connect to a public wi-fi network to encrypt all of your data that passes through the network.
- Avoid logging into websites which put your identity, passwords, financial or any other personal information at risk.
- Protect your devices against cyber attacks with a rigorous anti-malware and security solution and ensure that it’s updated regularly.
For more information, visit www.staysafeonline.org.
5-Digit DialingWhen placing phone calls between schools and district buildings and vice versa, callers may have to use 10 digits instead of 5 because district phones were recently upgraded. All schools can be reached using 10-digits.(Expires: Ongoing)