Recently, many teachers received an email from Adam Hehrmantraut. Of course, this email wasn’t actually from BSM’s president Dr. Adam Ehrmantraut, but it was a phishing scam that showcases the types of emails that the school is trying to educate teachers about. In fact, this past month the Help Desk has sent out both informational lessons on cybercrime and fake scams to test teachers’ knowledge of phishing.

The need for this training is apparent because of the sensitive information that BSM has access to. “We spend a lot of time looking at what we do and making sure that we take care of the data here at school. If you think about what we have whether it’s parents information, financial information, medical records, we have to make sure that we are taking care of our data… We wanted to make sure we are putting our teachers in a better position to succeed, and give them some training that carries not just at work, but hopefully at home, to educate them to make sure we’re using the best practice [and] make sure we’re taking care of our data but also students, families, alumni, and everything that might go along with that,” BSM’s Help Desk Manager, Mr. Bill Cheney, said.

These types of scams are fairly common. While some might think of internet viruses as an outside force coming in, most of the time, the biggest threat is ignorance from the inside. “One of the things that we see a lot, whether it’s an audit, or whether we go to training and we find these things out is that one of the biggest security flaws that seem to be one of the bigger issues that companies fight now is their own users… A lot of the slip-ups happen with phishing,” Cheney said.

While a large majority of the email testing has just started recently, it has been going on behind the scenes since early this school year. “We started testing it internally with technology in a small group of people. After that, we’ve pushed it out to all teachers as of last month. We’re now doing a little bit of testing throughout the year. We’re kind of gathering our baseline. We’re trying to find out right now where are teachers at, how much knowledge do they already have in this situation and what do we need to train them on. I think that will help us decide how long we’ll train, what we’ll train them on, because right now we’re still deciding what do our teachers know, [and] who needs to be trained. What’s great about the software we’re using is it actually lets us get reports for every user. So we know and can give out specific training to different teachers depending on where they’re at,” Cheney said.

These scams usually take the same form and end up asking for money or personal information. “People will email us and pretend to be the president. Unfortunately, there are people in the world falling for that. You can’t just look at the first name, last name, you have to look at who the email’s actually from, verify that it’s them, why are they asking you this. [We’re] trying to get them to realize what the red flags are in some of those emails, hopefully, that won’t happen in the future,” Cheney said.

While some teachers fall for this training, others are more suspicious. When Ms. Maura Brew was sent the fake email, she blamed her caution on her Irish roots. “I’ve seen those kinds of things before. I never click on links. I’m a cynic,” Brew said.

The tests have sent people to the Help Desk, but there haven’t been many problems with them so far. “For me, the funny one is just the amount of extra tech calls we get, which is kind of a great tell for where our teachers are… Other than that, it’s gone really smooth; we’re still gathering information to see what we need to train them on,” Cheney said.

So far there are no plans to put the students through any sort of similar training. “We’re thinking about [training for students]. Like any training, we want to make sure it’s worthwhile. Making sure that our teachers are getting something out of it, but I think it is important that we do teach our students some of these tools. Hopefully, in the future we are,” Cheney said.

For now, students should just be cautious. “One of the big rules, if it doesn’t feel right don’t click on it, especially when it comes to links in emails. If it looks phishy, if it’s from someone you know, it doesn’t hurt to reach out to them in a different way. Shoot them a text message or find them in the hallway. [Keep] an eye out for basic things like who’s the email actually from, what email address are they actually sending it from, are they asking you for weird things like your password, when you click on the link does it automatically ask you to give your Google credentials even though you’re already logged into Google? I think those are some important things to keep an eye out for that should keep the easy ones away,” Cheney said.