Category Archives: for Staff

Phishing Testing to begin in April

Phishing testing to begin in April

Our district recently purchased a service for phishing testing and we will begin work before the end of this month.  If you have questions – drop me a note at  

Q1. What is phishing?
A1. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.


Q2. What is phishing testing?
A2. It’s when fake emails are sent to users for training purposes.  By sending out fake messages and attempting to get users to click on links, open attachments, and potentially give up passwords – we help identify users that need additional training for how to recognize fake emails that attempting to get access to your account.

Q3. So our own school district is sending out fake emails to try to “catch” staff members? Huh? Why?
A3. Yes, we are asking a company to send out fake emails to help us measure how well our staff are doing in determining if emails are fake or not.  Phishing attacks are one of the largest and easiest ways for scammers to not only access your email account and computer – they are also using these methods to access to your personal accounts including online banking (if you’re one who uses your school password for your personal accounts).   

Q4. Who are the messages being sent to:  Staff or students? Both?
A4. At this time, we are only focusing on staff members.

Q5. When will it begin?
A5. We are starting right away in the month of April.

Q6. How often will it happen?
A6. We are aiming for once a month per staff member.  Also, we will NOT be sending out phishing tests during the busiest times (end of the school year or start of the school year)

Q7. Will everyone in the district get the same emails?
A7. No.   The emails will be sent at random times and only a number of staff members will get the same message. Over time, each staff member will see a variety of phishing examples/types. 

Q8. When I get an email that I think is suspicious – what should I do with it?
A8. Please mark it as SPAM.  Make sure the email is selected and then click the SPAM icon (the stop sign icon with an exclamation point). This will delete the email and notify Google to have the message reviewed.

Q9. What will the emails look like?
A9. We are not sharing what the emails will look like. However, they will be comparable to the standard phishing scams that you’ve seen before.

Q10. When exactly will they be sent?
A10. We will not be sharing exactly what will be sent or when it will be sent –  instead, we are notifying staff that phishing testing will start in the month of April.

Q11. How will I know if they are fake or not?  What guidance can you give me to help understand what might be fake?
A11. We recommend the following sites for helpful tips on identifying phishing scams:

Q12.  Is someone keeping track of who falls for the phishing emails?
A12. Yes, the company we hired is monitoring the emails and they track what message types are sent to which users, as well as what users fall for the phishing messages.

Q13. If I fall for one of the phishing or fake emails – what happens?
A13. If a phishing message contains a link – and you click on the link,  the next screen will identify that it is part of our phishing testing and it will point out the indicators and help explain why the message should have recognized as being fake.

Q14. Are their consequences?  Will my supervisor be scheduling a meeting with me if I accidentally fall for one of the phishing emails?
A14. Initially, there will be no consequences, we are using the testing to find out how well our staff is doing at handling these types of email.   If we find there’s a significant problem, we’ll then look at assigning online training to the individuals who need it.

Q15.  By doing these phishing tests, are we asking teachers to do more work?
A15. No.  We’ve always asked you to mark spam/junk mail when you see it –  and this is no different.  In fact, if you’re already good at spotting fake messages/junk mail, then nothing will change for you, you’ll end up deleting these messages and you’ll never have to worry about being asked to take additional training.




Sign long-term deal with Canvas?

The question posed to me was:  How can we improve our usage of Canvas?

My response:  Make a long-term commitment/contract with Canvas, for example, sign a 3-year to 5-year deal to keep Canvas as our online system for storing course content and more importantly, our resources.  

When I’ve stated this out loud, it seems that I’m catching people off guard.  Sometimes the response back is the opposite approach, “We need to shop around to see if we can find something better.”

My response, “We did shop – and we could shop every year for a newer, better system…. but that will only help a few people.  If we want to help everyone, we need to build consistency by staying with a solution for the long term.”

We know Canvas is NOT perfect.  In my opinion, no learning management system is perfect. In fact, no piece of software is perfect.  Every solution has benefits and concerns –  and shopping for something new only gets you a new set of benefits, as well as a new set of concerns.  

By looking at a long-term deal, we create stability and consistency that will help us. A long-term deal would help assure our staff that we aren’t going to pull the rug out from under them and make a sudden switch to the next new shiny thing that comes along.  It takes a lot of time to load course materials and resources into an online system – and nothing is more frustrating than conversations about possibly changing systems.  Providing this consistency is not only a benefit for staff,  I believe it also provides consistency for students, administrators, and parents in the long term.

Thoughts or reactions?   Either drop me a line at or leave a comment on this post.