Most security breaches now involve "Identity Abuse" (attackers using stolen logins rather than hacking systems) changes the game for us at West Valley School District. We can’t just rely on the district's firewall to protect us; we have to protect our individual "Digital Front Doors."

This April, we aren't just talking about the threats—we’re giving you the West Valley Action Plan to stay ahead of them.

1. Kill the Password (Switch to Passkeys)

In 2026, the traditional password is considered "legacy" and high-risk.

• The Recommendation: Wherever possible (Google, iCloud, Amazon, Banking), switch to Passkeys.

• Why? Unlike passwords, passkeys can’t be phished. They use your device's biometrics (FaceID/TouchID) to create a unique cryptographic "handshake" that only works on the real site. Even if a scammer tricks you into visiting a fake site, your passkey simply won't work there.

2. Establish a "Family Safe Word"

With AI voice cloning now able to mimic a loved one’s voice perfectly with just 3 seconds of audio, the "Grandparent Scam" or "Emergency Scam" has become high-tech.

• The Recommendation: Sit down at dinner tonight and pick a Family Safe Word or phrase—something random, unguessable, and never shared online.

• How to Use It: If anyone calls claiming to be a family member in trouble or asking for money/sensitive info, ask for the safe word. No word, no trust. Hang up and call that person back on their known number.

3. Move to "Phishing-Resistant" MFA

Standard text-message (SMS) codes are no longer the gold standard because hackers in 2026 can intercept them via "SIM Swapping" or "MFA Fatigue" attacks.

• The Recommendation: If you use Multi-Factor Authentication (and you should!), move away from text codes. Use Authenticator Apps (like Google or Microsoft Authenticator) or Hardware Keys (like a Yubikey).

• For Staff: We are prioritizing these physical and app-based methods for all district access to ensure our classroom data stays within our walls.

4. The "10-Second Pause"

AI-driven social engineering relies on urgency. Scammers want you to act before you think.

• The Recommendation: Adopt the "10-Second Pause" for every unexpected link, attachment, or "urgent" request.

• The Test: Look at the sender's actual email address (not just the name). If a "District Admin" is emailing you from a Gmail account, it’s a fake. If a "friend" sends a link with no context, don't click it.

Our Community Promise

At West Valley, we are more than just a school district; we are a digital neighborhood. When one of us secures our identity, the whole network becomes stronger.

Take 5 minutes today: Switch one account to a passkey and pick your family safe word. Let’s make West Valley the hardest target in the state.

Stay vigiliant!

Jeremy Cox 

IT Director