Cybersecurity & Policies

Cybersecurity isn't just about computers—it's about protecting our entire learning community.

At HISD, our priority is ensuring a safe and continuous educational experience. This means keeping unauthorized hands away from sensitive information. Cybersecurity is critical because it protects our students' private data, secures the integrity of our financial and operational systems, and ensures that teaching and learning can happen every day without interruption.

Every staff member, teacher, and student plays a vital role in this defense. Think of it as teamwork: by following these simple policies, you help us maintain a secure digital environment, safeguard sensitive information, and keep HISD running smoothly.

Best Practices: Your Daily Defense

Simple, daily habits are our strongest line of defense against cyber threats. Follow these guidelines to keep your accounts and HISD resources secure.

Strong Passwords & Account Security 

• Length Matters - Your password should be at least 12 characters long. The longer it is, the harder it is to crack.

• Mix It Up - Use a combination of uppercase letters, lowercase letters, numbers, and symbols ($ ! # &$ ).

• Avoid Personal Info - Never use your name, school, birth date, or common dictionary words.

• Keep it Private - Never write down passwords or share them with colleagues, students, or family members. HISD IT will never ask you for your password.

• Enable MFA - Always enable Multi-Factor Authentication (MFA) or 2-Step Verification whenever possible on your HISD accounts. 

Spotting Phishing & Suspicious Emails

Phishing is the most common way hackers try to steal your information. If an email looks suspicious, take these three steps:

• Check the Sender - Look closely at the email address. Even if the name looks familiar (e.g., "HISD Support"), the actual email address might be wrong (e.g., support@hisd.net instead of @hisd.com).

• Urgency & Fear - Be suspicious of emails that create extreme urgency, threaten account closure, or promise large financial rewards. Hackers use panic to make you click fast.

• Hover Before You Click - Before clicking any link or downloading an attachment, hover your mouse over the link to see the true destination address in the corner of your browser. If it doesn't match the description, do not click.

Device & Physical Security 

• Lock Your Screen - Always lock your computer screen ($Windows + L$ or $Command + Control + Q$ on a Mac) when you step away from your desk, even for a moment.

• Keep Software Updated - Regularly install software updates and patches as prompted by IT. These often contain critical security fixes.

• Approved Apps Only - Only install HISD-approved software on district devices. If you need a new program, submit a request to the Help Desk.

Policies & Procedures

The following documents define the acceptable use of HISD technology resources, devices, and the expectations for maintaining data privacy. All employees, students, and contractors are required to read and adhere to these district policies.

Acceptable Use Policy (AUP) - The rules and guidelines for using all district hardware, software, and network resources. View HISD Acceptable Use Policy (AUP)

Data Privacy & Confidentiality - Outlines how sensitive student and staff data (e.g., FERPA compliance) must be handled and protected. Read Data Privacy Policy

Employee Device Policy - Specifies responsibilities related to district-issued laptops, tablets, and mobile devices (e.g., required security features, off-site use).

Contact Us

Report the Breach - Choose the fastest contact method available to you.

Contact Information - Details to Include in Your Report

Internal Help Desk Dial x5701 - Your Name, Role, with Location and a brief description of what happened (e.g., "I clicked a link," "I see a suspicious file")

Email - technology@hisd.com

Tips for Emailing Sensitive Documents

For the protection of student and staff privacy, all documents containing sensitive data (such as grades, test scores, medical information, or personal identification) must be protected with a password before being sent via email.

Using the Adobe Acrobat Protect PDF tool is the easiest and most effective way to secure these files.

Step-by-Step Guide: Password Protecting Your PDF

Follow these steps to ensure your sensitive PDF is protected before you attach it to an email:

1. Go to the Protect PDF Tool: Open your web browser and navigate directly to the Adobe Acrobat Protect PDF page: https://acrobat.adobe.com/link/acrobat/protect-pdf

2. Upload Your PDF: Click the large "Select a file" button, or drag and drop your sensitive PDF file directly into the tool area.

3. Set a Strong Password: Enter a unique and strong password in the required field, and then confirm it. This password will be the "key" the recipient needs to open the file.

4. Protect the PDF: Click the "Protect" button. The tool will apply the encryption to your document.

5. Download the File: Click the "Download" button to save the newly protected PDF to your computer. This is the version you will attach to your email.

Best Practices for Emailing Secured PDFs

To ensure the highest level of security, follow the principle of separating the "lock" from the "key":

• Attachment Email (The "Lock"): Send the email containing the password-protected PDF attachment.

• Password Communication (The "Key"): Send the password to the recipient using a separate channel.

  • Recommended: A phone call, a text message, or a separate encrypted chat service.

  • Avoid: Sending the password in the same email as the attachment, or in a direct reply/forward.

By following this process, even if the email containing the attachment is intercepted, the unauthorized party will not have the password needed to view the sensitive data.