• Information Security report button

    Santa Ana Unified School District maintains stringent security standards to safe guard the information of our employees, students, and business partners.  Passwords and other sensitive information is always stored in an encrypted format.  As a result, employees working with such data are not able to see a particular user's password. Employees that should have access to sensitive information are granted permission to view certain data but this never includes identifying information such as passwords.

    security photo

    We ensure student safety by using a content filter to prevent access to sites deemed inappropriate for both students and staff.  If there is no business reason to traverse certain websites, they are not allowed.  This ensures that both staff and students do not accidentally view material that can be deemed offensive.
    From a network perspective, the district maintains a robust security infrastructure.  We utilize the latest technology to protect our network from intrusion and prevent unauthorized access to various parts of the network.  
  • Security Tips for the SAUSD Community

  • Think Before You Click (or Reply, or Forward)

    Posted by Ricardo Enz on 3/27/2020

    The school closure has seen unprecedented numbers of staff being sent from their places of work and asked to work from home. For most this will be a frenzied experience, and bad guys out there might choose to use that to their advantage.

    To help you stay a few steps ahead of the bad guys, TIS has some simple cybersecurity and cyber hygiene tips to help keep you safe.

    Identify dangerous spam emails

    Be suspicious of any emails that:

    • Asking people to check or renew their passwords and login credentials
    • Suspicious of emails from people you don't know 
    • Ensure anti-virus is in place and fully updated (Contact TIS Help Desk if you need help with

    Paying attention to the following tips to identify dangerous spam emails, before you open, click, download, or share data will go a long way toward protecting you and your data.

    Watch for Unknown, Spoofed, Strange or Too good to be true Email Addresses

    • Unknown email… don’t open an email from email addresses you don’t know.
    • Spoofing is email addresses that appear to come from a trustworthy source to trick the recipients done in several ways including:
      • Changing the name of the sender so that it does not match the sender’s email address
      • Using characters that are like actual letters to make the sender email address to appear to be from a recognizable source, such as the character “ε” and the letter “e”
    • Avoid Strange Attachments or Unfamiliar Links… refrain from downloading files or clicking through links in a strange email unless you trust the source
    • Seem Too Good to Be True? It Probably Is… often in the form of a promise for large sums of money or unprompted offers for advertisement opportunities

    I would add a final statement:

    • If in doubt, DON'T!


    Stay safe out there!

    Comments (-1)
  • More Than One Way to Get Hacked

    Posted by Emil Ahangarzadeh on 9/16/2016

    A common misconception people have about cyber attackers is that they only use advanced hacking tools and technology to break into people’s computers, accounts, and mobile devices.  This is simply not true.  Cyber attackers have learned that one of the easiest ways to steal your information or hack your computer is by simply talking to and misleading you.  Learn about seven ways that hackers use social engineering to access privileged information.

    Comments (-1)
  • Unique Passwords

    Posted by Emil Ahangarzadeh on 6/3/2016

    Make sure each of your accounts has a separate, unique password. Can’t remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.

    To learn more about password managers, visit the Securing the Human Blog at https://www.sausd.us/infosec

    Comments (-1)
  • Never Give Your Password Over the Phone

    Posted by Emil Ahangarzadeh on 5/16/2016

    Never give your password to someone over the phone. If someone calls you and asks for your password while saying they are from the Help Desk or Tech Support team, it is an attacker attempting to gain access to your account.

    Comments (-1)
  • Never Respond to Emails Asking for Personal Information

    Posted by Emil Ahangarzadeh on 5/4/2016

    Companies you do business with should never ask for your account information, credit card numbers or password in an email. If you have any questions about an email you receive that supposedly came from your financial institution or service provider, find their number on their website and call them.

    Comments (-1)
  • Checking Links in Spammy Emails

    Posted by Emil Ahangarzadeh on 4/11/2016

    We get this question all of the time--“How do I know if it’s spam?” One of the clever tricks that cyber-criminals use to hack our devices and data is to disguise emails as legitimate messages. They will often embed actionable items in their messages like macro-enabled documents attached to the message that will run viruses on your local computer when opened or embedded links that seem to take you to the place online that you want to go but actually take you to nefarious websites.


    One trick to find out if the links in emails (or websites, for that matter) are legit is to simply hover over the link and then look in the bottom left of your browser to see the actual URL (i.e. the Web address) that the browser will send you to. Try it out. Hover over this link that will take you to a perfectly safe place (don’t click it) and look in the lower left of your browser or your Outlook client to see where it will actually take you. In some versions of Outlook, you can just hover over the link and a context pop-up window will tell you the address the link is connected to. Often, you can see that the URL the link is being directed to is phishy (pardon the pun).


    Alternatively, you can right click on a link and select 'copy link location'.  Then, visit http://www.urlvoid.com/ and paste the link in their search field to see if there have been any reported phishing scams associated with the link.  Remember, RIGHT CLICK (not left).


    The best advice is that if it smells like, phish, it's probably phish.  So--WHEN IN DOUBT, GET IT OUT! Delete ASAP.

    Comments (-1)
  • Don't Share Passwords

    Posted by Emil Ahangarzadeh on 11/30/2015

    Never share your passwords with others, including your supervisor or coworkers. Your password is a secret; it only works if only you know it. If anyone else knows your password, you may be responsible for their actions.

    Comments (-1)
  • Reporting an Incident

    Posted by Emil Ahangarzadeh on 10/13/2015

    Eventually, we all get hacked. The bad guys are very persistent and we can all make a mistake. If a phone call from the "Help Desk" doesn't sound quite right, if an email seems suspicious or if a program you installed starts acting funny, ask for help! Your security team is there to help you. The sooner you report an incident, the sooner we can help resolve the problem.  Here's the link to report suspected security incidents:  https://www.sausd.us/Page/30568

    Comments (-1)
  • Use Caution Opening Email Attachments

    Posted by Emil Ahangarzadeh on 9/24/2015

    A common method cyber criminals use to hack into people's computers is to send them emails with infected attachments. People are tricked into opening these attachments because they appear to come from someone or something they know and trust. Only open email attachments that you were expecting. Not sure about an email? Call the person to confirm they sent it.

    Comments (-1)
  • Back up Your Files

    Posted by Emil Emil Ahangarzadeh, Ed.D. on 7/22/2015

    Eventually, we all have an accident or get hacked. And when we do, backups are often the only way to recover. Backups are cheap and easy; make sure you are backing up all of your personal information on a regular basis.  Learn how to back up your files on Windows systems.

    Comments (-1)