I Love My Tech Team with Thomas Boles
jethro_2_06-11-2025_110007: Welcome to the Cyber Traps podcast.
I am your host Jethro Jones, and you can find me on all the social networks at Jethro Jones.
Cyber Traps is part of the B Podcast Network.
The best.
A group of educational podcasts out there, we've got something for everybody.
And if there's something that is not there and you listen to the podcast and you have a role in the school district or school, uh, let me know and let's make a podcast to serve you and your needs.
Um, today I'm excited to have Thomas Bowles on the program.
Uh, Thomas is the founder of I Love My Tech Team, a company dedicated to solving tech problems for Catholic schools across the us.
a background as a teacher, administrator and tech director, Thomas understands unique challenges Catholic schools face.
And under his leadership, the tech team sets up repairs and manages networks, accounts and devices nationwide, while also offering professional development and program design to help schools transition from ah, nothing works to being a shiny example of innovation.
and the tech team are passionate about making technology work seamlessly so teachers and administrators can focus on what they do best, which is educating students.
Thomas, welcome and thank you for being here and being part of Cyber Traps today.
thomas_1_06-11-2025_110018: Thank you.
Happy to be here.
jethro_2_06-11-2025_110007: Yeah, I'm, I'm excited.
We talked, uh, last week and I, after talking with you, I thought this is a. Uh, a, a niche area that you're serving of Catholic schools specifically, which is, uh, powerful because they have a little different, um, uh, goal and and purpose than most traditional schools do.
And so most of the people that we talk with are dealing with, uh, traditional public schools.
But, uh, you have a unique perspective and I'm glad to get you.
Uh, here as part of this.
Um, so because this is the Cyber Traps podcast, we talk about traps that people get into.
So what are some of the ways that you've seen teachers in schools get themselves or their school into trouble online?
I.
thomas_1_06-11-2025_110018: Yeah.
Speaking of, uh, the public school situation in, in that regard, you usually have like a team and they're dedicating their time and talent focusing.
On protecting teachers and whatnot.
Uh, with the Catholic school system, there's often not a united, um, tech person or group who are handling that.
And so you, what you end up with is you have a lot of different situations at each school.
Um, and the, the most common thing that we see, 'cause we get to touch, you know, you know, every faculty device, every device in the school for that matter.
We see a lot of folks get into trouble.
Uh, you know, one, the most basic is they have a whole lot of personal stuff.
On their school device.
And so, you know, that can be leads all kinds of trouble, especially if you have, uh, some sensitive information there and that may get lost or, uh, perhaps stolen and uh, becomes more of an issue of.
Oh, I, you know, my device was lost and, and I've, uh, lost my lesson plans versus I've lost like, all my bank information and everything else that they keep there.
Um, but the, the second most common one is that they'll, they'll do a lot of, uh, online shopping.
And so they get into a lot of, let me click on this to get a discount on this, on this.
And then in the background, you know, the, the internet, uh, has a way of, of moving buttons so that you actually click on something else, or you think you're.
You're downloading one thing, you're downloading something else, and they, they infect their computers in ways that, uh, were not previously, uh, thought to be possible.
And so we spend a lot of time trying to, uh, you know, dig through that and help folks through that.
We do that through some preventative methods in, in order to make sure that we can find where those things are.
Um, but that's, you know, the two typical things that are happening and it's, uh.
You know, can be preventable, especially if we, we educate the teachers, but it's, there's always gonna be something that pops up that we hadn't thought about.
So those are probably the two, two most common.
jethro_2_06-11-2025_110007: yeah.
Well, and those things, having your personal stuff on the school device and online shopping, like those are things that when I became a teacher my first year, I was like.
Like, oh, I can just use this computer for anything.
And then I quickly realized, no, I really shouldn't, because I don't want the district to have access to all my information.
And, um, If I'm at work, I should just be at work.
And, and I don't remember who told me that at first, or if anybody did, but I remember thinking, I just need to like, have this clear demarcation between the two.
And, and doing that became really helpful, uh, throughout my career that anything personal I did on my own devices and anything work related I just did on those devices and that.
That has been a, a very good way to manage all of that for, for a long time you, you hinted at this idea that Catholic schools specifically, I mean, all schools have this problem where we are not technologists, we're not tech guys and gals, and so we, we don't think about security type things.
We don't think about, uh, passwords and safety and, and all that kind of stuff as our first line of, of business.
Uh, but I imagine in a Catholic school that's even more challenging because in a lot of Catholic schools, I imagine, correct me if I'm wrong, uh, that the administrator just becomes the one who's in charge of everything in the school, and they don't, they don't, certainly not by design, but likely don't have the chops to know how to secure a network or a device or fix something that happened and.
And especially now with AI and how, uh, they are creating all kinds of ways to, uh, infiltrate systems and do it endlessly through agents and bots and stuff.
Um, I'm sure that that has increased the risks significantly.
And, and how do you, how do you help one, educate and then solve for those things for, uh, school leaders?
thomas_1_06-11-2025_110018: Yeah, you, you're so right.
The, uh, the principal somehow has to be the expert at everything.
Um, you know, especially when, you know, a while back there would've been a tech person who was there at least they would've had somebody to point to.
And as that.
Person has slowly disappeared from our schools.
You end up being, you know, the default person in charge.
Therefore, I have to make all policy decisions.
So, you know, obviously if there's, if there's little things that we can do, um, then we're, we're gonna put those in place and if we can prevent them from doing anything, then we're gonna put those in place.
But what ends up happening is, you know, the, as you mentioned before about the mixing of information we teach people about using profiles, you know, especially if everyone's using Google Chrome and if you have a separate profile doing things in the one profile for work, so that gets synced properly and not a bunch of other stuff getting synced in the wrong place.
Um, using password managers and not using the same password.
Uh, I had an old colleague that, uh, he told me his password like the first week that we knew each other.
And he, you know, he just, he would tell me to log in for him on certain things to help him out with, setting up whatever it was.
And I was like, this is not good.
This is not good.
You know, and that's, you know, fast forward 25 years later, we're still, there's a lot of folks who have just changing a number or a, or a, you know, an exclamation mark on a password and thinking they're good.
So using a password manager if, if you, if you can't remember the password or if you can't.
Uh, spell the password.
It's even better.
The longer, the longer, the better.
Uh, but those kinds of things are, are simple, but they're important, you know, and then we try to educate folks on, let's not click on links.
Let's just make sure that we know who it's from.
The, uh, the phishing scams are getting very elaborate.
jethro_2_06-11-2025_110007: Yes.
thomas_1_06-11-2025_110018: and, you know, thankfully Google and Yahoo forced everybody to, uh, what we call email, um, email gate this last year where everybody had to authenticate email.
Uh, is allowed for a lot less of that faking of an email.
Um, but there's still a lot of that still happening and, and people are, are signing up for things or they're calling phone numbers.
You know, Microsoft called me today and said, uh, I should give them lots of money.
And it's like, no, they'll never call you.
Microsoft has no interest in talking to you.
jethro_2_06-11-2025_110007: That's right.
I promise
thomas_1_06-11-2025_110018: Yeah.
jethro_2_06-11-2025_110007: Yeah.
So I got a, uh, some sort of phishing issue or whatever.
Uh, I got an email from, uh, my, uh, student's principal that had a. doc and the word doc was called PowerSchool Access Parent Doc.
And it said, click here to download.
And me being the wise person that I am, did not download that.
Uh, but I did, uh, share it with the principal and said, Hey, this looks fishy.
And I don't think that this is legit, but if it is legit, you've gotta find a way to rename this.
Something besides.
PowerSchool Access one doc because it just looks super fishy.
And, and so then my child's principal said, oh, I did get that email also.
I clicked on it and my account got hacked.
And, and I was like, man, you know, this, I feel for a teacher or a principal who probably gets tons of emails and, and it'd be easy to fall into that.
And there have been some where I have, um.
I have clicked the links, even though they are malicious, and it, it frustrates me every time because as soon as I do it, I know that I shouldn't have done it.
Uh, but sometimes things just look right
thomas_1_06-11-2025_110018: Mm-hmm.
jethro_2_06-11-2025_110007: and they're so advanced and so, difficult to spot that, you know, it's like you need constant surveillance and paying attention to be able to overcome it.
thomas_1_06-11-2025_110018: Yeah, it, it is, it is overwhelming.
I think that principals or you know, administrators, they get a whole lot more cold email from folks than the average person, so they don't even know where it's coming from.
Whereas a teacher can probably think like, if it's not from.
You know, a parent that I know it's not from somebody in our organization, like the teachers are probably a little bit more insulated because they're not seeking out this information, nor are they getting bombarded by sales calls and everything else.
So a lot of that information that may be coming from whatever or things that are important for running a business like a school, which is like a mini corporation.
Is, uh, stuff you've never seen before.
So you have to be able to decipher this all the time.
And I think it's hard because, you know, they're, they're being pulled in so many different ways, and so you're just reacting and your, you know, your security mind, the little, little guy in your shoulder who's telling you maybe don't click on that is probably a little bit tired after about 300 of those emails.
Um, and after you had to deal with something else that wasn't on your calendar today.
Um, and so it, it can be frustrating, but it is just more sharing that and getting that out there.
As you know, we in the tech community by nature are, are sharing a group and so we're all sharing like, Hey, this is going around.
Has anybody seen this?
How have you dealt with this?
And so then we're then educating our folks.
Um, through that.
And so as clients, you know, we, we push that out to them.
So we hopefully get ahead of these things, you know, and be careful like, you know, the, the pastor or the principals not really wants you to send any money to Nairobi or wherever else it might be, uh, that scam might be going, but some of them are so, so good.
And unfortunately we've had folks write checks.
Um, we've had folks, I mean, this is a number of years ago now, but, uh, folks have started like process of transferring.
And it's just like, whoa, we need to slow this down.
Like, let's, let's put in some tr some, uh, traps, if you will, some cyber traps, uh, to try to catch people, uh, before they make that kind of mistake.
And maybe some protocols that, you know, just reminding folks that, Hey, you know, nothing's gonna come.
No one's calling you to do this stuff.
Nothing's gonna come in an email that's gonna ask you to transfer anything like.
You're not gonna have that face-to-face conversation with this person.
It's probably not legit.
So, you know, hold the phone and feel free to ask, don't forward me that email 'cause I don't wanna see it either.
You can screenshot it or whatever else, but like, I don't, you know, let's, let's talk about it before you react.
And I think that's what's really important.
I think IT teams need to try to stay ahead of that as much as they can through education, through protocols that will block a lot of that stuff.
And.
You know, it's another spot where Catholic schools in particular, are probably not doing so great, is making sure they have that next level of, um, either the hardware, the software that's doing that work or somebody keeping an eye on things.
So
jethro_2_06-11-2025_110007: Yeah.
thomas_1_06-11-2025_110018: I.
jethro_2_06-11-2025_110007: uh, so you said don't forward me that email.
Uh, is that you speaking as the principal of a school or are you speaking as the IT guy who's, who's helping fix things?
What, what advice clearly do you have for someone who does get an email that looks like phishing?
What should they do if they are your client?
Um, or what should somebody do in relation to that with their IT department?
What does the notification need to look like so that people can, they can track it, they can go find those emails and pull 'em.
What does that all need to look like?
thomas_1_06-11-2025_110018: Yeah, in general, we'll tell people, don't forward me that email because especially if it had a virus in it, I don't want that on my computer now.
Right.
jethro_2_06-11-2025_110007: Yep.
thomas_1_06-11-2025_110018: Um, but if they can take a screenshot or, you know, we all have our cell phones now, if they can take a shot of that and then send that, you know, and, and everyone knows our, our ticketing system email, and so that'll get in there and we can be like, that's not good.
Uh, some folks, um, who have.
Our, you know, phone number or text capabilities, uh, into our system.
You know, they can send it there too.
So we can find a lot of ways to stay out of, let's engage this.
Oftentimes they'll open the document, they'll download it, they'll attach it to a new email.
I'm just like, no, no, no.
Stop.
Let's stop, stop the, uh, the transfer of this,
jethro_2_06-11-2025_110007: Yeah.
thomas_1_06-11-2025_110018: know?
Um, and I really try to push the fact that they, you know, make sure you, before you even click on anything in the email, even if you open it, 'cause that's understandable, maybe the, the, um.
The subject or the preview is not big enough.
Um, you know, just make sure that that email address looks right and like that part will solve the 90% of the dumb stuff.
And so it's like, don't get caught by the, by the, you know, the kid down the street or the, you know, the amateur, like, you know, we're probably all gonna get caught by these, these experts, but let's not get caught by the silly ones.
And then we, let's hopefully put in some protocols so we can, uh, not get caught by the other ones either.
jethro_2_06-11-2025_110007: Yeah, let's not get caught by the kids that are just punking us.
You know?
thomas_1_06-11-2025_110018: Yeah.
jethro_2_06-11-2025_110007: at least make 'em work for it, you know?
And that's one of the other things is, is looking at the link.
To where something goes before you open it is is also wise on my computer, I have it set up to preview a link on hover, so it will show where that link is going.
And so if it's going to something that is not, you know, the specific website that I think it should be, then it's very easy for me to say, no, I'm not gonna click that link.
I'm not gonna follow that.
And you know, looking at the sender, um.
Email address and things like that, those are all important.
One of the challenges with that is that our browsers sometimes, uh, obfuscate the whole URL.
And so it could be, um, something where it does like a, like a redirect and it has like a different website at the beginning, um, or somewhere in there that you don't know that it's bad until later and you want to avoid, uh, those things.
Also, if you can't tell what it was.
thomas_1_06-11-2025_110018: Yeah, it's, uh, it's definitely more and more difficult.
I think one of the things that's been good about, you know, email, moving out of offline programs, as much as I love like an apple mail or an outlook.
Forcing that online has definitely changed what is possible for folks to be doing because it's hard to spoof an email from within, um, you know, Gmail or an online, uh, other program, um, unless you've got the password right?
So if your password wasn't cracked, then it's really hard to pretend to be somebody else.
But, you know, in the olden days, I would just.
I could show somebody, like, I'm gonna pretend to be you and send you an email from your email address right out of a program, because you could just put a comma and then the new email.
Now everybody who's listening to this, don't try this at home.
We don't wanna start new, new trends.
Uh, but, you know, it used to be a lot easier.
Um, and so, you know, in one sense we're the browsers are getting more secure, but it's also the level of, uh, effort and with ai, the capability for, for somebody to.
Overextend that makes it even more, you have to be even more vigilant.
Just assume it's bad and then start from there and hopefully you can recognize the right thing.
jethro_2_06-11-2025_110007: Yeah, so you talked about, um.
Uh, uh, about password managers and not sharing your password and things like that, but what are some things that, other things that schools should do to protect themselves?
I.
thomas_1_06-11-2025_110018: I think the very first thing they should do is just at the.
The highest level, um, two places they can start.
One with your email system faculty and anybody who's an administrator should have the two factor authentication on.
And, and we, we already talked about the password manager, but just make sure that anytime you're logging into those sensitive accounts, um, it is, uh, something that's.
Got that extra level of security, I think, and the very baseline, the, the firewall and the network, which is not something people ever wanna talk about.
Uh, it's not fun.
Um, but you know, the one piece of hardware in the building that can help you a little bit.
And, um, there's a, I forget the name of the guy who a net gate, but, uh, you know, PF Sense had had built, uh, firewalls and they said, well, we just made the default.
As good as it could be.
So like if, if we can make it more secure, then that's gonna be the default.
And so ideally we're putting in hardware and not just like some router we got at Best Buy.
Uh, no offense to anybody who works at Best Buy, but uh, you know, just getting something off the shelf and getting something a little bit more dedicated to a business level, um, security, uh, that will hopefully have a few of those things.
So even if you don't know what you're doing, even if you don't have a tech person, uh, there, that you've got at least the baseline of, uh, all bad people can stay out and only good things can leave, right?
And so, like that's, um, there's pretty simple ways to do that.
Very inexpensive too.
Um, in some cases you're, you're talking, uh, at this point you can get a decent firewall to do that for like a hundred bucks, so there's no excuse not to have at least the baseline level.
But, you know, securing those things at, on top of any admin account, um, with two factor authentication and making sure there's more than one person.
Um, unfortunately in our neck of the woods, we've had folks who've passed on, um, not just moved on or quit, but folks who have passed on and so therefore having somebody else have that information.
In a secure location with their two-factor authentication and yada yada backups.
jethro_2_06-11-2025_110007: Yep.
Yeah, that's, that is a very real thing.
Um, I, I think that those are, are good pieces of advice and good things to, uh, to put in place a, a physical firewall that you install that is, you know, something more than, than just the basic consumer version, uh, is definitely a good idea.
Um, if a school is listening, how could they get in touch with you and, and start working with you to be able to do this stuff for them?
thomas_1_06-11-2025_110018: Sure, uh, obviously they can find us at I love my tech team.com.
Uh, and you know, info at I love my tech team.com is our email, but you know, everything off that website would be a great place to start.
Um, you can kind of see those things, uh, and on there you can just schedule a call and I'm happy to walk through and give you a full strategy, like tell you everything you need to do and that's all for free.
And obviously if we can work and do that for you, we'd love to do it.
But what it's most important for me is that you're getting the good information.
You know, if the school's out there who are listening, you're getting the good information, you've got somebody you feel like you can trust.
Even if, you know, we don't end up getting the work, it's important that you're not in the lurch.
Um, and it's not always about a sales call.
A lot of times it's just about taking the right steps and a lot of those things are free that somebody on site can do.
They just need a little bit of nudging, um, or a little bit of instruction.
So
jethro_2_06-11-2025_110007: Yeah.
thomas_1_06-11-2025_110018: whether it be simple or very complex, um, any one of those things in between, we'd be happy to talk somebody through the next steps.
jethro_2_06-11-2025_110007: Yeah.
Well, and I'll, I'll just endorse that idea real quick of, of getting somebody else's advice on it, because your, your own tech guy may have a lot of work already, there could be something that he doesn't know about or that he is missing out on.
It's not a knock on him at all, personally, it's just.
Good to have a second opinion.
And, you know, that's beneficial and that, and that doesn't mean that your person hasn't done a great job already, but get, get a second opinion.
And, and that's, that's always wise to do because it helps you see things that you may not know you didn't know, which it's really hard to see.
The things you don't know you don't know.
thomas_1_06-11-2025_110018: Yeah, we, we all put on blinders for ourselves and so, you know, having, uh, the ability to talk to somebody else and just get another pain.
So it's not necessarily knock against anybody, but just that sometimes you just need a bigger team.
And for any tech folks who are out there listening.
If you're not regularly talking to one or two other people in your industry at your level and the level above you, then uh, you're, you're missing out.
So, you know, there's lots of lift serves out there, there's lots of groups probably in your area, but national groups where you can get involved and learn more about what's going on.
So just get outside your own little building, get outside your own little world, take those blinders off and everything will get better.
Um, and most of that stuff is free, so, you know, just, uh.
Just don't be afraid to reach out and talk to somebody.
jethro_2_06-11-2025_110007: Yeah, very, very good advice.
Uh, once again, connect with Thomas himself at i love my tech team.com, and thank you so much for being part of Cyber Traps podcast today.
thomas_1_06-11-2025_110018: I appreciate you having me on Jethro.
I.
