Even though most districts have statements addressing the critical topic of privacy, when it comes to practice many unwittingly fall short. For today’s CIOs that could translate into serious legal, ethical, and social implications. Below are my “favorite” commonly missed vulnerabilities, along with tips for tightening up both your policy and procedures.
LET’S GET PHYSICAL
The Gap: Without good physical security, all of your staff’s efforts in protecting the network are pointless. In some districts, for example, servers are placed in multi-use closets that are easily accessible to multiple parties. Another physical security issue is the administrator-calledout- of-their-office-without-locking-thedoor scenario. In this case, enterprising students who know staff members routinely leave their offices unlocked could easily create a situation ensuring they’re out of the office for 30 minutes or more—enough time to access grades, finances, and other personal data.
The Solution: For starters, servers and network equipment should be locked in dedicated network closets or server rooms. In administrative offices, set workstations to auto-lock after a short interval, preferably less than 5 minutes, but not so short administrators will curse you every time they must log back in. The issue of unlocked offices is trickier and will require some creativity on your part. One solution is to get your facilities department to put a decent “closer” on doors and then require they remain locked. Administrators can use a doorstop to keep the door open while they’re there; when they leave they simply kick out the stop and the door will securely lock behind them.
THROUGH THE SWITCHBOARD
The Gap: One of the easiest methods of gaining access to private information is via social engineering—what I call the “I want to know Jane Smith’s home address” scenario. Let’s assume I’m new in town and want the address of a student attending the town’s main high school. First, I search the school’s Web site for names (names frequently appear on school sports rosters and newspapers posted online). If I find Jane Smith, I call up the school, connect with an administrative assistant in the office, and indicate that I’m Jane’s father. Then I explain the family recently moved and ask the assistant to verify the school has our correct address by reading back to me what’s recorded in the database. You may not want to believe this works. However, in a test that played out almost exactly like this, a reporter I know stopped the staff member from giving out the address just as she began disclosing it.
The Solution: If you believe it can’t happen in your district, get permission to run this type of test and check for yourself. If you find this is a problem area, it’s time for some training for staff taking calls.
The Gap: Historically, most schools have sent out parent/student directories and newsletters using regular postal mail. Today, most schools will not publish a parent/student directory online; however, they will post the school’s newsletter. The problem here is that schools sometimes include directory updates in the print version of the newsletter, which are then inadvertently released to the general public when placed on the Web. Unintentional disclosures via standard e-mail are also a real possibility. Most e-mail is unencrypted and passes across various public servers before landing at the recipient’s server. If your district routinely transfers private information across the Net, you’re potentially sharing that information with various unknown parties.
The Solution: While there’s no silver bullet to preventing sensitive information being posted on your Web site, one approach is to have a designated “privacy advocate” on staff review changes to your site before they go live. On the issue of e-mail security, possible solutions include not using e-mail, a politically difficult move; implementing a private internal e-mail system; or developing e-mail policies that maximize privacy—for example, stipulating confidential e-mail may only be sent to internal e-mail addresses and that no user may auto-forward sensitive data to outside accounts.
Keeping data private means continuously monitoring the activity of the staff you support and creating new policies, new training, and new solutions. As a starting point, I challenge you to close the loopholes I’ve noted above. Next, sit down for fifteen minutes and imagine other ways someone could acquire private information from your organization and close those holes as well. Every three months select a creative person on your staff to perform the same fifteen minute exercise. You’ll never close every gap, but you’ll improve your situation dramatically.
Eric Svetcov, CISSP, is president of Palint Technology, Inc. and former director of technology for St. Ignatius College Preparatory in San Francisco.
Three ways to erase your district’s private data before donating PCs or sending them to their final resting place.
- For Windows and Intel/AMD Linux users, Darik’s Boot and Nuke (dban.sourceforge.net) is a free program that cleans the hard disks of computers booting from a floppy. If most of your systems don’t have floppy drives, your IT staff can build a DBAN kiosk (any Intel/AMD PC with a floppy drive and free IDE and power cables) and run all drives through the one system.
- Mac users through OS X v10.3 can take advantage of low-cost programs like Shred-it (www.shredit.com). With Mac OS X v10.3, it’s possible to erase the drive using utilities from the 10.3 CD. However, be prepared for it to take a while.
- Write terms into your hardware purchase RFP that hold the vendor responsible for proper disposal of the machines, which includes wiping the hard drives clean.