Even though most districts
have statements addressing
the critical topic of privacy,
when it comes to practice
many unwittingly fall short.
For today’s CIOs that could
translate into serious legal, ethical, and
social implications. Below are my
“favorite” commonly missed vulnerabilities,
along with tips for tightening up
both your policy and procedures.
LET’S GET PHYSICAL
The Gap: Without good physical security,
all of your staff’s efforts in protecting
the network are pointless. In some districts,
for example, servers are placed in
multi-use closets that are easily accessible
to multiple parties. Another physical
security issue is the administrator-calledout-
of-their-office-without-locking-thedoor
scenario. In this case, enterprising
students who know staff members routinely
leave their offices unlocked could
easily create a situation ensuring they’re
out of the office for 30 minutes or
more—enough time to access grades,
finances, and other personal data.
The Solution: For starters, servers and
network equipment should be locked in
dedicated network closets or server
rooms. In administrative offices, set
workstations to auto-lock after a short
interval, preferably less than 5 minutes,
but not so short administrators will
curse you every time they must log
back in. The issue of unlocked offices
is trickier and will require some creativity
on your part. One solution is to
get your facilities department to put a
decent “closer” on doors and then
require they remain locked. Administrators
can use a doorstop to keep the
door open while they’re there; when
they leave they simply kick out the
stop and the door will securely lock
behind them.
THROUGH THE SWITCHBOARD
The Gap: One of the easiest methods
of gaining access to private information
is via social engineering—what I call
the “I want to know Jane Smith’s home
address” scenario. Let’s assume I’m
new in town and want the address of a
student attending the town’s main high
school. First, I search the school’s Web
site for names (names frequently appear
on school sports rosters and newspapers
posted online). If I find Jane Smith, I
call up the school, connect with an
administrative assistant in the office,
and indicate that I’m Jane’s father. Then
I explain the family recently moved and
ask the assistant to verify the school has
our correct address by reading back to
me what’s recorded in the database. You
may not want to believe this works.
However, in a test that played out
almost exactly like this, a reporter I
know stopped the staff member from
giving out the address just as she began
disclosing it.
The Solution: If you believe it can’t
happen in your district, get permission
to run this type of test and check for
yourself. If you find this is a problem
area, it’s time for some training for staff
taking calls.
ONLINE DISCLOSURES
The Gap: Historically, most schools
have sent out parent/student directories
and newsletters using regular postal
mail. Today, most schools will not publish
a parent/student directory online;
however, they will post the school’s
newsletter. The problem here is that
schools sometimes include directory
updates in the print version of the
newsletter, which are then inadvertently
released to the general public when
placed on the Web.
Unintentional disclosures via standard e-mail are also a real possibility.
Most e-mail is unencrypted and passes
across various public servers before
landing at the recipient’s server. If your
district routinely transfers private information
across the Net, you’re potentially
sharing that information with various
unknown parties.
The Solution: While there’s no silver bullet to preventing sensitive information being posted on your Web site, one approach is to have a designated “privacy advocate” on staff review changes to your site before they go live. On the issue of e-mail security, possible solutions include not using e-mail, a politically difficult move; implementing a private internal e-mail system; or developing e-mail policies that maximize privacy—for example, stipulating confidential e-mail may only be sent to internal e-mail addresses and that no user may auto-forward sensitive data to outside accounts.
NEXT STEPS
Keeping data private means continuously monitoring the activity of the staff you support and creating new policies, new training, and new solutions. As a starting point, I challenge you to close the loopholes I’ve noted above. Next, sit down for fifteen minutes and imagine other ways someone could acquire private information from your organization and close those holes as well. Every
three months select a creative person on
your staff to perform the same fifteen
minute exercise. You’ll never close
every gap, but you’ll improve your situation
dramatically.
Eric Svetcov, CISSP, is president of Palint
Technology, Inc. and former director of technology
for St. Ignatius College Preparatory
in San Francisco.
Wipe Out
Three ways to erase your district’s
private data before
donating PCs or sending them
to their final resting place.
- For Windows and Intel/AMD
Linux users, Darik’s Boot and Nuke
(dban.sourceforge.net) is a free program
that cleans the hard disks of
computers booting from a floppy. If
most of your systems don’t have
floppy drives, your IT staff can build
a DBAN kiosk (any Intel/AMD PC
with a floppy drive and free IDE and
power cables) and run all drives
through the one system.
- Mac users through OS X v10.3 can
take advantage of low-cost programs
like Shred-it (www.shredit.com).
With Mac OS X v10.3, it’s possible
to erase the drive using utilities from
the 10.3 CD. However, be prepared
for it to take a while.
- Write terms into your hardware
purchase RFP that hold the vendor
responsible for proper disposal of the
machines, which includes wiping the
hard drives clean.
|
