Data Privacy Trouble Spots.

CHIEF information officers; INFORMATION resources management; MICROCOMPUTER workstations (Computers); COMPUTER security; DATA protection; ACCESS control; COMPUTER network security

This article presents the commonly missed vulnerabilities, along with tips for tightening up policy and procedures of chief information officers. According to the author, without good physical security, all the staff's efforts in protecting the network are pointless. In some districts, for example, servers are placed in multi-use closets that are easily accessible to multiple-parties. Another physical security issue is the administrator-called-out-of-their-office-without-locking-the-door scenario. In this case, enterprising students who know staff members routinely leave their offices unlocked could easily create a situation ensuring they're out of the office for 30 minutes or more, enough time to access grades, finances, and other personal data. For starters, servers and network equipment should be locked in dedicated network closets or server rooms. In administrative offices, it is recommended to set work stations to auto-lock after a short interval, preferably less than 5 minutes. Administrators can use doorstop to keep the door open while they're there; when they leave they simply kick out the stop and the door will securely lock behind them. One of the easiest methods of gaining access to private information is via social engineering. INSET: Wipe Out.