In my 20s I went to Tahiti and went on a sunset cruise on the famed "Liki Tiki". It was an amazing sunset. Hula girls, and music. Along the way the Liki Tiki sprung a leak. It was pitch black, and the boat was taking on water. The captain and crew knew they were taking on water but had no idea where it was coming from. They warned us when we got off the plane not to go in the water at night because that is when the sharks came! Thankfully the captain and crew beached the Liki Tiki in front of the Club Med on Moorea on the beach in Mel Gibson's "The Bounty Movie". We hit the beach right as the water was about to come over the deck.
As I have traveled around the region over the years, I have found that a number of school districts are very much like the Liki Tiki - Leaking data without realizing where it is coming from. I have seen numerous examples of the most sensitive data in the district "in the wild" for everyone in the district to see!
In this time of ransomware and identity theft, the wrong people seeing the wrong data or the wrong people having too many rights to data where they can delete or alter data, are the pre-cursors to disaster. That disaster could be an accidental disclosure because a tech messed up the rights, or a bad actor deleting or holding your data hostage via ransomware.
But how do you know what you don't know?
I encourage you to audit all of your Windows shares starting with your most sensitive data and continuing throughout the district on all the shares. Are only the people that should see the data seeing the data? Are there "extra" people that have no business seeing this data? Do people or groups with access have too many rights such as read / write rights? Remember that any user ID that has read / write to a share can encrypt or delete the data on the share - EVEN if the server is a protected and patched endpoint. For many of you this is your weakest link. Also, make sure you understand effective and inherited rights vs. explicitly assigned rights so you don't have access for users and groups that are not immediately obvious.
In June I did a Tech Talk Webinar on reviewing Windows Share rights. That is on our web site under webinar recordings or you can click here.
This is a really painful, arduous, long task, but you must do it.
If you need help with this or a refresher on how to figure out what you need to do, please give us a call. We are happy to help.
**Photo Credit (unedited) HongKongHeuy - https://commons.wikimedia.org/wiki/File:Hokule%27aSailing2009.jpg
(Reusing this file)