How an unlocked laptop caused a world of trouble for a school

Indy Griffiths / / Posted under Resources

One of our customers got in touch with our support team with an urgent request. Some of their teachers had their names changed while parents were booking their interviews. The updated names were offensive and vulgar, causing some parents to alert both us and the school.

We quickly restored their original names and began figuring out who actioned the change. Our go-to tool for tracking these events is the Audit Log, which allows schools to see who made certain changes to their account.

Using the information provided by the Audit Log and with the help of the school's IT manager, we found:

  • A school administrator account belonging to a teacher at the school made multiple changes to eleven teacher accounts.
  • These changes happened on the school's network, based on information confirmed using the Audit Log and the school's proxy logs.
  • The device making the changes was the school-issued laptop for that teacher.
  • The laptop was connected to an access point located in the teacher's classroom.

Their laptop was found, still unlocked, in their classroom with Parent Interviews open and displayed on a projector. After some further investigation, a student later admitted to changing the names using the unlocked laptop, because they thought it would be funny.

This incident has prompted us to remind our schools of some good security practices to help keep their accounts secure, and how you can use some of the features Parent Interviews offers to prevent an incident like this happening at your school.

Locking devices when leaving them unattended

Teachers should be encouraged to get into the routine of locking their devices when leaving them unattended. An unlocked device in an empty classroom can be a tempting sight for a student looking to cause some trouble.

On top of user education, IT administrators can also enforce a lower idle time-out value using Group Policy to ensure inactive devices are locked. Parent Interviews will also log users out after 30 minutes of inactivity.

Ensuring users have the right amount of access

The teacher mentioned above had a school administrator account, typically used by principals or office administrators.

Neither the school or the teacher was able to confirm why the teacher had a school administrator account, and the Audit Log revealed that the staff member who originally promoted the teacher’s account was no longer with the school. The staff member who left the school still had an active account.

Regular audits should be taken to ensure that privileged accounts are only used by current members of staff who have a genuine need for them. When a staff member leaves the school, their accounts should be disabled so they no longer have access to teacher and parent information.

Individual user accounts with secure passwords

Using the Audit Log, we were able to pin down the account who made the unauthorized changes to the eleven teachers within seconds.

Unlike our competitors, Parent Interviews requires teachers to have their own account to manage their interviews, removing the need for a shared teacher password and making it easier to track certain events for auditing purposes.

As well as having an individual account, teacher and school administrator accounts require a secure password. At least 8 characters, ideally a long random string stored in a password manager. A Post-It note stuck to your laptop is not the way to go.

 

I hope this incident shows how leaving a laptop unlocked and unattended for just a few minutes can become a major inconvenience for a school, and how Parent Interviews offers features for all of our customers to help them identify and resolve incidents like this.

Our thanks go to the school and the relevant parties involved for giving their permission for us to publish their story.