Problems with Data Security
Use the following checklist if you suspect problems with data security:
- If a user can access a resource that should be unavailable or cannot access a resource that should be available, check the following:
- Does the particular user have the correct rights to the resource?
- Does the user belong to a group that has the correct access to the resource?
- Do any trustee assignments to the resource conflict? (Check share-level permissions versus user-level permissions.)
- Check if the user belongs to any group assigned the No Access permission.
- If the user can access previously secured data, or there is a problem with data theft, alteration, or contamination, check the following:
- Who has access to the server if it is in a locked room?
- Are any computers being left on, logged on, and then left unattended?
- Are any passwords written on paper and left in obvious places, such as on the monitor, in a desk drawer, or under the keyboard?
- Are any users using obvious passwords such as names of children, pets, or spouses?
- Are any users using the same password with a revision number (that is, Dawn1, Dawn2, Dawn3, and so on)?
- Are any users storing confidential data on their local hard drives?
- Do any users have their operating system configured to log them on automatically, bypassing the user name and password process?