By: Tony DePrato | Follow me on LinkedIn
How many documents do you have open to the public? When was the last time you checked to see what anyone with internet access could download from your school website, your PowerSchool or SIS public folder, or even your various cloud services?
Before you think I am wasting your time, here is a quick glimpse of a simple public search for budgets people have not secured:
If the above animation is not clear, don’t worry. I will show you how to do it.
INURL and FileType
Google has some cool advanced search features. To scan your public files, the two I recommend are “inurl:” and “filetype:” .
For example when copying and pasting the following string into Google, inurl:saschina.org filetype:pdf , the results are all public PDF files that exist with any url that contains saschina.org.
Keeping the url simple often yields more results. For example, using saschina would look at other domains. If you add the .org, then the search will be limited to the .org domain only.
When to Worry about Public Documents
First off, many documents are supposed to be public. Seeing documents in this type of search is normal and excepted. What is not usually expected are documents that contain:
- Name associated with contact information
- Medical information
- Names of parents, donors, etc.
- Special codes use to tell vendors/suppliers who has organizational authority to place orders
- Bank information
- Payment information
- Usernames and Passwords
Documents with information similar to the above should be secured, unless required to be public for legal reasons.
I would suggest having document ID numbers in the footer that indicated a document should be public. This simple practice would allow everyone in the organization to report documents that should not be public.
The link below will take you to a page that will help you begin checking your online resources.
Want to Jump In and Start Scanning? Get Started Here
If you want more information on data security, privacy, and data auditing for your school, please contact me using the form below.