There is plenty you can do about it.

1. Cover it (i.e. - frame a wall, or box around it) and put it under lock and key.

2. Change the "Community name" to something else (that's what all the Lowes stores do... not a single one of them is the default).

3. Change the IP address.

4. Change the password on the phones, so programming mode on the phones is restricted (because even with the IP and CN changed, you could still access programming via phones).

My point is not a "numbered list" of what to do, but that there are many steps that you yourself can take to make the communications environment more secure. Also, making the staff aware of security risks adds another layer of protection too. Let them know that no one should be near the phone system and to challenge anyone who may say they are working on the system.

Security should start with the people that operate in the work place everyday (i.e. Teachers, Administrators, etc. : in your case), having the knowledge of security risks and knowing they can alert you (or someone else) when they see a potential breech. It doesn't have to be ran like a military base... but just give someone the knowledge of what to look for and to be aware of what would normally be innocuous information and or actions and will be an asset to the many layers of security.

[/rant]

Sorry for the long winded response.

- Tony
Ohio Data LLC
Phone systems, data networks, firewalls and servers in Central Ohio.
Some people aren't used to an environment where excellence is expected.