Wednesday, September 13, 2017

State Auditor offers the five most common data security mistakes made by local governments

(From State Auditor Nicole Galloway)

Missouri State Auditor Nicole Galloway has released her annual list of common data security mistakes made by local governments. Compiled based on a summary of reports issued over a one-year period, the list is designed to provide awareness to local governments and to assist them in preventing these common mistakes in the future.

"Recent, high-profile data breaches highlight the importance of safeguard to protect personal and sensitive information at all levels," Auditor Galloway said. "Local governments are responsible for safeguarding a variety of personal and sensitive information. With some simple, common sense measures, local leaders can prioritize data security and take preventative measures before a breach occurs."

The list was compiled based on local government and court audits completed between July 2016 and June 2017 and reviews how well these local government agencies and officials comply with many routine data security practices.

The top five most common cybersecurity issues include:

1. Access- Employees have access to more parts of government computer systems than they need to perform their jobs or former employees' access is not disabled promptly.

2. Passwords- Employees share computer system passwords, are not required to change their passwords regularly, or, in some cases, do not have passwords. Requirements are not in place to encourage strong passwords.

3. System locks- Systems do not lock access to the computer after a certain amount of inactivity or specific number of incorrect password attempts.

4. Data backups- Data is not backed up on a regular basis, is not stored in a secure off-site location, or is backed up but is not tested regularly to ensure it can be restored.

5. Data integrity and tracking- Protections are not in place to prevent inappropriate edits or system changes, or systems don't track who is responsible for the changes.

The complete report is available here.

No comments: