Missouri State Auditor Nicole Galloway today released an audit of Ozark County, located in southern Missouri. The audit report describes weaknesses in cybersecurity measures across multiple county offices. Some offices lacked sufficient password protection controls, including a lack of requirements and the use of shared passwords to access county computers. Other offices failed to appropriately store or maintain backup data, which increases vulnerability to cyber threats and ransomware-style encryption attacks.
"County officials are tasked with work that requires citizens' personal information, from tax records to contact information to bank accounts, but having that information requires appropriate protective measures," Auditor Galloway said. "Our team found many of Ozark County's offices lacked critical safeguards to help prevent the risk of a security breach, so we've recommended changes to help them take steps toward better protecting this information."
The audit also raised concerns with accounting practices across multiple county offices, including a lack of oversight for financial documents prepared by the county collector. Employee hours worked are not always accurately reported to the county clerk's office. In addition, compensatory time for sheriff employees is tracked separately from other county offices and not always in line with county policy or federal labor standards.
The complete audit report, which received an overall rating of "fair," can be found online here.