Missouri State Auditor Nicole Galloway has released the top five most common data security mistakes made by local governments. The list was compiled by the State Auditor's Office to provide awareness to local governments and to assist them in preventing these common mistakes in the future.
“People have a right to expect their government will keep their information private and secure. This is an area that all government organizations must take seriously.” Auditor Galloway said. "Despite the increasing awareness of threats to data security across all levels of government, my review found there are still some very basic security measures that have not been implemented."
The report examines how well local government agencies and officials comply with many routine data security practices. This summary highlights the following five common cybersecurity issues:
1. Passwords- Employees share computer system passwords, do not have to change their passwords regularly, or, in some cases, do not have passwords.
2. Access- Employees have access to more parts of government computer systems than they need to perform their jobs.
3. System locks- Systems do not lock access to the computer after a specific amount of time or number of incorrect password attempts.
4. Data backups- Data is not backed up on a regular basis in a secure off-site location and there are not regular tests to make sure the data can be restored in the system.
5. User restrictions and tracking- Protections are not in place to prevent inappropriate edits or system changes, and systems may not track who was responsible for the changes.
The list was compiled based on audits completed in fiscal year 2015. The complete report is available here.
Since taking office, Auditor Galloway has made cybersecurity a priority across all components of government. Last month Auditor Galloway announced her Cyber Aware School Audit program as part of an ongoing emphasis on data protection practices and keeping Missourians' information secure.
Follow the Missouri Auditor's Office on Twitter @MOAuditorNews
October is National Cybersecurity Awareness Month. National Cybersecurity Awareness Month was designed to engage and educate public and private sector partners with the goal of raising awareness about cybersecurity and increasing protections against cyber incidents.