08/08/2016
Missouri State Auditor Nicole Galloway today released the results of a cybersecurity audit of the Park Hill School District, located in the Kansas City area. The audit is the fourth in a series of five Cyber Aware School Audits designed to evaluate school district data protection practices and offer recommendations to prepare for a potential breach. In Park Hill, auditors found that school officials have taken numerous steps to increase safeguards after a 2014 incident may have compromised student and employee data.
"Schools store critical information about students and their families, and Park Hill officials clearly understand how essential it is to keep that data safe," Auditor Galloway said. "The district has taken action to guard against the kind of breach we all hope never happens, and my team made additional recommendations to help them prepare."
Auditors found that more could be done to limit unnecessary access to student data. For example, auditors identified three former employees that still had access to district systems more than a month after leaving employment. Auditors also recommended a number of enhanced security measures, including strengthening passwords and establishing a point-person to serve as a security administrator for the district.
The complete audit report is available online here.
The Park Hill School District is one of five districts selected for a Cyber Aware School Audit. Audits of the Boonville School District (Cooper County), Waynesville School District (Pulaski County) and Cape Girardeau School District (Cape Girardeau County) were released earlier this year. An audit of the Orchard Farm School District in St. Charles County is ongoing.
Since taking office, Auditor Galloway has made cybersecurity a priority across all components of government, including Missouri schools. The Cyber Aware School Audits are part of an ongoing emphasis on data protection practices and keeping Missourians' information secure. Last fall, an audit of the Department of Elementary and Secondary Education found the department was unnecessarily transmitting and storing student social security numbers in its Missouri Student Information System (MOSIS)- a practice the department has ended. The State Auditor's Office has also incorporated data security reviews into the standard audit process.
