08/14/2018
JEFFERSON CITY, Mo. (Aug. 14, 2018) Local governments often make common mistakes that put electronic data at risk of hacking and theft, Missouri State Auditor Nicole Galloway says. The Auditor today released a summary of the most common cybersecurity risks found by her audits of local governments and courts, along with recommendations those agencies can follow to better safeguard their data.
"A week doesn't go by that we don't hear about a significant data breach compromising information that needs to be tightly protected," Auditor Galloway said. "These security challenges largely didn't exist 25 or 30 years ago, but local governments often have been slow to catch up in the fight against cybercrime. The conversation on how to safeguard personal data has been taking place in corporate boardrooms for years, and it needs to happen in city halls, courtrooms and school administrative offices across Missouri."
The summary was compiled using local government and court audit reports issued between July 2017 and June 2018. Auditor Galloway's office has released similar reports since 2015. The most common cybersecurity issues found by the audits were:
"Our audits found that often the most routine of computer safety protocols -- such as changing, or even using, passwords -- are not being followed," Auditor Galloway said. "Government owes these basic protections to the citizens they serve."
As part of each audit that found cybersecurity problems, Auditor Galloway made recommendations for the local governments to help protect electronic data. The recommendations, also given in the summary released today, include:
Since taking office, Auditor Galloway has made cybersecurity a priority across all levels of government. She was honored by the Center for Digital Education for her Cyber Aware School Audit program, which was designed to increase safeguards against unauthorized access to student records and information. She successfully pushed for cybersecurity protections for Missouri students and their families in an education bill that was signed into law this summer. Passage of the school cybersecurity bill comes after she completed five school district audits focused on cybersecurity and went to 12 Missouri schools to recognize districts that had proactively implemented parental notification policies when student data was compromised. The law will take effect Aug. 28, shortly after the beginning of the new school year.
"Our public schools are entrusted with data from students and their families and like any sensitive information, it must be safeguarded," Auditor Galloway said. "For the first time ever, parents across Missouri will have the right to know when there are cybersecurity breaches at their schools so they can take any necessary actions."
The complete report on information security controls in Missouri local governments and courts is available here.
For more information, contact: