Serviceteam IT Security News

An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state’s own enterprise security program.

A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever. 

The true number of completely unprepared government entities may well be higher, however, since 54 of the institutions surveyed didn’t even bother to respond to the 59-question survey, despite the OSA being authorized to verify compliance. 

“Many state agencies are operating as if they are not required to comply with cybersecurity law, and many refused to respond to auditors’ questions about their compliance,” wrote state auditor Shad White in a data services division brief dated October 1, in which the research findings were revealed.

In Mississippi it’s a legal requirement for state institutions to have a third party perform a security risk assessment at least once every three years. Despite this law, 22 of the government entities admitted that they hadn’t conducted a security risk assessment in the last three years. 

Asked about how they stored and sent sensitive information, 38% of respondents said that they do not protect sensitive data with encryption. 

The OSA also found that just over half of the government agencies that responded to the survey were less than 75% compliant with the Mississippi Enterprise Security Program. 

White said: “State government cybersecurity is a serious issue for Mississippi taxpayers and citizens. Mississippians deserve to know their tax, income, health, or student information that resides on state government servers will not be hacked.”

White called for leaders of agencies to question their IT professionals to make sure that their agency is compliant, and to “consider ways to go above and beyond to prevent cyber breaches.” 

Leading by example, the Office of the State Auditor requires all its employees to go through training to spot phishing attempts and learn best practices for preventing security incidents. 

The OSA also partnered with the federal Department of Homeland Security and arranged for the DHS to perform a penetration test of the OSA’s computer system to identify any vulnerabilities.

“I personally have seen screenshots of other states’ private data on the dark web, and we do not need Mississippians’ personal information leaking out in the same way. The time to act to prevent hacking is now,” said White.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!