Nicole Galloway, Missouri State Auditor, identified five of the most common data security risks in local governments. The compiled list is based on reports issued between July 2015 and June 2016. The purpose of this compilation is to prevent governments from repeating the same kind of mistakes in the future.
According to the report, governments still have plenty of work to do if they want to patch their data security flaws. Galloway stated that fixing many of those issues requires no upfront costs whatsoever. Galloway suggests restricting access to only staff that require it, among other changes.
Specifically, the top five identified security risks are as follows:
Passwords – Galloway noticed that not only do employees commonly share computer passwords, they are also not changing them regularly. In some cases, they do not even have password protection in place.
Access – Staff members receive complete access to a system even if such level of access is not needed to perform their jobs.
System locks – After a certain amount of time has passed, the system does not lock up automatically. The same goes for a specific number of failed password attempts.
Data backups – Either backups are not made regularly enough, or they are not stored in a remote location. Another flaw is that backups are not tested regularly.
Tracking and user restrictions – Either the systems are not preventing unauthorised system changes, or they are not tracking who made them.
According to Galloway, most of the findings remain similar to those found in her report for the previous year.