Weak computer passwords and vulnerable software have left some Kansas agencies vulnerable to hackers gaining access to confidential data or internal breaches, according to a new information technology audit.
Some of those problems have been identified in the past but were left unresolved, the Lawrence Journal-World reported.
“After three years of auditing this area, we have seen little improvement across agencies,” said Justin Stowe with the Legislative Post Audit Division.
The audit evaluated eight agencies: the Department of Administration, Department for Aging and Disability Services, Department for Children and Families, the Department of Health and Environment, Kansas Attorney General, Kansas Bureau of Investigation, Kansas Highway Patrol and Kansas Public Employees Retirement System.
Confidential information such as Social Security numbers, tax return information and other personally identifiable information could be housed in those agencies, the audit said.
Only KPERS had an adequate outcome in all three tests of the security management process. Specific weaknesses in the agencies weren’t detailed to avoid creating further security problems, Stowe said.
Five agencies had from 10 percent to 26 percent of staff who were using weak passwords, including ones like Password1234, Summer53, Marine62 and Potato(hash)2, the audit said.
Half of the staff members in those agencies didn’t know what made a strong password; 25 percent didn’t know they shouldn’t share their password with anyone; and 23 percent weren’t aware that viruses could be transferred to their work station from a portable device such as their smartphone, the audit said.
One agency had no anti-virus software installed on eight computers; three agencies didn’t have an adequate process to manage all mobile devices; and only one agency had an adequate process to continue operations in the event of an emergency, the audit said.
Was this article valuable?
Here are more articles you may enjoy.