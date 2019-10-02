Many state agencies not adhering to cyber-security rules
Many state entities are operating like state and federal cyber security laws do not apply to them, state Auditor Shad White said after his office published a report showing that several state agencies, boards, commissions and universities are failing to adhere to state cyber security laws. That leaves Mississippians’ personal data vulnerable to hackers, White said.
“This survey represents some excellent but alarming work by the data services division in the auditor’s office,” said White, who is from Sandersville. “October is cyber security awareness month, and we should start this month by acknowledging the very real weaknesses in our state government system. I personally have seen screenshots of other states’ private data on the dark web, and we do not need Mississippians’ personal information leaking out in the same way. The time to act to prevent hacking is now.”
As required by state law, the auditor’s office sent a cyber security survey to 125 state agencies, boards, commissions and universities. Only 71 state entities responded to the survey, and several respondents did not complete it. This leaves the status of cyber security in more than 50 state entities unknown.
Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyber attack. Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law.
Further, 38 percent of all respondents indicate that sensitive information, such as health information, tax data and student information, is not being encrypted to protect it from hackers.
In short, the survey found more than half of all respondents are less than 75 percent compliant with state cyber security laws.
The full report can be found online at the Auditor’s website.
