Kansas audit finds issues with data protection

12/11/2013

Kansas audit finds issues with data protection

Kansas audit finds issues with data protection

TOPEKA (AP) — Weak computer passwords and vulnerable software have left some Kansas agencies vulnerable to hackers gaining access to confidential data or internal breaches, according to a new information technology audit.

Some of those problems have been identified in the past but were left unresolved, the Lawrence Journal-World (http://bit.ly/1d6Eezg ) reported.

"After three years of auditing this area, we have seen little improvement across agencies," said Justin Stowe with the Legislative Post Audit Division.

The audit evaluated eight agencies: the Department of Administration, Department for Aging and Disability Services, Department for Children and Families, the Department of Health and Environment, Kansas Attorney General, Kansas Bureau of Investigation, Kansas Highway Patrol and Kansas Public Employees Retirement System.

Confidential information such as Social Security numbers, tax return information and other personally identifiable information could be housed in those agencies, the audit said.

Only KPERS had an adequate outcome in all three tests of the security management process. Specific weaknesses in the agencies weren't detailed to avoid creating further security problems, Stowe said.

Five agencies had from 10 percent to 26 percent of staff who were using weak passwords, including ones like Password1234, Summer53, Marine62 and Potato(hash)2, the audit said.

Half of the staff members in those agencies didn't know what made a strong password; 25 percent didn't know they shouldn't share their password with anyone; and 23 percent weren't aware that viruses could be transferred to their work station from a portable device such as their smartphone, the audit said.

One agency had no anti-virus software installed on eight computers; three agencies didn't have an adequate process to manage all mobile devices; and only one agency had an adequate process to continue operations in the event of an emergency, the audit said.

comments powered by Disqus
I commented on a story, but my comments aren't showing up. Why?
We provide a community forum for readers to exchange ideas and opinions on the news of the day.
Passionate views, pointed criticism and critical thinking are welcome. We expect civil dialogue.
Name-calling, crude language and personal abuse are not welcome.
Moderators will monitor comments with an eye toward maintaining a high level of civility in this forum.

If you don't see your comment, perhaps you ...
... called someone an idiot, a racist, a moron, etc. Name-calling or profanity (to include veiled profanity) will not be tolerated.
... rambled, failed to stay on topic or exhibited troll-like behavior intended to hijack the discussion at hand.
... included an e-mail address or phone number, pretended to be someone you aren't or offered a comment that makes no sense.
... accused someone of a crime or assigned guilt or punishment to someone suspected of a crime.
... made a comment in really poor taste.

MULTIMEDIA