An analysis has revealed that Mississippi government institutions are not complying with industry standard cyber-security practices.
A survey of 125 state agencies, boards, commissions, and universities was conducted by The Auditor’s Office, to check if they were meeting the requirements of the State of Mississippi Enterprise Security Program.
The survey revealed that 54 of the surveyed institutions chose not to respond – which is rather concerning considering that the audit ensures that data remains safe and the institutions are protected from intrusions.
Documenting procedures and policies is one important measure an institution can implement in order to ensure proper cyber-security practices, however despite this, of the 71 agencies that did choose to respond to the survey, 11 stated they do not have a security policy plan or disaster recovery put in place.
It was also revealed that 22 agencies admitted to not having a Security Risk Assessment done, thus making them vulnerable to hacking and out of alignment with state law.
Worryingly, 38% of the respondents cited not encrypting sensitive information. It is of utmost importance that sensitive information is encrypted when stored or transmitted, in order to prevent any unauthorised access of data. Additionally, it is required under federal guidelines that certain data need to be encrypted.
More than half of the respondents were less than 75% compliant with the Enterprise Security Program.
“This survey represents some excellent but alarming work by the data services division in the auditor’s office,” Mississippi State Auditor Shad White said in a statement.
“October is cyber-security awareness month, and we should start this month by acknowledging the very real weaknesses in our state government system.”
The post #Privacy: Mississippi government agencies failing in cyber-security compliance appeared first on PrivSec Report.