Northern New York Newspapers
NNY Business
NNY Living
Wed., Oct. 7
Serving the communities of Jefferson, St. Lawrence and Lewis counties, New York
In print daily. Online always.
Related Stories

Audit: Champion must better protect private information


WEST CARTHAGE — Municipalities rely heavily on Internet-connected computers to store and process data, and the state wants to ensure that sensitive or private information is adequately safeguarded by examining local governments’ information technology infrastructure.

In a recent report, auditors with the state Comptroller’s Office found that the town of Champion was giving its employees administrative access to town computers — potentially increasing the risk of a data breach or loss.

“An individual’s private and financial information, along with confidential business information, could be severely impacted if the town’s computer security is breached or data is improperly disclosed,” the audit report said.

If malware is installed on a town computer, for instance, it would have greater control over a system running under an account with administrator rights.

“The remediation of this serious internal control weakness should not require an exhaustive effort or additional costs since the town already has the necessary infrastructure in place to make the required changes,” the report said.

Auditors — who examined the town’s records from Jan. 1, 2012, through Dec. 31, 2013 — also told the town to develop a data backup plan and a formal disaster recovery plan “to help minimize or prevent the loss of equipment and data.”

“Good business practices require town officials to run daily backups, keep the backup data as current as possible, and store the data at an environmentally and physically secure off-site location for retrieval in case of an emergency,” they said in the report.

They said data should be backed up to a secure off-site location and procedures should be developed to periodically test and restore data.

Also, in case of a network breach, the town should periodically review an information breach notification policy, auditors said.

“State Technology Law requires the town to establish an information breach notification policy. Such a policy should detail how the Town would notify individuals whose private information was, or is reasonably believed to have been, acquired by a person without a valid authorization,” their report said.

Supervisor Terry L. Buckley said Friday that the Town Council agrees with the audit report’s conclusions and has developed an action plan to remedy the problems.

“There were some things we had to tighten up for security purposes. We agreed with all of their findings and we’re taking steps to implement everything that they required,” he said.

Commenting rules:
  1. Stick to the topic of the article/letter/editorial.
  2. When responding to issues raised by other commenters, do not engage in personal attacks or name-calling.
  3. Comments that include profanity/obscenities or are libelous in nature will be removed without warning.
Violators' commenting privileges may be revoked indefinitely. By commenting you agree to our full Terms of Use.
Syracuse Football Tickets Giveaway
Connect with Us
WDT News FeedsWDT on FacebookWDT on TwitterWDT on InstagramWDT for iOS: iPad, iPhone, and iPod touchWDT for Android
Showcase of Homes
Showcase of Homes