Top five cybersecurity mistakes local governments make in Missouri
COLUMBIA - Missouri State Auditor Nicole Galloway released a list of the top five most common data security mistakes made by local governments in Missouri today.
1. Passwords- Employees share computer passwords, may not be required to change passwords regularly, or don’t have passwords.
2. Access- Employees have access to more parts of the government computer system than they need to perform their jobs.
3. System Locks- Systems don’t lock access to computers after a certain amount of inactivity or after a number of incorrect password attempts.
4. Data Backups- Data is not backed up on regular basis, not stored in a secure off-site location, or is backed up but not tested regularly to ensure it can be restored.
5. User Restrictions and Tracking- Protections are not in place to prevent inappropriate edits or system changes, or systems don’t track who is responsible for the changes.
According to Galloway, the list is based on a summary of reports within the past year to provide awareness to local governments and prevent the same mistakes from happening in the future.
Jim Chapdelaine, Chief Information Officer for the City of Columbia, said his department has a very comprehensive set of security policies and practices it uses to run and operate the city's IT services.
"As an IT organization, of course, security is very key. So, I can't tell you all the details because that would help the criminals out there," Chapdelaine said.
He said the IT department has new cybersecurity analysts who constantly train and attend conferences to stay up to date.
Jefferson City's IT Department also said it keeps up to date with the best data security practices.
"We do frequent backups, to password changing, to making sure people have access to only what they are supposed to," said Eric Meyer, the IT manager for Jefferson City.
Chapdelaine said his advice for computer users is to change passwords.
"Make them more complex, make sure you have capital letters in them, special characters," Chapdelaine said.
He said it is best to change your password every 90 days.
"The way you protect yourself is to make sure you use passwords, you lock your system up when you leave and protect the things that could allow people to get access to the data that we don't want them to have access to," Chapdelaine said.