Audit Objective
Determine whether Town of New Windsor (Town) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.
Key Findings
Town officials did not:
- Provide employees with cybersecurity training.
- Have a disaster recovery plan.
- Ensure online banking agreements comply with New York State General Municipal Law (GML).
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
Key Recommendations
- Provide employees with periodic IT security awareness training.
- Develop a comprehensive, written disaster recovery plan that provides specific guidelines for the protection of IT assets and data against loss or destruction.
- Ensure online banking agreements comply with GML, and that those who perform online banking transactions are familiar with its content.
As indicated in Appendix A, officials disagreed with several of the findings and recommendations in our report. Appendix B includes our comments on the issues raised in the Town’s response letter.