Audit Objective
Determine whether Town of Lansing (Town) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.
Key Findings
Town officials did not ensure IT systems were adequately secured and protected against unauthorized use, access and loss. In addition to sensitive IT control weaknesses that we communicated confidentially to Town officials, we found:
- The Town had seven unneeded network user accounts.
- The Town Board (Board) did not create adequate written IT policies for network user access, online banking and breach notification.
- The Board did not require IT security awareness training for computer users.
Key Recommendations
- Review user access on a routine basis and disable unnecessary network user accounts in a timely manner.
- Develop and adopt adequate written IT policies.
- Require periodic IT security awareness training for personnel who use Town IT resources.
Town officials generally agreed with our findings and recommendations and indicated they planned to take corrective action.