Auditor’s Report Shows Disregard for Cyber Security in State Government

October 1, 2019

JACKSON, Miss. – Several state agencies, boards, commissions, and universities are failing to adhere to state cyber security laws, leaving Mississippians’ personal data vulnerable to hackers. According to survey results published in a report from the Office of State Auditor Shad White, many state entities are operating like state and federal cyber security laws do not apply to them.

As required by state law, the Auditor’s office sent a cyber security survey to 125 state agencies, boards, commissions, and universities. Only 71 state entities responded to the survey, and several respondents did not complete it. This leaves the status of cyber security in more than 50 state entities completely unknown.

Among the government offices that replied to the survey, the report shows at least 11 do not have adequate written procedures to prevent or recover from a cyber attack. Another 22 respondents have not executed a third-party risk assessment. Having a third party test the vulnerability of an agency’s server is a requirement under state law. Further, 38% of all respondents indicate sensitive information like health information, tax data, and student information is not being encrypted to protect it from hackers.

In short, the survey found over half of all respondents are less than 75% compliant with state cyber security laws.

“This survey represents some excellent but alarming work by the data services division in the auditor’s office,” said Auditor Shad White. “October is cyber security awareness month, and we should start this month by acknowledging the very real weaknesses in our state government system. I personally have seen screenshots of other states’ private data on the dark web, and we do not need Mississippians’ personal information leaking out in the same way. The time to act to prevent hacking is now.”

The full report can be found online at the Auditor’s website.