NY: Why small villages continue to be low-hanging fruit for criminals
The New York State Comptroller conducted an audit of the Village of Alfred – Information Technology (2017M-236). Their report was released on April 6, 2018 — [read the complete report here: pdf]. Here’s the summary:
Purpose of Audit
The purpose of our audit was to assess the Village’s information technology (IT) environment for the period June 1, 2015 through July 7, 2017.
The Village of Alfred is located in the Town of Alfred in Allegany County and has a population of approximately 4,200. The Village is governed by an elected five-member Board of Trustees. Budgeted appropriations for the 2016-17 fiscal year totaled approximately $2.3 million.
- The Village did not have written policies or procedures detailing the acceptable use of IT assets and the backing up of critical data.
- The Village did not have a recovery plan or breach notification plan.
- The Village did not provide adequate IT security training to employees.
Develop and adopt an acceptable use policy and comprehensive policies and procedures for backing up data and disposing of IT assets.
Develop and adopt a disaster recovery plan and a breach notification policy or local law.
Ensure that all necessary Village personnel receive IT security awareness training and that the training is updated whenever the IT policies are updated.