NY: Why small villages continue to be low-hanging fruit for criminals

The New York State Comptroller conducted an audit of the Village of Alfred – Information Technology (2017M-236). Their report was released on April 6, 2018 — [read the complete report here: pdf]. Here’s the summary:

Purpose of Audit

The purpose of our audit was to assess the Village’s information technology (IT) environment for the period June 1, 2015 through July 7, 2017.


The Village of Alfred is located in the Town of Alfred in Allegany County and has a population of approximately 4,200. The Village is governed by an elected five-member Board of Trustees. Budgeted appropriations for the 2016-17 fiscal year totaled approximately $2.3 million.

Key Findings

  • The Village did not have written policies or procedures detailing the acceptable use of IT assets and the backing up of critical data.
  • The Village did not have a recovery plan or breach notification plan.
  • The Village did not provide adequate IT security training to employees.

Key Recommendations

  • Develop and adopt an acceptable use policy and comprehensive policies and procedures for backing up data and disposing of IT assets.

  • Develop and adopt a disaster recovery plan and a breach notification policy or local law.

  • Ensure that all necessary Village personnel receive IT security awareness training and that the training is updated whenever the IT policies are updated.

About the author: Dissent

2 comments to “NY: Why small villages continue to be low-hanging fruit for criminals”

You can leave a reply or Trackback this post.
  1. Anonymous - April 10, 2018

    My question is why did it take 2 years to audit 9 computers? Not to mention the additional 6 months to complete the audit report.

  2. Anonymous - April 11, 2018

    Probably the same part time retired guy who does all the IT work had to write up the audit as well.

Comments are closed.