It's National Cybersecurity Awareness month and as part of an effort to increase protection against cyber attacks, Missouri State Auditor Nicole Galloway released a list of the top five most common data security risks in local government.
Here's what she found:
Passwords: Employees share computer system passwords, are not required to change their passwords regularly, or, in some cases, do not have passwords.
Access: Employees have access to more parts of government computer systems than they need to perform their jobs.
System locks: Systems do not lock access to the computer after a certain amount of inactivity or specific number of incorrect password attempts.
Data backups: Data is not backed up on a regular basis, is not stored in a secure off-site location, or is backed up but is not tested regularly to ensure it can be restored.
User restrictions and tracking: Protections are not in place to prevent inappropriate edits or system changes, or systems don't track who is responsible for the changes.
Galloway said the list was based on local government and court audits completed between July 2015 and July 2016.
This is the second year in a row that password protection concerns topped the list.
“This report shows Missouri's local governments still have work to do to improve the security of data in their possession. Many of the corrective actions outlined in this report have little to no cost associated with implementing them, especially when you consider the cost and resources required by an organization after a data breach has occurred," Auditor Galloway said. "From restricting access to only staff who need it to ensuring all computers and systems are properly password protected, it's my hope local leaders and officials will review these common findings and take action to secure their systems."