ALBANY – The State Comptroller’s Office has criticized the Kiryas Joel Union Free School District for not adequately securing internet user account access to the network and shared network folders to help safeguard personal, private and sensitive information.
As a result, an audit of the system said there is an increased risk of unauthorized access to the network and personal, private and sensitive information.
In addition, sensitive information technology weaknesses were communicated to officials confidentially.
The audit also found that the district did not disable 35 unnecessary former employee, shared and service network user accounts which account for 11 percent of the district’s enabled accounts. The majority of those accounts belonged to former employees and were last used to log into the network between June 2015 and August 2022.
It also said the district did not adequately secure shared network folder access, resulting in users having unnecessary access to multiple forms of personal, private and sensitive in eight shared folders, and it did not maintain a data inventory to properly protect IT resources, including data containing personal, private and sensitive information.
The state auditors recommended a number of fixes to the issues including disabling network user accounts when no longer needed and periodically checking all network user accounts for necessity and conducting a comprehensive date inventory and limit access to shared network folders based on assigned job duties and responsibilities.
Read the full article here