Mississippi Shows Flagrant Disregard for Cybersecurity

Mississippi Shows Flagrant Disregard for Cybersecurity

An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state's own enterprise security program.





A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever. 





The true number of completely unprepared government entities may well be higher, however, since 54 of the institutions surveyed didn't even bother to respond to the 59-question survey, despite the OSA being authorized to verify compliance. 





"Many state agencies are operating as if they are not required to comply with cybersecurity law, and many refused to respond to auditors' questions about their compliance," wrote state auditor Shad White in a data services division brief dated October 1, in which the research findings were revealed.





In Mississippi it's a legal requirement for state institutions to have a third party perform a security risk assessment at least once every three years. Despite this law, 22 of the government entities admitted that they hadn't conducted a security risk assessment in the last three years. 





Asked about how they stored and sent sensitive information, 38% of respondents said that they do not protect sensitive data with encryption. 





The OSA also found that just over half of the government agencies that responded to the survey were less than 75% compliant with the Mississippi Enterprise Security Program. 





White said: "State government cybersecurity is a serious i ..

Support the originator by clicking the read the rest link below.