Tue December 3, 2013
Audit Finds IT Security Traded for State Worker Convenience
An audit has found some state of Kansas agencies lacking when it comes to Internet technology security.
The audit released Tuesday indicates problems including weak passwords and insufficient security training for staff.
Justin Stowe is with the Kansas Legislative Division of Post Audit. He told a group of lawmakers that some agencies haven't adopted tough security measures such as complex passwords because of convenience.
“We have found in certain cases agency IT staff that would love to make those passwords more complex, but they get pushback from management or from staff because they just don’t want the inconvenience,” Stowe said.
Auditors say the security updates are needed to help protect sensitive personal and financial information that's held by the state.
Many of the specific problems identified were discussed in a closed-door meeting, to avoid publicizing security weaknesses at specific state agencies. The audit's authors say state agencies have agreed to implement most of the recommendations.