Audit finds fault with HCSD IT policies, or the lack thereof
Noah Eckstein is reporting for Columbia-Greene Media a two-year audit by the Office of the New York State Comptroller has found the Hudson City School District failed to properly secure and protect its information technology systems against unauthorized use, access and loss. In response to the state's findings, the district has now issued a Corrective Action Plan. The audit was released January 14 and covered the period between 2018 and 2020. Auditors found the Board of Education and school district officials did not adopt adequate IT policies, thereby leaving the system's data susceptible to fraud and cyber-attacks. Officials did not implement a satisfactory disaster recovery plan against potential risk factors and attacks and did not provide sufficient IT security awareness training to students and staff or adopt an acceptable use policy. The audit also found questionable internet use on four of six computers tested. The district has implemented remedies to these issues, said Jesse Boehme, Hudson City School District business administrator. “Our interface looks different. Students get in-class training and we have IT safety professional development for staff,” said Boehme. The auditors recommended adopting comprehensive IT policies that addressed recovery plans and cyber security, implementing student and staff IT training, developing written codes and protocols for administering systems access, and disabling more than 100 network user accounts that included generic and former employee information. “Since the audit, we have totally revamped the IT department and are working to move it completely in-house,” said former Superintendent Maria Suttmeier. Read the full story at HudsonValley360 [dot] com.