Skip to main content

Protecting Government from Cyberattacks

As the work of state government relies more and more on technology, agencies must be ready to prevent cyberattacks.
An image of computer code.

Over the past few years, there have been hundreds of large-scale cyberattacks in the United States, a number that is expected to grow in the coming years. We all have a role to play to protect ourselves and our organizations from these attacks.

Because of their access to significant amounts of data, some of which contain sensitive information, government agencies must be particularly vigilant against this threat. Recognizing that government agencies increasingly rely on information technology (IT) resources to deliver services, Office of State Auditor has worked to confront the cybersecurity challenges government agencies face. Our office has helped strengthen IT operations across state government and has helped better protect the Commonwealth’s residents from cyberfraud and abuse.

Our audits have made recommendations to reduce the risk of cyberattacks, and provide important lessons about how we can all better protect ourselves from these threats:

Skip table of contents

Table of Contents

You skipped the table of contents section.
Raise employee awareness and implement staff training programs 

Employees are the first-line of defense against cyberattacks. They must have a clear understanding of the cyberthreats they’re most likely to encounter and how to avoid falling victim to them. This audit of Holyoke Community College found its system users had not received required information security training.

Develop incident response plans 

We should work to avoid becoming a victim of a cyberattack, but must also have a plan in place for when such an attack is successful. This audit of the Department of Transitional Assistance called on the agency to develop a formal IT incident response plan.

Ensure programs and vendor contracts are protected 

Partnerships with private vendors help deliver services to residents. Contracts with these vendors must include adequate protections and include required security measures. This audit of the Department of Revenue found its vendor contracts weren't always assessed to ensure security measures were being followed.

Safeguard private data and information 

Government entities typically store and have access to sensitive employee information. They must ensure this information is properly protected from cyberattacks. This audit of the Commonwealth Corporation found the agency did not have proper safeguards in place to protect employees’ personal information.

Contact

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133
Directions 

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback