- Office of the State Auditor
Media Contact for Audit Advises Massachusetts College of Art and Design Require Employees to Complete Cybersecurity Awareness Training
David Todisco, Deputy Communications Director
Boston — In an audit of the Massachusetts College of Art and Design (MassArt), the Office of State Auditor Suzanne M. Bump (OSA) found that the college properly administered federally provided COVID-19 relief dollars, but did not require that all employees in its Administration and Finance Department complete cybersecurity awareness training. The audit, which reviewed the period of March 1, 2020 through June 30, 2021, is one of several audits conducted by the OSA that have reviewed the topics of cybersecurity and compliance with expenditure guidelines for federal pandemic relief funding.
To address the problem of a lack of cybersecurity awareness training, the audit recommended that MassArt implement a policy requiring personnel to complete new-hire and annual cybersecurity awareness training as well as maintain a record of complete trainings for each employee.
“Cybersecurity threats have never been greater and therefore educational institutions like MassArt need to be vigilant in ensuring that all employees are properly trained on how to detect and prevent potential cyber threats,” said Bump. “I am pleased to see that MassArt has implemented a mandatory new hire and annual cybersecurity awareness training program for all staff which will help protect the college’s financial assets and sensitive information from cyber criminals.”
MassArt is a member of the Massachusetts public higher education system, which consists of 15 community colleges, nine state universities, and five University of Massachusetts campuses. Founded in 1873, MassArt was the first publicly supported, freestanding visual arts college in the United States. Its campus is in Boston. In fall 2020, 2,182 students were enrolled at MassArt, and as of June 30, 2021, MassArt offered 18 degree and certificate programs to students.
The OSA has placed an emphasis on examining cybersecurity awareness training at government agencies. Recently, Auditor Bump has released audits of the Office of the Attorney General, Division of Banks, and Office of the Inspector General, Massachusetts Office of Victim Assistance, and the Division of Capital Asset Management and Maintenance, most of which called on these agencies to improve their cybersecurity awareness training practices. To learn more about the OSA’s recent audits that have reviewed the spending of federal pandemic relief funding, please visit: mass.gov/COVIDReliefAudits.
###