• This page, Audit Advises Middlesex Community College Require Employees to Complete Cybersecurity Training, is   offered by
  • Office of the State Auditor
Press Release

Press Release  Audit Advises Middlesex Community College Require Employees to Complete Cybersecurity Training

The college properly administered federally provided COVID-19 relief dollars, but did not ensure users who have access to the financial aid and finance modules within their system have completed cybersecurity awareness training.
For immediate release:
5/31/2022
  • Office of the State Auditor

Media Contact   for Audit Advises Middlesex Community College Require Employees to Complete Cybersecurity Training

David Todisco, Deputy Communications Director

Middlesex Community College

BOSTONIn an audit of Middlesex Community College (MCC), the Office of State Auditor Suzanne M. Bump (OSA) found that the college properly administered federally provided COVID-19 relief dollars, but did not ensure users who have access to the financial aid and finance modules within their system have completed cybersecurity awareness training. The audit, which reviewed the period of March 1, 2020 through June 30, 2021, is one of several audits conducted by the OSA that have reviewed the topics of cybersecurity and compliance with expenditure guidelines for federal pandemic relief funding.

To address the problem of a lack of cybersecurity awareness training, the audit recommended that MCC implement policies and procedures  that clearly define the contents and administration of its cybersecurity awareness training program and implement monitoring controls to ensure that users complete the cybersecurity awareness training modules assigned to them.

We continue to see a pattern across the Commonwealth, as weak cybersecurity training practices continue to put our educational institutions in a vulnerable position at this time of heightened cyber threats. I am pleased to see that Middlesex Community College acknowledges the issue and will work towards addressing it in a timely manner,” said State Auditor Suzanne M. Bump.

MCC is a member of the Massachusetts public higher education system, which consists of 15 community colleges, nine state universities, and five University of Massachusetts campuses. Founded in 1970, MCC opened its first campus in Bedford; it opened its Lowell campus in 1987. In fiscal year 2021, 11,936 students were enrolled at MCC. As of June 30, 2021, MCC offered more than 80 degree and certificate programs.

The OSA has placed an emphasis on examining cybersecurity awareness training at government agencies. Recently, Auditor Bump has released audits of the Office of the Attorney General, Division of Banks, and Office of the Inspector General, Massachusetts Office of Victim Assistance, and the Division of Capital Asset Management and Maintenance, most of which called on these agencies to improve their cybersecurity awareness training practices. To learn more about the OSA’s recent audits that have reviewed the spending of federal pandemic relief funding, please visit: mass.gov/COVIDReliefAudits.

###

Media Contact   for Audit Advises Middlesex Community College Require Employees to Complete Cybersecurity Training

  • Office of the State Auditor 

    The Office of State Auditor Suzanne M. Bump (OSA) conducts audits, investigations, and studies to promote accountability and transparency, improve performance, and make government work better.
  • Help Us Improve Mass.gov  with your feedback

    Please do not include personal or contact information.
    Feedback