Press Release  Audit Advises Middlesex Community College Require Employees to Complete Cybersecurity Training

BOSTON — In an audit of Middlesex Community College (MCC), the Office of State Auditor Suzanne M. Bump (OSA) found that the college properly administered federally provided COVID-19 relief dollars, but did not ensure users who have access to the financial aid and finance modules within their system have completed cybersecurity awareness training. The audit, which reviewed the period of March 1, 2020 through June 30, 2021, is one of several audits conducted by the OSA that have reviewed the topics of cybersecurity and compliance with expenditure guidelines for federal pandemic relief funding.

To address the problem of a lack of cybersecurity awareness training, the audit recommended that MCC implement policies and procedures  that clearly define the contents and administration of its cybersecurity awareness training program and implement monitoring controls to ensure that users complete the cybersecurity awareness training modules assigned to them.

“We continue to see a pattern across the Commonwealth, as weak cybersecurity training practices continue to put our educational institutions in a vulnerable position at this time of heightened cyber threats. I am pleased to see that Middlesex Community College acknowledges the issue and will work towards addressing it in a timely manner,” said State Auditor Suzanne M. Bump.

MCC is a member of the Massachusetts public higher education system, which consists of 15 community colleges, nine state universities, and five University of Massachusetts campuses. Founded in 1970, MCC opened its first campus in Bedford; it opened its Lowell campus in 1987. In fiscal year 2021, 11,936 students were enrolled at MCC. As of June 30, 2021, MCC offered more than 80 degree and certificate programs.

The OSA has placed an emphasis on examining cybersecurity awareness training at government agencies. Recently, Auditor Bump has released audits of the Office of the Attorney General, Division of Banks, and Office of the Inspector General, Massachusetts Office of Victim Assistance, and the Division of Capital Asset Management and Maintenance, most of which called on these agencies to improve their cybersecurity awareness training practices. To learn more about the OSA’s recent audits that have reviewed the spending of federal pandemic relief funding, please visit: mass.gov/COVIDReliefAudits.

###