This page, Audit Calls for Improvements in Cybersecurity Training at Executive Office of Housing and Economic Development, is offered by
Press Release

Press Release Audit Calls for Improvements in Cybersecurity Training at Executive Office of Housing and Economic Development

During the audit, forty-five individuals employed by agencies within EOHED did not complete required cybersecurity awareness training.
For immediate release:
11/24/2020
  • Office of the State Auditor

Media Contact for Audit Calls for Improvements in Cybersecurity Training at Executive Office of Housing and Economic Development

Noah Futterman

An image of a lock over computer code.

BostonIn an audit released today, State Auditor Suzanne M. Bump called on the Executive Office of Housing and Economic Development (EOHED) to improve its oversight of cybersecurity awareness training for employees. During the audit, which examined the period of May 14, 2018 through June 30, 2019, 45 individuals employed by agencies within EOHED did not complete required cybersecurity awareness training. Bump’s audit notes that the failure to complete training increases EOHED’s risk of cyberattacks and financial losses.

“Cybercriminals often cast a wide net, through techniques such as phishing, to identify and exploit vulnerabilities in a state agency’s defenses. It only takes one untrained individual to expose the agency to a harmful attack,” Bump said of the audit. “It is critical that EOHED take steps to ensure that employees at all levels have the knowledge and skills to prevent them from becoming victim of these bad actors.”

In its response, EOHED indicated it is taking steps to implement the audit’s recommendation to ensure that its employees are properly trained in cybersecurity protocols in accordance with state standards. The agency is also working to establish a tracking system to better monitor employee completion of this training. Bump’s audit notes that Massachusetts requires all state employees working in executive departments to participate in IT security training.

Additionally, the audit attempted to review whether the agency revoked computer system access of terminated employees in a timely manner and ensured that new employees signed access agreements before using these systems. However, EOHED noted it does not track when user access is terminated, nor when employees first access these systems. Because of this, auditors were unable to determine whether the agency was complying with best practices and called on it to begin tracking this information to strengthen its IT security.

EOHED oversees state programs that provide economic opportunity for residents, collaborative leadership in communities, and initiatives for job creation and business growth. The agency also supports new housing for residents through targeted investments. During fiscal years 2018 and 2019, EOHED received appropriations of $524 million and $570 million, respectively.

The full audit report is available here.

###

Media Contact for Audit Calls for Improvements in Cybersecurity Training at Executive Office of Housing and Economic Development

Office of the State Auditor 

The Office of State Auditor Suzanne M. Bump (OSA) conducts audits, investigations, and studies to promote accountability and transparency, improve performance, and make government work better.
Feedback