Press Release  Audit Finds Secretary of the Commonwealth’s Election Division Did Not Comply with Cybersecurity Awareness Training Requirements

Boston — In an audit released today, State Auditor Suzanne M. Bump found the Secretary of the Commonwealth (SOC) did not ensure that Election Division employees responsible for the management of CARES Act funds completed their required annual cybersecurity awareness training. 

The audit also found the SOC’s Corporation Division did not ensure that all Articles of Organization were properly signed.  Additionally, SOC did not incorporate a COVID-19 response plan into its internal control plan. 

The audit, which reviewed the period of January 1, 2020 through December 31, 2021, recommends the SOC ensure cybersecurity awareness training is provided annually for all employees, including within the Elections Division. Additionally, the SOC should implement internal controls to ensure employees complete the required cybersecurity awareness training annually. 

“Over the past few years we have reviewed the topics of cybersecurity and compliance with expenditure guidelines for federal pandemic relief funding at higher education institutions as well as state agencies across the Commonwealth,” said Auditor Bump. “With the rise of cybersecurity threats, I encourage state government organizations, like the SOC, to make necessary improvements to policies and procedures with regard to training. I am pleased to note that based on the SOC’s response to our finding action is being taken to address this issue.”

###