Determine whether College officials adequately safeguarded the College website, financial and student information system and online banking from unauthorized access and misuse.
- The College has:
- 824 network user accounts (15 percent) that have not been used within the last six months and do not match current employees.
- Four network user accounts with unnecessary administrative permissions and 131 financial and student information system user accounts with questionable permissions.
- Employees responsible for safeguarding the College website are not required to attend cybersecurity training.
In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to College officials.
- Enforce written policy for managing network and system access.
- Ensure employees receive relevant cybersecurity training at least annually.
- Address the confidentially communicated IT recommendations.
College officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.