Determine whether Lyncourt Union Free School District (District) officials adequately managed network user accounts and developed a disaster recovery plan.
District officials did not adequately manage network user accounts or develop and adopt a written disaster recovery plan. As a result, District has an increased risk that it could lose important data and suffer serious interruption in operations. District officials should have:
- Disabled 17 of the 113 network user accounts we examined. The 17 user accounts were unneeded and included generic, shared and former employee accounts.
- Revoked permissions for eight of the 12 network user accounts with administrative permissions because the permissions were unneeded.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
- Evaluate all network user accounts to ensure unneeded network user accounts are disabled.
- Assess all network user accounts with administrative permissions and remove unneeded permissions.
- Develop a comprehensive written disaster recovery plan.
District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.