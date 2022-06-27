The state Comptroller’s Office recently audited the technology department at Franklin Central School and said the district did not manage its network accounts adequately.
Auditors reviewed 109 nonstudent network accounts, seven local user accounts, eight servers and computers and 84 employees accounts from July 1, 2020 through Nov. 5, 2021, the report said.
“This was at the height of the COVID-19 pandemic when the district was gearing up for remote learning and each student received a one-on-one device,” Franklin Central School Business Manager Kellie Renwick said. “The IT department was gearing up to support distance learning. They handled that transition amazingly well.”
She said with all of the planning for remote learning some things were overlooked during that timeframe.
The audit found nine of the districts user accounts were not needed, which amounted to 8% of the accounts. “This created additional network entry points that, if accessed by attackers, could be used to inappropriately access and view sensitive information and compromise IT resources,” the audit said.
The audit said the district didn’t have written procedures for creating, managing or disabling user accounts. However, the procedure was that Renwick would notify the IT department of any changes that needed to be made by phone or email. The audit also found the “District staff did not have sufficient documented guidance or plans to follow to recover data and resume essential operations in a timely manner.”
Auditors issued the following recommendations throughout the audit period:
• Develop written procedures for managing computers and network user accounts.
• Periodically compare installed software to an authorized software inventory list.
• Develop and adopt a comprehensive written IT contingency plan, update the plan as needed and distribute it to all responsible parties.
Renwick said whenever auditors came across a problem, the district was “very proactive. We made changes immediately. Overall in the grand picture, the problems were small in nature and were fixed.”
The district responded to the audit with a letter and said most of the items addressed in the audit have already been fixed. The district said in the letter it will “develop written procedures for granting, modifying and disabling user access to the network and computers and for periodically reviewing accounts to ensure they are needed” through the summer of 2022 to be implemented before school begins this fall.
