Posted in: In this week's e-newsletter, Latest News & Views, Security
With April 15 looming, the tedium and expense of submitting your taxes may not be your only worries. The Government Accountability Office has issued a report that criticizes the IRS for lax security with confidential and critical tax return data.
In the report, the GAO had identified 89 security vulnerabilities and shortcomings in 2008; 69% of these flaws have not been resolved. The trouble, the report notes, stems form the lack of a coordinated IT security plan that looks at the problems as a whole and tries to resolve them methodically.
According to the report:
“Information security weaknesses — both old and new — continue to impair the agency’s ability to ensure the confidentiality, integrity, and availability of financial and taxpayer information.”
Among the faults listed:
- a weak password system
- excessive permissions for employees
- poor procedures for removing access for terminated employees
- lack of encryption for login information
- tardy software patch installation, and
- inadequate security training.
All these issues open individuals and companies to cyber-espionage — a growing concern. And they underline an issue that all companies must deal with: the need to implement a consistent approach to improving data security.
No security program is perfect, of course, and security problems keep changing over time as hackers adapt to new defenses. But all companies that handle data they’d like to keep safe (in other words, almost everything) should make IT security planning an ongoing discipline.