Local government is facing increasing cyber security risks as councils adopt technologies designed to deliver services and efficiencies, West Australia’s auditor general has warned.
That’s not being helped by lax practices, ranging from accounts being left active after staff are sacked, to shared generic access among third party providers and unlocked offices and record rooms.
The case studies are included in an information systems audit by the Office of the Auditor General that found councils are neglecting to fix weaknesses in their computer controls.
According to other case studies, one council failed to implement any sort of cyber security awareness program despite repeated attacks, while another kept its network equipment rack above head height in a staff toilet block, without temperature or humidity controls.
“There is a risk of equipment failure and decreased performance leading to system downtime,” Auditor General Caroline Spencer said.
“The location of the equipment high on a wall in the toilet block also represents a health and safety risk.”
More than 320 weaknesses found
The report contains an assessment of computer controls across 53 local government entities.
Ms Spencer says 324 computer control weaknesses were identified during 2021-22, with 31 per cent rated as significant.
Almost 70 per cent of those were unresolved from the previous year, including 27 of the 31 significant findings.
Most of the audited councils also failed to meet cyber security benchmarks, with human resource and network security being the weakest area, followed by access management, endpoint security and information security framework.
Other common weaknesses included:
- weak passwords
- lack of multi-factor authentication
- poor management of administrator privileges
- lack of access reviews
- lack of training
- outdated or no malware protection
Local government organisations urgently need to address the findings of the report to safeguard their systems, Ms Spencer said.
“Local government entities are increasingly adopting technologies and systems to deliver efficiencies in their operations and improve the delivery of services to the communities they serve. As local government entities’ digital footprints increase, so too do their risks,” Ms Spencer said.
“The local government sector should use the case studies and recommendations in this report to inform enhancements to their general computer controls.
“This will build much needed digital trust and public confidence in the local government sector’s capacity to successfully operate in the digital economy.”
However, the news wasn’t all bad, with the audit finding improvements in IT risk management, change management, physical security, IT operations and business confidentiality.
*Have you taken the Government News Survey?
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter
Sorry. No data so far.