COXSACKIE, Jan 21, 2011 (Times Union - McClatchy-Tribune Information Services via COMTEX) -- State auditors criticized Coxsackie-Athens Central School District officials for not having more safeguards in place for their online banking. In a report issued this week, auditors from the office of state Comptroller Thomas DiNapoli said they surveyed district financial records from July 2008 and last April and suggested the district build in more layers of computer security defenses for their daily banking practices and establish a written policy for users.
The district does online banking with four different banks and auditors selected for review 30 electronic transfers totalling nearly $7 million.
They noted that the district should follow federal and state recommendations and set up a dedicated computer just for online banking.
"A dedicated computer that is restricted from e-mail applications and any Internet activity other than online banking is less likely to encounter a banking 'Trojan horse' or other malicious software (malware) that could lead to a compromise of data confidentiality," the report noted.
Other recommendations included establishing procedures with the online banking computer that prohibit putting banking connections into quick links like stored user names, online favorites, or website links.
The audit also said the district should completely close out the online banking connection after each use and erase it from the web browser cache, temporary Internet files, form data, cookies and Internet history.
They also said the computer should then be completely shut down after use.
District officials in a response letter attached to the report said they plan to implement the recommendations.
To see more of the Times Union, or to subscribe to the newspaper, go to http://www.timesunion.com. Copyright (c) 2011, Times Union, Albany, N.Y.
Distributed by McClatchy-Tribune Information Services. For more information about the content services offered by McClatchy-Tribune Information Services (MCT), visit www.mctinfoservices.com. [ InfoTech Spotlight's Homepage ]
No comments:
Post a Comment