North Tonawanda School District tightens computer system security after state audit

The North Tonawanda City School District has tightened protection of its computer network following an audit of its security procedures, according to a report from the State Comptroller’s Office.

“Most of the issues that were identified during the audit were addressed immediately,” School Superintendent Gregory J. Woytila wrote in response to technology audit for time between July 1, 2022, and April 12, 2023. “These enhancements will be part of the corrective action plan drafted in response to the findings.”

Auditors discovered 246 unnecessary user accounts that were subsequently disabled. Fifty-five of them were non-student accounts assigned to previous district employees, contractors and interns. One of them had been assigned to a substitute teacher who left in 2019.

The audit also found 29 unnecessary shared user accounts which were disabled and learned that no one kept track of the accounts or had a policy to disable them. Auditors said they were told that no policy had been developed because the district had not experienced a data leak or cyberattack in more than 20 years.

The audit additionally advised the district to develop an IT contingency plan so that employees could communicate and continue doing their jobs in case of a disruption.