Tag Archive for: tightens

North Tonawanda School District tightens computer system security after state audit


The North Tonawanda City School District has tightened protection of its computer network following an audit of its security procedures, according to a report from the State Comptroller’s Office.

“Most of the issues that were identified during the audit were addressed immediately,” School Superintendent Gregory J. Woytila wrote in response to technology audit for time between July 1, 2022, and April 12, 2023. “These enhancements will be part of the corrective action plan drafted in response to the findings.”

Auditors discovered 246 unnecessary user accounts that were subsequently disabled. Fifty-five of them were non-student accounts assigned to previous district employees, contractors and interns. One of them had been assigned to a substitute teacher who left in 2019.

The audit also found 29 unnecessary shared user accounts which were disabled and learned that no one kept track of the accounts or had a policy to disable them. Auditors said they were told that no policy had been developed because the district had not experienced a data leak or cyberattack in more than 20 years.

The audit additionally advised the district to develop an IT contingency plan so that employees could communicate and continue doing their jobs in case of a disruption.

Source…

Amherst Central tightens internet security after audit


Amherst Central School District has tightened access to the district’s information network following an audit from the office of State Comptroller Thomas P. DiNapoli.

The audit discovered there were more than 1,000 user accounts accessing the district network that belonged to former students or staff, including one who retired more than 20 years ago.

While the audit warned that there was a significant risk that the district’s network resources, financial data and student information could intentionally or unintentionally be changed or used inappropriately, it did not say there was any evidence of hacking.

In the district’s response to the audit, Superintendent Anthony J. Panella said Amherst Central put corrective actions in place during the course of the audit, which covered July 1, 2020 to July 7, 2022.

“The district is committed to putting corrective actions into place for any findings listed in the final report,” Panella said in his response.

People are also reading…

The audit said as many as 1,570 accounts were unneeded, but had not been disabled.

Auditors looked at 5,078 network user accounts and found that 2,902 were assigned to current enrolled students, while 1,402 were assigned to students that were not currently enrolled. Others were assigned to non-students or shared user accounts.

There were 90 network accounts still active for people who had left the district, auditors said, writing that “former employee network accounts should be disabled on the day the employee leaves district employment.”

“Because the district’s network had unnecessary enabled network user accounts, it had a greater risk that these accounts could have been used as entry points for attackers to compromise IT resources,” the audit said.

District officials told auditors that the accounts went unnoticed because the district did not have written policies and procedures to disable network accounts.

“Cybersecurity…

Source…

China’s internet watchdog tightens mobile app rules for national security – South China Morning Post



China’s internet watchdog tightens mobile app rules for national security  South China Morning Post

Source…

China tightens control over cybersecurity in data crackdown


BEIJING — Tech experts in China who find a weakness in computer security would be required to tell the government and couldn’t sell that knowledge under rules further tightening the Communist Party’s control over information.

The rules would ban private sector experts who find “zero day,” or previously unknown security weaknesses, and sell the information to police, spy agencies or companies. Such vulnerabilities have been a feature of major hacking attacks including one this month blamed on a Russian-linked group that infected thousands of companies in at least 17 countries.

Beijing is increasingly sensitive about control over information about its people and economy. Companies are barred from storing data about Chinese customers outside China. Companies including ride-hailing service Didi Global Inc., which recently made its U.S. stock market debut, have been publicly warned to tighten data security.

Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer.

No one may “collect, sell or publish information on network product security vulnerabilities,” say the rules issued by the Cyberspace Administration of China and the police and industry ministries. They take effect Sept. 1.

The ruling party’s military wing, the People’s Liberation Army, is a leader along with the United States and Russia in cyber warfare technology. PLA officers have been charged by U.S. prosecutors with hacking American companies to steal technology and trade secrets.

Consultants that find “zero day” weaknesses say their work is legitimate because they serve police or intelligence agencies. Some have been accused of aiding governments accused of human rights abuses or groups that spy on activists.

There is no indication such private sector researchers work in China, but the decision to ban the field suggests Beijing sees it as a potential threat.

China has steadily tightened control over information and computer security over the past two decades.

Banks and other entities that are deemed sensitive are required…

Source…