FOR IMMEDIATE RELEASE: Nov. 2, 2016
The City Auditor’s Office on Wednesday released an audit on risks related to mobile devices used for city business. The audit focused on whether the city has taken steps to mitigate security risks to smartphones and tablets.
Mobile devices may expose the city to new security risks, such as downloading malware to the city’s devices and network or exposing confidential or personally identifiable information.
The audit found that while the city has some mobile device security policies, it lacks some critical safeguards that mitigate mobile device security vulnerabilities. The city’s mobile device security policies lack requirements such as requiring operating system updates, disabling location services when not in use, immediately reporting lost devices to IT, establishing safeguards for syncing and backing up mobile devices used for city business and requiring encryption on data stored on Surface tablets.
The audit also concluded that city mobile device users are not always following existing mobile device policies, including requiring a passcode to access all mobile devices used for city business and disabling Bluetooth functionality when the function is not in use.
The audit recommends increasing the amount of training employees receive about mobile device security to ensure mobile device users understand the importance of mobile device security requirements and how to follow them. Additionally, the audit recommends implementing a mobile device management software system to enforce key mobile data security features.
View the complete report at https://webfusion.kcmo.org/coldfusionapps/auditor/showrecord.cfm?ID=833
For previous audits and more information, contact City Auditor Douglas Jones at (816) 513-3300. Additional updates from the Auditor’s Office can be found by following @KCMOCityAuditor on Twitter.