NY comptroller finds Binghamton City School District has lax IT protocol

Maggie Gilroy

Press & Sun-Bulletin

Oct 28, 2019

The Binghamton City School District was faulted for its insufficient internet technology protocols, but the district says it is on the path to improve its policies.

According to an audit by the office of New York State Comptroller Thomas P. DiNapoli, the district does not regularly review network user accounts and disable those that are determined to be unnecessary,

“In a time when information is power, the safeguarding of data is extremely important," Binghamton Superintendent Tonia Thompson said in an email Thursday. "At the Binghamton City School District, we take this responsibility very seriously and are grateful for audits like these that help us know what we can be doing better."

According to the audit, released Oct. 25, "User accounts are potential entry points for attackers because they could be used to access data and view personal, private and sensitive information.

"Officials are responsible for disabling user access to applications, resources and data that are no longer necessary for day-to-day learning, duties and responsibilities to provide reasonable assurance that computer resources are protected from unauthorized viewing, use or modifications."

In addition, the audit found the district's board does not have an adequate contract and separate service-level agreement for information technology services provided by the Broome-Tioga Board of Cooperative Educational Services’ South Central Regional Information Center.

Also, the audit found that district officials do not provide periodic IT security awareness training to staff.

According to the audit, district officials agreed with the comptroller's recommendations and indicated they planned to initiate corrective action.

"Our district officials and board of education are working together with the South Central Regional Information Center at BOCES to ensure that we are moving forward with the suggested action items in the audit to keep our data safe and our student and staff information protected," Thompson said.

The audit was held between July 1, 2017, and May 31, 2019. Its objective was to determine whether the board and district officials adequately safeguarded data from abuse or loss.

According to the comptroller's office, the district's managed IT cost is $1.2 million. It has 6,501 network user accounts and 8,362 desktops, laptops and devices.