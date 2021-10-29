BOSTON, Mass. (WWLP)– The Office of the State Auditor has release a report that recommends improvements to cybersecurity awareness training at the Attorney General’s Office (AGO).

Read the full audit report here.

A review of the AGO’s information technology (IT) security practices found not all AGO employees were offered or required to take cybersecurity awareness training during a portion of the audit period of July 1, 2018 through July 31, 2020. Employees hired after September 28, 2018 did not receive any training until June 30, 2020, when the agency implemented a new cybersecurity training system.

The audit notes AGO’s transition to its new cybersecurity training system resulted in a period where the office had no training system for employees in place. Since then, AGO has implemented the new system and has made updates to its cybersecurity awareness policy to ensure employees undergo training.

“As the work of state government increasingly relies on technology and remote access, public employees must be keenly aware of how to keep their cyber systems protected. Today’s audit shows that although there was a gap in training, the Attorney General’s Office has taken the necessary steps to ensure all of its employees go through the cybersecurity training program,” Auditor Bump said. “I commend the office for making these critical improvements.”

The Massachusetts Executive Office of Technology Services and Security requires all state employees working in executive agencies to participate in IT security training when they are hired and thereafter on an annual basis. The audit recommends AGO ensure that initial cybersecurity awareness training takes place for new hires and annual training thereafter is available for existing employees. It also recommends that an interim training plan should always be in place when the AGO may be transitioning to a new training program.