State audit finds multiple cyber risks in Brentwood school district's IT system
The state comptroller's audit found that Brentwood school district did not adequately safeguard its computer system. Credit: Howard Schnapp
The state comptroller’s office has identified multiple cyber risks in a recent audit of the Brentwood Union Free School District’s technology system.
In a report released earlier this month — which examined the period between July 1, 2021, and Oct. 18, 2022 — the state said school officials had failed to disable unneeded non-student accounts, such as accounts of former employees or board members, on the district network; provide required cybersecurity training; or establish a contingency plan for technology disruptions such as power outages or a cyberattack.
“As a result, the District’s computerized data was not adequately safeguarded,” Comptroller Thomas DiNapoli's report says. “In addition, the District has an increased risk that the network may be accessed by unauthorized individuals, data will be lost and the District may not be able to recover from a network disruption or disaster.”
School officials said they would address the concerns outlined in the audit, according to the report, which recommended that the district periodically review network user accounts, develop a contingency plan and provide security awareness training.
The Brentwood school district is the largest on Long Island, with a student population of 18,796 and 3,690 employees, a spokeswoman for the district said Tuesday. The district employs an information technology coordinator to manage IT operations, with responsibilities that include safeguarding data by monitoring user accounts and overseeing a department with 14 employees across 22 buildings.
The audit identified nearly 500 non-student accounts out of 3,425 total, or 14%, that were not needed, and said eight user accounts for teachers who no longer worked for the district had been logged into after their employment ended.
The district has disabled all unneeded accounts identified during the inquiry and school officials said the district would begin to offer cybersecurity training on an annual basis.
The report notes that other IT control weaknesses identified in the audit were communicated confidentially to school officials.
The state comptroller's office cited several other Long Island school districts for IT issues this year, including Bayport-Blue Point, East Hampton, Hicksville, Montauk, Oceanside, Uniondale and West Hempstead.
Brianne Ledda covers the Town of Islip for Newsday. She previously covered Southold and Greenport for The Suffolk Times and is a graduate of Stony Brook University.
Updated now Newsday travel writer Scott Vogel took the ferry over to Block Island for a weekend of fun.
Updated now Newsday travel writer Scott Vogel took the ferry over to Block Island for a weekend of fun.
