The UW System has failed to develop a comprehensive IT security program, leaving transactions, payroll information and student data vulnerable, according to a new report released Tuesday.
According to the Legislative Audit Bureau, they’ve reported concerns with the System’s IT security since the 1990s.
"Failure to provide an appropriate level of protection for UW systems and data increases the risk that personally identifiable information could be accidentally or maliciously exposed," the audit said, citing possible cyber attacks.
“Weaknesses in IT security policies, procedures, and controls increase the risk that unauthorized or erroneous transactions could be processed or changes could be made to accounting, payroll, and student data,” the audit continued. “In addition, failure to provide an appropriate level of protection for UW systems and data increases the risk that personally identifiable information could be accidentally or maliciously exposed”
Intellectual property, a coveted commodity at a top-tier research university like UW-Madison, is also at risk of theft with the current weaknesses. If stolen, it could rob a
The LAB noted they had previously reported on UW System IT security system weakness in audits from fiscal years 2014-’15 and 2015-’16. In 2015 the Board of Regents adopted a policy that included a push for the comprehensive system suggested in previous audits —
The system has taken steps to update their security systems, but this year’s audit identified a new concern that LAB determined too sensitive to share publicly and instead was shared with specific UW System institutions that were affected.
The UW System, whose response was included in the report, agreed with the findings and agreed to work with officials to address the concerns by Aug. 31.