Missouri State Auditor Urges State to Prioritize Cybersecurity Training for Employees

Missouri State Auditor Scott Fitzpatrick has released a new report highlighting the importance of establishing a culture of security within state government to combat cyber threats. The report, which examined awareness and training efforts for 34 state government entities and nearly 52,000 state employees, found a need for improved oversight and implementation of effective training and phishing testing.

Fitzpatrick emphasized the importance of security awareness training in the face of increasing technological advancements that bring heightened risks of data breaches and hacking attempts. The audit report identified shortcomings in training efforts for both consolidated entities overseen by the Office of Administration Information Technology Services Division and non-consolidated entities.

For the consolidated entities, the report revealed that approximately 20 percent of employees did not complete any security awareness training, highlighting a lack of monitoring and enforcement of training requirements. Recommendations include updating policies to ensure oversight of training completion and clarifying exemptions.

On the other hand, non-consolidated entities were found to have deficiencies in providing ongoing security awareness training and conducting phishing testing for employees. The report recommends these entities consider adopting ITSD’s policies and procedures and utilize ITSD as a resource to enhance their training and testing efforts.

The audit report underscores the critical need for state employees to be equipped with the knowledge and skills to protect state resources from cyber threats. By implementing the recommendations outlined in the report, the state can strengthen its security posture and mitigate the risks of data breaches and other malicious activities.

For more information, the complete report can be accessed [here](https://auditor.mo.gov/AuditReport/ViewReport?report=2024035&token=1110437132).