Report: IRS Slips On Keeping Workers' Computers Secure

System administrators are being blamed for weak security settings.

The Internal Revenue Service must do a better job of maintaining the security settings it developed and deployed on employees’ workstations under a common operating environment (COE), according to report by the Treasury inspector general for tax administration (download PDF). Currently, high-risk vulnerabilities could allow the computers to be compromised, Michael Phillips, deputy inspector general for audit, said in the report. Although the IRS developed the COE with secure configurations and installed those configurations on employees’ computers, security settings have not been consistently maintained, Phillips said. “In our sample of 102 computers with the COE installed [out of approximately 100,000], only 42 were sufficiently secure based on the IRS standards,” Phillips said. “The remaining 60 computers complied with less than [90%] of the computer settings prescribed by the IRS or contained at least one high-risk vulnerability that could be exploited to either take control of the computer or render it unusable.”

Source - Computer World