Security expert says Cumby government, police open to computer breaches

Image
  • The City of Cumby sign
    The City of Cumby sign
Subhead

Risk of exposure ‘significant,’ Tomasek says

Body

CUMBY- An audit of the city of Cumby’s computers found that both city hall and the police department have “only minimum standards in place” to protect data security, and this may lead to the police department being temporarily suspended from enforcing the law if they do not update their systems, according to computer specialist Kasey Tomasek. 

Sulphur Spring’s Tomasek, CEO of SMPLSGNL performed an information technology assessment of the city and its police department at their request, Tomasek told the city council on Tuesday.  

In city hall, “We found a couple deficiencies,” Tomasek said. However, when auditing the police system, computer security deficiencies were “a little bit more.” 

“Firewalls are inadequate; they don’t meet the minimum requirement by far,” Tomasek said. “There are inadequate and older machines… as well as limitations regarding auditing of your own activities.” 

According to Tomasek, the city has 30 days to comply once a notice of violation has been sent out by the Criminal Justice Information Services (CJIS) in order to maintain a functioning police department. 

“As a city, you cannot show that no one has complete and unfettered access to modifying system files,” Tomasek said. “Someone can go and change records, someone can go and see certain items that you have… that someone could be nefarious.” 

“From a technology standpoint there’s a significant risk of exposure,” Tomasek noted. “The potential exists and you need to mitigate that now.”

Tomasek noted there was “some limited segmentation” between the city and the police department, but the free software used by the city was not compliant with online safety. 

Tomasek asked for an executive session to speak to the council about what he found so he did not reveal confidential information about the deficiencies of the system, as well as a further special session to discuss implementing a computer safety plan.

“Let’s get the police department squared away and make sure you can continue to have a police department,” Tomasek said. “Beyond that there are some activities you can do yourselves to keep yourselves safe.”  

Tomasek noted that he had confidence the city could do the comprehensive work to make the system compliant due to the city’s small size. 

Council member Julie Isham Morris inquired how much getting the systems in compliance would cost and Tomasek told her he was unsure as he is paid hourly and does not yet have an estimate of the time expenditure needed. He stated he had been “working on it for the past three days” and would have an estimate to the council “very soon.”