• Office of the Comptroller

Cybersecurity Tip: Asset and Data Security Management

Updated: Nov 13, 2019

Departments are required to maintain a system to track internal assets. Data is considered a critical Department asset and should be managed in a similar manner. Departments should have internal controls in place at all levels of their organization to properly identify, segregate and secure (encrypt or locked storage) confidential or sensitive data separate from other operational data. Such data (including personal data, client data, system security data), left unsecured that resides on PCs, networks, servers, and mobile devices can be breached, resulting in financial damages and enabling hackers to breach systems. Managing data is not solely a technology issue, but requires awareness, training, security and controls for all employees handling data. 


William McNamara, Comptroller of the Commonwealth

One Ashburton Place, 9th Floor, Boston MA 02108


For your protection, please do not email personal information (e.g. Social Security Number, Bank Account Number, Passwords).

For assistance, please call us at

(617) 727-5000

  • Twitter
  • Facebook
  • LinkedIn
  • Instagram