Coming to an audit near you – cybersecurity controls!
Internal Controls are designed to prevent fraud, waste and abuse of Commonwealth resources, and it is no longer enough to meet only operational goals and compliance. Auditors are now evaluating whether a department is integrating cybersecurity as part of Internal Controls including “Tone including Tone at the Top” in leadership, procurement considerations, maintenance of technology, third party vendor management, and employee cyber awareness training.
COVID-19 and teleworking have added another layer of risks that will also be reviewed. We encourage collaboration across all department units and coordination of operations and technology to include cybersecurity as part of data and operational management with a focus on fraud, waste and abuse prevention. Small steps have a significant impact! Visit the Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.See the Commonwealth default security policies and standards to be used to establish internal controls and protocols.