I read an interesting article yesterday about the IRS and computer security concerns. Apparently the IRS hired contractors to upgrade their computer systems. The contractors were allegedly not as careful with security as they should have been. And while the IRS acknowledges that security was a problem, they claim it was not a big risk. Here is the full article.
As I said, the article is interesting but what I thought was really interesting was the list of security concerns. I thought it might be a good idea to share that list to remind us all to be aware of security breaches in our own systems. Here were the concerns:
The IRS granted the contractor “root” access to the computer system. (Root access gives a user permission to make unlimited and unrestricted changes to any part of the computer system.)
Unauthorized chat and instant-messaging activity left the IRS vulnerable to hackers
Contractors’ computers were vulnerable to hackers and viruses because they did not have security patches for known vulnerabilities in operating software.
Some computers used by contractors were too old to support a secure operating system, and the IRS did not have enough money to replace them.