IRS Improves Cybersecurity, But Still Vulnerable to Malware

The Internal Revenue Service’s inspector general says the agency has improved its protection of its computer networks since a scathing report last year, but it is still failing to scan computers for viruses and enforce its security policies, leaving taxpayer data potentially at risk.

In an article on the NextGov website, Jill R. Aitoro says the IRS’s Computer Security Incident Response Center “identified and eliminated the increasing number of cyber threats that targeted agency networks, according to a review that the IG performed from October 2007 through September 2008.”

The good news is that the report found that the IRS system administrators installed antivirus software on all computers running the Windows operating system and when an update of the antivirus software is released, the agency updates 96 percent of workstations within two business days and updates almost 100 percent within one week.

But when it comes to the servers, system administrators must manually perform virus scans, and the IG found that from May 1, to June 30, 2008, administrators scanned 89 percent of the servers every week and scanned the remaining servers less frequently or not at all.

“The introduction of malware on servers is particularly risky because many users access them, making the spread of the malware to other computer systems more likely,” the IG reported.

To read the full article, click here: http://www.nextgov.com/nextgov/ng_20090316_2528.php