Only one of 10 government entities surveyed as part of a cyber security audit has a formal data retention and storage policy in place, the National Audit Office has said. 

An NAO audit found that only Malta Enterprise had a clearly defined policy for keeping and deleting personal data, as required by the Data Protection Act. 

The audit, which surveyed cyber security procedures implemented by 10 different government entities (see list below), found several lacunae in IT security procedures as well as some examples of good practice. 

It highlighted four of the 10 as being the best-prepared: Malta Enterprise, WasteServ Malta, the Regulator for Energy and Water Services and the Malta College of Arts, Science and Technology. 

Not a single one of the entities surveyed has a IT disaster recovery strategy in place, with Malta Enterprise the only one to have defined plans for developing such a strategy. 

Similarly, none of the 10 had a manual process in place that could tide the entity over in the event of a total IT system collapse.

The NAO noted that some of the smaller entities did not have any IT staff of their own and outsourced their IT work, often without adequate advice. 

50 per cent of entities surveyed do not have a software inventory, the audit found. Many entities were not following best practice guidelines in creating passwords, it found, and in many instances offline mailboxes were not backed up and server environments were inadequate and insecure. 

Auditors found that all of the entities surveyed provided their staff with some form of IT training, though none had structured training for new employees. 

Most entities had procedures in place for disposing of IT hardware, though just three said they formatted hard drives prior to disposing of them - with NAO auditors noting that even this was not sufficient to ensure data security. 

All entities used regularly-updated antivirus software, the report noted. 

The NAO recommended that all entities surveyed should review their IT operations.

The 10 entities surveyed were: 

  • Malita Investments
  • Malta College of Arts, Science and Technology
  • Malta Competition and Consumer Affairs Authority
  • Malta Enterprise Corporation
  • Malta Freeport Corporation  
  • Manoel Theatre
  • Commission for the Rights of Persons with Disability
  • Refugee Commission
  • Regulator for Energy and Water Services
  • Wasteserv Malta Ltd

To read the NAO report in full, click the following link.

 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.