Here's something you might be interested in.
Ask a Hipster — Advice you didn't know you needed
Big Screen — Movie commentary
Blurt — Music's inside track
Booze News — San Diego spirits
Classical Music — Immortal beauty
Classifieds — Free and easy
Cover Stories — Front-page features
Drinks All Around — Bartenders' drink recipes
Excerpts — Literary and spiritual excerpts
Feast! — Food & drink reviews
Feature Stories — Local news & stories
Fishing Report — What’s getting hooked from ship and shore
From the Archives — Spotlight on the past
Golden Dreams — Talk of the town
The Gonzo Report — Making the musical scene, or at least reporting from it
Letters — Our inbox
Movies@Home — Local movie buffs share favorites
Movie Reviews — Our critics' picks and pans
Musician Interviews — Up close with local artists
Neighborhood News from Stringers — Hyperlocal news
News Ticker — News & politics
Obermeyer — San Diego politics illustrated
Outdoors — Weekly changes in flora and fauna
Overheard in San Diego — Eavesdropping illustrated
Poetry — The old and the new
Reader Travel — Travel section built by travelers
Reading — The hunt for intellectuals
Roam-O-Rama — SoCal's best hiking/biking trails
San Diego Beer — Inside San Diego suds
SD on the QT — Almost factual news
Sheep and Goats — Places of worship
Special Issues — The best of
Street Style — San Diego streets have style
Surf Diego — Real stories from those braving the waves
Theater — On stage in San Diego this week
Tin Fork — Silver spoon alternative
Under the Radar — Matt Potter's undercover work
Unforgettable — Long-ago San Diego
Unreal Estate — San Diego's priciest pads
Your Week — Daily event picks
County’s smartphones at risk for break-ins, audit finds
Raft of unused devices run up steep monthly tab for taxpayers
"The noblest motive is the public good," is San Diego County's motto, but when it comes to keeping track of the county's smartphones, it might better be replaced by “watch your back," a newly released April report by chief of audits Juan R. Perez indicates.
For starters, "None of the five departments sampled were maintaining a complete and accurate inventory of their mobile devices, because their inventory list excluded inactive mobile phones,” resulting in taxpayers footing monthly cell-phone bills for a raft of unused devices.
Of five inactive phones sampled by auditors at the Department of Environmental Health, "four had active wireless service. For three of the four phones, service was active for three or more months after the employee left the department and the phone had not been reassigned, including one that was active for seven months."
In addition to Environmental Health, departments examined by the audit included Public Health Services, General Services, Child Welfare Services, and the Assessor and Recorder's office.
The Department of Environmental Health, the report says, "had an inventory listing of 277 active mobile phones," but auditors discovered “105 inactive mobile phones that were not on the department’s inventory listing. Most of the phones were unsecured."
Worse yet, the General Services Department "had an inventory listing of 302 active mobile phones," but the audit unearthed "430 inactive mobile phones that were not on the department’s inventory listing."
Notes the report, "Without a complete list of active and inactive mobile devices, County assets may be susceptible to misappropriation or loss and not properly accounted for. "
Instead of monitoring cell-phone status in-house, “the departments were using the wireless provider’s invoice to track their mobile devices," the audit says.
"When a device becomes inactive due to an employee transfer or termination, the department notifies the wireless provider to remove the device from the invoice. The departments then stop tracking the device."
That was just the beginning of a host of findings of troublesome problems, others of which could cause security breaches, with possibly dire consequences regarding privacy for both workers and county residents.
Two of the five departments examined by auditors, "did not remove all County and user data from the mobile phones when employees transferred, terminated employment or upgraded their device.”
One phone was found to contain "a prior user's emails,” another "contained text messages, call history and contact information from the prior user who had terminated employment."
The county's technology office, noted the report, was "unable to provide documented evidence of containerization to ensure that County data are segregated from employees’ personal data on employee-owned mobile phones."
As a result, "employees’ personal applications may access County data and allow users to transfer County information outside of the County’s network. In addition, it may allow for unauthorized access to employees’ personal information in violation of the user’s privacy."
Widespread mayhem also reigned regarding what to do the surplus phones.
"Departments were not sure how to properly salvage inactive mobile devices and were not certain if all data was removed from the device when they performed factory reset. Also, because the devices are County property, there was some confusion whether departments could trade-in devices to wireless providers for credit. As a result, inactive devices that the departments are no longer using or tracking have not been salvaged."
Additionally, an unspecified number of the mobile devices don’t have data encryption set up to prevent prying eyes from intercepting confidential information
Mikel Haas
"Although AT&T enabled the AirWatch encryption setting for iOS devices, they disabled the same setting for Android devices.”
According to the report, “Per discussions with the [chief technology office], AT&T was directed to disable the encryption setting on Android devices because the setting was negatively affecting the functionality of the devices."
Says the audit, "If mobile devices are not encrypted, an unauthorized person may be able to access County information if devices are lost or stolen resulting in possible harm to the County, its customers or employees”
An April 15 letter of response from county chief information officer Mikel Haas lists a series of steps the technology office is taking to rectify the problems. A new device-tracking policy is due June 30, with encryption upgrades due by August 31.
Here's something you might be interested in.
County’s smartphones at risk for break-ins, audit finds
Raft of unused devices run up steep monthly tab for taxpayers
County’s smartphones at risk for break-ins, audit finds
Raft of unused devices run up steep monthly tab for taxpayers
"The noblest motive is the public good," is San Diego County's motto, but when it comes to keeping track of the county's smartphones, it might better be replaced by “watch your back," a newly released April report by chief of audits Juan R. Perez indicates.
For starters, "None of the five departments sampled were maintaining a complete and accurate inventory of their mobile devices, because their inventory list excluded inactive mobile phones,” resulting in taxpayers footing monthly cell-phone bills for a raft of unused devices.
Of five inactive phones sampled by auditors at the Department of Environmental Health, "four had active wireless service. For three of the four phones, service was active for three or more months after the employee left the department and the phone had not been reassigned, including one that was active for seven months."
In addition to Environmental Health, departments examined by the audit included Public Health Services, General Services, Child Welfare Services, and the Assessor and Recorder's office.
The Department of Environmental Health, the report says, "had an inventory listing of 277 active mobile phones," but auditors discovered “105 inactive mobile phones that were not on the department’s inventory listing. Most of the phones were unsecured."
Worse yet, the General Services Department "had an inventory listing of 302 active mobile phones," but the audit unearthed "430 inactive mobile phones that were not on the department’s inventory listing."
Notes the report, "Without a complete list of active and inactive mobile devices, County assets may be susceptible to misappropriation or loss and not properly accounted for. "
Instead of monitoring cell-phone status in-house, “the departments were using the wireless provider’s invoice to track their mobile devices," the audit says.
"When a device becomes inactive due to an employee transfer or termination, the department notifies the wireless provider to remove the device from the invoice. The departments then stop tracking the device."
That was just the beginning of a host of findings of troublesome problems, others of which could cause security breaches, with possibly dire consequences regarding privacy for both workers and county residents.
Two of the five departments examined by auditors, "did not remove all County and user data from the mobile phones when employees transferred, terminated employment or upgraded their device.”
One phone was found to contain "a prior user's emails,” another "contained text messages, call history and contact information from the prior user who had terminated employment."
The county's technology office, noted the report, was "unable to provide documented evidence of containerization to ensure that County data are segregated from employees’ personal data on employee-owned mobile phones."
As a result, "employees’ personal applications may access County data and allow users to transfer County information outside of the County’s network. In addition, it may allow for unauthorized access to employees’ personal information in violation of the user’s privacy."
Widespread mayhem also reigned regarding what to do the surplus phones.
"Departments were not sure how to properly salvage inactive mobile devices and were not certain if all data was removed from the device when they performed factory reset. Also, because the devices are County property, there was some confusion whether departments could trade-in devices to wireless providers for credit. As a result, inactive devices that the departments are no longer using or tracking have not been salvaged."
Additionally, an unspecified number of the mobile devices don’t have data encryption set up to prevent prying eyes from intercepting confidential information
Mikel Haas
"Although AT&T enabled the AirWatch encryption setting for iOS devices, they disabled the same setting for Android devices.”
According to the report, “Per discussions with the [chief technology office], AT&T was directed to disable the encryption setting on Android devices because the setting was negatively affecting the functionality of the devices."
Says the audit, "If mobile devices are not encrypted, an unauthorized person may be able to access County information if devices are lost or stolen resulting in possible harm to the County, its customers or employees”
An April 15 letter of response from county chief information officer Mikel Haas lists a series of steps the technology office is taking to rectify the problems. A new device-tracking policy is due June 30, with encryption upgrades due by August 31.
Comments