Audit critical of online banking security for Byron-Bergen schools
The Byron-Bergen Central School District needs to improve its online banking security, according to a NYS comptroller's audit released this month.
While the district informed the auditors that some of the report's recommendations were already being complied with or will be met, the board rejected one of the recommendations.
Auditors said that while the district has online access to all of its accounts -- including high-balance savings accounts -- such access is unnecessary.
The board countered: Actually, online banking for all district accounts is unavoidably necessary, thanks to the state.
"Due to the remote location of our school district," the district board responded, "and limited district office staff due to the ever-increasing budget constraints caused by the property tax cap, freezing of state aid and the Gap Eliminate Adjustment, we are unable to do banking transactions on a regular basis at our banking institution's branch locations due to distance and time away from other duties district office staff perform. We must be as efficient as possible in the use of our existing office staff. That efficiency is increased with the ability to our banking functions online."
The audit found that two employees were keeping their usernames and passwords on a piece of paper and while one document was locked in a filing cabinet, the other was kept in a cabinet that wasn't always locked.
Online-banking users also do not properly log out of their banking sessions and then delete their browsing history, cache and cookies, according to the audit.
The audit also knocked the district for not having copies on file of its banking agreements, but district officials said they felt the confidential information contained in these documents were best secured at the bank and not in district offices.
The district is not taking full advantage, the report states, of their bank's notification alerts for high-threshold transactions.
The district said it has instituted additional staff training in these area were best practices were not already in place.