© 2024 Kansas City Public Radio
NPR in Kansas City
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Kansas City Employee Cell Phones Could Expose City To Hacks, Audit Finds

Blue Coat Photos
Flickr - CC

Every day it seems we hear news of another data breach — from 500 million Yahoo accounts tothe latest WikiLeaks hacks

Even at the city level, officials are worried about cyber security threats.

A Kansas City, Missouri, auditreleased Tuesday studied risks related to cell phones and tablets used for city business. And although the findings weren't terrible, there's still a lot of room for improvement. 

The city owns over 750 smartphones and tablets used by employees for city business. Another 230 employees use personal phones and tablets for city business. 

"What we found was that although the city has a number of mobile device security policies, it is lacking some critical policy requirements to mitigate mobile security vulnerability," says City Auditor Doug Jones. 

Those policy requirements include updates to the operating systems, disabling location services when they're not in use, reporting lost devices to IT immediately and encrypting data stored on tablets. 

Additionally, the audit found that many employees weren't even following the security policies that are already in place, like requiring a passcode to access all mobile devices used for city business and disabling Bluetooth when the function is not in use. 

Credit Office of the City Auditor / City of Kansas City, Missouri
City of Kansas City, Missouri
The Kansas City Auditor's office tweeted this graphic Tuesday morning, with tips on how to secure your phone or tablet.

These requirements may seem straightforward, but many city employees who use city-owned devices also use them as their personal cell phones. So something as simple as turning off Bluetooth or location services when they're not in use could be a hassle. A hassle that, ultimately, is worth it, says Jones. 

But some measures are easy to follow, like always updating your operating systems. These updates generally fix smaller errors.

"Those are the types of things that hackers can exploit are those vulnerabilities or those system errors," Jones says.

Other easy recommendations? Don't download apps from untrustworthy, third-party app stores and don't connect to unknown WiFi networks or hotspots. 

The auditor also recommended the city invest in mobile device management software, which helps enforce these security features. 

That kind of software has a price tag of about $59,000 a year, but Jones says that isn't that much, considering it can cost thousands of dollars to investigate and remediate just one device that's been compromised. 

This is the latest in a series of IT-related audits the office has conducted in recent years. Jones says these kinds of audits will become more common, as the risk for data breaches grows. 

"Cyber security and cyber risks, that's one of the highest risks areas right now for any entity that has these pieces of equipment. Data is everywhere and it's being used by every type of organization," Jones says. 

Lisa Rodriguez is a reporter for KCUR 89.3. Connect with her on Twitter @larodrig

Slow news days are a thing of the past. As KCUR’s news director, I want to cut through the noise, provide context to the headlines, and give you news you can use in your daily life – information that will empower you to make informed decisions about your neighborhood, your city and the region. Email me at lisa@kcur.org or follow me on Twitter @larodrig.
KCUR serves the Kansas City region with breaking news and award-winning podcasts.
Your donation helps keep nonprofit journalism free and available for everyone.