Internal Revenue Service employees are not following agency email use policy and unsecured and unauthorized email servers are putting the internal network at risk, the Treasury inspector general for tax administration has said.
An IG review found that 71 out of 96 employees had email in their inboxes that violated the agency’s personal use policies,
and that the agency has unsecured and unauthorized email servers on its computer network.
As a result, the agency’s internal network, its computers, and the data maintained on the network could be at risk of being compromised, destroyed, or shutdown, the IG said.
It recommended that the agency’s Mission Assurance and Security Services consider implementing an email-monitoring program,
something it noted could increase the number of employees disciplined for email infractions.
Further, the agency’s CIO should ensure that existing procedures are followed to install security updates and patches on all
email servers and hold system administrators accountable for ensuring only authorized computers are enabled to perform as
email servers, the IG said.
IRS management agreed with the recommendations and said it would consider a monitoring program as well as add reminders about related disciplinary action — as well as have the Chief Information Officer hold system administrators accountable for ensuring only authorized computers are enabled to perform as email servers.
