Workers in the Social Security Administration are downloading outside software without permission, which can lead to malware incidents, according to a report by SSAâs inspector general.
SSA employees and contractors are only allowed to download software critical to SSAâs function and must receive written permission before doing so.
But SSA IG Patrick OâCarroll, whose report found nearly 200 malware attacks in a little under a year, said workers often break the rules. The report pinpointed seven cases, where unauthorized downloading led to malware attacks.
The report concludes SSAâs software approval process and monitoring policy need improvement.
Often, such nonstandard software can contain malicious code that can infect SSAâs operating system.
âThese incidents could cause SSAâs network to operate inefficiently or ineffectively,â the report finds. “Further, the malicious software could extract personally identifiable information to be used for identity theft purposes.â
OâCarrollâs report recommends having all download permissions go through a central authority, such as the chief information officer. In some instances, the report finds, disciplinary action may be necessary.