The General Services Administration has made use of social media tools to build a more collaborative government, however, a GSA Inspector General report dated Sept. 28 found security flaws in the agency’s social media websites.
In fact, in reviewing GSA’s IT Security Program, the auditors said that two of the GSA’s public social media websites were in need of additional oversight.
A GSA wiki site was ridden with months old spam postings because posts did not require agency approval. Automated posting of this type makes a site vulnerable to inappropriate information being posted, according to the report.
Similarly, another website reviewed proved to have a weak configuration that exposed users’ confidential communications. The problem occurred because managers failed to follow web application security guidance.
GSA Chief Information Officer Casey Coleman reportedly agreed with the recommendations to improve the security of its social media technologies.
The report suggests GSA should update IT security policies to address risks associated with social medias. Additionally, auditors requested GSA examine current properties and establish an agency-wide IT security standard to avoid similar problems.