IG's message to IRS: Secure all your e-mail
The IRS has a program that can protect taxpayers' sensitive financial data when agency employees share it via e-mail; the problem is that not all employees use the encrypted messaging, a new inspector general report says.
Only 76 percent of the IRS' 82,000 e-mail mailboxes had been enrolled as of last fall, two years after the agency began its Secure Messaging program, the audit from the Treasury Department IG for tax administration found. Both the sender and recipient of an e-mail must use the encryption service for it to work.
'Even those enrolled in the program are not using it consistently,' said Pamela Gardiner, deputy IG for audit.
Secure Messaging incurs additional administration costs and demands more of the IRS' telecommunications and computer storage systems. The IG recommended weighing the costs and benefits of the program. If the IRS decides to keep the program, it needs to make sure all employees who send sensitive data enroll in Secure Messaging, the report concluded.
CIO Todd Grams said the IRS would do more to educate employees about Secure Messaging and require managers to review employees' use to ensure compliance. To see the report, go to www.gcn.com
and enter 379 in the GCN.com/box.
Mary Mosquera is a reporter for Federal Computer Week.