Cybersecurity is everyone’s job, including yours

Subscribe to Updates

Get our e-newsletter right to your inbox!

First Name

Last Name

Company

Job Title

« back to Audit Connection Home

Categorized in: Local governments • CyberSecurity

Oct 5, 2022

When a cyberattack occurs, we often want to point the finger at our technical staff. We assume there must be a hole in our organization's security, and that our IT employees weren't doing all they could to prevent the attack. In reality, the days of simply relying on firewalls and antivirus software to keep hackers out of your network are over.

As security technology becomes more sophisticated, cybercriminals are increasingly viewing employees as the weakest link. In fact, according to IBM, 95 percent of cyberattacks stem from an employee who fell for a phishing scam, used a weak password, or did not take the proper steps to secure sensitive data.

When it comes to thwarting cybercrime, everyone in your government has a role to play. Unfortunately, many employees aren't aware of the best practices for boosting cybersecurity and how easy they are to adopt. When employees receive regular training on cybersecurity best practices and potential scams, they can go from being the weakest link to your first line of defense.

Here are a few key best practices that you and your employees can implement today to protect your government.

Watch out for phishing

Phishing—when a cybercriminal poses as a legitimate party in hopes of getting employees to engage with malicious content or links—remains one of the most popular tactics today. In fact, according to CSO Online, 80 percent of cybersecurity incidents stem from a phishing attempt.

While phishing has gotten more sophisticated, keep an eye out for typos, poor graphics and other suspicious characteristics in emails you receive. These can be a telltale sign that the content is potentially coming from a “phish.” In addition, if you think you have spotted a phishing attempt, be sure to report the incident so that your internal IT teams and service providers can remediate the situation and prevent others from falling for it.

Update your passwords and use a password manager

Having unique, long and complex passwords is one of the best ways to immediately boost your cybersecurity. Yet, according to Google, only 43 percent of people say that they “always” or “very often” use strong passwords. Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater,” once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts.

You might repeat passwords because it can be tough to remember all of the passwords you have. Fortunately, by using a password manager, you can securely store all of your unique passwords in one place—which means you only have to remember one password.

Password managers can also help eliminate an attack called “typosquatting.” Typosquatting is when a malicious attacker registers a domain name for a fake website that is similar to a valid domain, such as “yourbankk” instead of the actual “yourbank.” The fake website looks just like the actual website, tricking you into logging into it and having your information captured. Using a password manager allows you to store the website address so you click on that link within your password manager to log in.

Enable MFA

Enabling multifactor authentication (MFA)—which prompts a user to input a second set of verifying information, such as a secure code sent to a mobile device or to sign-in via an authenticator app—is a very effective measure that anyone can use to drastically reduce the chances of a cybersecurity breach. In fact, Microsoft reports that MFA is 99.9 percent effective in preventing breaches. We encourage you to use MFA to secure your personal and work-related devices and accounts.

Activate automatic updates

It's essential that you ensure all of your devices are up to date with the most recent software versions. Cybersecurity is an ongoing effort, and updates are hugely important for addressing vulnerabilities and providing ongoing maintenance. You should work with your IT staff or managed service provider to receive automatic update notifications or enable automatic update installations whenever possible.

Additional resources

SAO has a number of resources to help you improve your government's cybersecurity. You can find more on our #BeCyberSmart webpage.

How to reach us for more assistance

Do you have questions about cybersecurity? SAO's Center for Government Innovation has a cybersecurity specialist available to talk with you about best practices and resources. For assistance, reach out to us at Center@sao.wa.gov.