The Center for Government Innovation at the State Auditor’s Office is celebrating: its newest service, the cyber checkup, is one year old. These checkups provide a fast, no-cost, independent review of local government cybersecurity programs.
It's #CybersecurityAwarenessMonth, and we thought local governments should be aware of our free cyber checkups!
We reviewed the results of cyber checkups after the program’s first year. We identified the topics that most local governments need to improve. The most common was needing to implement or improve IT policies. We first published this article in October 2023, but due to its importance, we’re republishing it as a reminder. Also, keep a watch for an upcoming article that reviews results from the cyber checkups.
Your government was probably the target of a socially engineered attack today. Fortunately, many of these types of cyberattacks are stopped by filters and firewalls before they ever reach you. But some attacks are successful because criminals find another vulnerability to exploit: you. According to a recent Verizon Data Breach Investigations Report, 85 percent of data breaches were caused by an employee.
As cyberattacks grow in sophistication, most folks in government know they need to be prepared with strong software and hardware security protocols. And while these technologies will provide protection against a variety of threats, they offer little protection from a major risk factor: your own employees’ actions.
Public services of all types depend on specialized computer systems and information technology applications. However, all too often those applications are out of date. In fact, between 40 percent and 60 percent of Washington state’s government applications should be considered “legacy applications” according to Washington Technology Solutions, the state’s centralized provider of IT services.
Local governments are fast becoming attractive targets for cyber criminals because of the vast amounts of sensitive data they maintain about their employees, infrastructure and residents. To keep pace with the constantly evolving threats and tactics, it's essential that you understand how to minimize your government's risk of attack.
Washington's state and local governments possess countless IT systems that provide critical government services and handle vital and sometimes very personal data. The public expects government to do all it can to ensure that these systems are secure to ensure services are not interrupted, and stored data is not lost, stolen or damaged.
The disruptions caused by the COVID-19 pandemic resulted in increased dependence on technology and electronic payment networks. This shift has created new opportunities for bad actors to steal public resources and assets from your government. By using various cyber fraud schemes, such as fake email addresses or compromised email accounts, bad actors are successfully tricking governments into rerouting electronic disbursements to their own accounts. And the fraudsters are raking in a hefty profit.
The COVID-19 pandemic forced local governments to rapidly convert many office employees to work-from-home employees. While some have returned to the workplace, many employees continue to work either fully or partially remotely. Working from home has many benefits, but it also brings additional risks because remote workers are more vulnerable to cybercrime than those who work in the office.