CyberSecurity

It's #CybersecurityAwarenessMonth, and we thought local governments should be aware of our free cyber checkups!

Your government was probably the target of a socially engineered attack today. Fortunately, many of these types of cyberattacks are stopped by filters and firewalls before they ever reach you. But some attacks are successful because criminals find another vulnerability to exploit: you. According to a recent Verizon Data Breach Investigations Report, 85 percent of data breaches were caused by an employee.

As cyberattacks grow in sophistication, most folks in government know they need to be prepared with strong software and hardware security protocols. And while these technologies will provide protection against a variety of threats, they offer little protection from a major risk factor: your own employees’ actions.

Public services of all types depend on specialized computer systems and information technology applications. However, all too often those applications are out of date. In fact, between 40 percent and 60 percent of Washington state’s government applications should be considered “legacy applications” according to Washington Technology Solutions, the state’s centralized provider of IT services.

Local governments are fast becoming attractive targets for cyber criminals because of the vast amounts of sensitive data they maintain about their employees, infrastructure and residents. To keep pace with the constantly evolving threats and tactics, it's essential that you understand how to minimize your government's risk of attack.

Washington's state and local governments possess countless IT systems that provide critical government services and handle vital and sometimes very personal data. The public expects government to do all it can to ensure that these systems are secure to ensure services are not interrupted, and stored data is not lost, stolen or damaged.

The disruptions caused by the COVID-19 pandemic resulted in increased dependence on technology and electronic payment networks. This shift has created new opportunities for bad actors to steal public resources and assets from your government. By using various cyber fraud schemes, such as fake email addresses or compromised email accounts, bad actors are successfully tricking governments into rerouting electronic disbursements to their own accounts. And the fraudsters are raking in a hefty profit.

The COVID-19 pandemic forced local governments to rapidly convert many office employees to work-from-home employees. While some have returned to the workplace, many employees continue to work either fully or partially remotely. Working from home has many benefits, but it also brings additional risks because remote workers are more vulnerable to cybercrime than those who work in the office.

It doesn't matter if you're a small government, a big government, or somewhere in between: You have information that hackers want. From employee personal information and payroll to vendor payments, tax information, critical infrastructure and more, hackers want it all—and they're constantly evolving their tactics to get it.

If it seems like data breaches are in the news nearly every day, it's because they are. While breaches at large companies often dominate the headlines, cybercriminals are also hacking local and state governments, public and private universities, and school districts. Yet, despite the prevalence of the breach-centric news cycle, many people don't know what exactly a data breach is, how it typically starts, and why it occurs.