Here in Washington, local leaders go by many names – Councilmember, Commissioner, Mayor and many more. Regardless of your title or the size of your local government, leadership plays a key role in ensuring your government’s cybersecurity success. Fortunately, our Center for Government Innovation has updated its cybersecurity guide for Washington’s leaders.
Artificial Intelligence (AI) is being used more often in cyberattacks, including deepfakes, which are manipulated videos or audio that make it appear a person is saying or doing something they did not. These attacks pose growing risks for governments, businesses and individuals.
Washington’s state and local governments possess countless IT systems that provide critical government services and handle vital and sometimes very personal data. The public expects government to do all it can to ensure that these systems are secure to ensure services are not interrupted, and stored data is not lost, stolen or damaged.
Originally published September 4, 2024
June 27, 2025
This blog post was originally published in September 2024. We've recently updated the It Starts with Policy Guide for the 2025 reporting year. You can find the new guide in SAO’s Resource Library. We've also updated the links in this post for your convenience.
What’s new?
We've added recommended policy guidance for AI use.
========
A novel Washington program to help local governments quickly improve their cybersecurity was honored by the National State Auditors Association during its recent conference in Boise, Idaho.
The Center for Government Innovation at the State Auditor’s Office is celebrating: its newest service, the cyber checkup, is one year old. These checkups provide a fast, no-cost, independent review of local government cybersecurity programs.
It's #CybersecurityAwarenessMonth, and we thought local governments should be aware of our free cyber checkups!
We reviewed the results of cyber checkups after the program’s first year. We identified the topics that most local governments need to improve. The most common was needing to implement or improve IT policies. We first published this article in October 2023, but due to its importance, we’re republishing it as a reminder. Also, keep a watch for an upcoming article that reviews results from the cyber checkups.
Your government was probably the target of a socially engineered attack today. Fortunately, many of these types of cyberattacks are stopped by filters and firewalls before they ever reach you. But some attacks are successful because criminals find another vulnerability to exploit: you. According to a recent Verizon Data Breach Investigations Report, 85 percent of data breaches were caused by an employee.
As cyberattacks grow in sophistication, most folks in government know they need to be prepared with strong software and hardware security protocols. And while these technologies will provide protection against a variety of threats, they offer little protection from a major risk factor: your own employees’ actions.