A message from State Auditor Pat McCarthy: See yourself in cyber

Whether you work for a local government that provides frontline emergency services or an agency that handles sensitive information like personal or financial records, you have an important role in cybersecurity.

That is why the State Auditor's Office will be joining in the theme of Cybersecurity Awareness Month, “See yourself in cyber.” While cybersecurity can be technical and complex, much of it comes down to people and the choices they make.

Are your ACH internal controls strong enough to protect you from fraudsters? SAO has a new resource to help you

Do you remember the Nigerian prince scheme—that long-running internet fraud where the bad actor drains your bank account after obtaining your information? Fraudsters made $703,000 in 2018 alone on that one. While some fraudsters are still working that old scam, others have moved on to impersonating your employees and vendors to redirect Automated Clearing House (ACH) payments meant for payroll direct deposits or vendor payments. In fact, Washington governments reported $4.7 million lost to these schemes in 2020 and 2021.

Daylight saving time: Add testing your backup file system to your time change routine

This weekend marks the start of daylight saving time, and we all know the drill: Change your clocks and the batteries in your smoke alarms. But how often are you testing your government's backup file system? With the rapid rise in phishing and ransomware schemes, the biannual time change can also serve as a handy reminder to perform this critical task.

Cybersecurity Special Report 2022: Keeping an independent eye on government IT security

Washington's state and local governments possess countless IT systems that provide critical government services and handle vital and sometimes very personal data. The public expects government to do all it can to ensure that these systems are secure so critical services can be delivered and data stored in those systems is not lost, stolen or damaged.

The State Auditor's Office plays a unique role in keeping an independent eye on government IT security. We work with state and local governments to help improve their cybersecurity programs through audits and outreach activities.

Keep software current to reduce cybersecurity risk

If you're a smaller government without your own full-time information technology staff, you might find it challenging to stay on top of IT-related maintenance. Larger entities have entire departments dedicated to maintaining computer infrastructure, while you may be working with a part-time contractor or even volunteers to meet your IT needs. And that's okay, but remember: having the latest security software, web browser and operating system on your devices is an important defense against cyberattacks.

Updates are important

Increase your government’s account security with multi-factor authentication

Strengthening your government's guard against the threats that compromised passwords pose is a necessary control for decreasing the risk of unauthorized users gaining access to your computers, network or database. In this post, we explain how passwords get compromised and how multi-factor authentication (MFA) can help governments improve their account security to better protect their systems.

How passwords get compromised

A message from State Auditor Pat McCarthy: Cybersecurity is a shared responsibility

It can be tempting to think it's the experts' job to keep us safe online. We trust our colleagues who are IT professionals and the technology services we use to stay up to date on the latest threats. But all of us, whether or not we are technology experts, have a part to play in cybersecurity. That's why this year's theme for October's Cybersecurity Awareness Month is “Do your part, #BeCyberSmart.”

Vulnerabilities in federal law, gaps in state fraud detection led to losses in unemployment insurance program, audits find

OLYMPIA – Emergency federal unemployment programs launched early in the COVID-19 pandemic included provisions that opened state unemployment benefits to fraud, the Office of the Washington State Auditor found in three audits released today.

While Washington was not alone in being targeted, the state Employment Security Department continues to struggle in answering customer questions, investigating suspected fraud and retrieving important data from its systems, the audits found.