What do hackers want? Anything they can take from your government

It doesn't matter if you're a small government, a big government, or somewhere in between: You have information that hackers want. From employee personal information and payroll to vendor payments, tax information, critical infrastructure and more, hackers want it all—and they're constantly evolving their tactics to get it.

Keeping information safe and secure isn't a new challenge for governments, but the COVID-19 pandemic, which forced governments to quickly shift to online or hybrid workplaces, has made the job tougher. Most government's cybersecurity practices and protocols haven't kept up with our new reality.

If you haven't had time to update your cybersecurity policies in light of the shift to remote and hybrid work, we offer four steps you can take now to better protect your government against cyberattacks.

1. Identify your government's critical assets. Understanding what information cybercriminals want most is essential to combating cyberattacks. Create an inventory list of your organization's valuable data and assets, including manufacturer, model, hardware and software information. Take note of who has access to important data and information while also accounting for all storage locations. This practice will help you know where to look if your government is hacked.
2. Protect your assets by updating and authenticating. At the end of the day, protecting your data and devices from malicious actors is what cybersecurity is all about. To accomplish this, make sure your security software is current. Investing in the most up-to-date software, web browsers, and operating systems is one of the best defenses against a host of viruses, malware and other online threats. Make sure these devices have automatic updates turned on so employees aren't tasked with manually updating them. And make sure all your government's data is being backed up either in the cloud or via separate hard drive storage.
3. Monitor suspicious activity. Governments must always be on the lookout for possible breaches, vulnerabilities and attacks, especially in a world where many often go undetected. Consider investing in cybersecurity products or services that help monitor your networks, such as antivirus and anti-malware software.
4. Have a response plan ready. No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce risks to your government and send a positive signal to your employees and community. Every government should have a cyber incident response plan. The plan should include practices like disconnecting any affected computers from the network, notifying your IT staff or the proper third-party vendors, and using spares and backup devices while continuing to capture operational data.

If you do experience a cybersecurity incident, state law requires you to report certain breaches to both SAO and the Washington State Attorney General's Office (AGO). If any single breach affects more than 500 Washington residents, consider speaking to your legal counsel and then report it to AGO. If you have known or suspected losses of public resources or other illegal activity, notify SAO.

You can find more information and resources on SAO's #BeCyberSmart website.

How to reach us for more assistance

Do you have questions about cybersecurity? SAO's Center for Government Innovation has a cybersecurity specialist available to talk with you about best practices and resources. For assistance, reach out to us at Center@sao.wa.gov.