Don’t miss this upcoming free webinar “Cybersecurity Essentials for Local Government Leaders!”

computer_equipment-224824333Presented by the Municipal Research and Services Center (MRSC) and sponsored by the State Auditor’s Office Performance Center, this webinar is for elected officials, managers, information technology and other staff working to keep electronic systems safe from outside interference. Share this information with your co-workers and elected officials in order to get the most out of this opportunity!

This free webinar will help public sector leaders understand what their organization’s greatest vulnerabilities are and the most important investments necessary to reduce risk. You’ll hear from firsthand experience—in agencies both small and midsized—how opportunistic cybercriminals take advantage of system vulnerabilities. You’ll also learn about cybersecurity training that each person with your organization should have and how to get it.

Could a major cybersecurity incident happen to your agency? If it did, how costly could it be? You can’t afford to miss this presentation occurring October 18th at 11am – Register at: mrsc.org/getdoc/27fa135b-50ee-4ab2-ab1d-d9220f9324fe/Cybersecurity-Webinar-2018.aspx.

Recent GAO report underscores the need for cybersecurity auditing

GAOlogoThe federal counterpart to the Office of the Washington State Auditor, the Governmental Accountability Office (GAO) released a report on Tuesday demonstrating the vitally important role of cybersecurity auditing in the information age. Vulnerabilities in government systems can be exploited by criminals looking to harm the public, as detailed in the GAO’s audit findings.

The Office of the Washington State Auditor helps local governments protect themselves from cybersecurity threats through a variety of means, including conducting cybersecurity audits on both the local and state levels. SAO also provides local governments with the training and resources they need to better understand the ever-changing landscape of cybersecurity. Responding to the increased demand for cybersecurity resources by Washington’s local governments, SAO has begun developing a new suite of materials specifically designed to address local government concerns. By partnering with governments across Washington and providing them with our valuable audit services, we help protect Washingtonians from potential cyber harm.

 

How to build a “resilient cybersecurity culture” for your government

ransomwareGovernments are vulnerable to cybersecurity breeches. In this way, they don’t vary much from private-sector businesses, whose sometimes spectacular cybersecurity failings grab headlines. So, as a government with limited resources, how do you prepare for the inevitability of some bad actor trying to access sensitive information?

An August 2018 report out from the (ISC)2, a non-profit focused on “inspiring a safe and secure cyber world” details several key ways in which governments and private businesses alike can begin to build an internal culture focused on cybersecurity awareness. The major take-aways? Management understands the need for the importance of strong cybersecurity–97% of the cybersecurity professionals (ISC)2 polled indicated their managers understood why it was important. And while management may understand why it is important to focus on cybersecurity, they were less clear in their job descriptions to hire dedicated talent. 52% of cybersecurity professionals asked said job descriptions didn’t demonstrate an understanding of security.

The disconnect between management’s understanding of the threat cybersecurity breeches pose and the general understanding of the security environment could create opportunity for disarray in addressing threats. However, the (ISC)2 report goes on to say that to build a culture that effectively addresses cybersecurity concerns really centers on hiring and retaining talent, ensuring management is aware of the importance of cybersecurity, and aligning policies and strategy. Management’s concern and interest in building an effective shield against attack is enough, given the cybersecurity team is adequately staffed and their expertise is taken seriously.

If you are a local government who is struggling to keep up with the demands of ever-evolving cybersecurity issues, the Office of the Washington State Auditor has resources to help. Visit our website for resources and checklists designed to help you.

Know what to look for to prevent disbursement fraud

Fraudulent disbursements are the most A stack of cash is wrapped tightly in a chain that is secured by a padlock.common form of asset misappropriation. This type of disbursement occurs when an employee uses their position to make payment for an inappropriate purpose. They are on-book fraud schemes, which means that money in the form of checks leaves the entity fraudulently, but is recorded on the books and leaves an audit trail. In this way, entities can become victims of fraud, even when no cash is involved. Continue reading

Keeping elections safe, one audit at a time

Ballot box with women hand casting a voteToday marks the beginning of October, a month dedicated to the awareness of cybersecurity—a distinction bestowed to October way back in 2003. Here in 2018, 2003 seems light-years away—a dim and distant past when our cybersecurity concerns centered around malicious actors gaining access to our MySpace accounts or Nigerian princes conning us out of our bank account information from the seemingly secure space of a Yahoo email  account. How quaint those concerns seem against the undermining of American democracy, a target of some of today’s cybercriminals. Continue reading

Helping local governments avoid costly cybersecurity breaches

Searching For VirusOur Office is dedicated to helping local and state governments across Washington avoid the potentially devastating effects of cybersecurity attacks. Much of the public data governments hold is sensitive in nature, and needs to be carefully guarded. That’s why we are in the process of developing new, user-centered cybersecurity resources specifically tailored to meet the unique needs of your local government. We want to hear from you about what resources you’d most like to see, and what issues you want us to address. Take our short, anonymous survey to give us your important feedback.

The Office of the Washington State Auditor has put together a handy guide to various organizations that offer cybersecurity resources to local governments like yours—you can find this and other resources you may find helpful on our website.

We are always listening! If you want to start a conversation with us directly, email us at performance@sao.wa.gov.

Changes to fiduciary reporting take effect soon

Last fall, we posted an article strongly encouraging governments to start evaluating activities that might be classified as fiduciary activities under the Governmental Accounting Standards Board’s (GASB) recently issued Statement No. 84. The changes to fiduciary activity reporting are right around the corner – effective for reporting periods beginning after December 15, 2018 – and affect not only governments that report under generally accepted accounting principles, but those that report using the cash-basis accounting model as well.

It might be tempting to put off consideration of this new standard until all the guidance and examples are issued, especially for cash-basis governments that follow the Budgeting, Accounting and Reporting System (BARS) Manual. However, dedicating the time now to understand where fiduciary activities exist within your organization will put you in the best position to effectively implement these changes.

To help in your evaluation, we recommend using our Best Practices for Implementing New GASB Standards along with the specific suggestions below for getting started. Continue reading