Are the phish biting today?
That question serves as a warning to anyone or any entity operating online, including local governments which have become increasingly attractive targets for cybercriminals because of the vast amounts of sensitive data they maintain about employees, infrastructure and citizens.
Faced with constantly evolving threats of online intrusion and scam tactics, the Washington State Auditor’s Office says it’s vitally important for local governments – counties, cities and towns, and other public entities – to minimize their risks.
To help local governments improve their security and cyber health, the SAO said the Center for Government Innovation was created. Its #BeCyberSmart program includes free checkups and independent assessments of a government entity’s vulnerabilities.
The checkups are based on a framework from the Center for Internet Security, which was developed by a consortium of private companies, government agencies and universities. The CIS controls are deemed to be “highly effective defensive actions” organizations can utilize to improve their cybersecurity.
Depending on a local government’s availability, a checkup can be completed in less than a month through a five-step process.
Participating governments initially complete and return a questionnaire, then meet with one of the center’s cybersecurity specialists. Afterward, the specialist will perform a remote review of the organization’s IT systems and provide a confidential evaluation report with recommendations for improvements. That will be followed by a final meeting between the specialist and the government team.
The cyber checkups are available at no cost to local governments in Washington.
The assessments are considered confidential and exempt from public disclosure under the Revised Code of Washinton Chapters 42.56.420 and 42.56.270.
The SAO says the checkups are not an alternative to a more detailed cybersecurity audit, a form of performance audit that is also available at no cost to state or local governments thanks to 2005’s voter-approved Initiative 900 directing the SAO to conduct performance audits of state and local governments, or to replace the local jurisdiction’s own internal “hygiene, maintenance, and monitoring activities.”
The SAO also offers a variety of guides and handouts to improve employee awareness of typical online scams and schemes, along with training from security organizations and help in understanding cyber considerations based on employee position responsibilities.
