Don’t let cyber losses go unreported

enduris flame grey

By the Office of the Washington State Auditor

During a cybersecurity incident, it can seem daunting to remember every step you need to take, and in what order. Tasks like isolating affected systems, notifying the right people and documenting events can feel hard to prioritize when everything is “critical.” Sometimes you need to report cybersecurity issues to the State Auditor’s Office, but when? Here is some important information that can help you comply with Washington’s rules and regulations.

You might recall that state law requires state and local governments to immediately notify our Office of known or suspected losses of public resources or other illegal activity. That means a government must report instances such as missing deposits or employee thefts. But this also means reporting cyber-related events involving financial records or finances. What qualifies as an event like this? From paying cyberattackers’ ransoms to security incidents that may have exposed financial records, if your cyber event relates to financial records or finances, you must report it.

Reporting to our Office

Here are some examples of when you should report cyber-related events to our Office:
• Your government experiences a ransomware attack and pays the criminal actors to regain access to your data. This extortion payment is a financial loss resulting from illegal activity

• Your staff acts on a fraudulent email to change banking information and gets tricked into sending an ACH payment to a criminal instead of to a vendor or employee

• Your computer system is hacked, and the bad actors have accessed your financial records, even if those records were not harmed or impacted in any way.

• You have a security incident that might have impacted your financial records or systems, but you are not certain.

You’ll notice that all of these examples involve finances or financial records in some way, and each might have resulted in the government being defrauded, resulting in a financial loss. Also, just like a typical fraud, you shouldn’t delay reporting to our Office when you suspect a problem or potential loss.

An example of something you would not report is a cybersecurity issue completely unrelated to financial activity. For example, if you had ransomware on a non-financial system and didn’t pay the ransom, you wouldn’t report it. However, you need confidence that no financial systems or records were impacted.

How do you report to the State Auditor’s Office?

State and local government employees should use the online Report a Suspected Fraud or Loss form found at the Fraud Program web page.

Reporting to the Attorney General’s Office

Some security breaches are also required to be reported to the Washington State Attorney General’s Office (AGO). If any single security breach affects more than 500 Washington residents, consider speaking with your legal counsel and then reporting it to the AGO. For more about the reporting requirements and how to report, see the AGO’s Data Breach Notifications Directory.

What you can do today

When it comes to thwarting cybercrime, everyone in your government has a role to play. When employees receive regular training on cybersecurity best practices and potential scams, they can go from being the weakest link to your first line of defense.

Train your employees to:
Avoid common cyber threats: Training can help employees recognize and avoid common tactics that hackers use, such as phishing, ransomware and social engineering. During training, include quizzes and phishing simulations so employees learn to identify these types of attacks.

Maintain vigilance: Periodically send fake phishing emails to employees to monitor who clicks on the links. These campaigns enable you to track the results of your awareness training, and they remind employees to be vigilant about phishing emails.

Additional resources

We know cybersecurity is complex, and that additional resources can help governments improve their cybersecurity posture. Check out some of our recent offerings:

• Free resources available to local governments: Resource Library
• Remind your employees to stay diligent and protect your systems Six Signs of a Scam poster
• Learn how to improve your government’s cybersecurity, no matter what role you play
• Did you know you need to report all personal purchases made on a government credit card to SAO? Read the clarification our Office issued in May

enduris flame grey

CONTACT US TODAY