- Audio Recording
- Audit Release Advisory
- Events and Training
- Financial Audits
- Findings for Recovery
- Fiscal Caution, Watch, and Emergency
- Performance Audits
- Policy and Legislation
- Public Integrity
- Public Notices
- Public Records
- Unauditable Declaration
Auditor Yost Issues Cyberfraud ‘Best Practices’ to Protect Local Governments
Columbus – With cyberfraud attacking bigger and more consequential targets, Auditor of State Dave Yost today issued a “Best Practices” newsletter aimed at helping local government leaders protect tax dollars and taxpayer information.
“Cybercriminals are sophisticated, sneaky and stubborn. If the data you have is valuable enough, these cybercreeps will stop at nothing to find the vulnerabilities in your systems and exploit them,” Auditor Yost said.
It has been estimated that by 2019, cybercrime will reach $2 trillion a year in losses worldwide. In 2016, more than 29 million records were exposed. In 2015, Ohio ranked 10th in the nation for cybercrime, according to the 2015 FBI cybercrime report. In 2016, Ohio had climbed to 9th in the nation for cybercrime.
Governments in Ohio already have been victimized by hackers. In January, Licking County in central Ohio was struck by ransomware – an attack that forced the county to shut down its computers and phone systems and reformat about 1,000 computers. The cybercriminals demanded a ransom to unlock the computers and release the data that had been hijacked. Rather than pay, the county was able to rebuild its systems because data were backed up the previous day.
In May of 2016, a virus encrypted Columbiana County's court data, crippling the court for a short time. Because the county did not have a recent copy of data available, it eventually agreed to pay the $2,500 demand and had its data returned. A month earlier, a similar ransomware attack hit Vernon Township in Clinton County. Fortunately, no ransom was paid because the township's data had been backed up.
“The volume and intensity of these attacks are sure to increase,” Auditor Yost said. “Our office has identified best practices for safeguarding information, and we’ve been sharing what we’ve learned across the state.”
Because of his concern about local governments being hacked and not having the resources to obtain necessary training, Auditor Yost assigned one of the region’s leading cybercrime experts to teach local officials how to identify red flags and establish protocols to better protect their systems and information.
The expert, Nicole Beckwith, led training in 16 sessions across the state that attracted more than 1,100 people, most of whom came from law enforcement. So popular were the sessions that Auditor Yost asked that Beckwith’s training session be recorded and shared online to allow all local governments and the public the opportunity to learn how to hamper hackers.
The webinar will be posted on the Auditor’s website in the near future.
“The biggest cybersecurity threats to your agency may actually be your employees,” explained Beckwith. “However, they are also your greatest defense. It is important to keep their training current about what to look for and the best practices in protecting the public’s data.”
Beckwith said most information technology (IT) departments are aware of the risks and solutions to cybersecurity, however sometimes employees inadvertently interfere with necessary steps for the sake of convenience. For example, Beckwith said it is best to prevent employees from connecting their personal devices to company WiFi and from visiting social media sites on company computers.
Beckwith also said the number of cyber threats and the complexity of the attacks are ever increasing. These challenges make it especially important for all levels of governments to prioritize budgets for updated, critical cyber security programs and supporting IT systems.
“It is unacceptable for any public official to stick his or her head in the sand and not make cybersecurity a priority,” Auditor Yost said.
More information is available on the Auditor’s cybersecurity webpage.
The Auditor of State’s office, one of five independently elected statewide offices in Ohio, is responsible for auditing more than 5,900 state and local government agencies. Under the direction of Auditor Dave Yost, the office also provides financial services to local governments, investigates and prevents fraud in public agencies and promotes transparency in government.