10/23/2017

Yost Issues Cyber-Fraud ‘Best Practices’ to Protect Local Governments

With cyber-fraud attacking bigger and more consequential targets, Auditor of State Dave Yost Thursday issued a “Best Practices” newsletter aimed at helping local government leaders protect tax dollars and taxpayer information. The newsletter can be found online at http://tinyurl.com/yc7rowjm.

“Cyber criminals are sophisticated, sneaky and stubborn. If the data you have is valuable enough, these cyber creeps will stop at nothing to find the vulnerabilities in your systems and exploit them,” Yost said in the release.

It has been estimated that by 2019, cyber-crime will reach $2 trillion a year in losses worldwide. In 2016, more than 29 million records were exposed. In 2015, Ohio ranked 10th in the nation for cyber-crime, according to the 2015 FBI cyber-crime report, Yost said. In 2016, Ohio had climbed to 9th in the nation for cybercrime.

Governments in Ohio already have been victimized by hackers. In January, Licking County in Central Ohio was struck by ransomware – an attack that forced the county to shut down its computers and phone systems and reformat about 1,000 computers. The cyber-criminals demanded a ransom to unlock the computers and release the data that had been hijacked. Rather than pay, the county was able to rebuild its systems because data were backed up the previous day.

In May 2016, a virus encrypted Columbiana County's court data, crippling the court for a short time. Because the county did not have a recent copy of data available, it eventually agreed to pay the $2,500 demand and had its data returned. A month earlier, a similar ransomware attack hit Vernon Township in Clinton County. No ransom was paid in that instance because the township's data had been backed up, the auditor explained.

“The volume and intensity of these attacks are sure to increase,” Yost said. “Our office has identified best practices for safeguarding information, and we’ve been sharing what we’ve learned across the state.”

Because of his concern about local governments' being hacked and not having the resources to obtain necessary training, Yost assigned cyber-crime expert Nicole Beckwith to teach local officials how to identify red flags and establish protocols to better protect their systems and information.

She led training in 16 sessions across the state that attracted more than 1,100 people, most of whom came from law enforcement. Beckwith’s training session has been recorded and will be available on the auditor's website in the near future to allow all local governments and the public the opportunity to learn how to hamper hackers.

“The biggest cyber-security threats to your agency may actually be your employees,” explained Beckwith. “However, they are also your greatest defense. It is important to keep their training current about what to look for and the best practices in protecting the public’s data.”

Beckwith said most information technology (IT) departments are aware of the risks and solutions to cyber-security, however sometimes employees inadvertently interfere with necessary steps for the sake of convenience. For example, Beckwith said it is best to prevent employees from connecting their personal devices to company WiFi and from visiting social media sites on company computers.

Beckwith also said the number of cyber-threats and the complexity of the attacks are ever increasing. These challenges make it especially important for all levels of governments to prioritize budgets for updated, critical cyber-security programs and supporting IT systems.

“It is unacceptable for any public official to stick his or her head in the sand and not make cyber-security a priority,” Yost said.

More information is available on the Auditor’s cyber-security webpage.
Story originally published in The Hannah Report on October 12, 2017.  Copyright 2017 Hannah News Service, Inc.