At Maze & Associates we strive to help our clients make the world more cyber-secure through prudent planning and awareness, arming our clients with the right tools to help mitigate and respond to potential threats in an ever-changing landscape of enterprise security.
Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks.
In order to help clients effectively combat the current growing cyber-threats, we have updated our readiness checklist to version 1.2 to include newly released recommendations, enabling a higher-level awareness of your organization’s ransomware preparedness.
CLICK HERE TO ORDER YOUR FREE RANSOMWARE PREPAREDNESS CHECKLIST
2018 update on cybersecurity for local governments. This year marks the rise of the new threat to Local Government from nation states and the new risks to local governments. Costs for suffering cyber-attacks can be crippling to local governments. In addition, 93% of incidents are directly related to the human vulnerability. Most importantly strengthening the human firewall is a must to reduce risk. A strong cybersecurity awareness program is necessary.
One update since I did this talk. This week it was reported the cost for the City of Atlanta’s ransomware incident is now at $17 million up from $2.6 reported in April.
There has been a recent increase in scams targeting finance, payroll and human resources departments of local governments. The scam involves emails that look like they are coming from the City Manager or equivalent to staff requesting either a wire transfer or employee W-2 information.
At Maze Live, our recent client day of training, I asked our clients if they had seen such emails and almost everyone raised their hand. In addition, I received an email the following day from a client stating they had received one of those emails while they were at the training.
Unfortunately, a number of clients have fallen for the scam by disclosing employee information or attempting a wire transfer. Given the number of organizations that have been victims, I felt it necessary to send out this alert.
What can you do?
- Train employees regularly on scams and how to spot suspicious requests
- Ensure dual authorization for all wire transfers
- Setup email rules that flag all emails coming from outside your organization
- Setup email rules to prevent social security numbers from being emailed outside your organization
More information can be found on my blog, including:
You can also check out my recorded session at Maze Live:
Finally, here is an FBI Alert on these types of scams:
If you have any questions feel free to contact us.
Is your organization doing enough to reduce the risk of cyber threats? Cyber-security is more than compliance with credit card processing. What risks does your organization have? Cyber-security is a prime concern today and in this session we will cover what local governments can do to reduce risk. Presenter Donald E. Hester, CISA, CISSP, Director
GASB Update – Are you wondering what is down the pike for GASB implementation? In this session we will cover the new GASB pronouncements effective for fiscal year 2017 and the upcoming years.
Preparing for Audit — OPEB and Pension Liabilities (or Assets?) – In this session, we will review the new accounting and reporting rules for Other Postemployment Benefit (OPEB) plans under GASB Statements 74 and 75, with an emphasis on Statement 75 which is in effective for employers beginning in fiscal year 2017/18. Are you ready to record the Net OPEB Liability? We will go over the Plan and Employer responsibilities under each Statement as well as the changes to the required disclosures and RSI. We will also provide a sample journal entry for the first year of implementation.
Municipal Accounting Threats and Revenue Opportunities – Not only do good internal controls promote checks and balances in an organization, it can also reduce treats and increase revenue opportunities for a public agency. In this session, the speaker shares his decades of experiences working in and consulting for public agencies and what he saw as good internal controls in improving revenue positions of the agencies. Mark Moses – Regional Government Services
Getting Ready for GASB 74 and GASB 75 Implementation — In this session, we will go over the implementation of GASB Statements 74 and 75 from an actuary’s prospective. Topics includes: How to choose the various dates (measurement, implementation, and valuation), actuarial issues that a public agency can face, and what to expect from the actuary’s report. The speaker will also allot time at the end to answer questions from the audience.
Single Audit Update and Common Findings – In this session, we will go over the common findings auditors have come across in single audits under the new Uniform Guidance to Federal Awards. This session will also cover the latest available draft of the Compliance Supplement.
This session will provide information on some common fraud schemes relevant to most entities and provide examples of controls you can implement in your organization to decrease the risk of fraud. We will also provide an overview of the Internal Control Guidelines issued by the State Controller’s Office.
Presenters David Alvey, CPA Audit Partner and Katherine Yuen, CPA, Audit Partner