CyberSecurity

Washington's state and local governments possess countless IT systems that provide critical government services and handle vital and sometimes very personal data. The public expects government to do all it can to ensure that these systems are secure so critical services can be delivered and data stored in those systems is not lost, stolen or damaged.

The State Auditor's Office plays a unique role in keeping an independent eye on government IT security. We work with state and local governments to help improve their cybersecurity programs through audits and outreach activities.

If you're a smaller government without your own full-time information technology staff, you might find it challenging to stay on top of IT-related maintenance. Larger entities have entire departments dedicated to maintaining computer infrastructure, while you may be working with a part-time contractor or even volunteers to meet your IT needs. And that's okay, but remember: having the latest security software, web browser and operating system on your devices is an important defense against cyberattacks.

Updates are important

Strengthening your government's guard against the threats that compromised passwords pose is a necessary control for decreasing the risk of unauthorized users gaining access to your computers, network or database. In this post, we explain how passwords get compromised and how multi-factor authentication (MFA) can help governments improve their account security to better protect their systems.

How passwords get compromised

It can be tempting to think it's the experts' job to keep us safe online. We trust our colleagues who are IT professionals and the technology services we use to stay up to date on the latest threats. But all of us, whether or not we are technology experts, have a part to play in cybersecurity. That's why this year's theme for October's Cybersecurity Awareness Month is “Do your part, #BeCyberSmart.”

OLYMPIA – Emergency federal unemployment programs launched early in the COVID-19 pandemic included provisions that opened state unemployment benefits to fraud, the Office of the Washington State Auditor found in three audits released today.

While Washington was not alone in being targeted, the state Employment Security Department continues to struggle in answering customer questions, investigating suspected fraud and retrieving important data from its systems, the audits found.

This presentation tells the story of Washington's Unemployment Insurance program during the COVID-19 pandemic in 2020, from the first American coronavirus patient diagnosed January 21 through the end of the year.

The information on this page was last updated: 03/12/2021 5:05 PM

The process is under way to notify people whose unemployment benefits claims information may have been affected by a data security breach of the Accellion file transfer service.

A security incident involving a third-party provider of hosted software services, which was used by the Office of the Washington State Auditor, might have exposed sensitive data belonging to Washingtonians.

This data includes personal information from about 1.6 million unemployment claims made in 2020, as well as other information from some state agencies and local governments.

The State Auditor's Office is changing some of the emails we send every week to better align with cybersecurity best practices.

Beginning the week of Nov. 9, emails we send related to the publication of audit reports no longer will contain attachments nor embedded links. We are working to reduce the number of potential targets for attack by cyber-criminals while maintaining timely communication with you.

Email messages that alert recipients when we publish reports will now have two features:

Some security breaches are required to be reported to the Washington State Attorney General's Office (AGO), and sometimes you need to report various cybersecurity issues to the State Auditor's Office, too! Of course, we hope you have none, but if you find yourself in this spot – here is some important information that can help you comply with law.

Reporting to the Attorney General