Municipalities and Cybersecurity



Cybersecurity threats may not be top of mind for government and municipalities; however, they are increasingly targeted by cybercriminals. When we think about hackers and the organizations they target, we often think about banks, insurance companies, hospitals, and other organizations that maintain lots of personal information and financial data. 

But recent events in the City of Oldsmar, Florida may change that thinking. Bad actors compromised the City’s water treatment facility, including the systems that monitor water quality, and attempted to increase the amount of the chemical lye in the water supply. Fortunately, an alert employee identified the increasing levels and quickly reversed the action. According to the Federal Bureau of Investigation, the bad actor appears to have compromised the system through cybersecurity vulnerabilities including weak password security and outdated operating systems.

From municipalities and public utilities managing critical infrastructure to public colleges and universities involved in cutting edge research, governmental organizations are quickly becoming a common target for cyberthieves. Often, the breaches that make headlines are the result of basic cybersecurity vulnerabilities, such as an employee clicking on a bad link in a phishing email, weak password policies, outdated hardware or software, or ignoring alerts on monitoring systems such as antivirus.

For public finance officers, cybersecurity risks can even affect the integrity of financial reporting systems, and auditors are often considering cybersecurity risks as part of planning a financial statement audit. The MICPA has several upcoming programs where cybersecurity risks will be discussed, including the types of risks facing governmental entities and common controls to address those risks.

With a basic understanding of cybersecurity, and knowing what questions to ask, public finance officers and their auditors can lead the way in improving cybersecurity for their organizations and clients.

Address the evolving needs in this area with these upcoming cybersecurity courses or at our Governmental Accounting & Audting Conference.

Soule, Greg

Gregory H. Soule, CPA, CISA, CISSP, CFE
MICPA Member since 2005. Partner in charge of IT audit, security, and consulting services for Andrews Hooper Pavlik PLC.  He is based in the firm’s Auburn Hills, Michigan office.

Source: MICPA

 Back to List