The leading voice for excellence in public finance

Conferences & Education

Cybersecurity

State Treasurers serve as the chief financial officers, bankers, and money managers of their respective states by safeguarding public funds and providing a wide range of financial management services to their constituents; and while their specific roles and responsibilities may vary, all State Treasurers play a critical role in overseeing the assets, investments, and overall fiscal well-being of their state. State Treasurers invest and manage over $3 trillion in state funds, which often include employee pension programs. State data, funds, and other assets must be safeguarded from cybersecurity attacks and other similar threats.

The National Association of State Treasurers supports efforts, which may include cross-functional and multi-agency partnerships, at all levels of government and across the public and private sectors, to effectively mitigate the risks of cybersecurity threats, vulnerabilities, and the resulting impact on systems serving the public.

Resources

State Cybersecurity Principles and Best Practices

MS-ISAC (Multi-State Information Sharing and Analysis Center).

Resolutions

https://cdn.ymaws.com/member.nast.org/resource/collection/40CE6332-C7E8-4B8F-8D8D-1556E11AE0B8/Final_2019_NAST_Cybersecurity_Resolution.pdf

https://cdn.ymaws.com/member.nast.org/resource/collection/40CE6332-C7E8-4B8F-8D8D-1556E11AE0B8/Expressing%20NAST%20Support%20for%20Legislation,%20such%20.pdf

Cybersecurity Webinar Series

October was National Cybersecurity Awareness Month, a collaborative effort between federal and state governments and the industry to raise awareness about the importance of cybersecurity.

See below for information for the webinar series hosted by NAST in 2019. Sign in to view the recordings.

Webinar 1 — Threat Mitigation Through Training and Awareness

Once, twice, you are out and back to training for you. Human error is perhaps the biggest weakness in any information security program. Most Treasury offices offer security awareness training with the aim to condition employees not to click or open anything that looks remotely suspicious. But with fraudsters becoming more sophisticated in their phishing schemes, staff need ongoing training before clicking on a link to an urgent fax, forwarded voicemail, or other time-sensitive requests.

Hear from one state and how they are combating threats with the help of their State Bureau of Information and Telecommunications. This primer will set the stage for the rest of the trainings throughout the month.

Presenters:
Treasurer Josh Haeder (SD)
Jim Edman, Chief Information Security Officer, South Dakota

Webinar 2 – The FAQs on Cybersecurity Insurance

As the capabilities and sophistication of cyber threats continue to grow at an astounding rate, it has become increasingly important for state agencies to embrace information security and operational resiliency, whether through direct investment in proactive measures and controls, participating in the Insurance-purchasing process, or simply building out extensive contingency plans with key vendor partners.

Cyber Response & Risk Transfer solutions can not only help from a balance sheet perspective for potential costs incurred during an unauthorized intrusion, but more importantly, can assist and guide insureds in effectively aligning the parties needed to fully remediate an incident in an effective and efficient manner. Preparation is vital before an incident occurs and can make the biggest difference when combatting such an ever-evolving threat.

Handout: Building Confidence in a World of Uncertainly

Presenters:
Peter DeWispelaere, Senior Broker, Cyber Solutions, Aon
Dave Collier, Vice President, Aon Cyber Solutions ( f/k/a Stroz Friedberg)

Webinar 3 – Intra-state Collaborations 

According to a survey conducted by NAST this past August, many state treasuries are part of intra-state collaborations, usually run by the state’s Office of Information Technology. These all-encompassing plans often cover not only state agencies and the administration, but county and city offices too. Building strong internal partnerships are key before an incident occurs, but is your office being served by one all-encompassing plan? Does your office need additional controls, policies, and training?

This panel of state experts will draw on their experiences of working with state partners, and when they’ve implemented their own based on the unique needs of the Treasurer’s office.

Presenters:
Joseph Daniels, IT Security Manager, Illinois State Treasury
PN Narayanan, Deputy State Treasurer/Chief Information Officer, Pennsylvania State Treasury

Webinar 4 – Tax Identity Theft and Refund Fraud Prevention

The mission of the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (IDTTRF-ISAC) is to identify tax refund fraud and to provide a secure platform for communication between the IRS, tax preparation firms, financial institutions and processors, and state officials. This public/private partnership facilitates information sharing consistent with applicable laws and the analytics necessary to detect, prevent, and deter activities related to tax refund fraud. With the benefit of sharing alerts and information, the members of the IDTTRF-ISAC work in a trusted environment where they have a broader view of suspicious patterns and a secure platform to communicate these concerns. The objective is to disrupt and prevent identity theft tax refund fraud.

Hear from a panel of experts who were part of the pilot program and learn how you can join this national effort.

Presenters:
Treasurer Lynne Riley (GA)
Sharonne R. Bonardi, Deputy Comptroller of Maryland