05/23/2022

Mitigation of Cyber and Driving Risks

Written by Frank Hatfield, CORSA Risk Manager

All, or nearly all, county employees likely spend a portion of their workday on a county’s computer network, on the road driving a county vehicle, or both. Counties are wise to frequently review and enhance cyber and driver risk mitigation efforts to reduce exposure to ever growing risks associated with these activities.

Cyber Attacks at All Time High
Much has been publicized recently about potential cyber-attacks by the Russians. In late March, the US Cybersecurity & Infrastructure Security Agency (CISA) issued guidance regarding potential Russian cyber-attacks. In any event, cyber-attacks are at an all-time high and show no signs of slowdown with or without Russian cyber-attacks. In 2021, the FBI Internet Crime Complaint Center received a record number of complaints: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. During the first six months of 2021, there were more ransomware attack attempts on government than any other industry, and three times the number of attacks seen in 2020. Phishing was the most reported form of cyber-attack in 2021 and increased by 74.6% from 2020.

It is advisable for counties to work with their IT departments/providers on a continual basis to take measures to reduce risk of a cyber-attacks and/or mitigate the adverse impact of an attack. A few considerations: Is your computer use and cybersecurity policies and protocol up to date? Have employees been provided a copy and trained on our policies and protocol? Are employees trained on cybersecurity, including simulated phishing? Do you have secure backups? Do you have dual or multi factor authentication? What do your contracts require of IT vendors? Do you have a business continuation plan if your system is down due to a cyber-attack?

CORSA offers members several cyber security risk mitigation resources and reimbursements including, but not limited, to on-line training courses specific to cyber security, direct subsidies for IT Scans, Anti-Phishing Software, Dual Preventive Services/Encrypting (Data Anchor), a grant program for member specific IT issues, and Cyber Best Practices and Model Policy.

Less Roadway Traffic + Fewer Accidents = Greater Risk
The Ohio Highway Patrol Crash Report statistics show that in 2020 there were 17.2% fewer auto crashes reported than the year before, but 9.8% more crash fatalities than 2019. Also, the Ohio Department of Transportation reports that traffic volume decreased by 3.7% to 13.1% depending on road classification from 2019 to 2020. The largest concentration of accidents by hour and day occurs between noon and 4:00 pm Wednesday through Friday.

Counties are wise to increase their efforts to reduce risks associated with driving on the job. A few considerations: What is your minimum employee driver eligibility criteria? Do you obtain applicant motor vehicle report and make employment offers contingent upon minimum driver eligibility criteria? Do you require employee defensive driver training before permitting employees to drive on the job? Do you require remedial training such as driver instruction, testing, or observation after a work-related auto accident?

CORSA offers members several resources to reduce the risk of on-the-job auto accidents that include, but are not limited to, pre-employment MVR and employee driver license monitoring, in-person defensive driving classes, on-line driver courses, and model driver eligibility criteria.

Story originally appeared in the Spring 2022 edition of County Leader.