Two Members Focus on Cyber Security with NetDiligence

South Metro Water Supply and the Health District of Northern Larimer County Tackle Cyber Security

In today’s world, we all need to remain vigilant and up-to-date on potential cyber risks to our district and employees. It is important to be aware of threats such as data compromise, phishing attempts, and security breaches, but tackling cyber security can be daunting for a variety of reasons.

We know today’s digital landscape can be difficult to navigate and maintaining the integrity of your district’s data might not rank at the top of your to-do list, but those factors didn’t stop South Metro Water Supply Authority (SMWSA) or the Health District of Northern Larimer County from taking action.

Health District of Northern Larimer County

Partnering with NetDiligence, the CSD Pool’s go-to service for cyber security management, the Health District underwent a cyber-evaluation to determine if their current systems and processes meet industry standards.

Currently, the Health District has been reviewing and assessing several areas of operations to ensure compliance and identify areas of improvement. To round out this process, the district’s IT staff sought more information to determine where to focus their limited time and resources. With a streamlined assessment, accurate findings, and reports that target real-life concerns, NetDiligence provided a clear next step.

“NetDiligence concentrated on what is important to an organization of our size and type of services the Health District provides,” Lorraine Haywood, the Health District’s Finance Director, said.

This program allowed the Health District to take part in an outside assessment of their internal network security to make sure they met the Pool’s audit requirements for future cyber insurance coverages. NetDiligence provided a tailored approach that has been hard for the district to come by. The biggest difference from other security assessments is their ability to scale and customize rather than give equal weight to all areas of security whether they applied or not.

“[They were] very knowledgeable and offered great suggestions as well as sample documents and templates for us to consider,” Haywood said.

The ultimate goal of this assessment is to prepare districts for the future of internet security and data storage. While your current security may seem adequate, changes are coming to the industry regarding client-facing applications, the storage of information, and programs hosted by outside vendors.

“Preparing now for future modes of operation will help us to stay ahead of the curve,” Haywood said.

South Metro Water Supply Authority

Recently, SMWSA also took the opportunity to evaluate their district for cyber security and see where they excel and where they need to focus their attention. By using NetDiligence, they were able to gain an understanding of their district’s vulnerabilities without having the process interfere with their day-to-day responsibilities.

“NetDiligence helped translate the process,” Mikal Martinez, SMWSA’s Executive Assistant, said. “Once we got started, everything went by really fast, and the report was delivered on time and it was thorough.”

Although SMWSA is a small organization—five full-time employees, and they outsource their IT duties to a third party—Martinez had concerns about how ready they were for the possibility of cyber threats.

“The question came up after an impressive phishing attempt,” Martinez said. “We wanted to make sure we were aware of what questions we should be asking ourselves.”

This phishing attempt took place when an email was sent to SMWSA’s accountant. In this email, a large wire transfer was requested by someone posing as a high-level employee within management.

Luckily, Martinez and her team were savvy enough to realize the illegitimacy of the attempt and stopped contact before any money was sent or the hacker gained access to their hardware. Nonetheless, this hacker used a variety of clever tactics to gain credibility such as impersonation of an employee and their email.

“It was really weird because the email was initially convincing,” Martinez said. “The Director of Finance asked clarifying questions and got several responses back, meaning they were really engaging us. There was a diligent effort on the fraudster’s part to get us to wire money.”

The persistence of this individual was enough for district leadership to take a step back and re-evaluate SMWSA’s policies on cyber security. This incident was the red flag that showed Martinez they might be underprepared and ultimately drove their desire to evaluate their current level of cyber security and implement a brand new IT policy for the district.

Cue NetDiligence

Through our partnership with NetDiligence, the CSD Pool offers members the opportunity to receive, at no charge, the basic Cyber Risk Assessment and evaluate their readiness in the event of a cyber attack. For separate pricing, a district can upgrade from the basic assessment and where a district achieves recommended best practices they also receive an increased $1,000,000 limit for Cyber liability at no additional cost.

This is specifically useful for districts that make or receive payments, have personally identifiable information that can be stolen, or in the case of SMWSA, interact with third parties to deliver their utility or run various services.

We spoke with Dave Chatfield, NetDiligence’s Vice President and Chief Operating Officer, about the benefits of the service and how SMWSA utilized it.
“[SMWSA] doesn’t have direct residential clients. Most utilities have a retail side to them. Here, that element is not present,” Chatfield said. “But many districts have some element of data control, and if we sense that, we’ll ask about it.”

SMWSA outsources some services to vendors or third parties, which decreases the risk of losing customer’s data to hackers, but increases the need for an improved system of checks on those vendors or third parties. This is where NetDiligence came in handy.

Through eRisk Hub, a service provided for free to all Pool members, districts can pull templates to organize digital assets, implement an IT policy, and access a breach coach that details what to do in the event a hacker compromises their systems. These assessments offer tailored directions on how to strengthen their current situation.

“The reason why we opted for this,” Martinez said “was about defining where—in our behaviors and software and document management practices—there are vulnerabilities.”

Through this service and evaluation, SMWSA was able to gain an awareness of the possible ways data can be mistakenly or intentionally shared when it shouldn’t be. As they develop their IT policy, they also have plans to begin looking at the way they manage their employees’ phone access and SMWSA’s social media accounts. Additionally, SMWSA will be looking at how master passwords are kept and how new employees are hired and screened.

This service is designed to bring peace of mind and an understanding of how members connect to their digital landscape. As Martinez and SMWSA saw, NetDiligence defines where members’ vulnerabilities lie.

Whether a district is small, with only five employees like SMWSA, or large with dozens or hundreds, cyber security is something that needs to be taken seriously.

Client facing or not, when you’re connected to the internet, there are risks.

Several CSD members targeted by hackers. In the case of South Metro Water Supply Authority, someone on the other side of the country attempted to have their accountant send a wire transfer through the use of phishing.

Knowledge and communication foiled it, but without the proper training, their employees may have taken the bait. NetDiligence is here to help translate the language of cyber security to the layperson. If you have time to commit, it is fast, accurate, and reliable. The goal is information and awareness.

“It’s nice to know that you don’t have to worry about certain things,” Martinez said. “And it’s also important to know where you need to focus.”

It is important that the board have an agenda item annually to assess the exposures and progress in protecting personally identifiable information.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.