16 minute read
SDLF District Spotlight
District Spotlight
THE SPECIAL DISTRICT LEADERSHIP FOUNDATION RECOGNIZES Herlong Public Utility District
Share your experience completing the Transparency Challenge. (What did you learn about your district? How diffi cult was the application process?)
When this SDLF Transparency Challenge came out, I was fairly new to the Herlong Public Utility District. I thought to myself what better way to learn about the district I work for, let alone special districts in general! The process was not diffi cult; it took me roughly eight months to gather all the information. During that time, I learned things that the district hadn’t done yet and put them into place, like searchable/ readable agendas and updating our policies uploaded onto the website. With the assistance of this challenge, I feel the district is now more “transparent” than before with website requirements, specifi cally.
The district last received this award in 2014. Primarily due to personnel changes within the district the last few years, it was important to show our board of directors and the public that the Herlong Public Utility District is still moving forward and improving every day.
Herlong Public Utility District Staff and Board of Directors will proudly display the accomplishment on the district website, conference room, and in our monthly newsletter. As a team, we are striving towards our District of Distinction Accreditation in 2022.
About Herlong Public Utility District
The Herlong Public Utility District was formed on February 14, 2008, by the Lassen County Local Formation Commission under the Public Utility District Act (CA PUC Code 15501 - 18055). Herlong Public Utility District’s mission is to provide safe drinking water that meets or exceeds all of the State and Federal Government standards; maintain a water reclamation plant that disposes of wastes in an eff ective and effi cient manner and produces reclaimed water. The district provides these services as economically as possible. For more information, visit www.herlongpud.com.
It is now more important than ever for local governments (including special districts) to be open and accessible to the public. The Special District Leadership Foundation’s Transparency Challenge showcases the many steps districts take to show they are available and transparent to their constituents and customers.
THE SPECIAL DISTRICT LEADERSHIP FOUNDATION RECOGNIZES Rio Linda Elverta Recreation and Parks District
Share your experience completing the Transparency Challenge. (What did you learn about your district? How diffi cult was the application process?)
This was the second time that I have been the lead person in completing the SDLF Transparency application for Rio Linda Elverta Recreation and Parks District. It was much easier to complete the application this time around because of our new website platform, which makes it easier to fi nd the necessary items needed to demonstrate our transparency. Also, a lot of the information was more readily accessible as our district kept it up to date since the fi rst time we completed our application. We did learn that our district is very transparent as we were able to off er answers for over 90% of the requested requirements on the application.
Completing the challenge has been important to Rio Linda Elverta Recreation and Parks District for many years. It gives the district a sense of pride to know that we are up-to-date and readily able to produce our documents for any of our residents. Also, it was a priority made by our board of directors when I fi rst started working for the district. This priority was accomplished and keeping it up to date has become part of our daily responsibilities. Completing the challenge gives our district board and staff a sense of pride.
Rio Linda Elverta Recreation and Parks District will show this recognition through our website as well as display our certifi cates in our building for visitors to see. We send out a press release to our stakeholders and we are discussing the possibility of advertising our SDLF Transparency Certifi cate within our activity guide production.
The Rio Linda Recreation and Parks District hosts many exciting programs, events, and classes for the entire family. In addition, the district provides great open spaces, parks, and facilities for community use. The Rio Linda and Elverta communities are fortunate to be surrounded by tremendous park and recreation amenities for their enjoyment. The Rio Linda Elverta Recreation and Parks District is proud to be part of such a vibrant and unique geographic area not only in the North Sacramento area but the nation.
Cyber Crimes and How to Improve Your Chances of Not Being a Victim
By Debbie Yokota, AIC, ARM, Chief Risk Offi cer, Special District Risk Management Authority
The idea of “computer crime” is not what it used to be. For decades most computer crimes occurred by a hacker cracking into a computer network to complete an unauthorized transfer of funds. Today, one of the most prevalent threats is more direct. Thieves now masquerade as a senior executive, vendor or other trusted associate of a company – tricking an employee into handing over company assets.
This commercial crime exposure is not one that can be addressed simply with state-of-the-art network security, like the computer hacking crimes of the past. Cyber criminals prey on human nature – using trust, an air of authority, and an employee’s desire to please the boss or customer to their advantage.
The Threat
The abundance of information available on LinkedIn, Facebook and other social media makes it easier than ever for criminals to collect personal information on executives and employees, so they can use it to convincingly perpetrate this fraud. Often, criminals will begin testing the waters with small amounts of money, moving to larger amounts as no alarm bells ring at a company and the scheme progresses. More often than not, fraudulent instructions direct the victim to send funds to an overseas account or by Automated Clearing House (ACH) – which can make recovering lost assets diffi cult, if not impossible.
We have seen government agencies who receive an email from an employee at another government agency asking them to send monthly funds by ACH to a new bank account. Later it is discovered that the email did not come from a government employee but was cloned to look like it did. Most banks have no way of recovering ACH funds after 48 hours (domestically) or 72 hours (internationally) once the funds are withdrawn from that bank account.
Addressing the Risk
Combating this online, one-on-one deception can be diffi cult. The fi rst line of defense for every agency is its employees who should be actively trained to understand and identify these schemes. Agencies should also have prudent verifi cation processes in place, such as requiring out of band authentication of a request before funds are transferred.
Out of band authentication (OOBA) is a term for a process where authentication requires two diff erent signals from two diff erent networks or channels. This type of sophisticated authentication prevents many kinds of fraud and hacking. Out-of-band authentication will eff ectively block many of the most common kinds of hacking and identity theft in online banking.
Ransomware Attacks on the Increase
Ransomware matters surged in 2019, with the primary tactic being to simultaneously encrypt as many devices as possible within a network. Then, groups started to steal data before encrypting fi les, which aff orded the threat actor two
pressure points (data encryption and data theft/threat of publication) to leverage a ransom payment even if the organization successfully restored their systems through available backups. This new tactic paid off signifi cantly in 2019, prompting other threat groups to begin adopting similar tactics in 2020. Ransom demands, unfortunately, increased exponentially. See Figure 1 below.
Addressing Ransomware Attacks
Most agencies are aware of the risk of ransomware and the need to prepare for an attack. But agencies that have not experienced a ransomware event are uncertain about what actually occurs, which hinders preparation. The fi rst thing an agency should do is keep their software and operating systems updated. Make sure your employees turn on automatic updates when possible. Also be sure to install software to scan your system for viruses and malware, to catch anything that might get through.
Ensure that your employees are using strong, unique passwords and change them often. A password manager program can help you create and remember complex, secure passwords.
Whenever you have the option, enable multifactor authentication, particularly for crucial log-ins like bank and credit card accounts. You should also consider getting a physical digital key that can connect your computer or smartphone as an even more advanced level of protection.
Most of us receive thousands of junk emails after purchasing items online. Have you ever received an email and clicked on the “unsubscribe” button? This is another tactic that criminals use to hack into your computer or other device.
Cybersecurity Challenges of a Work from Home/Hybrid Environment
Agencies across the country scrambled in the spring of 2020 to enable remote work in an eff ort to keep their employees working during the pandemic. In the haze of that initial move to a remote environment, shortcuts were taken and unfortunate events occurred. For instance, IT teams plugged in unpatched appliances, resources were diverted from threat monitoring, and organizations across the country found unexpected security gaps. Additionally, the pandemic’s impact on an organization’s fi nances, personnel, and shifting priorities further redirected attention away from its security roadmap. As a result, unexpected vulnerabilities existed, and security events were not discovered as quickly.
Additionally, where employees are working remotely from their own homes, there are often added distractions. Employees may have to balance work with children or pets who are also in the home, try to perform routine household chores during the workday, or even get distracted by having television
continued on page 40
and other personal electronics at their disposal. Children with access to an open computer connection could inadvertently cause a security incident. Such distractions can add to a risk profi le for falling prey to phishing attacks. Employees should be reminded of these issues through training or handy guidelines issued for remote users.
Ways to Improve Working From Home
Companies should have a protocol in place for secured remote access to company networks. Where possible, such connections should be through a virtual private network (VPN), which routes the connections through the company’s private network, or another encrypted connection mechanism. Where employees can remotely access sensitive information on the network, VPNs should be confi gured with multifactor authentication (MFA) as an added security layer. With MFA enabled, even if an employee’s VPN credentials are compromised, an unauthorized actor will be unable to connect through the VPN without a second factor (i.e., a code sent to an individual’s smartphone, token, biometric verifi cation, etc.).
Personal devices are more likely to be used when employees are working remotely, and such use presents additional cybersecurity risks given the lack of corporate control over the devices. Where mobile devices (i.e., mobile phone, tablets, laptops, etc.) are permitted to connect to the corporate network, companies should ensure those devices are equipped with mobile device management (MDM) software. MDM software allows the corporate IT Department to manage such devices by ensuring that the devices are confi gured to consistent standards, scheduling updates and patches for the devices and applications contained thereon, tracking location of devices, and – in circumstances where such devices are lost or stolen – permitting the devices to be remotely wiped.
No Easy Answers
Unfortunately, addressing cybersecurity risk is an always evolving eff ort – to stay one step ahead of sophisticated threat actors is challenging. However, an organization that invests time and resources to develop plans and take deliberate actions to implement them will fi nd itself ahead of the curve and well positioned to facilitate an effi cient incident response. This process starts with an eff ective risk assessment – understanding who is likely to target the organization; what gaps exist in controls that may detect, prevent, or limit an attack; and which of these threat/gap combinations is most likely to lead to a signifi cant incident if not addressed. From that baseline, an organization should assess and test its incident response plans and take an honest look at its cybersecurity roadmap to understand and implement appropriate measures and controls to help mitigate prioritized risks.
Training of employees is also important. Training should address the increased risk of phishing attacks and other social engineering schemes. In addition to the steps discussed above, employees should be trained not to click on links from any source, even known sources. Cyber criminals are very sophisticated and can send an email that looks like it is from a known vendor, bank or credit card company. Instead of clicking on the link in the email, employees should go to that company’s website to make any changes to the account or review any information being sent by that company. Employees should also report any suspicious emails to the IT department.
Regardless of the eff orts of the company and the sophisticated security measures put in place to create a safe environment for remote workers, the risk of human error will always exist but keeping these safety protocols in place can help your agency not be a victim of a cyber crime.
SDRMA Board and Staff
Officers
MIKE SCHEAFER, PRESIDENT Costa Mesa Sanitary District SANDY SEIFERT-RAFFELSON, VICE PRESIDENT, Herlong Public Utility District ROBERT SWAN, SECRETARY, Groveland Community Services District
Members of the Board
DAVID ARANDA, CSDM, Stallion Springs Community Services District TIM UNRUH, CSDM, Kern County Mosquito & Vector Control District JESSE CLAYPOOL, Honey Lake Valley Resource Conservation District THOMAS WRIGHT, Clovis Veterans Memorial District
Consultants
JAMES MARTA, CPA, James Marta & Company, LLP LAUREN BRANT, Public Financial Management DEREK BURKHALTER, Bickmore Actuarial CHARICE HUNTLEY, River City Bank FRANK ONO, ifi sh Group, Inc. ANN SIPRELLE, Best Best & Krieger, LLP KARL SNEARER, Apex Insurance Agency DOUG WOZNIAK, Alliant Insurance Services, Inc.
Staff
LAURA S. GILL, ARM, ARM-P, CSDM, Chief Executive Offi cer ELLEN DOUGHTY, ARM, Chief Member Services Offi cer DEBBIE YOKOTA, AIC, ARM, Chief Risk Offi cer JENNIFER CHILTON, CPA, ARM, Chief Financial Offi cer WENDY TUCKER, AU, Member Services Manager ALANA LITTLE, Health Benefi ts Manager HENRI CASTRO, CSP, Safety/Loss Prevention Manager DANNY PENA, Senior Claims Examiner HEIDI SINGER, Claims Examiner II ASHLEY FLORES, Management Analyst/Board Clerk MICHELLE LAVELLE-BROWN, Health Benefi ts Specialist II TERESA GUILLEN, Member Services Specialist II MARGARITO CRUZ, Accountant CANDICE RICHARDSON, Member Services Specialist I RYAN CORP, Accounting Technician
SPECIAL DISTRICT RISK MANAGEMENT AUTHORITY 1112 I STREET, SUITE 300, SACRAMENTO, CA 95814 TEL: 800.537.7790 • WWW.SDRMA.ORG
BEACON PROGRAM CELEBRATES SPECIAL DISTRICTS AS SUSTAINABILITY LEADERS
By Nikita Sinha, Program Manager, Institute for Local Government
With heightened regulations and scrutiny coming from the state, it is becoming more important for special districts to demonstrate their proactive eff orts and leadership around environmental stewardship. Providing local water, wastewater, transportation, electric and other public services while confronting climate impacts, community concerns and economic challenges is becoming increasingly diffi cult.
To assist districts in this challenge, the Institute for Local Government (ILG) is proud to open nominations for the Beacon Awards Program to special districts for the second year.
For over a decade, the Beacon Program has helped local agencies understand the actions they can take that are aimed at reducing emissions, saving energy and building resilience. By becoming a participant in ILG’s year-round Beacon Program, special districts gain access to best practices, peer-to-peer learning opportunities, technical assistance in obtaining grant funding, and other resources to help them become more economically and environmentally sustainable. In addition to the year-round support, special districts can also apply for Beacon Awards which allow them to earn award recognition that demonstrates their environmental leadership and fi nancial stewardship to a statewide audience.
As a smaller special district, Citrus Heights Water District (CHWD) was drawn to the Beacon Program for the resources and support the program off ered. CHWD joined Beacon in 2021, becoming the second special district ever to join the program.
CHWD’s water effi ciency programs are key to the district’s goal of delivering safe, dependable, and clean water to the community. Throughout the year, CHWD off ers WaterSmart classes, free landscape irrigation reviews, and several rebates and programs to help its customers reduce water use and save money. Programs are designed to educate customers on practical water conservation resources.
With a staff of just 36 employees, CHWD aims to serve customers more effi ciently and in a way that benefi ts the community. The agency expanded its public engagement eff orts after an increase in interest and demand for water effi ciency programs.
CHWD joined Beacon to further expand their sustainability and engagement eff orts and promote best practices in water use to customers. “We want to utilize all the great resources we can get in order to benefi t customers.” says Lea Park-Kim, communications and public engagement manager at Citrus Heights Water District. “Our ultimate goal is to provide safe, clean, and dependable water to our customers in a way that’s good for our customers, community, and the world. Being part of the Beacon Program provides Citrus Heights Water District with more tools to benefi t our customers.“
Apply for a 2022 Beacon Award!
The Institute for Local Government was eager to open the Beacon Program to special districts in 2021. Now for the second year, special districts can apply for Leadership and Innovation Awards, which celebrate the eff orts of local governments to implement collaborative, inclusive, and equitable climate resilience and adaptation programs in their communities.
Special districts can submit an innovative project, program, plan, or policy their agency has implemented for Leadership and Innovation award consideration in the following categories: • Leadership in Climate Resilience and Adaptation • Equity and Engagement in Climate Resilience and
Adaptation • Cross-Agency Collaboration in Climate Resilience and
Adaptation • Innovation in Energy • Innovation in Clean Transportation
The awards nomination/application deadline is May 2, 2022. Applicants do not need to be year-round Beacon Program participants.
Award winners will be celebrated in front of a statewide audience at the annual Beacon Awards Ceremony and the CSDA Annual Conference & Exhibitor Showcase. Learn more and apply to join and/or be recognized at ca-ilg.org/ beacon-program. For questions, contact Nikita Sinha at nsinha@ca-ilg.org
About ILG
The Institute for Local Government (ILG) helps local government offi cials and staff navigate the constantly changing landscape of their jobs by off ering training, technical assistance, written resources, and facilitation services specifi cally designed for cities, counties and special districts. From leadership to public engagement to housing and workforce, ILG helps local leaders with a wide range of issues. ILG is a non-profi t and non-partisan organization and a special affi liate of CSDA. Visit www. ca-ilg.org to fi nd out more.
