North Carolina County loses Millions to Business Email Compromise and Phishing

North Carolina County loses Millions to Business Email Compromise and Phishing

Written by Michael Castro, vCISO and founder of RiskAware

Late last year, Cabarrus County in North Carolina fell victim to a crafted email asking to change banking information for a contractor with whom they had started business earlier that year. Within 3 weeks, the County had sent more than 2.5 Million dollars to who they thought was their contractor. It wasn’t.

It took a few more weeks to discover that they had been compromised. When the dust settled, the County was able to recover some funds, including a mere $75 000 from insurance, but even now, more than 1.7 Million remains unaccounted for.

Last year, losses to business email compromise topped 1.2 Billion dollars. As such, it is clear how an easy scheme can net quite large returns, and why it is so popular amongst cyber thieves.

Just the month previous, the city of Griffin in Georgia lost $800 000 in a compromise scheme.

Email as a process is not enough to deal with impersonation email, email fraud and wire transfer processes. Municipalities need to build new processes with checks in place to prevent the easy route of email compromise and fraud. Changes to account payable processes, proposer cybersecurity planning and education can all greatly improve the chance of such a scheme being caught before any money is lost.

Municipalities should also consider bring in cybersecurity experts to help with governance, compliance and process models that go beyond technical security controls and systems. For those government groups that have smaller budgets set aside for cybersecurity, a fractional or virtual Chief Information Security Officer (vCISO) is a good resource to help plan and build a more resilient cyber presence within a budget and capability of the municipality.

RiskAware is a boutique Cybersecurity firm, specializing in Security Governance and Strategy, assisting organizations of all sizes with security and risk advisory services and security-on-demand capabilities. RiskAware and its founder Michael Castro also provide fractional CISO services

RiskAware can be contacted at [email protected] or visited at www.riskaware.ca

 

 

 

Share

Why You Should Become an Asset Management Coordinator

Asset Management Coordinator – have you heard this of this career before?  

Well, if you haven’t, you’re about to hear a lot about it from municipalities over the next little while.  

Many municipalities are facing challenges to fund their infrastructure at levels that ensure their sustainability. With ageing assets, increased renewal needs and pressures from changing climate there is a need to do things differently and collaborate to address the “infrastructure gap”.

The end goal is for municipalities, provinces, and the federal government to leverage asset management planning to optimize infrastructure investment decisions. For example, in December 2017, the Province of Ontario passed O.Reg 588/2017 that sets out new requirements for asset management planning for municipalities.  

This makes the need to hire Asset Managers and/or Asset Management Coordinators, even more important and urgent. Therefore this is a rapidly growing and expanding career in Canadian municipalities.

So what is asset management and why do municipalities need an Asset Management Coordinator?

 

What is Asset Management?

 

Asset management refers to the systematic approach to the governance and realization of value from the things that a group or entity is responsible for, over their whole life cycles. It may apply both to tangible assets and to intangible assets. Asset management is a systematic process of developing, operating, maintaining, upgrading, and disposing of assets in the most cost-effective manner.

 

What kind of background and training do I need to have for this career?  

 

Many asset managers have engineering, finance and/or planning backgrounds but another key criterion is Project Management, as addressed in a recent Public Sector Digest webinar, “Hiring an Asset Management Coordinator”, sponsored by muniSERV/muniJOBS, as being integral to the success of someone looking to enter this career. 

Municipalities reported that core competencies should be there but much more important is that you can tell them how you’d add value to the position. Because this is an emerging field, you have a great deal of liberty to build the position as you go.  Articulate it in your cover letter. You may not have all the skills right now but if you’re willing to learn, municipalities are willing to provide you with the right training to do the job.

Top skills reported are;

  1. Willingness to learn on the job
  2. Systems thinking
  3. Relationship building and
  4. Communications skills.

 

At present, there are no courses available at universities, although, the Municipal Finance Officers’ Association of Ontario (MFOA)and Public Sector Digest can help.

For municipalities looking for an Asset Manager or Coordinator, muniJOBS has some candidates with Asset Management listed as one of their skills. To search candidates, simply register for a free Employer profile.

Share

A reverse what….?

As a steward of taxpayer dollars, municipal buyers face tremendous pressure to get the best price for your organization. This keeps the tax burden low amid always tight budgets. The mantra often heard is “do more with less”.  Often the “best price” isn’t always the “lowest price.” You need the most qualified vendors to give you their lowest possible price, and you need to settle on those prices quickly.

You are already relying on your purchasing staff and group organizations, to ensure the vendors you select are qualified. Are you aware that you can now take savings to a whole new level with Electronic Reverse Auctions? A “reverse what?” you say….  

The term “Electronic Reverse Auction” or “ERA” may not be known to you now but it is a tool that every municipality in Canada will be hearing more of as it becomes a standard part of the municipal procurement tool kit.

The traditional procurement tool kit in Canada consists of tenders and RFPs that function under the notion that bidders get one chance to give you a price which is sealed in an envelope and opened later by the purchasing staff. Once the envelopes are opened, changes cannot be made to the price and the lowest price bidder is duly rewarded, either with the contract outright or by being assigned the most points for that criteria if there are other criteria to consider. What is generally believed is that we received the best possible price…..only we do not have any way of knowing if bidders collectively would have bid lower, had they been given the opportunity to make further reductions in price. We may have gotten the best value that was offered but buyers are left to wonder if we received true market value. Many in the municipal sector are familiar with the terms “municipal premium” or “public sector premium”, usually spoken of in whispers and behind closed doors. We often think that it would have been much less expensive if we were buying the same thing for a private sector organization. A buyer in the private sector likely would have been able to, or even encouraged to, negotiate a better deal.

What if municipal buyers did not have to take the first and only offers presented? What if they could negotiate with the qualified suppliers in a fast, fair and honest way? Could suppliers be allowed to reduce their bid, if they felt it was in their best interest, in order to secure the public contract.       

Until recently, this type of scenario was not realistic in Canada in the public sector, but that has now changed. In 2017 the Canadian Free Trade Agreement and the Comprehensive Economic and Trade Agreement both came into effect. These trade agreements, for the first time, explicitly recognize electronic reverse auctions as a legitimate public procurement method in Canada and include provisions to govern their use in public sector procurement.   

While this is a new development in Canada, reverse auctions have been recognized internationally for many years in leading standards like the United Nations Model Law on Public Procurement as well as the European Union Procurement Directive. Countries around the world, including the US, UK, and Australia, have successfully used reverse auction in municipal procurement for the past two decades with significant savings in a variety of categories of spend.    

An Electronic Reverse Auction (ERA) is an online, real-time purchasing technique which involves the presentation by suppliers of successively lowered bids during a scheduled period of time and the automatic evaluation of bids. A reverse auction can be configured in two ways that align with the traditional procurement process: 1) as the entire competition when price is the only criteria and the winner is the lowest bid at the end of the electronic auction; or 2) as the second stage in a two-stage competition when other quality-based criteria have already been evaluated, in which case the winner is the supplier judged to have the highest overall evaluated bid.

Respected Canadian public procurement lawyer, Paul Emanuelli, stated in his recent whitepaper, Electronic Reverse Auctions: Debunking Myths and Misconceptions, published in 2018:

“The question is no longer whether ERAs can or should be used…. The question is how much further can ERAs be expanded across all sectors, …., to achieve improved process efficiencies and cost savings.”[1]

Emanuelli goes on to recommend that “organizations interested in implementing ERAs should take the following seven steps:

1. Adopt legally vetted Negotiable RFP templates with ERA protocols

2. Update to ERA‐friendly policies and procedures

3. Develop an industry strategy to select the right projects

4. Create a rollout plan to control internal deployment

5. Ensure appropriate internal training and awareness

6. Get initial launch support from experienced advisors

7. Develop a plan for self‐sufficient long‐term use”

For Canadian municipalities, ERA’s represent an opportunity to reduce spending in a disciplined and strategic way. While not fool-proof and certainly not applicable to all purchasing categories, when ERA’s are strategically used, you can expect to generate savings of 8-20% depending on the category. What kind of impact would that level of savings have on your organization?       

Qualified vendors. Lowest prices. Best use of taxpayer dollars. That’s what you get from a reverse auction.

To learn more please contact Craig Milley at Wayfinder Consulting Inc. – Your Procurement & Supply Chain Guide

[email protected]    

250-882-4955   

https://www.wayfinderconsultinginc.com          

Share

Hiring the Right Asset Coordinator for your Organization

Session Date:
April 25, 2019 | 1-2 pm EST
 
Asset Managers or Coordinators are suddenly in demand across North America’s local governments and other public sector organizations. Due to new regulatory or funding requirements, as well as the growing awareness surrounding infrastructure deficits, municipalities and utilities are increasingly opting to introduce a new dedicated position responsible for the coordination of asset management activities, strategy and performance. Hiring for a technical and multi-disciplinary role, like an Asset Manager, and ensuring that the chosen candidate is the right fit can be a significant challenge for an organization. 
 
In this webinar, attendees will gain insight on how best to hire asset management expertise to compliment their organization’s unique needs. This webinar will cover the following: 
  • How to determine the right skills and qualifications to include in a brand new posting (for many municipalities this will be the first time hiring an Asset Manager or Coordinator)
  • Where to post a technical job posting for maximum results  
  • How to interview and assess candidates to ensure the right person is hired for the job – asset management is a cross-disciplinary field involving finance, public works and often the CAO, so how do you make sure the candidate meets the needs of various stakeholders?
  • How to onboard a new hire successfully in a role that didn’t previously exist 

Additionally, attendees will learn about the Asset Management Competency Framework that CNAM, in collaboration with a collection of national partners, are developing. The Framework is to support organizational training and staff hiring. More information can be read here.

Panelists

  • Crystal Tan, Asset Management Coordinator, Town of Fort Frances
  • Iain Cranston, IC Infrastructure

muniSERV is a proud partner of PSD

Learn More & Register

Who should attend?

  Asset Managers 

  CAOs/City Managers

  HR

 

Share