Navigating the Digital Frontier: Public Sector Finance in the Remote Work Era
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Benjamin Effinger
December 6, 2024
The introduction and adoption of remote work has reshaped public sector finance work, offering both opportunities and challenges. While it promises increased flexibility, reduced operational costs and improved work-life balance, it also introduces novel risks to information security, internal controls and overall operational efficiency. Those risks are accentuated when dealing with sensitive public sector financial data like the County of Los Angeles Treasurer and Tax Collector (TTC) transacts daily.
Information Security: A Critical Concern
Safeguarding that data is one of the most pressing challenges in remote work environments. The TTC manages a treasury pool that can exceed $60 Billion, averaging more than $500 million in daily volume. Because of this size, scope and volume of these transactions, cyber threats, such as phishing attacks, malware infections and data breaches, pose significant risks to the County. Leading cybersecurity threats, such as business email compromise (BEC), are consistent threats within public sector finance, which could cost an agency tens of thousands, millions or billions of dollars through Automated Clearing House (ACH) and wire transfer fraud. To mitigate these risks, public sector finance organizations must adopt a comprehensive cybersecurity strategy. This includes:
- Strong Access Controls: Implementing robust multi-factor authentication (MFA) and strong password policies to restrict unauthorized access to systems and data. This includes tokenization (the use of encryption to secure information) for authorized access to bank accounts and other sensitive financial systems and data.
- Regular Security Awareness Training: Educating employees about the latest cyber threats, social engineering tactics and best practices for secure remote work.
- Secure Remote Access: Utilizing secure Virtual Private Networks (VPNs) and other encryption technologies to protect data transmission and prevent unauthorized access. It is not uncommon for public sector finance agencies to have several encryption technologies available simultaneously in the event that one of the technologies is unavailable or unable to be accessed, due to the time sensitive nature of the workload.
- Endpoint Security: Deploying endpoint security solutions to protect devices from malware and other cyber threats.
- Request Authentication: Requests to change account information or to make bank account changes made via email should be authenticated through phone calls or physical contact outside of the email request to validate the request. Business email compromise (BEC) is most effective when individuals fail to authenticate requests.
- Incident Response Planning: Developing a comprehensive incident response plan to quickly identify, contain, and mitigate security breaches. This is critical for agencies, especially in the virtual environment utilizing cloud technology to store sensitive financial information.
- Penetration Testing: Phishing and Smishing threats have increased. Within LA County, our Information Security (IT) Department routinely sends out “fake” phishing and smishing attempts against departmental users. These tests prepare staff and keep their skills sharp for actual threats that pose risks against the organization.
Internal Controls: A Foundation for Trust
Internal controls are the backbone of financial management, ensuring accuracy, reliability, and accountability. In a remote work setting, maintaining strong internal controls becomes even more critical. Key considerations include:
- Pre-vetted Broker/Dealer and Issuer Lists: Enabling investment officers to act confidently in identifying investment options in a high-volume environment.
- Segregation of Duties: Implementing appropriate segregation of duties to prevent fraud and errors. Within TTC, our investment activities are handled by 3 of our 5 branches, employing a stringent set of checks and balances to ensure security, mitigate fraud and reconcile errors before execution.
- Process Improvements: With the pivot to telework, migrating from paper-based processes with wet authorization signatures to digital workflows is critical to ensure the necessary checks and balances are maintained in approving public sector financial transactions.
- Regular Monitoring and Oversight: Conducting regular reviews of remote work activities, including monitoring access logs, reviewing financial transactions, and conducting audits. In addition, routine virtual team meetings ensure clear communication of expectations
- Clear Policies and Procedures: Developing clear policies and procedures for remote work, including guidelines for document handling, approval workflows and data backup.
- Robust Financial Systems: Utilizing robust financial systems, which includes, but is not limited to, cloud-based Software-as-a-Service (SaaS) treasury management applications, with strong controls to manage financial transactions and generate accurate reports.
Telework Best Practices: Maximizing Productivity and Well-being
Effective telework practices are essential for maintaining productivity, employee morale and organizational efficiency. Key best practices include:
- Clear Communication: Establishing clear communication channels and using effective collaboration tools to facilitate information sharing and teamwork.
- Regular Check-ins: Conducting regular virtual meetings to discuss progress, address concerns, and maintain team cohesion. Encouraging participation and creating a safe learning environment for all staff in these virtual meetings is essential for team inclusion and success
- Collaboration Tools: Leveraging secure collaboration tools to facilitate communication and information sharing among team members. In LA County, we utilize the Microsoft Teams platform for team collaboration and communication.
- Ergonomic Workstations: Providing employees with ergonomic workstations to minimize the risk of musculoskeletal disorders.
- Work-Life Balance: Encouraging employees to maintain a healthy work-life balance by setting boundaries and avoiding excessive work hours and lengthy commutes. In LA County, we have implemented walking meetings, to encourage team members to get outside, walk pets and participate in work related discussions while prioritizing their own health and well-being.
- Mental Health Support: Offering mental health resources and support to help employees cope with stress and isolation. Consult with your Human Resources Department to ensure you have access to the most up-to-date Employee Assistance Program (EAP) resources for your team members.
By implementing robust security measures, strong internal controls and effective telework practices, public sector finance organizations can successfully navigate the challenges of remote work and ensure the integrity of their financial operations. As technology continues to evolve, it is imperative to stay ahead of emerging threats and adapt to the changing landscape of remote work.
Author: Benjamin M. Effinger, MPA, is the operations chief of the Cash Management Division of the County of Los Angeles Treasurer and Tax Collector. He is also currently a doctoral candidate pursuing his doctorate in public administration from the University of La Verne. Ben can be reached at [email protected].
(6 votes, average: 5.00 out of 5)
Loading...
Follow Us!