Employee health and safety continues to be our number one priority
Oregon Treasury has a well-earned reputation for sound, fact-based decision-making – whether it’s about investments, bond sales, banking services, or operations.
We’ve brought that same spirit to COVID-19. It drove decisions from hand sanitizer stations at doorways to sending the majority of OST staff to work-from-home offices. If you’re following Deputy Treasurer Mike Kaplan’s COVID updates, you know that it will continue to drive decisions we make going forward.
The question on Oregonians’ minds right now is when can we reopen the state. It’s not a simple question, and the answer is complex, complicated, and dependent on a variety of inputs (remember that long list Kaplan shared at our all-staff meeting?). Earlier this month, Governor Brown issued a framework – summarized below and available in full online – for how her stay-at-home orders will be evaluated.
https://www.oregon.gov/newsroom/Pages/NewsDetail.aspx?newsid=36373
At Treasury, we’re paying close attention to how the state is doing in meeting the tenets of the Governor’s framework. But our real focus is on our organization, especially since we know that COVID is not going away for a long time. To that end, Treasurer Read and the executive team are looking at a whole host of factors as they make decisions about our work.
They’re guided by three main goals:
- Protecting the health and safety of Treasury employees
- Ensuring we maintain the ability to perform essential functions
- Providing firm information to staff to help support you and your life outside of work
The first is non-negotiable. The second is critical, and something we have to work on daily so that we meet our responsibilities to Oregonians. The third means that the Treasurer wants to give you some certainty in an uncertain time.
We've heard that the response to COVID-19 is like a dance: a step forward, maybe a step back, followed by a step to the right or left. As Oregon attempts the right dance moves, we expect that guidance will evolve. We can't stop that, but we can make decisions that mitigate it and support our goals above.
None of this is simple, but it's top of mind for the Treasurer, the Deputy Treasurer, and others as they meet with managers and staff on charting out our future, or at least the next quarter. Those meetings are underway now and will lead to more details coming out in May. So stay tuned, and don't be shy about sharing your thoughts, questions, and even your frustrations with Michael Kaplan.
|
What we lack in togetherness, we make up for in Photoshop skills
The abbreviated origin story of Red Pants Day goes something like this: Roy Jackson, in need of some new pants, happened upon a serendipitous red bargain on a clearance rack. He soon found that other Treasury staff had red pants, and that still others wanted to find and wear their own red pants ...
Before too long, they banded together: a bright, enthusiastic crew celebrating the unusual. It's comforting that Red Pants Day continues to grow – a cheery reminder that teamwork and camaraderie are a force in our work, even when we can't be in the same building.
Thanks for sharing, Mark Selfridge, and shout-out to Brian Donnelly for the Photoshop prowess.
IT Security Team Reminds Us: We're on the Frontlines of Stopping Hackers
In a previous Treasury Digest, we highlighted how hackers can use a technique called Business Email Compromise (BEC) to trick staff into diverting funds. This month, we take a broad look at recent cybersecurity trends impacting the financial services sector.
Financial service firms are 300 times more likely to be hit by cyberattacks than other companies, according to a recent report by the Boston Consulting Group. And cyberattacks increasingly target financial services in both private and governmental sectors.
For example, the Oklahoma Law Enforcement Retirement System was attacked in September 2019. More than $4 million was stolen through – you guessed it – a BEC scam. After compromising an employee's email account, the scammers were able to trick an investment manager working on behalf of OLERS into wiring funds to an account controlled by the hackers.
In an eerily similar attack, Puerto Rico's public pension system lost $2.6 million in February 2020.
And it’s not just pension funds feeling the pressure. Research published in December 2019 details how hackers began with a BEC attack, then created lookalike email addresses to trick both a venture capital firm and a startup – enabling the attackers to make off with $1 million of the startup’s seed fund.
Travelex, an international money and wire transfer service, suffered a catastrophic ransomware attack starting on New Year’s Eve 2019. Attackers successfully breached Travelex’s network, encrypted servers, deleted backups, then demanded $6 million and threatened to release five gigabytes of customers’ personal information if the ransom was not paid. Travelex sites remained offline for at least three weeks during the recovery process.
Such attacks have not gone unnoticed by regulators and rating agencies. In January 2020, the Security and Exchange Commission published “Cybersecurity and Resiliency Observations,” which urges financial services companies to focus on areas like access controls, vendor management, and staff training and awareness.
Meanwhile, credit rating agencies Moody's and Standard & Poor's are increasingly probing cybersecurity practices when evaluating a debtor's likelihood of default. “It's something that we are expecting every analyst to at least ask a question or two about on a call so it’s more business as usual,” said Geoff Buswick, S&P Global Ratings managing director.
These attacks aren’t going away, and Treasury staff will continue to be targeted. The best defense is to embrace good cybersecurity practices, including:
- Critically examine emails from coworkers and partners that are unexpected, uncharacteristic, unusually urgent, and/or are requesting payments or changes to existing fund transfers. Watch for slightly altered “look alike” domain names in hyperlinks and email addresses.
-
Confirm changes to electronic fund transfers via independently established telephone numbers, in-person discussion, or other pre-established procedures. Don't trust phone numbers, links, or email addresses provided by the requestor.
-
Report suspicious emails to the OST IT Service Desk.
|
Do you have something to share with your colleagues? Maybe tips on how you're staying productive or happy or calm while working from home? Or strategies that are helping you stay connected to your teammates even if you're working apart? Or perhaps you just want to offer some kudos for coworkers who are making your day a little more fun, interesting, or effective. Please share your submissions to Rachel Wray over the next three weeks in advance of the May newsletter. We'd love to include your words!
Related, maybe you don't want to contribute a submission but your do want to offer some feedback on Treasury Digest. Your two cents are always welcome, especially any feedback you have on how to improve internal communications while most of us are working apart.
|
 |
|
Got a colleague or associate who's gone above and beyond for you? Tell us all about it! |
-
Treasurer Read: Sending my thanks to James Bachman for helping me install a printer driver at home and to Michael Kaplan for bringing humor to his informative daily COVID updates.
-
Mark Selfridge: Kudos to Brian Donnelly for his creative efforts in putting together the virtual group photo of Red Pants Day participants.
|
