Seldom a week goes by that someone doesn’t ask me the status of the more than $500,000 cyber-theft that occurred between March and May 2018. And while looking for someone to blame makes for good reading, the more important issue in front of Galveston County government is to understand the process, how the criminal element took advantage of the process, how to safeguard the process from future attacks, and finally how to safeguard financial and information technology from future attacks.

Don’t be mistaken, criminals will attempt to attack us again.

Dawson Forensic Group provided its report to county legal for commissioners court on Sept. 7. Their report was to examine what caused the cyber-theft and recommend changes to prepare and defeat any future attacks. Even before any of them had seen the report, the interested parties had taken action. However, the report might tell us if changes made are appropriate.

On June 22, Judge John Ellisor convened a meeting of the Galveston County Purchasing Board. In attendance were judges, commissioners, law enforcement, treasurer, auditor, IT director and purchasing agent. The auditor, IT director, treasurer, purchasing agent, and law enforcement all presented their plans and ideas preventing future thefts. These plans have been acted on and include:

• Suspend electronic payments to vendors and employees pending verification.

• Re-verify vendors’ electronic payment information.

• Purchasing centralized Master Vendor File changes with one employee, supervised by purchasing’s chief deputy.

• A company was identified June 21 to provide real-time fraud detection services for Purchasing Master File/Accounts Payable system. (Commissioners’ Court approved non-disclosure agreement to begin hiring process for company on Monday).

The Sheriff’s Department continues to work with the FBI on this large-scale interstate theft. And Galveston County isn’t alone in being victimized by these or similar criminals. While a full recovery isn’t likely, there’s still a possibility to make partial recovery based on asset seizures.

But, instead of always responding to criminal attacks, we should be planning for the next challenge. Those changes should include:

• Required training for county employees on recognizing email fraud.

• Additional protection to various county systems against malicious activity and infected email attachments.

• Additional policies concerning ransomware attack.

• Spotting and defending the IT system against ransomware.

• A plan for possible ransomware attacks, including keeping our systems operating (justice system, jail system, financial system, health care, employee records) or at least safeguarding the data in event of an attack.

• A recovery plan in the event of a cyber-disaster, in other words, how to restore or safeguard our data.

We shouldn’t be spending time and money to create more bureaucracy, an oversight board with zero Constitutional authority answering to one branch of government, adding additional salary and benefit cost. Instead, our current elected officials and their appointed directors — all answering to the voters of Galveston County — should “dig in” to safeguard taxpayer money and taxpayer information.

Lonnie Cox is judge of the 56th district court of Galveston County.


(4) comments

Rusty Schroeder

You are wrong Judge Cox, this should have never happened. People were involved directly with the errors that occurred. Accounts were changed and money was sent or transferred into the crooks account. I would love to read the emails and the discussion between the scammer and the person the county is hiding from any wrongdoing. I bet it was very friendly, and nice. Bottom line it was wrong without notifying supervisors or the head of the dept. The protection of the people that are at fault is almost laughable if it weren't for over a Half Million Dollars. Nice opinion, but the taxpayers want answers, not new guidelines for future attacks. Those have already been put in place after the loss and denial of fault. rs

Paul Hyatt

I agree. The people who fell for this scam should not be working in finance at all. When a company that you are doing business with all of a sudden changes their banking information and NO one has a thought about picking up a telephone and calling that company at the OLD number and not a new one and talk with someone there to see if this is real or not, should not be in that capacity of authority to make changes to banking information.... Judge Cox is wrong for defending ineptitude of public employees. Why is it Judge Cox that when public employees make monumental mistakes they are not held accountable or responsible and in fact they end up getting promoted and a raise in the not to distant future. In the real world if we had done something stupid like that we would be fired and there is the possibility that the police would be called.... Making excuses for these people make me wonder why you still have a job!

Victor Krc

This is absolutely amazing! Who was responsible for putting cash control procedures in place and enforcing them? Simple enough. The judge is making a verbal mountain out of a molehill. This type of theft is by no means new, it has been going on for years. If this would have happened in the private sector I can assure you that it would have been handled quickly without a "study". This is gross negligence pure and simple and the real accountability is it a level higher than the clerical employees that initiated the wire transfers. Methinks the judge doth protest too much.

Miceal O'Laochdha

The fortress that has been erected by County officials, now including a district Judge, continues to be determined to obfuscate, hide, and otherwise protect the individuals who are guilty of enabling this theft of a half million dollars of taxpayers money. This is becoming well, suspicious...

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.

Thank you for Reading!

Please log in, or sign up for a new account and purchase a subscription to read or post comments.