Reston Association details technological mishaps that led to $46K in extra costs

Reston Association has acknowledged that technological mishaps resulted in tens of thousands of dollars in additional expenses.

The organization described how it’s working to prevent those types of incidents following a cybersecurity review by information technology professionals with Wipfli, a consulting firm that the organization is using.

The recreational services organization created an IT committee in March that met for the first time last week. RA says that upgrades put in place in 2020 and recommendations it pursued from an assessment report from Wipfli will help mitigate the risk of similar incidents.

“The security of personal information is and remains our top priority and these new processes and protocols will help safeguard our information,” RA said in a statement. “Additional security initiatives will continue to be explored in 2022 with the assistance of RA’s new Board Information Technology Committee.”

Issues with RA’s technological framework and IT practices drew some board scrutiny early last year.

Incidents cost RA an extra $46,000

As part of the IT review, the association recently described three costly problems in recent years.

One incident involved a compromised Microsoft email account that resulted in a loss of over $187,000 in December 2020. That amount was recovered through insurance policies, though, but RA had to pay a $10,000 deductible.

Reston Now previously reported that it involved then-CEO Hank Lynch’s account, according to a board member.

Earlier that year, an individual also accessed the RA website and embedded malware, making the website lose functionality and member access to information.

The organization used a national law firm, BakerHostetler, to investigate, and directed Crypsis to conduct a forensic investigation, showing that members’ personal information was not exposed.

Insurance covered the costs, aside from a $10,000 deductible. That led to the association replacing its website with an interim site through Squarespace.

“The rating on that is yellow,” Kraus said, adding that the website is more of a billboard, though than an interactive portal for members.

Also, a server crash in 2019 led the organization to shift to cloud-based storage. On-site hard drives failed that contained financial data and vehicle fuel log data, requiring the association to around $26,000 in additional costs.

Ratings, recommendations given for IT practices

The assessment review found the organization is reactive — but not chaotic — in four areas: constituent-facing services, IT governance and benchmarking, cybersecurity, and IT vision. Wipfli also found that RA is proactive — but not optimal — in two areas involving Microsoft 365 deployment as well as roles and responsibilities of its managed service provider.

“We rate these key areas from red, yellow, green, blue, to white,” Joseph Kraus, a chief information officer advisor with Wipfli, told RA’s board of directors last week, noting the review showed RA having green and yellow statuses. “Most organizations we evaluate are largely red, yellow, and some green.”

RA’s visual report card, consisting of green and yellow reviews, is not that bad, though, Kraus said, noting it’s rare to be blue or above.

The results come after the organization’s chief information officer, Clara William, resigned in August, just short of two years on the job.

A Wipfli employee, Michael Lockett, began as a virtual chief information officer for RA in November and helped the organization with operational improvements.

He’ll be working with the IT committee to act as a partner with the organization, approve projects, create baselines for communications, and assist RA with other areas.

Wipfli’s assessment also included a roadmap of solutions. Among those recommendations, it said RA should decide if a full-time IT director is needed or if a service should be used. RA currently has two IT staff.

Recent Stories

An FCPS employee gets vaccinated against COVID-19 at an Inova clinic in January 2021 (photo by Karen Bolt/Fairfax County Public Schools) Fairfax County is looking for artists to contribute to…

Reston Association (courtesy RA) Reston Association’s Board of Directors filled an at-large seat vacated by board member Glenn Small in November.  At a Thursday (Jan. 26) night meeting, the board…

The county’s housing authority has entered into an agreement with Foulger-Pratt (Photo via Fairfax County). A task force will discuss the redevelopment of Reston Town Center North (RTC North) beginning…

Morning Notes

Vehicles turn off Route 123 into Tysons Corner Center (staff photo by Angela Woolsey) Vienna’s Ilia Malinin Impresses at U.S. Skating Championships — “Even before his leading score of 110.36…

The Ravel Dance Studio will re-open for fall classes 2020. The school will offer in person and virtual online instruction. With over 5000 sq. ft. to social distance the school has added air ionization filtration systems, ballet barres, acrylic dividers, hands free bathrooms, strict monitoring and more.

The Ravel Dance Studio will produce a Nutcracker Ballet Hollywood style video through the Reston Community CenterStage. REGISTRATION online begins August 17.

Submit your own Community Post here for just $99.

Chris Green is one of the DMV’s finest fitness instructors. A Lululemon and South Block ambassador, he is a coach and mentor to so many. He embodies grace, positivity and motivation in ways that no one else can. If we could all learn a thing or two from him, the world would be a much better place. He does so much for others, and does so with a smile on his face 99% of the time.

He recently ruptured his Achilles and has an incredibly long and tough journey ahead. As if COVID hadn’t impacted fitness professionals enough, throw this in the mix and it’s a double, even triple whammy. CG is no longer able to work and do what he loves for the time being because of this and we’d love your support.

Read More

Submit your own Community Post here for just $99.

×

Subscribe to our mailing list