NYSAC Hosts Training on Preventing Phishing Attacks

By New York State Association of Counties - Jan 07, 2026

New York State local governments are under constant and evolving threat from cyber actors, with phishing attacks remaining one of the most common—and costly—methods used to target counties and municipalities.

To help county leaders and staff better understand and defend against these threats, NYSAC recently hosted a virtual training session focused on phishing prevention. The webinar addressed the growing rise of phishing attacks, which are deceptive attempts by cyber criminals to impersonate trusted individuals or organizations in order to gain fraudulent access to money and/or sensitive information.

During the training, participants learned how phishing schemes are carried out, why local governments are frequent targets, and the significant financial and operational risks these attacks can pose. The session also provided practical, actionable prevention tactics that counties of all sizes can implement to strengthen their cybersecurity posture and reduce vulnerability to phishing attempts.

The training was presented by the New York State Division of Homeland Security and Emergency Services (DHSES) Cyber Incident Response Team (CIRT), whose experts shared real-world insights and best practices drawn from their work assisting local governments across the state.

For those who were unable to attend—or who would like to revisit the material—the full webinar recording and presentation slides are available below.

Preventing Phishing Attacks Video Recording

Preventing Phishing Attacks Slides

Download Slides

NYMIR Best Practices

Our partners at the New York Municipal Insurance Reciprocal recently published some best practices to help prevent bank and electronic transfer fraud. 

Implement a Funds Transfer Policy that includes:

  • Multi-step approval for any transfer.
  • Require dual authorization for payments above a certain threshold.
  • Use segregation of duties between invoice approval and payment execution.

Verify All Banking Changes Independently

  • Never rely solely on email instructions for routing or account changes.
  • Confirm changes via a known phone number or in-person contact. (NOT the phone number or contact information in the email).
  • Establish a Vendor Authentication Policy
  • Maintain a secure vendor database with verified contact details.
  • Require vendors to submit changes through a secure portal, not email.
  • Train Staff on Social Engineering & Phishing
  • Educate employees on red flags: urgency, banking changes, unfamiliar tone.
  • Conduct regular phishing simulations to reinforce awareness.

Addintionally, they've provided a Sample Funds Transfer Policy that you can download by clicking below:

NYMIR Funds Transfer Policy

Subscribe Back to News Search

Contact Us

New York State Association of Counties
515 Broadway, Suite 402
Albany, NY 12207
Phone: (518) 465-1473
Fax: (518) 465-0506