Cybersecurity stepped up at county offices
Wednesday, April 12, 2017 7:03 AM
OTTAWA — As part of ongoing efforts to thwart hacking, a new guest Wi-Fi network was launched in the Putnam County Courthouse late last week. The move comes amid growing concerns about the security of confidential information stored on government servers.
“The guest network insulates anyone in this building from using their phones or laptops or any sort of portable device from our domain structure where all of the public information is stored,” Commissioner Mike Lammers — himself a small business owner and IT specialist — explained.
“The whole idea was to allow (internet) access, but not to the whole network,” Commissioner John Love added.
The techniques — such as ransomware — employed by cyber criminals are increasingly clever and the effects of attacks can prove devastating. With ransomware, hackers are able to effectively cripple a network. They then demand payment to release any given system back into the hands of its owners and operators, hence “ransomware.” Within the last six months, at least two county governments in Ohio were compromised.
In October of last year, neighboring Henry County’s Board of Elections was hacked and ransomware installed, compromising data concerning as many as 17,000 Henry County residents. On January 31, ransomware was detected on a Licking County computer, prompting IT specialists to shut down that county’s network in an effort to contain the virus.
“A lot of these places have paid them,” Love said. “They’re sneaky as heck.”
Such was the case in Henry County, where officials payed an undisclosed amount to regain access to their systems. Officials in Licking County, on the other hand, have thus far refused to pay the ransom demands. That decision, Lammers said, could cost the residents of Licking County upwards of $200,000.
“This is a $150 billion industry,” Lammers said.
While the separation the guest network provides is an essential component, efforts to prevent hacking won’t stop there. All county employees will undergo training to increase awareness of active threats to the county’s information network, many of which find access through misleading emails; all too often, hackers gain access to systems through links and attachments embedded in their emails. That training, Lammers asserted is absolutely essential.
“You assume everyone knows not to click on attachments and links,” Lammers said, “but we’re finding out that’s not always the case.”
As part of an effort to determine the vulnerability of the county’s network, Joe Burkhart, the county’s IT specialist, launched what Lammers described as “a fishing expedition.” Emails requesting the recipient to click on an associated link were sent to all county employees.
“Fifteen percent of the workforce clicked on it,” Lammers said.
“This is one of the reasons why I wanted this seat,” Lammers said. “My field of expertise can be utilized to improve the security of this building for the protection of the county. This has been a concern of mine for some time. No matter what happens in the next four years, when I leave, it will better than when I came in.”