ADP Talks Cyber Threats to Gov’t, Security Measures
With a rise in cyber attacks across the nation, including a recent breach in Geauga County, the Automatic Data Processing board outlined what they do — and what others can do — to protect themselves.
With a rise in cyber attacks across the nation, including a recent breach in Geauga County, the Automatic Data Processing board outlined what they do — and what others can do — to protect themselves.
There has been a substantial increase in cyber attacks on municipal governments, Department of Advanced Research and Cybersecurity Director Zach McLeod said during an interview May 13.
“I think we’ve seen the biggest increase since 2022,” ADP Deputy Director Frank Antenucci added.
Municipal governments are often underfunded and don’t have security in place, but are responsible for taxpayer funds and data, McLeod explained.
ADP provided the Geauga County Maple Leaf with a security report on the subject prepared by McLeod. In it, McLeod outlines notable cyber attacks both statewide and countywide.
Geauga County has seen recent attacks in Burton Township administration, Huntsburg Township administration and Troy Township’s fire department in April 2025; Bainbridge Township administrators had a breach in February 2025; Munson Township’s fire department had a cyber attack in December 2024; and Thompson Township’s police department, in February 2024, McLeod said in the report.
A large number of local organizations and businesses have also been compromised and local websites have been infected, the report noted.
“County and state levels, they’re going to be more well-funded, they’re gonna have security in place, but all these municipalities still have all the data that’s going up to the state and county level,” McLeod said. “But, they’re not protected.”
Even small townships in the county can have annual budgets in the low millions, Antenucci said. With reduced cybersecurity awareness and security, there is a low barrier of entry for hackers to access that money.
“A cyber attack is manipulating cyber resources for — usually — financial gain in some capacity,” McLeod explained. “What they end up doing is trying to gain access to a resource — it’s very commonly email — and then use that to steal data or redirect funds.”
Data can be names, addresses and social security numbers, all of which can be sold online, he said, adding an attack can also mean redirecting bank funds or trying to trick someone into paying an invoice they shouldn’t pay.
While the county has not recently seen any significant breaches, McLeod said the townships have not been as lucky, with ADP recently assisting Burton Township in handling a breach.
“We are very sensitive to townships, especially (those) who don’t have a lot of funding and perhaps not a lot of expertise in the nature of cybersecurity and what it takes to be secure,” said Geauga County Auditor and ADP Chief Administrator Chuck Walder. “Unfortunately, there’s been very little education provided to the local governments on how risky the environment is.”
If you haven’t been attacked, the attitude is often, “We haven’t been attacked, so we’re doing everything right,” Walder said.
But in reality, it is often only a matter of time, he added.
“I don’t think anyone here is ever going to say, ‘We will never be attacked’ in the county,” he said. “It’s when we’ll be attacked and how we’ll respond. Preparedness is what it’s all about.”
Geauga County has a high per-capita income and is one of the top three wealthiest counties in the state, which may contribute to the number of attacks, Walder said.
The county’s responsibility is to protect its resources, which is why Walder was happy to see the county department of advanced research and cybersecurity officially formed.
“The purpose of DARC is to manage cyber risk for the county,” McLeod said, listing purchasing new equipment or software, setting up a new network, managing email and user education as examples. “We’re essentially looking at how can we reduce risk for any type of cyber attack. Our job is to bring that to the lowest level that is comfortable.”
DARC works to educate users on picking out phishing emails — messages from bad actors pretending to be trusted sources in order to gain access to information or manipulate a user into clicking a malicious link — or any other kind of suspicious behavior, he said.
DARC has done in-class sessions for county employees, as well as education for the Geauga County Department on Aging seniors and will be attempting further public outreach, McLeod said.
New pieces of hardware are also vetted, something Antenucci said the county had been loose with in the past.
The general public’s experience buying computers is probably limited to Amazon or Microcenter, Walder said, adding, however, those avenues don’t vet the components and hardware.
“They may functionally be running computers, but you don’t know what is embedded in those chipsets,” he said. “You don’t know where those chipsets are reporting to. You don’t know if there is a hosting agent which is collecting data from that. If you buy a camera from Amazon and you load their utility, you could, in fact, be bouncing that data off a Chinese server.”
DARC is also constantly working on hardening its network and infrastructure to ensure it can withstand new attacks, McLeod said, adding the department uses intel from state and federal agencies.
Attacks have become more sophisticated over time and artificial intelligence has made things more difficult, McLeod said.
“Before AI, it was much easier to spot a phishing email because usually there were misspellings or something in it to kind of tip you off,” he said. “But now, they use generative AI to craft phishing emails, so now, you can’t look for those things as much. You have to really pay attention to the content and who’s sending the email.”
McLeod tells users the best way to verify is by talking to the sender.
Antenucci used the Burton breach as an example of what townships can do to protect themselves.
“By joining with ADP, for instance, their buying power went up exponentially. It’s actually not costing them much more money than they already were spending for enhanced security because we have buying power and because we don’t make a profit off of them,” he said, referencing the township’s decision to contract with ADP following the breach.
Small things like enabling multi-factor authentication and using complex passwords also help, he said.
McLeod’s report recommended keeping websites, computer hardware and software up to date, not sharing login details, not using Gmail or Hotmail domains for official business and using some form of anti-virus on computers.
ADP and Geauga County Commissioners have also discussed providing information on cybersecurity to the townships in a more formal way and discussing the possibility of partnering with ADP, he said.
Walder believes the coming year could be a watershed one for the board.
“I think we will permeate more organizations and help more people become more highly aware of their risk and how to prevent an unfortunate circumstance,” he said.
