Following a township email breach discovered April 24, Burton Township Trustees unanimously passed a resolution during a special meeting April 30 to contract with the Geauga County Automatic Data Processing board to provide cyber security for the township email accounts.
Following a township email breach discovered April 24, Burton Township Trustees unanimously passed a resolution during a special meeting April 30 to contract with the Geauga County Automatic Data Processing board to provide cyber security for the township email accounts.
Fiscal Officer Katie O’Neill said during the meeting the county notified her last Thursday afternoon an “incident” with a township email account had occurred and in less than 15 hours, ADP had taken the first step to assist them.
“(ADP) provided guidance and advice on further steps I could take. I took them immediately. Nothing was lost,” O’Neill said.
An ADP team visited twice more to discuss cybersecurity options, said Frank Antenucci, ADP chief deputy administrator, during a phone interview May 1.
“Suspicious activity was first noticed when an email sent by a county employee bounced back, revealing that emails intended for the township were being forwarded to an unknown foreign address,” he said in an email dated May 1.
“Their email account appears to be completely compromised by hackers, apparently from a Russian domain,” he said, adding township officials were using their personal email accounts to communicate, but the hackers gained access through an unsecured township Hotmail account.
Antenucci credited O’Neill with blocking the hackers.
“Immediately upon learning of suspicious activity … Katie swiftly and proactively took decisive steps, including promptly changing the email password and signing out of all active sessions,” he said in the email. “Her proactive approach in adopting enhanced security practices, such as ensuring multi-factor authentication was properly configured, has set a positive example for maintaining robust cybersecurity standards within local government operations.”
During Thursday’s evening meeting, trustees called Antenucci twice and an independent contractor once to verify proposed agreement details.
Miller appeared to favor an independent cybersecurity firm over the ADP service, concerned township emails could be read by ADP personnel.
“That’s not how it works,” Antenucci said last Thursday, adding there are strict checks and balances that would prevent anyone at ADP from seeing township emails.
The township’s financial information is kept in the Uniform Accounting Network maintained by ADP and was not compromised, he said.
During Thursday’s meeting, O’Neill said the independent company cost and security coverage appear to be similar to that of ADP.
After more than an hour of discussion last Wednesday, trustees deferred to O’Neill, who said she would feel more comfortable working with ADP.
Antenucci said the township’s email will be more secure in the future, thanks to her efforts..
“Through her timely response and dedicated cooperation with cybersecurity experts, Katie O’Neill demonstrated exceptional initiative and responsibility, substantially contributing to securing Burton Township’s digital infrastructure,” he said in his email. “Her swift and informed actions exemplify best practices in cybersecurity incident response and have notably aided in reducing the township’s exposure to cyber threat.”
