In late 2017, the city of Spring Hill’s servers that manage city emails, payroll and utility payments were compromised after a cyber attack, with the perpetrator demanding a ransom to restore the server’s basic functions. While the perpetrator never received their demands, the city eventually did restore its servers back to normal, but has been keeping the topic of cyber security alive through continued training, a topic City Administrator Victor Lay touched on Friday during a Williamson Inc. Legislative Update.
“I see one of your staff has recently been arrested because the cyber attack made it difficult to track things, and so somebody’s temptation overcame their good judgement,” asked Dave Crouch, the moderator at the event. “So are you recovered now from it?”
“We are,” Lay said. “As far as everything with the city, the utilities, the financial side, we’ve got everything back into place. It’s interesting that you bring that particular topic up because on Monday of this week, I was actually giving a talk on cyber security for the American Power Association, basically relaying the incident that we had and how it impacted us, [as well as] what things they should do to avoid it.”
“The incident you recalled was very unfortunate, and it was right in the middle of everyone having the stress, we had one employee try to take advantage of it.”
The incident Crouch asked about refers to when a former finance clerk for the city was indicted for theft after it was discovered that they had stolen at least $1,543 from 19 utility customer payments.
“The last time you were here, you had recently had an outsider do some phishing among your employees to see if they had learned their lesson, and some of them had not,” Crouch said. “Tell us about that.”
“So one of the things that we started doing after the cyber attack: we had already started some employee education, and we invoked a program that would randomly send phishing emails to the employees - and also to [the city board],” Lay said. “If you clicked on the email and tried to open it, it would let you know immediately that you had clicked on the wrong thing, and you immediately had to go into training before you could even get to anything else on your computer.”
“The first time that we ran that program, we probably had 25 or 30 of them that had clicked on that, including some aldermen and some department heads. Quite honestly, at the next department head meeting, I embarrassed those department heads [by pointing them out] - a half dozen, maybe eight that had clicked on it.”
“Those go out every month, so I get a report every month, so now we’ve been doing it for a year and a half. This last month, I still had a new alderman that clicked on it… so we’ll have to have some words of encouragement. But, the good thing is it keeps [it] at the forefront. While we weren’t hacked, we invited that ransomware in because an employee opened up an email that they shouldn’t have, and it allowed it to come through the firewall.”
“So, be careful what you open in your email,” Crouch said.