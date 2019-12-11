A malware attack on Scott County in September cost about $70,000 in repair costs and lost revenue, county officials said.
Officials told the Board of Commissioners on Thursday that they're struggling to get almost half of employees to follow protocols and report risky emails.
In September, Deputy Scott County Administrator Danny Lenz said malware likely reached the county's network when an employee clicked on a link in an email.
Lenz said the malware, which shut down several customer service operations for two days, was believed to be part of a small-theft phishing scam trying capture web-based login information for sites like Google or Amazon. He didn't believe any personal resident data was taken.
Phishing involves sending an email that redirects to a fake or disguised site where users are asked for login or personal information. The site collects and stores the information to sell or use it for personal gain.
Since the attack, Scott County has upped its cybersecurity by installing a stronger security system called CarbonBlack.
In a report to the county board, county officials said they've held monthly phishing tests over the last year. About half of employees on average correctly responded by alerting the county's information technology department, and 8% of employees failed the test by clicking a link and entering credentials.
"I look at those numbers and go, holy cow, that is a huge risk," county Auditor Cindy Geis said.
Chief Information Officer Jeff Peichel said the county is considering intensifying the consequences of not completing or following the county's cybersecurity training, such as by turning email access off to specific employees until they complete the training.