In 2014, the files on two city computers were suddenly, unexpectedly rendered unreadable.
They had been encrypted by hackers who demanded payment in exchange for restoring the files, infected by malicious software known as ransomware.
It could have been the start of an information systems nightmare similar to what Atlanta’s city government is still working its way out of, but Toledo’s information communication and technology department was prepared to react and quash the threat before it spread.
“We had a couple computers that got hit and we immediately took them off the system, cleansed everything we found, and restored them,” said David Scherting, Toledo’s director of information communication and technology. “The most somebody lost was maybe a couple days worth of work.”
Cybersecurity is becoming an increasingly important part of the day-to-day operations of governments, corporations, schools, and health care systems as the threat of malware persists and ransomware, specifically, becomes more common.
“It’s become more prevalent because it’s been effective,” said Matt Haschak, Bowling Green State University’s director of information technology and security.
Mr. Haschak also teaches cybersecurity classes in the college of business and said it is best for large organizations and individuals alike to focus on prevention. But if a breach does happen, he said it’s important to have a plan for how to respond, recover any lost data, and to learn from the incident.
A survey of 63 private and public organizations in the U.S. by Ponemon Institute, which conducts research on privacy, data protection, and information security policy, found the average cost of a data breach was $7.35 million in 2017.
Mr. Scherting said Toledo follows industry best practices when it comes to data security measures, starting with prevention. Most city employees do not have administrator privileges on their computers, which means they cannot give permission for a new software or program to download on their device.
Each computer also has anti-virus protections installed, software is regularly updated, and all emails are scanned for suspicious files, Mr. Scherting said.
“We try as hard as we can with the tools that we have to make sure this doesn’t happen,” Mr. Scherting said.
Ahmad Javaid teaches cybersecurity at University of Toledo and said one of the most common ways organizations fail to protect their information systems is by not regularly backing up their data.
“It’s good practice to have backup of important servers or information,” he said. “Let’s say a hacker encrypts all your data, well that way you can minimize damage.”
Mr. Scherting said Toledo does run daily backups of its files and keeps the information stored separately from its main system. That way if a computer is hacked and its information held hostage, not all information will be lost.
“We don’t want to pay the ransom, and that’s based on best practices,” Mr. Scherting said.
The city spends about $250,000 annually on cybersecurity measures and this spring and summer will invest $200,000 in network updates to address both security and speed issues.
Mr. Javaid also stressed the importance of educating whomever is using your device. He said the most common way hackers access a computer system is through a phishing email, which does its best to convince the receiver to click on the attachment or link so the malicious software can download.
“The weakest link is the human being,” he said.
Contact Sarah Elms at selms@theblade.com, 419-724-6103, or on Twitter @BySarahElms.
First Published March 31, 2018, 9:44 p.m.
