Delaware County officials continue to revamp and bolster their information technology systems and plan to start training employees in safety measures a year after the system was hacked and a $500,000 ransom was paid.
Last week, county council unanimously approved a three-year, $374,000 professional services contract with Crowdstrike for End Point Protection and another three-year, $236,117 contract with Meridian Learning Solutions to provide online training for county employees.
County Chief Information Officer Frank Bilotta said the purchase of the Crowdstrike protection was the single most important action in protecting the county’s systems.
“People can never be your first line of defense,” he said. “Your training needs to be hand-in-hand with the tools that block malicious content from getting onto our environment.”
And, he explained, the Crowdstrike program will immediately alert county officials to any malicious content being downloaded to devices.
In November 2020, the county network system was disrupted as hackers demanded the ransom to free up police reports, payroll, purchasing and other databases.
Since then, county officials have been investing in the county’s IT system, including the approval of a $2.4 million investment covering system security and operating improvements, countywide training, digitization of archived records, financial system maintenance, data management, web development, infrastructure engineering and architecture and project support.
Bilotta also provided council with an update with where the upgrading process stands.
“We’ve included increasing password strength for each of staff members when they log onto their computer,” he said. “We’ve also implemented password changes every 90 days. In the outside world, these things might be very common but in the county, they weren’t in place.”
Bilotta also spoke about other safeguards that have been intiatied.
“We’ve also put in place border protection, which doesn’t enable staff or devices to get to malicious domains so if they try to get to those domains, they’re blocked,” he said.
Bilotta said a security analyst is focused on carrying out their multi-authentication roll out right now.
“We’ve also implemented operating system patching on a monthly basis, which was not in place before,” he said, adding that upgrades are made as operating systems expire now, too.
He also spoke about other items that are in progress.
“We’ve only moved one application to the cloud thus far so I would say we have a bit of work to do there but those are really end to end projects that require a bit of planning,” Bilotta said.
He said employee security training will be rolling out in December with the last item to be addressed is email security, which is anticipated to be done in the first three months of next year.
County Council Chairman Brian Zidek lauded the progress being made on the county IT system.
“No system is foolproof,” he said. “There are folks out there who are constantly trying to hack us and a lot of other people … It’s not foolproof but it’s a heck of a lot better than it was two years ago, three years ago, five years ago.”