County cybersecurity training improving

·3 min read

Nov. 23—OTTUMWA — Wapello County's cybersecurity training is improving, but it may still leaves open the possibility of potential problems.

The county board of supervisors listened to an update by Roger Shindell, a cybersecurity expert and CEO of Carosh Compliance Solutions, which the county has contracted with to provide HIPPA services.

Shindell gave an example of an Iowa county computer network that was attacked, causing the breach of 871 individuals' private information, including driver's license numbers, social security numbers and medical information.

That county had an 80% compliance rate when it came to cybersecurity and protecting vital information. Wapello County currently is at 73% across all of its departments, but Shindell believed the county is heading in the right direction.

"Right now I'd give you guys a B-minus," he said. "We'd like to get you up to at least 80% (overall). We've got kind of a mixed bag. The assessor's office and auditor's office are great, but we'd like to get the sheriff's office and veterans affairs up.

"We still have a little bit of work to do, but you're certainly up in the highest quartile for all of our clients."

Supervisor Jerry Parker said "give us another couple weeks and we'll be back up there."

Any breach that occurs must be turned into the Office for Civil Rights, which is part of the Department of Health and Human Services. Shindell said hitting that 80% benchmark was important because it reveals adequate cybersecurity training when the OCR asks for any documents.

"It's going to keep you from being assessed fines and penalties, and that can be a very costly expense to the county if you are fined and penalized," he said.

He said the next training for the county will occur in early December.

"I don't lose sleep at night over where we are on this in terms of protecting you from fines and penalties if we have breaches," Shindell said.

Shindell also alerted the supervisors to a new training program that could be added on to their current contract with the company. County employees would be sent a quarterly email to test cybersecurity knowledge, receiving training to identify potential hacks, as well was receiving required periodic security reminders.

"Basically the email is a benign phishing attack, so it looks like you enter to win a four-night, five-day vacation to the Bahamas," Shindell said. "If someone clicks on it, we understand what happened, and they get additional training on that. We respond to potentially infected emails that are tracked, etc.

"That's what happened in the other Iowa county. Two people clicked on a malicious link, and all of a sudden, they had a 700-record breach," he said. "I highly recommend it, because the number one way you're going to have problems in the foreseeable future is through a cybersecurity attack."

In other business:

—The supervisors reviewed the 2021 weed commissioner report, and appointed county engineer Jeff Skalberg to temporarily serve as the weed commissioner until a full-time commissioner could be hired.

"We're seeing an uptick in thistles and other noxious, but fairly recognizable teasels and bull thistles," Skalberg said of the report. "It's been a significant increase here. Basically we're pretty much done for the year. We won't be spraying for noxious weeds until spring."

—Allora Johnson-Dotson was hired as a full-time dispatcher in the sheriff's office to fill a vacant position.

— Chad Drury can be reached at, and on Twitter @ChadDrury

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting