Hope Quade, who oversees IT in the Albany County Courthouse, suggested to commissioners on Tuesday there needs to be mandatory training on internet safety for some county employees.
Quade is the county’s account manager for Medicine Bow Technologies, which is currently contracted to handle the county’s IT needs.
The suggestion came after an employee in the courthouse fell prey to a phishing scam Feb. 28 and certain “financial information was intercepted,” Quade said.
Under that successful scam, Quade said a “bad guy” pretended to be Albany County Attorney Peggy Trent.
In a phishing scam, a fraudster, often pretending to be a legitimate business or official, sends emails to recipients who occasionally are hoodwinked into handing over confidential information, like their credit card number.
“I only open the ones from Nigeria,” Commissioner Heber Richardson joked, alluding to one of the more notorious phishing scams.
In response to the incident, Quade said she “played helicopter parent” and temporarily shut down the county’s email system.
That led to hundreds of emails being deleted. Amy Terrell, who runs the county’s drug courts, said the incident concerns her, since she lost dozens of important emails.
Medicine Bow Technologies has now produced a list of all the emails that were deleted, and county departments now have to sort through those email lists, asking the authors of important emails to resend them.
Quade suggested her company should now run a phony phishing scam. Medicine Bow Technologies would send out test phishing emails to all employees. County employees who fall for the scam should be required to receive “mandatory training every quarter until the gap is filled,” Quade said.
“This is a learned skill on how to identify bad emails,” Quade said. “I think the webinars are good, but I also think the in-person training is good, depending on your learning style.”
County commissioners have not yet directed Quade to move forward with the operation.