Brookfield trustees held their first meeting Jan. 21 to discuss formulating a cybersecurity policy.
A state law that became effective Sept. 30 requires local governments to adopt a cybersecurity policy, report cyber incidents to the Ohio Cyber Integration Center and the state auditor and to pass a resolution before paying a ransomware demand.
The policy is an attempt to safeguard an entity’s data, information technology and information technology resources, according to the state.
Among the elements the policy should address are identifying cybersecurity risks, specifying mechanisms to detect events and establishing procedures for repairs. All employees must be trained in cybersecurity. Ohio offers an annual training program that qualifies.
Township Office Coordinator Lisa Driscoll has agreed to be the cybersecurity administrator/manager, although Trustee Shannon Devitz said Driscoll will not be expected to handle it all on her own. Driscoll put together a draft policy based on a recommendation from the Ohio Township Association and a proposal from Ford Office Technologies, the township’s information technology provider.
Trustee Dan Suttles said he thinks the trustees should work on the policy monthly until they adopt one. A lawyer’s opinion will be sought prior to adoption. Each township is required to have a cybersecurity policy in place by July 1.
