LANSING – It took one click for a hacker to gain access to a Michigan State University database in November and obtain the names and social security numbers of 449 people.
It took one click for a hacker to shut down the internal network of the Lansing Board of Water & Light in April 2016, disabling its accounting system, email service and phone lines used to assist 96,000 customers. The utility paid the hackers a $25,000 ransom to reopen the network.
It took one gap in Ingham County’s network for malware to get through, causing the county clerk’s office to shut down for two days in May. Data wasn’t compromised, but the office couldn’t process birth, marriage and death certificates. Elections held May 2 were not affected.
Cybercriminals have gone after government and business servers that not only contain personal and financial information on millions of residents, but also help run everything from emergency response systems to the electric grid. In 2015, a hacker or hackers briefly shut down the Michigan.gov website.
With investigations into Russian election hacking and international ransomware attacks making headlines, Lansing-area business and government leaders said cybersecurity is no longer optional for shops big and small.
“There are those who have been hacked and those who will be hacked,” said Lansing BWL General Manager Dick Peffley.
Lansing-area governments and businesses say they are doing most of the right things to protect themselves from a cyberattack, but experts warn the things they’re missing can cost them. And even the toughest defenses can be cracked when one employee makes an honest mistake.
“One of our weakest links is the human element,” said Guillermo Guerra, vice president of corporate information security for Jackson National Life Insurance. “If it was a tech issue, then people would just buy a box and fix it.”