Johnston County officials detail 24/7 cybersecurity monitori…
Johnston County officials detail 24/7 cybersecurity monitori…
Publish Date: 2026-05-27 08:47:00
Source Domain: www.johnstoniannews.com
Using an unordered list, summarize the following article with between 4 and 8 key points. SMITHFIELD — Johnston County officials say cyberattacks targeting county systems occur frequently, requiring continuous monitoring and evolving security measures.“We receive thousands of breach attempts daily,” said Jamie Briscoe, Johnston County’s assistant IT director. “It’s constant.”Jeff Howard, director of Technology Services, said staff and automated systems monitor network activity around the clock and respond immediately to suspicious behavior.“We have staff and software that is monitoring our network devices 24/7,” Howard said. “So if my staff’s asleep at 2 o’clock in the morning, a protocol is in place to block or kill suspicious activity.”He added that protections extend across all county devices.“We have security on every single device that we have in Johnston County,” Howard said.Password security focusHoward said most attacks involve repeated attempts to guess login credentials, making passwords a key vulnerability.“The password is the No. 1 vulnerability, and that’s why we work really hard to remove that risk,” he said.To reduce that risk, the county has moved to biometric authentication. Employees now verify access through smartphone prompts requiring facial recognition or fingerprint scans rather than entering passwords.“The password can’t be compromised using this form of authentication,” Howard said. “It’s a biometric facial scan or thumbprint that allows you access to your computer or to your laptop.”A password vault system is still used for some applications, but access is tightly controlled.“We have a password vault,” Howard said. “So instead of having a password taped to the bottom of your keyboard, it’ll be in a password vault.”Entry to the vault also requires multi-step verification.“To log into this vault, it’s going to send me a push notification to my phone,” Howard said. “Access requires another biometric scan.”Howard said the county is working to further reduce reliance on traditional passwords.“I’ve tasked my staff with looking at these older applications and trying our best to move into a more modern authentication method,” he said.Vendor oversightHoward said most sensitive resident and taxpayer data is stored on state systems or third-party vendor platforms rather than county servers.Because of that, the county requires vendors to meet strict security standards before being approved.“These companies have to meet a certain level of security standard to be able to store this information,” he said.Vendors undergo a review process that includes questions about security practices, audits and past breaches, along with supporting documentation.“We use the industry standard ‘Trust but Verify’ method,” Howard said.When vendors are granted access to county systems, their activity is restricted and monitored.“Once they get there, everything’s recorded,” Howard said. “There’s a video recording of their keystrokes. It’s time- and date-stamped. Everything’s documented.”Howard said the goal is protection, not oversight of user behavior.“We need to know every single thing that’s going on in this network,” he said. “It’s not because we want to control what a user does. We are trying to prevent the network from being compromised.”If a vendor experiences a breach, access is immediately revoked until security issues are resolved.“We have had vendors that have been breached, and we’ve immediately denied their access,” Howard said.“We’re always trying to build that next wall.”
