Butler County Community College is only the latest example of a growing trend of ransomware attacks in Butler County.

According to BC3 spokesman Bill Foley, the attack, which officials believe started Nov. 19, affected BC3 databases, hard drives, servers and other devices.

“BC3 information technology staff continues to work extensively to address the issue,” Foley said Monday.

Unable to share the nature of the breech, Foley said the college is navigating a path forward. BC3 hired a third-party company to help bolster its security systems, first by assessments and audits and then through comprehensive strategies.

The college's classes remain canceled through Tuesday.

While BC3 may be a more notable case, Jordan Grady, executive director for the Butler County Chamber of Commerce, said many businesses have come to the chamber seeking help with cyberattacks.

Grady said as more people have moved to work remotely from home, the number of calls related to ransomware attacks rose.

“There's just been an opportunity for these dangerous criminals who know their way around that realm,” Grady said.

Nitin Sukhija, associate professor of computer science at Slippery Rock University, said that a few years ago ransomware attacks were unheard of in smaller communities. As more people relied on cloud-based servers, vulnerabilities became more glaring and exploitable by the nefarious.

“It's becoming more common now,” he said.

Sukhija said step one for ransomware is to acquire passwords or access the system remotely. These can come in the forms of links to random websites, even if they seem legitimate, or in emailed attachments.

He said with the password in hand and the system at their disposal, cyberattackers could make quick work of locking employees and employers out of their own network and asking for millions of dollars in exchange for its release.

Grady said some people who struggle with technology may fall prey easier than others, but even tech-savvy people can fall victim to cyberattacks.

“There's some of these attacks that are disguised really well,” he said. “What we've seen over COVID is these cybersecurity criminals have either gotten a lot smarter or figured that people are working remotely at home on a cloud server.”

Sukhija stressed that a couple of preventive measures can go a long way to protect a company from hackers. The first is investment in both training and resources.

He said companies should not be afraid to invest in two-step verification when employees log in to the system. Something as simple as using an authenticator could stop hackers from accessing the system.

An authenticator generates a temporary passcode over short intervals. That passcode changes after that interval is over, and it's usually accessed by a separate trusted device, like the user's phone. Through this method, the attacker would need both a password and the employee's phone to use their account and access the system.

Beyond spending to add more security, companies should also be training their employees, according to Sukhija. He said training should show employees how to access the system safely and how to recognize and avoid circumstances that could lead to an attack.

“There are very few companies who have cybersecurity training as a mandate when a new hire comes into the company,” he said. “This has to change.”

Sukhija said another way companies can protect themselves is by planning for the worst. He said companies should have multiple backups of their databases, servers, etc., constantly refreshed and ready to go in the event of an attack.

Sukhija said employers should also have a framework for how they go about re-establishing their systems from these backups. He said it also helps to have a business continuity plan, keeping things running in the meantime.

“You want to make sure you have a recovery program,” he said. “The goal is to minimize the risk.”

The increase in cyberattacks has gotten the chamber and county officials thinking about ways to help, according to Grady.

He said the chamber has talked with Butler County's commissioners about forming a panel that could help pass along some of these points and more.

Grady said this could be pivotal for smaller mom-and-pop stores which have not been immune to these types of cyberattacks either. He said smaller businesses often lack the resources for both prevention and recovery.

Grady said the event is still in the planning process, but the hope is to have four professionals in or related to the field of cybersecurity, who can answer people's questions.

“I just hope that we can bring some awareness to the services that might be available,” Grady said.

Sukhija said small workshops across the county would make a big difference in the battle against hackers. He also suggested something as simple as short training videos or even shorter commercials could help.