North Canton City Council on Oct. 20 adopted an emergency resolution directing the mayor, through the city’s managed IT services provider, to set and adopt standards to safeguard against cybersecurity threats and ransomware attacks.

The measure was introduced after a briefing from the city’s long‑time managed‑services firm, NAP Plus. Cameron Steven, chief experience and technology officer at NAP Plus, and Nicole (cybersecurity operating manager, NAP Plus) described the city’s existing layered defenses, employee training and the reporting requirements recently added by the Ohio Auditor of State.

The resolution matters because it formalizes the city’s compliance posture and reporting procedures for cybersecurity incidents. Nicole described a key change in state expectations: “They can’t just go and pay the ransom without, you know, getting approval, you know, going through the other state and things like that,” reflecting the new reporting and approval steps the Auditor’s mandate requires for ransomware incidents.

Liam, the council clerk who coordinated the legislative item language, said the city partnered with NAP Plus in response to the Auditor’s update and that administration and the provider worked to align the city’s policies with the state requirements. The speakers stressed that most of the city’s technical defenses were already in place; the primary differences created by the state mandate involve formalized reporting, documentation and certain procedural restrictions on incident response.

NAP Plus described its role providing network infrastructure, servers, service‑desk support, cybersecurity and ongoing training for city staff. Company representatives said their protections include layered email and endpoint defenses, monitoring that raises alerts when suspicious activity passes initial defenses, and periodic phishing and security training for employees. Council members and other officials asked about staff access to personal email and how an employee’s personal account could introduce risk; the presenters said they do not block access to employees’ personal email on city machines but rely on layered detection and training to limit exposure.

Council discussion emphasized two recurring themes: employee training and legislative transparency. At least one council member flagged the requirement that reporting and certain decisions about ransomware response must now be handled openly and with proper approvals rather than in private. NAP Plus staff recommended continued focus on training — “we’re only as strong as our weakest link,” they said — and reminded council that commonly successful phishing attacks often come through contacts or vendors that appear legitimate.

Council voted to adopt the resolution under suspension of the typical three‑reading rule. The vote was recorded by voice as unanimous “Aye.” The resolution takes effect as an emergency action to accelerate implementation of the required reporting and standards.

Council did not place new obligations on contractors beyond what the resolution and state guidance require; the measure directs the mayor and the city’s IT provider to implement and maintain the standards and to report incidents in accordance with state rules. Administration and the provider told council they would continue to brief members as procedures are finalized and training continues.