Aug 26, 2025 | AOC Business Partner
Sponsored content contributed by AOC Business Partner: Covenant Global
As we discussed in Part 1 of this series, there are quick, high-impact actions counties can take to boost their cybersecurity. In this edition, we want to highlight why cybersecurity should be a top priority for local governments in 2025—and the risks that come from delaying action.
Cities and counties are collecting more citizen data than ever—information that’s extremely valuable on the dark web. And hackers have taken notice.
Just recently, Oregon’s own Department of Environmental Quality (DEQ) experienced a ransomware attack, exposing data and systems in a way that reverberated across state and local infrastructure. Read the full article here.
Cybercriminals aren’t just targeting large corporations or federal agencies anymore. Local agencies have become ideal targets due to several key vulnerabilities:
- Limited cybersecurity budgets – especially with recent reductions of FEMA budgets, limited grant availability, and general budget reduction.
- Aging or unpatched infrastructure – One of the last big infrastructure updates happened in 2015. Most of that equipment has reached the end of life and needs to be replaced with upgrade security features.
- Lack of trained cybersecurity personnel – Cyber-attacks have become much more sophisticated, but training about those attacks has not kept pace.
- Valuable personal and financial data of citizens – the type of personal information that is being captured now for the convenience of the controlling organizations has become very valuable to the bad actors.
- Essential services like emergency response, water, and utilities are dependent on IT systems – technology has enabled and enhanced emergency response.
It’s been said, “smaller entities may be easier to breach, but just as damaging to exploit.” This is a very true statement as it applies to cities and counties.
So, what can be done? Here is a simple checklist of steps that can be taken:
- Designate a cybersecurity lead or hire consultants
- Train all staff on basic cyber hygiene and threat response
- Patch and update legacy systems
- Implement and enforce multi-factor authentication
- Perform regular backups and test restorations
- Conduct a complete risk assessment
- Establish or update an incident response plan
- Apply for federal/state cybersecurity grants
These steps are a good start towards cybersecurity. Covenant Global can assist. For more information about cybersecurity and our services, please contact us by emailing Tellmemore@covenant.global or go to our website at https://connect.covenant.global/local-oregon-governments
Aug 26, 2025 | AOC Business Partner
Sponsored content contributed by AOC Business Partner: Comcast
(Photo above: This July, Comcast connected over 600 homes and businesses in Sublimity to fast, reliable, symmetrical Internet for the very first time as a part of the company’s network expansion into more locations in Oregon. Another 785 locations will be added to Comcast’s network in Sublimity by the end of the year.)
In 2025, Comcast has made significant strides across Oregon—investing in infrastructure, expanding broadband access, and supporting local events and nonprofits. These efforts align with the priorities of Oregon’s county governments: fostering economic opportunities, improving access to essential services, and strengthening community resilience.
Investing in Broadband Infrastructure to Support Growth
Comcast’s network expansions have brought high-speed internet to thousands of previously underserved homes and businesses in Oregon counties. These projects are more than connectivity—they’re economic development tools that support small businesses, remote work, education, and public services.
- In Sublimity, over 600 homes and businesses were connected for the first time, with plans to reach another 785 locations by year-end.
- Over the past three years, Comcast has invested $574 million in Oregon to expand and enhance broadband infrastructure.
County leaders know that reliable internet is essential for workforce development, emergency preparedness, and equitable access to healthcare and education. Comcast’s infrastructure investments help counties meet these goals.
Simplifying Internet Access for Oregon Households
In June, Comcast introduced a new pricing model for Xfinity Internet—no contracts, no hidden fees, and a five-year price guarantee. This change is especially impactful for the 1.3 million Oregon households navigating rising costs and increasing digital demands.
The new plans include advanced features like parental controls, cybersecurity protection, and Wi-Fi Motion technology—all accessible through the redesigned Xfinity app. These tools support families, students, and remote workers across Oregon counties.
Supporting Local Events and Economic Activity
Comcast has provided critical connectivity for some of Oregon’s most beloved events, helping counties showcase their communities and support tourism and local business:
- Oregon International Air Show (Washington County) – Comcast powered vendor operations, ticketing, and public Wi-Fi
- Oregon Jamboree (Linn County) – Provided robust connectivity for attendees, staff, and performers
- Portland Classic (Multnomah County) – Supported LPGA athletes and event operations with high-speed internet
- Mt. Angel Oktoberfest (Marion County) – Delivered free Wi-Fi to enhance visitor experience and vendor success
These investments demonstrate Comcast’s commitment to supporting county-led initiatives that boost local economies and community engagement.
Advancing Digital Opportunity in Oregon Counties
Comcast’s digital adoption programs are designed to ensure that all residents—regardless of income or background—can participate in today’s digital society.
- The Latino Network’s La Plaza Esperanza (Multnomah County): A new 18,000 sq. ft. community center in Rockwood offering education, job training, and health services. Comcast’s Lift Zones provide free high-speed Wi-Fi and technology access.
- Over $5 million invested over the past three years in Oregon nonprofits to support digital skills training, Lift Zones, and grants to bridge the digital divide.
- Through Project UP, Comcast partners with trusted organizations like Boys & Girls Clubs, Free Geek, and Native American Youth & Family Center to deliver digital literacy and affordable broadband via Internet Essentials.
These efforts align with county goals to improve access to education, workforce development, and public health services.
Expanding Local Access and Customer Support
Comcast continues to grow its presence in Oregon with new retail locations:
- Oregon City store opened in June
- McMinnville store opening later this year
- More than 20 retail locations statewide provide customer support, product demos, and community engagement
Jul 30, 2025 | AOC Business Partner
Sponsored content contributed by AOC Business Partner: Covenant Global
Email is the heartbeat of county operations. Whether coordinating with vendors, issuing permits, or managing sensitive records, it’s how work gets done. But many public agencies don’t realize that their email domain—if not properly configured—can leave the door wide open to impersonation, spoofing, or even unnoticed data exposure.
That’s why Covenant Global created the “What’s Your Security Score?” scan: a free, low-lift checkup designed specifically for Oregon counties. It’s not a sales pitch. It’s a practical tool for busy teams who know cybersecurity matters but don’t always have the staff or time to dig into the details.
Why Domain Security and Dark Web Scans Matter
When your email domain records—SPF, DKIM, DMARC, and MX—are incomplete or outdated, it becomes easier for outsiders to impersonate your agency or send emails that appear trustworthy. These records are your front line of defense, and misconfigurations often go unnoticed until something goes wrong.
Similarly, a dark web scan checks to see if any credentials tied to your agency’s email domain have been exposed online. This often includes passwords from old accounts or previously used logins—small oversights that could create big risks later.
What You’ll Receive (At No Cost)
Your Security Score includes:
- A domain health scan reviewing key email security records
- A dark web credential check tied to your public domain
- A plain-English report outlining risks or misconfigurations
- A prioritized action plan for your IT team or provider
And for counties using Microsoft 365, we’ll let you know if you qualify for additional cybersecurity support through Microsoft’s 20/20 Initiative.
Why This Matters for Counties
In our early work with local governments:
- 75% had missing or outdated email security records, leaving them vulnerable to spoofing or impersonation
- Over 60% had credentials exposed on the dark web, often from old accounts or password reuse
This isn’t about pointing fingers. It’s about giving your team the insight and support to make smart, proactive decisions.
It’s Not About Fear—It’s About Visibility
After working with SLG clients, we’ve found that most email domains have room for improvement—but many agencies simply aren’t aware of the gaps. The Security Score gives you the visibility to fix what’s fixable and the confidence to move forward.
It’s fast, free, and built to support the work you’re already doing.
If you’d like to take the first step, we’d be honored to walk with you.
Email us at tellmemore@covenant.global
Let’s keep Oregon counties secure, connected, and confident—together.
Jul 30, 2025 | AOC Business Partner
Sponsored content contributed by AOC Business Partner: Nationwide
For most participants of Nationwide’s Supplemental Retirement Plans, diversifying investments is important because it can help reduce the potential of overall market losses in your retirement account. If you are unsure about how to manage your asset allocation or prefer not to manage it yourself, selecting a target date fund (TDF) from the Plan’s menu of investment options could be the ideal solution.
A TDF is a mutual fund that is managed to adjust its asset allocation to become more conservative as you approach retirement — your target date. In the early years, the fund invests more heavily in growth-oriented assets such as stocks. As the target date nears, the fund gradually shifts toward more conservative investments such as bonds and cash equivalents.
Benefits of using a target date fund
- Professional management: TDF portfolio managers adjust the fund’s investments based on market conditions and its target date, helping to optimize returns and manage risk
- Diversification within a single fund: The fund manager invests to spread risk across various asset classes, which can enhance the stability and performance of your investments over time
- Automatic asset rebalancing: You don’t have to worry about making adjustments yourself as you get closer to retirement
- Convenience: Simply choose a fund with a target date closest to your expected retirement year, and the fund takes care of the rest
Things to consider about TDFs
- Retirement assets held outside of the Plan might affect your overall asset allocation and diversification, the risks you’ve assumed and the fees you’re paying
- TDF glide paths can vary widely, even among those with the same target date
- Investing in a TDF doesn’t necessarily safeguard against losses or guarantee that you’ll have enough income for retirement
For assistance in understanding how to use a TDF as an investment strategy, log in to your Nationwide Retirement Plan account at nrsforu.com to:
- Contact your Retirement Specialist
- Select a TDF or otherwise manage your investments
Jun 26, 2025 | AOC Business Partner
Sponsored content contributed by AOC Business Partner: Nationwide
One of the most important decisions you may make with your Nationwide account is beneficiary designation, through which you inform the Supplemental Retirement Plan of whom you want to control your assets in the event of death. When Nationwide has your beneficiary designations on file, the individuals you designate can usually gain access to your account without having to wait for a court decision.
Beneficiary designation is also one of the first steps in estate planning, a process designed to protect the property you’ve accumulated and money you’ve saved. No matter how old or young you are and regardless of your wealth, having an estate plan can be essential. Without a plan, the state, through probate court, would control the decisions, which might not reflect your wishes.
Benefits of an estate plan
With an estate plan, you can reduce the potential for family disputes and legal battles; avoid handing heirs a lengthy and costly probate process; ensure that more of your assets go to your loved ones rather than the government; and designate who should care for minor children, your spouse or other loved ones.
A well-developed estate plan documents your wishes clearly and accounts for all your assets and situations that may arise. That’s why, in most cases, you will need an attorney to write your estate plan and file the necessary paperwork with your state.
However, you can get started on your own by either completing or revising the beneficiary designation form on file with the retirement plan.
Start building your estate plan
Log in to your Nationwide Retirement Plan account at nrsforu.com to:
- Make sure that your beneficiary designations are up to date
- Learn more by registering for our next “Leaving a Legacy” webinar
Jun 26, 2025 | AOC Business Partner
Sponsored content contributed by AOC Business Partner: Covenant Global
At Covenant Global, we know how hard local governments work to serve their communities — often with limited resources and growing demands. That’s why we’re sharing simple and practical ways to strengthen your cybersecurity without adding complexity or cost.
Why This Matters Right Now
Just last week, a phishing email disguised as a trusted communication began circulating among Oregon municipalities. The message urged recipients to “verify their information within 24 hours” or risk losing access —complete with an official-looking link. These kinds of emails are designed to create panic, trick users into clicking, and harvest sensitive information. While no data was compromised in this instance, it’s a timely reminder: our public institutions are increasingly being targeted, and social engineering is one of the most common attack methods used. These threats don’t just happen elsewhere — they’re happening here, now.
A Common (and Costly) Scenario
Imagine this: A hacker scans your county’s staff directory and sees the email for “Deputy Bill Smith.” They call your outsourced IT provider and say:
“Hi, IT — this is Deputy Bill Smith. I just locked my account by trying to log in too many times, and my cell phone was damaged at a traffic accident scene. I need to have my account unlocked and my password changed. Would you send the password to my wife’s cell phone, 503-123-4567 [hacker’s number], so I can log into my laptop? My email address is bsmith@ci.anytown.or.us. Thanks for your help.”
Since the hacker knows the email address (used to log into the work account), the user’s name, and role/title, it could be very easy to fool outsourced IT into resetting the account — giving the hacker full access.
3 Simple Fixes You Can Make This Week
- Use Email Aliases for Public Contact Info
Rather than listing staff login emails such as bsmith@ci.anytown.or.us or jdoe@co.countyname.or.us, create aliases like CityRecorder@ci.anytown.or.us or ClerkOffice@co.countyname.or.us.
Aliases are free to create, simple to manage, and keep staff login details private — making it harder for attackers to impersonate your team.
- Turn On Windows Hello or Similar Facial Recognition
Use built-in security features like Microsoft’s Windows Hello, Apple Face ID, or Google’s facial recognition to link access to the person—not just a password. These tools reduce the need for password resets and make unauthorized access more difficult, even if someone manages to trick IT support.
- Require Microsoft Authenticator or Another Trusted App
Authentication apps like Microsoft Authenticator (or similar tools from Google and Apple) verify a user’s identity through a second device. Even if a hacker knows the password, they won’t gain access without that second layer. Microsoft reports this step alone can prevent up to 90% of attacks.
What To Do If You Suspect a Phish
Cyberattacks often start with a single click. Make sure your staff knows what to do:
- Do not click on suspicious links or attachments.
- Report the email to your IT provider immediately.
- Verify any unusual requests for information through official channels.
- Educate staff to look for urgent language, threats, or unfamiliar senders.
If a phishing email does get through, a fast and informed response can prevent further damage.
Let’s Make It Easier to Stay Secure
These are small changes that make a big difference. At Covenant, we work alongside Oregon’s small and mid-sized municipalities and counties to improve security with practical, affordable tools — often with support from Microsoft-funded programs like Fortify.
And we’re here to help.
For more information about cybersecurity, please contact Covenant Global by emailing Tellmemore@covenant.global or visit our website at http://covenant.global/services/fortify.
By: Shel Philips, PMP, Chief Security/Compliance Officer and COO, Covenant Global