Sponsored content contributed by AOC Business Partner: Covenant Technology Solutions
At this year’s Association of Oregon Counties (AOC) Conference, we were reminded just how much Oregon’s counties carry on their shoulders. From public health and mental health to housing and homelessness, public safety, roads, and so much more, you are on the front line of almost every complex issue our communities face.
On behalf of our team at Covenant Technology Solutions, I want to extend a sincere thank-you to everyone who serves in county government across Oregon – elected officials, department leaders, IT teams, finance, public safety, public health, and the many staff members who keep essential services running every day. We are also grateful to AOC for creating spaces like this conference where counties can learn from one another and from partners like us.
One theme that came up over and over in Eugene was cybersecurity, specifically email security and the growing problem of email impersonation. As part of our preparation for AOC, we reviewed the public email security settings (DMARC-related) for all 36 Oregon counties. Only two counties fell into the “low risk” category; 94% were at either medium or high risk of email impersonation.
We also ran a dark web exposure check tied to county email domains, when applicable. In several cases, we saw county email addresses and passwords show up in older data breaches. That doesn’t mean someone is currently “in” your systems, but it does mean credentials associated with your organization have been leaked and could be re-used by attackers. When passwords are reused across systems, a stolen login from one breach can become the front door into email, VPN, or line-of-business applications.
When we shared these findings at the booth, the most common responses were, “I’m not surprised,” or “I get those emails all the time.” Many leaders also shared a deeper concern: they know it’s a problem, but they’re not sure what, realistically, can be done, especially with limited staff and budgets and IT teams that are already stretched.
We don’t think the answer is to add more fear or more work to your plate. We do believe there are practical, achievable steps counties can take to materially reduce their risk.
Here’s what we recommend as next steps:
- Review your county’s report together.
We’re happy to send your individualized email and dark web exposure report and walk through it in plain language, what it means, where the gaps are, and which changes matter most. - Support your IT team, not replace them.
If it’s helpful, we can work directly with your internal IT staff or existing provider to close those email security and identity gaps, especially within Microsoft 365. - Consider a broader security scan.
For counties that want a deeper view, we can run a full security scan to identify other high-impact, low-effort improvements beyond email and credentials.
If you’d like to see your report, talk through options, or just sanity-check where you stand, I’d welcome the conversation.
Tom Choquette
Tom.Choquette@covenant.global