Sponsored content contributed by AOC Business Partner: Covenant Global
As we discussed in Part 1 of this series, there are quick, high-impact actions counties can take to boost their cybersecurity. In this edition, we want to highlight why cybersecurity should be a top priority for local governments in 2025—and the risks that come from delaying action.
Cities and counties are collecting more citizen data than ever—information that’s extremely valuable on the dark web. And hackers have taken notice.
Just recently, Oregon’s own Department of Environmental Quality (DEQ) experienced a ransomware attack, exposing data and systems in a way that reverberated across state and local infrastructure. Read the full article here.
Cybercriminals aren’t just targeting large corporations or federal agencies anymore. Local agencies have become ideal targets due to several key vulnerabilities:
- Limited cybersecurity budgets – especially with recent reductions of FEMA budgets, limited grant availability, and general budget reduction.
- Aging or unpatched infrastructure – One of the last big infrastructure updates happened in 2015. Most of that equipment has reached the end of life and needs to be replaced with upgrade security features.
- Lack of trained cybersecurity personnel – Cyber-attacks have become much more sophisticated, but training about those attacks has not kept pace.
- Valuable personal and financial data of citizens – the type of personal information that is being captured now for the convenience of the controlling organizations has become very valuable to the bad actors.
- Essential services like emergency response, water, and utilities are dependent on IT systems – technology has enabled and enhanced emergency response.
It’s been said, “smaller entities may be easier to breach, but just as damaging to exploit.” This is a very true statement as it applies to cities and counties.
So, what can be done? Here is a simple checklist of steps that can be taken:
- Designate a cybersecurity lead or hire consultants
- Train all staff on basic cyber hygiene and threat response
- Patch and update legacy systems
- Implement and enforce multi-factor authentication
- Perform regular backups and test restorations
- Conduct a complete risk assessment
- Establish or update an incident response plan
- Apply for federal/state cybersecurity grants
These steps are a good start towards cybersecurity. Covenant Global can assist. For more information about cybersecurity and our services, please contact us by emailing Tellmemore@covenant.global or go to our website at https://connect.covenant.global/local-oregon-governments