County Magazine

For decades, the internet has delivered the same familiar scam: click here to claim a prize or send money to a “brother” stranded somewhere far from home.

Variations of these types of phishing emails have become routine in company inboxes — leadership making urgent requests for sensitive information, HR sharing updates about payroll or benefits, or IT warning that an account has been compromised and prompting a password reset.

Clicking links or replying with information can result in security breaches or malware being installed on company systems.

With the introduction of AI, these phishing attempts are accelerating and harder to recognize, mimicking employees with near-absolute precision, often with company branding or referencing real projects and vendors.

Now, a new no cost resource available to TAC Risk Management Pool Privacy or Security Event Liability and Expense (Cybersecurity) Coverage members will help address this by sending simulated emails to county employees that mimic phishing attempts. Employees who click on the fake links will be prompted to complete short, bite-sized cyber trainings. The goal: to make employees more cyber aware and prevent damaging and costly attacks.

The program, called S.H.I.E.L.D., Secure Human Intelligence Education & Learning Defense, is a collaboration with TechGuard Security, a cybersecurity company focused on providing innovative solutions to cyber threats.

Other cybersecurity training programs can be long and often infrequent, which makes them easily forgettable to employees and rarely result in behavior change.

S.H.I.E.L.D.’s regular tests and trainings will keep cyber threats on the forefront of employees’ minds, helping them maintain consistent awareness of phishing attempts, which helps change behavior.

“It’s about increasing our muscle memory when it comes to cyber,” said Robert Ruiz, associate director of Risk Management Services at TAC. “That’s done through having very engaging training that is relevant and based on the most current threats.”

Typical costs for this kind of service can be as much as $6 per employee per month. S.H.I.E.L.D. will be available to eligible TAC RMP cyber coverage members at no cost. Participation in the service may support a county’s eligibility for higher coverage limits when combined with other cybersecurity controls, as one of several factors used to demonstrate stronger risk management practices.

“It’s a huge value add for our members,” Ruiz said.

This type of training is crucial at a time when cyber threats are increasing. From 2024 to 2025, TAC RMP experienced a 400% increase in cyber claims, the majority as a result of business email compromise.

Texas is number two in the nation when it comes to the number of cyber claims and costs associated, second only to California. According to the FBI Internet Crime Complaint Center, Texas lost $1.8B in 2025 as a result of cyber claims.

“Counties remain a prime target for cyber threat and activity,” Ruiz said. “Their greatest exposure is every employee who interacts digitally in their day-to-day life because of things like phishing and social engineering. Those are the two main vectors that carry out these attacks so if you can help create human firewalls you are doing a good job at mitigating your cyber risk.”

The new S.H.I.E.L.D. program is scalable and can help both large and small counties alike. The process to implement the new service is easy to use and is set up by TAC Risk Management Services cybersecurity risk specialists, who help with onboarding and provide dedicated support.

Enrolled counties can choose from as many as 1,500 templates to send to employees, making using the program easy to use. Templates are updated based on current risks and can also be tailored to test specific departments or groups of county employees.

After counties send their first test email, they will be provided with baseline metrics showing how many employees clicked on a malicious link. They will be able to use these figures to track behavior changes, reflected by fewer clicks over time.

There are limited licenses available, so counties are encouraged to reach out to their cyber specialists as soon as possible to request licenses.

Already, 5,000 licenses for the new software have been secured by TAC RMP for Texas counties participating in the Cybersecurity program. Six have already been set up with the new software, with another 21 coming online soon.

“While training can take time out of your day, it doesn’t require that much work to help save your counties up to millions of dollars,” said Isabella Sherwood, a cybersecurity risk specialist with TAC Risk Management Services. “These phishing incidents that lead to ransomware can snowball if you don’t pay attention. The bad actors only have to find one weak spot to get in. Counties really do carry a heavy burden, and we want to help them relieve that.”

For more information and to get set up with the S.H.I.E.L.D. program, visit county.org or email TAC RMP Cybersecurity.