After 20 intense months, TAC's County Information Resources Agency can breathe a sigh of relief. In August, CIRA completed the extraordinary feat of moving more than 9,400 email mailboxes, belonging to 105 counties, to a more secure Microsoft platform.
Remarking on the magnitude of the project, Education and Member Services Associate Director Dawn Noufer said: "I honestly think this project has accomplished one of the — if not the — most impactful, widespread cybersecurity increases for Texas county officials and staff. I don't have the citations and data to back that up, but … I don't think I'm wrong."
Reagan Nail, the Manager of Technology and Education Services for TAC, pointed out that email continues to be the main route for cyberattacks and that even counties that don't use CIRA's email services will reap benefits from this project. CIRA has seen instances where a hacker compromised a single county mailbox and used it to send malicious emails to thousands of recipients, who were often other county officials and staff members, she said. The cybersecurity upgrade has made it significantly harder for the 9,443 mailboxes in these 105 counties and one drainage district to be used malevolently, Nail said.
She also praised the efforts of the three team members performing the email transition: CIRA Services Coordinators Rotnei Beverly and Racheal Hughes and Senior CIRA Services Coordinator Joy Watson. "It is the work of this small but mighty team that resulted in such positive change for Texas counties," Nail said.
Building relationships with customers
The small team took on a big job. The transition took about two weeks for each county, and the switch-over point — when emails began flowing into the new Microsoft accounts — was always at night to avoid disrupting the county's daily operations. That cutover could take up to four hours, Hughes said. The project was incredibly difficult, she said. "Long days and nights were spent making sure the counties' experience was as seamless as possible."
The job didn't end with the cutover. "The migration didn't only consist of the time moving the emails, but it also consisted of the weeks after the migration where the team member who migrated the member was focused on supporting them," Watson said. "We worked closely with each county to make sure that the transition was successful and that they knew TAC is always there to support them."
The email migration project was also a learning experience for the team. Beverly said he eased the concerns of email users after the switch and explained the benefits of the new platform.
For Hughes, the project led her to change her communication style to highlight important details about the migration.
Preparing for the final stage
During the past five years, the technology and cybersecurity landscape has grown more complex and riskier, Noufer said. "Technology has gone from a luxury to a critical, complex component of counties' daily operations," she said.
The switch to the Microsoft platform has made the email accounts of these counties more secure and given them tools to increase their collaboration, Watson said. "The transition keeps counties more secure against the ever-changing cybersecurity world," she said.
Although the email migration is done, the project isn't over. The final stage involves the recent implementation of multifactor authentication (MFA) for all of CIRA's email members. MFA typically requires a person to confirm that he or she is authorized to log in by entering a code sent over the phone, by text or by a security authenticator app.
"Cybersecurity risk is extremely high," Nail said. She noted that the director of the federal Cybersecurity and Infrastructure Security Agency recently said that users who enable MFA are 99% less likely to be hacked. "It was this final push to implement MFA, in combination with the required email migrations to the more secure Microsoft platform, that made this initiative so impactful," she said.