Skip to Content (custom)
Texas Association of Counties
Toggle Navigation (custom)

    TAC Blog

    2025

    Blog | October 03, 2025

    Cybersecurity Month: How Counties Can Stay Safe 

    October isn’t just for pumpkins and sweaters. It’s also cybersecurity month, a time to spotlight the importance of staying safe online. These days, it’s not enough to simply have a strong password. County employees and officials also need to keep their eye out for phishing scams and ensure their software is secure. Here are a few ways cybersecurity affects counties and what you can do to stay safe. 

    Why Cybersecurity Matters

    Cybersecurity “affects us all personally, and also in our professional lives,” says Robert Ruiz, associate director of Risk Management Services at TAC. “Data is absolutely the most valuable commodity in today’s day in age, and counties have a plethora of it.”

    According to the Identity Theft Resource Center, over 1.7 billion individuals had personal data compromised in 2024. That’s only 44 fewer than 2023’s record-breaking number. 

    Many times, counties’ data is stored “in areas that may not be as protected as needed,” Ruiz says.

    The 2024 FBI Internet Crime Report found that ransomware was the biggest threat to online security, and government facilities ranked third for ransomware breaches in 2024. 

    Cybersecurity Risks to Watch Out For

    Cybersecurity threats have gotten more sophisticated, and many of them are hard to spot. Recognizing these common tactics can help counties protect personal data.

    • Phishing emails are deceptive attempts to trick people into revealing personal information or clicking on malicious links.

    • Ransomware attacks lock up critical systems until a payment is made. Ransomware attacks can shut down county services, delay court proceedings and halt emergency response systems. 

    • Weak or reused passwords across government accounts.

    • Outdated software and legacy systems that leave security gaps unpatched.

    • Unsecured networks that put sensitive resident data at risk.

    Cybersecurity Tips for Counties

    The good news: Counties can significantly reduce risks by adopting these cybersecurity best practices. 

    • Examine emails closely. If an email contains a suspicious link or seems particularly urgent or, don’t rush to respond. When in doubt, confirm the information with a colleague and report the email to your cybersecurity team.

    • Strengthen passwords. Require strong, unique passwords for all county accounts. Password manager tools can help staff reduce password reuse.

    • Implement multi-factor authentication (MFA). MFA requires users to enter several pieces of information in order to access an account. TAC CIRA members can get MFA set up for their accounts free of charge.

    • Secure county networks and Wi-Fi. This means encrypting Wi-Fi, updating default router passwords and keeping an eye out for any unusual activity.

    • Back up critical data. Keep essential county data in a secure, offline location. 

    • Limit access to sensitive information. Give employees access only to the data they need to do their jobs. 

    AI and Cybersecurity 

    Artificial intelligence can help analyze data and write emails, but it’s not immune to cybersecurity risks. AI systems comb through large amounts of data, and sensitive information could be seen by other users.

    “These are (generally) large language models and programs that learn every time we feed it new information,” Ruiz said. “Whatever you feed it may not be staying there in that browser.”

    As AI becomes more commonplace, counties may want to consider creating policies that ensure cyber safety.

    AI Cybersecurity Policy Tips

    • Never put sensitive information, like full names and social security numbers, into an AI chat box.

    • For an added layer of protection, consider using Incognito mode when using an AI model.

    • Consider disabling AI chat history.

    • When writing your county’s AI policy, keep the language evergreen. Technology changes often. Writing a policy with broad language prevents you from having to edit it every time there’s a software change.

    “I think what counties do exceptionally well is network with each other,” Ruiz said. “When crafting an AI policy, I would tell them to reach out to their peers because they’re probably tackling this the same way.”

    Cybersecurity Training

    Texas Government Code § 2054.5191 requires all county employees, elected officials and appointed officials to take a cybersecurity course that is certified by the Texas Department of Information Resources (DIR) – just like the one offered by TAC. Learn more about TAC’s DIR-certified cybersecurity course.

    FAQs

    What is Cybersecurity Awareness Month?
    Cybersecurity Awareness Month takes place every October, and it’s a way to spotlight the importance of staying safe online. During this month, organizations share helpful tips to fight phishing scams, ransomware attacks, and data breaches.

    How do I get cybersecurity training?
    Counties can get cybersecurity training through TAC’s DIR-certified course.

    Where can I get help with cybersecurity?
    TAC County Information Resources Agency (CIRA) has a wealth of cybersecurity information and tips on their resources page.

    Written by: Elissa Regulski
    Copyright © 2025 TAC Copyright Information