IT staff updated the commission Aug. 6 on an IT modernization plan that includes completing Windows 11 upgrades, implementing multifactor authentication (MFA) and adopting a suite of draft cybersecurity policies.

An IT presenter said the county is on schedule for the Windows 11 transition and had two remaining desktop machines outside the sheriff's office needing replacement. He warned that Microsoft will end Windows 10 support on Oct. 1 and urged readiness. On MFA, staff recommended an app-based approach over small hardware tokens (YubiKey-style devices) because hardware tokens are easily lost and more expensive; the presenter said app-based MFA is free, more user-friendly and has adequate connectivity within county buildings.

IT also submitted 22 draft policies (roughly 120 pages total) covering acceptable use, auditing, incident response and related topics. The presenter said most text was adapted from state cybersecurity guidance and that documentation is required by the county's cyber insurance carrier: insurers will ask for evidence of policies and mitigations if the county seeks a claim after a cyber incident. "If we do have a cyber attack and we're gonna engage our cyber insurance carrier, the first thing they're gonna ask for is this stuff," the IT presenter said.

Commissioners asked which policies should be incorporated into the employee handbook and which should remain administrative. The presenter recommended staff identify handbook-appropriate items (for example, acceptable use) and treat the rest as policy. Commissioners agreed to review the drafts and return comments to IT staff.

Why it matters: The Windows 11 deadline, MFA rollout and formalized cybersecurity policies are steps to reduce cyber-risk, comply with insurers, and secure county operations.

Follow-up: Staff will return with suggested handbook items, an implementation plan for MFA, and a redlined policy package after commissioners review the drafts.