Bonner County technology director urges residents to use multifactor authentication, password managers after local data compromises

Jacob Storms, Bonner County technology director, told a Friday night meeting that residents and small businesses should adopt basic cyber-hygiene measures — including multifactor authentication, stronger passwords and regular backups — after citing recent local incidents that exposed personal and organizational data.

Storms opened by noting a recent compromise involving the Lake Pend Oreille School District and earlier ransomware activity that affected Schweitzer Mountain, and he warned that those incidents show how quickly cyberattacks can disrupt services and expose customer information. "Cybersecurity in itself is essential for safeguarding your friends, family, and community," he said.

Storms said common threats include phishing, malware and ransomware, and he described simple, verifiable steps people can take. He recommended using multifactor authentication (MFA) when available, keeping operating systems and software up to date, and using long, unique passphrases rather than reusing short passwords. "If you don't know who it is, delete it," he said of suspicious emails.

He described password managers as a practical way to store long, unique passwords and gave Bitwarden, LastPass and 1Password as commonly used options; he also mentioned KeePass as an alternative that is locally stored rather than cloud-based. Storms cautioned that cloud password services have security white papers and policies users should read before trusting them with credentials, and he noted that LastPass has suffered a public compromise in the past.

Storms advised residents to enable device encryption on laptops and phones and explained how BitLocker and the Trusted Platform Module (TPM) work on Windows devices. He warned that losing a BitLocker recovery key can render data inaccessible: "If you lose that key ... your data's gone," he said, and urged people to record and secure recovery information before enabling encryption.

On email authentication, Storms walked through how to view message headers and check SPF, DKIM and DMARC results. He told the audience that seeing SPF, DKIM and DMARC pass is a strong sign the sender is authentic, while failures or mismatched domains are red flags for spoofing or phishing. He suggested tools such as MXToolbox and Google’s message header analyzer and urged people to use haveibeenpwned (often cited as haveIbeenowned) or pentester-type services to see whether an address has appeared in known breaches.

Storms also covered local and sector impacts. He cited published FBI/IC3 figures and state reporting cited in 2023 that placed Idaho’s reported cybercrime losses at roughly $50.6 million for the year and noted that those losses amounted to about $26 per Idaho resident in that reporting. He also described an example — Schweitzer Mountain’s ransomware incident — where point-of-sale systems were disabled, forcing staff to accept cash while recovery proceeded.

Audience members added resources and local context during a question-and-answer session. One commenter suggested Experian and other credit-monitoring resources for tracking fraud and the opening of accounts; another mentioned the pentester and haveibeenpwned services for checking breached credentials.

Storms closed by encouraging reporting of incidents to local law enforcement and national complaint portals and by offering to provide attendees with a PDF of his resource links. No formal action, vote or county policy change was proposed or adopted at the meeting.