IT vendors and the county’s insurance advisor briefed the board on recent cybersecurity recommendations, urging staff training, server upgrades and tighter email handling to reduce the county’s exposure.

Myron Blunt of Compass Insurance reported on the county’s medical‑loss‑ratio metric and then turned to IT security, noting the recommendation for a 24/7 monitored Endpoint Detection and Response (EDR) service. An area‑wide IT representative described the EDR service as a “24/7 monitored solution that if a threat enters your network, the … security operations center intercepts it no matter what time of day … and they shut that machine, isolate it from other machines on the network so that doesn’t crawl and strip out your network.” The vendor said the board had previously approved EDR and that deployment was pending communication to county staff.

Participants also raised an important training recommendation: purchasing and properly configuring KnowBe4 (an end‑user phishing awareness platform). The vendor described KnowBe4 as “an education tool that sends out essentially fake emails … and it gives you training. Once you buy the licenses for a year you can run these tests … and it educates your end users.” County staff said they would check whether the county already owned a license and, if so, ensure the program was configured to run regular simulated phishing emails and training follow‑ups.

Several speakers noted a technical complication: the county’s Mimecast email gateway rewrites or masks URLs in incoming messages, which prevents employees and administrators from seeing the original training URLs during simulations. The vendor recommended whitelisting KnowBe4 URLs in Mimecast so that simulated phishing links and education pages display correctly during tests.

The IT vendor also flagged an out‑of‑support server: the county’s domain controller was still running Windows Server 2012 R2, which Microsoft no longer supports. “You’re not getting security updates on those and it’s a major weakness … and we need to upgrade those to newer operating systems,” the vendor said.

No new appropriation was approved at the meeting; board members and staff agreed to confirm existing licenses, whitelist training URLs in the mail gateway, and proceed with planned EDR deployment and operating‑system upgrades under previously authorized procurement steps. The vendor said it would provide a follow‑up to show where licenses exist and what additional costs (if any) would be required.