4.
City Council Work Session
- Meeting Date:
- 04/06/2026
- TITLE
- Cybersecurity Awareness
- PRESENTED BY:
- Jeff Sprock
- Department:
- Information Technology
Presentation:
Yes
Legal Review:
No
Project Number:
N/A
RECOMMENDATION
No formal action is requested. This item is for informational purposes only.
EXECUTIVE SUMMARY
City Council members are increasingly targeted by cybercriminals due to their public visibility, decision-making authority, and access to City systems and communications. Cyber incidents in municipal government are most often initiated through phishing, credential compromise, or social engineering rather than technical system failures.
This item provides a concise overview of the threat environment in which the Council operates, including how attacks occur, why elected officials are specifically targeted, and what simple actions can reduce risk.
The session will also introduce the City’s cybersecurity awareness program, including what Council can expect from training and simulated phishing exercises through KnowBe4. The intent is to improve awareness and reinforce safe practices in a way that is practical and respectful of the Council’s role.
This approach aligns with guidance from the City’s cybersecurity insurance provider and recommendations from the City’s recent cybersecurity assessment, both of which emphasize the importance of user awareness across all individuals with access to organizational systems.
This item provides a concise overview of the threat environment in which the Council operates, including how attacks occur, why elected officials are specifically targeted, and what simple actions can reduce risk.
The session will also introduce the City’s cybersecurity awareness program, including what Council can expect from training and simulated phishing exercises through KnowBe4. The intent is to improve awareness and reinforce safe practices in a way that is practical and respectful of the Council’s role.
This approach aligns with guidance from the City’s cybersecurity insurance provider and recommendations from the City’s recent cybersecurity assessment, both of which emphasize the importance of user awareness across all individuals with access to organizational systems.
BACKGROUND (Consistency with Adopted Plans and Policies, if applicable)
Cyber threats against local governments continue to increase, with municipalities among the most frequently targeted organizations in the public sector. The most common attack methods include phishing emails, credential theft, and social engineering tactics that rely on trust and urgency rather than technical exploitation.
Elected officials are specifically targeted because:
-Their names, roles, and email addresses are publicly available.
-Their communications carry authority and are more likely to be trusted by staff.
-Their usage patterns often involve mobile and remote access, including personal devices.
If an elected official’s account is compromised, it can be used to send legitimate-looking requests to staff, potentially resulting in financial loss, data exposure, or unauthorized access to City systems.
The City has implemented cybersecurity awareness practices for staff and is expanding those efforts to include elected officials. This work session is intended as an initial step to provide context, increase awareness, and introduce what ongoing training will look like. No policy changes are being proposed at this time.
Elected officials are specifically targeted because:
-Their names, roles, and email addresses are publicly available.
-Their communications carry authority and are more likely to be trusted by staff.
-Their usage patterns often involve mobile and remote access, including personal devices.
If an elected official’s account is compromised, it can be used to send legitimate-looking requests to staff, potentially resulting in financial loss, data exposure, or unauthorized access to City systems.
The City has implemented cybersecurity awareness practices for staff and is expanding those efforts to include elected officials. This work session is intended as an initial step to provide context, increase awareness, and introduce what ongoing training will look like. No policy changes are being proposed at this time.
FISCAL EFFECTS
There is no significant fiscal impact associated with this work session item.
The City has already procured a cybersecurity awareness training platform for staff.
The City has already procured a cybersecurity awareness training platform for staff.
STAKEHOLDERS
ALTERNATIVES
N/A