Local government is a preferred target of cyber criminals due to the sensitive information they possess on citizens. Attacks on local government continue to rise at an alarming rate. In the GCIT Strategic Plan, IT Security is number one of the six key tenets for moving forward. The protection of County assets and data will always be a primary focus. This is a shared responsibility for all County IT system users. A majority of cyber security related incidents are caused unintentionally by employees falling victim to phishing attacks. Educating employees to become aware of these methods is the best way to mitigate the malicious attempts to compromise government systems and data. With approval from the Genesee County Board of Commissioners, annual IT Security Awareness Training is now mandated for all County IT system users. This will ensure that they have the basic knowledge to utilize the systems safely and help identify suspicious activity. We live in a connected world. Cell phones, tablets, computers, and smart devices connect people to information but also provide connection to cyber criminals. Understanding that this affects our citizens, Genesee County Information Technology partnered with Wizer to become the first County in the Country to deliver commercially developed IT security awareness training to our citizens for free. We are still featured on the Wizer website. Our team has invested heavily in security technologies and developed processes to help ensure the protection of Genesee County data and assets that all combine to form a layered security approach. This approach places an emphasis on visibility with automated notification and response. Highlights in this area include: The selection and implementation of a malware detection and detonation tool that protected this County from multiple potential attacks. This tool has provided the alerting and visibility to allow our team to identify and mitigate an attack in under 15 minutes. The replacement of outdated firewalls with leading edge technology A significant upgrade in our Anti-Virus software with automated updates, off site reporting, and isolated scanning to mitigate inherent security risks The installation of a new backup and recovery system with multiple levels of data protection including a fail-over location Scheduled system patching to ensure all software remains on secure and supportable levels Implementation of Multi-factor Authentication for all remote, administrative and compliance related accounts Implementation of encryption for all end user computers Increased website security including web application firewalls Implemented File Integrity Monitoring for data leakage and threat hunting Provide Network Access Policy Monitoring capabilities to serve as a compliance tool along with increasing internal network security These modifications have greatly improved the Counties security posture while remaining in budget compliance.