Shane McDaniel, CIO of Seguin, Texas, is preventing phishing with better email security.

Sep 22 2023

State and Local Agencies Increase Email Security with Anti-Phishing Applications

Administrators are using a mix of tools and training to detect, stop and contain delivery of malware to employee inboxes.

When Shane McDaniel, the CIO of Seguin, Texas, walks out to his truck after work, it’s not uncommon for someone in the parking lot to shout: “Nice try, Shane — I didn’t click on it!”

McDaniel’s colleagues are referring to the simulated phishing emails that his department periodically sends out, one of a number of efforts the city is taking to beat back the social engineering cyberthreat. In 2022, Seguin saw 1,501 direct phishing attempts — a 240 percent increase from the previous year — with many aimed at employees’ payroll data.

Seguin uses software from KnowBe4 to launch the simulated phishing attacks, as well as tools from Mimecast to block suspicious links.

Lena Geraghty, director of sustainability and innovation for the National League of Cities, says that government agencies should build out training programs, conduct vulnerability assessments and ensure they have a .gov website domain to protect themselves (and their employees) against phishing.

“While cyberattacks are increasing across the board, local governments are particularly at risk because of their role as stewards of public data and infrastructure,” she says.

Click the banner to learn how your agency can increase its ransomware recovery capability.

How Seguin Leaders are Working to Better Tackle Phishing

Several years ago, McDaniel was in search of new cybersecurity tools to help the city manage its “uncontrolled” email environment. “We did not have any specific losses related to phishing, but it was only a matter of time,” he says.

The city opted for Mimecast solutions, including the Internal Email Protect tool, to better provide the sort of perimeterless protection that McDaniel notes is needed to combat modern cyberthreats.

Almost immediately, he says, city employees noticed a drop in unsolicited junk emails from spammers and scammers. The tool blocks about 20 to 25 percent of the roughly 1 million emails to city employees each year. It also sandboxes traffic resulting from links contained in emails, opening them outside of the city’s environment and preventing any malicious software from infecting Seguin’s network.

McDaniel stresses the danger of phishing during orientation for new hires, explaining that many of the attacks are aimed at stealing money directly from their personal finances.

“We’re only as strong as our weakest link,” he says. “I want our employees to be comfortable enough that if they see something that doesn’t look right, they’ll say something — shoot me an email, call me on my personal cell. We’re all one big team, and we need to rely on everybody.”

Source:, “Phishing attacks aimed at government personnel up 30% in 2021,” Nov. 2, 2022

How to Better Defend Against Phishing

Tyler McKenzie, security and infrastructure administrator for Mohave County in Arizona, says phishing has become a “huge problem” for the county.

“Early on, it was easy to spot a fake email,” he says. “They had fake names in the signature and wrong logos. These days, phishing is highly targeted.”

To combat the threat, Mohave County adopted Barracuda Impersonation Protection and increased use of its Microsoft 365 security features. The moves coincided with the county’s migration from on-premises to hosted email.

“We felt at that time we were giving up some control, so we needed the extra peace of mind,” says Stephen Smart, the county’s security and infrastructure manager. “We decided on Barracuda after testing and ensuring the product met our needs.”

Barracuda Impersonation Protection blocks up to 4,000 suspicious emails per month for the county. In January, the tool’s Incident Response module allowed the county to pull back a batch of more than 7,000 phishing emails that were sent to elected officials. This enabled the county to focus its efforts on assisting the few users who did click malicious links before the emails were pulled.

“We limit our attack surface by identifying and pulling back malicious emails to stop any more users from clicking, raise awareness by sending out a warning email to the affected users, and then implement rules and continuous remediation to stop further emails from coming in with just a few clicks,” McKenzie says.

In the near future, the county will focus on training users to identify increasingly sophisticated phishing attempts, says Samantha Rule, security and infrastructure administrator for the county. “Now that artificial intelligence has matured, those classic indicators like bad grammar and spelling issues will generally not be present,” she says. “Training our end users to spot and treat the limited bad emails that do make it through as such will be the next challenge.”

Photography by Robert Seale

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT