In today’s digital landscape, California’s Special Districts face a double challenge: making sure websites are accessible to everyone (per ADA standards) and defending against increasingly sophisticated cyber threats. With the rise of AI-powered attacks, taking a proactive, well-rounded approach is more critical than ever. Whether you’re managing a water treatment facility, managing fire response, or overseeing local parks, these essential tips will help you keep your district’s digital presence both compliant and secure.
1. Don’t Rely on Accessibility Widgets for ADA compliance
Where there is a widget, there is not always a way! Accessibility widgets often promise easy compliance but can leave your district exposed to legal action. Just last month, a district learned this the hard way after implementing a widget for thousands of dollars only to face a costly ADA lawsuit when the tool didn’t meet legal standards. The tiny district settled out of court for $5,000. Even the FTC just cracked down on that popular accessibility widget with a $1M fine for deceptive marketing practices! In 2023 alone, 33% of accessibility lawsuits specifically targeted websites using widgets, suggesting that these “quick fixes” are actually a liability, not a safeguard. The lesson? Widgets don’t defend you and are becoming a target.
Helpful Link: Make sure your accessibility plan doesn’t rely on widgets, and ideally get indemnification from your vendor for any issues
2. Develop a plan for accessible PDFs
One of the trickiest parts of meeting the compliance requirements is getting all those agendas, minutes, and reports to be compliant for users with disabilities. Even Adobe Acrobat’s “Accessibility” checker—quite frustratingly—doesn’t check against the WCAG 2.1 AA standard that is required by law. Fortunately, you don’t need to fix all your old PDFs unless they are specifically requested in an accessible format, thanks to a handy “Archived Content” provision, just your new documents.
Action Item: Consider free tools like PAC 2025 or the CommonLook PDF Validator to double check your PDFs against ADA standards
Workaround: For simple agendas or documents, you can load the PDF’s content onto a webpage, and have the PDF just for reference. By providing an “alternative format,” your district will meet the accessibility standard without having to fix issues with the PDF. Just make sure the alternative format is complete, so the person with the disability can have an equal experience!
3. Develop a Process for Handling Accessibility Requests — and don’t ask someone what their disability is!
Having a plan in place can save your district from legal issues. In one case that we witnessed, a district that had a defined response process avoided paying legal penalties entirely when an ADA complaint escalated. One mistake that well-meaning districts make is asking the person what kind of disability they have, which isn’t legal!
Action Item: Per AB 434 and California’s Unruh Act, make sure you have at least two ways to report an accessibility issue to your district, e.g. email, a form on your website, and/or telephone
4. Let your vendors know what the standard is
Do you have an accounting firm that provides audited financial statements that you post on your website? Do you have a billing software portal? Or an event registration microsite?
Action Item: Make sure you let your vendors know that you expect them to adhere to the law. Use the template at tinyurl.com/adavendorletter if you need ideas!
5. Implement Multi-Factor Authentication (MFA)
Cyberattacks targeting public entities are on the rise, and MFA is a simple yet effective way to protect critical systems. This simple and time tested technique—getting a text message confirmation, or using an authenticator code system—can thwart more than half of cyberattacks, according to cyberinsurance carriers. Yet, shockingly, less than half of SDA member districts who attended the last cybersecurity seminar last year had enabled MFA, which is free to enable in Office365 and Google Workspace. With more password breaches and AI-enhanced phishing becoming more common, enabling MFA on all accounts can stop unauthorized access before it starts.
Action Item: Make sure whoever manages your Office 365 or Google Workspace has set up Multi-Factor Authentication
6. Train Your Team to Spot AI-Driven Phishing Attempts
AI-generated phishing emails are becoming harder to detect, even for tech-savvy users. Regular training sessions can help your team recognize red flags and avoid falling victim to these scams. Regular cybersecurity training is essential to keeping staff informed about the latest phishing tactics. Implement interactive phishing simulations to test employees’ ability to recognize red flags, such as urgent language, unexpected attachments, or slight domain name variations in email addresses.
Pro Tip: Try a security service like Breach Secure Now or Bullphish ID to simulate phishing attacks to test your team’s awareness.
7. Secure Financial Processes
Cybercriminals often target financial transactions, making secure processes essential. Implement wire transfer confirmations and maintain separation of duties for approvals to prevent unauthorized transactions. We know districts that have lost money to this kind of fraud. To reduce risk, districts should require multiple people to approve financial transactions before processing them. For wire transfers, always verify requests with a direct phone call using a trusted number, rather than relying on email instructions.
Action Tip: Call YOUR number when confirming wire transfers, and make sure that one person initiates the transaction, and another approves.
8. Conduct Regular Network Security Audits
Vulnerabilities in SCADA or IoT systems can go unnoticed until it’s too late. Regular third-party security audits can identify weaknesses and help your district patch them before hackers exploit them. Vulnerabilities in these systems can go unnoticed for months or even years, leaving districts exposed to threats like ransomware, unauthorized remote access, or service disruptions.
Action Item: Consult trusted cybersecurity firms for annual audits, especially if you provide utility services
9. Apply for Cybersecurity Grants and Partner With an MSP
Budget concerns shouldn’t prevent you from improving your cybersecurity posture. Programs like the State and Local Cybersecurity Grant Program (SLCGP) can provide funding for essential upgrades. Additionally, partnering with a Managed Service Provider (MSP) ensures continuous monitoring and protection. MSPs can offer customizable security packages tailored to the specific needs of special districts.
10. Keep learning!
Staying safe online requires a dual approach: addressing both ADA compliance and cybersecurity risks. By following these 10 steps—from choosing the right website provider to training staff and securing financial processes—California Special Districts can protect their operations, avoid costly lawsuits, and safeguard the services they provide to their communities.
For a full cybersecurity checklist from the National Association of Special Districts, visit tinyurl.com/nsdacyber
For a full ADA checklist, see tinyurl.com/caadachecklist
Stay compliant. Stay secure. Stay ahead!
#FeatureNews