AGENDA CAPTION:
Title
Consider approval of Resolution 2026-93R, approving a contract with Freeit Data Solutions Inc., through the Texas Department of Information Resources, for the purchase of licensing and maintenance services for an email security software solution with an initial one-year term in the amount of $53,056.31 and up to four additional one-year renewals with price increases each year for a total amount of $394,823.83; authorizing the City Manager, or her designee, to execute the contract and any renewals on behalf of the city; and declaring an effective date.
Body
Meeting date: June 16, 2026
Department: Information Technology Department - Mike Sturm, Director
Amount & Source of Funding
Funds Required: $53,056.31 - FY26, 5-year contract amount $394,823.83
Account or Project Number (C = CIP funds): 30131280-52397
Funds Available: Yes
Account Name: ISF - Software as a Service
Fiscal Note:
Prior Council Action: N/A
City Council Strategic Initiative: [Please select from the dropdown menu below]
Choose an item.
Public Safety, Core Services & Fiscal Excellence
Choose an item.
Comprehensive Plan Element (s): [Please select the Plan element(s) and Goal # from dropdown menu below]
☐ Arts and Culture - Choose an item.
☐ Economic Development - Choose an item.
☐ Environment & Resource Protection - Choose an item.
☐ Housing + Neighborhoods - Choose an item.
☐ Land Use + Community Design and Character - Choose an item.
☐ Parks & Public Spaces + Health, Safety & Wellness - Choose an item.
☐ Transportation - Choose an item.
☒ Core Services
☐ Not Applicable
Master Plan: [Please select the corresponding Master Plan from the dropdown menu below (if applicable)]
Choose an item.
Background Information:
Email Security Executive Summary - Last 12 Months
Overview Over the past year, the City of San Marcos’ email security program processed high volumes of mail while effectively intercepting malicious and unwanted content, reducing risk of financial fraud and data loss. Simulated phishing exercises highlight continued user-focused risk that is being actively managed.
Which Key Protections are in Place
• Impersonation protection is enabled to stop threat actors spoofing names and addresses of key city officials-particularly targeting Finance and Human Resources to redirect payments.
• The system detects and blocks malicious attachments and web links (URLs).
• Data Loss Prevention (DLP) analyzes email content to reduce the risk of sensitive information leaving the organization.
Volume & Filtering Performance
• Inbound mail: 4.8 million messages; 0.9 million (18%) rejected by security controls.
o Rejections spanned 13 categories, with over half attributed to automatic blocking of known malicious websites, anti-spoofing (fake identity), virus detection, and spam.
o Net delivered inbound volume: ~3.9 million messages.
• Outbound mail: 1.0 million messages sent.
• Internal mail: 5.0 million employee-to-employee messages.
Simulated Phishing Exercises
• Monthly campaigns to a random cohort of 180 employees:
o Opens: 8 per month on average → ~4.4% open rate (8/180).
o Credential submissions: 2.7 per month on average → ~1.5% submission rate (2.7/180).
o Annualized impact (if real attacks): ~96 opens and ~32 credential disclosures.
• These metrics indicate progress yet underscore the need for continued awareness training and technical safeguards to reduce credential-harvest risk.
Risk & Impact
• Controls prevented ~900,000 malicious or unwanted inbound emails, materially decreasing exposure to financial fraud, malware, and data exfiltration.
• Without the email security system, the City would be significantly more vulnerable to email-based financial attacks (e.g., payment redirection) and other compromises.
Key Takeaways
1. Security filtering is performing strongly at scale, with effective rejection across major threat categories.
2. Phishing simulations show low but non-trivial user susceptibility; credential-harvest remains the primary user-driven risk.
3. Current controls (impersonation protection, attachment/URL blocking, DLP) are essential to maintaining the city’s security posture.
This purchase will continue a pre-existing service from FreeIt Data Solutions, Inc., on the Texas Department of Information Resources cooperative contract #DIR-CPO-4863 related to their email security software which is utilized by the Information Technology Department. The City is authorized to utilize cooperative purchasing programs, including the Texas Department of Information Resources program, by Local Government Code, Chapter 271. This new City contract will be for a five-year term in a total contract amount of $394,823.83. Payments will be made annually in the amount of $53,056.31 in FY26, with budgetary estimates for subsequent years in the amount of $63,667.57 in FY27, $76,401.09 in FY28, $91,681.30 in FY29, and $110,017.56 in FY30.
Council Committee, Board/Commission Action:
Click or tap here to enter text.
Alternatives:
Click or tap here to enter text.
Recommendation:
Staff recommends the procurement award of these services to FreeIT Data Solutions Inc, for a five-year term in the total contract amount of $394,823.83; that will include an email security software that aids in data breach prevention by blocking malicious emails, attachments, and links before they can reach users and potentially compromise systems. Together, these capabilities reduce the likelihood of unauthorized access, data leakage, and costly security incidents.