• Contact Us
  • Events calendar
Entering Swellesley
Pinnacle, Wellesley

The Swellesley Report

More than you really want to know about Wellesley, Mass.

  • Advertise
  • Wellesley Square
  • Deland, Gibson Insurance Athlete of the Week
  • Camp
  • Private schools, sponsored by Riverbend
  • Business index
  • Contribute
  • Eat
  • Schools
  • Top 10 things to do
  • Embracing diversity
  • Kids
  • About us
  • Events
  • Natick Report
  • Seniors
  • Letters to the editor
  • Guidelines for letters to the editor
  • Live government meetings
  • Raiders sports schedules & results
  • Fire & police scanner
  • 2023 Town Election
 
Needham Bank, Wellesley
Write Ahead, Wellesley

Wellesley strengthening its cybersecurity

November 30, 2022 by Bob Brown Leave a Comment

Following a recommendation from the town’s Audit Committee, Wellesley underwent a review and risk assessment of its data security protocols this past spring and summer in an effort to better protect its digital assets.

Town of Wellesley IT Director Brian DuPont recently summarized key findings and recommendations from the cybersecurity assessment with the Select Board (see Wellesley Media recording of the Nov. 7 Board meeting at about the 35-minute mark), and replied to our follow-up questions. The assessment, funded by a $50K authorization from Town Meeting, was conducted in partnership with a tech consultancy and integrator called GreenPages. The presentation gave me flashbacks to my days as a reporter and editor for Network World fighting the good fight vs. tech acronyms and jargon.

“While the IT department has routinely internally evaluated our security posture for many years, we welcomed this opportunity to take a closer look at our systems because (A), COVID radically changed our operating environment overnight and (B), the threat landscape has changed so dramatically over the last several years as well,” DuPont told the Board.

The 8-phase assessment examined everything from vulnerability testing to data retention and remote access security to social engineering (bad people trying to trick town employees into allowing unapproved access). Technical reports and a summary delivered by GreenPages for now are being closely guarded under public records law to keep the town’s IT systems safe.

(Note: This assessment focused on the town’s core data network for business and financial operations, not those of Wellesley Public Schools, the Police Department, or the library. )

The town rated well in some areas and could use improvement in others. Its perimeter defense—firewalls for blocking unauthorized access from outside and web filters to prevent employees from inadvertently clicking on potentially malicious URLs from inside—is strong.

However, Wellesley could stand to formalize its risk and vulnerability management approach, which has been over-reliant on its institutional knowledge at a time when even the most expert IT professionals can’t be expected to stay up on all the new threats. DuPont cites the Mass Cyber Center, regional conferences and events such as Massachusetts Digital Government Summit and  the Massachusetts Municipal Association Annual Meeting, and regular email conversations with counterparts in other communities as ways in which he stays current.

“A more sustainable approach to security requires an appropriate skill set either in-house or outsourced to deal with continuously changing threats,” DuPont said. The town already conducts regular phishing training and distributes cybersecurity reminders, but additional training will be needed when bringing staff on board and on a continuous basis, while IT security policies need to be better documented for current and future staff.

Maintaining certain standards is needed to qualify for and maintain cybersecurity liability insurance. To date, Wellesley’s hasn’t had to file a cybersecurity-related claim, DuPont said.

Wellesley also seeks to shore up its endpoint security, that is, safeguarding devices its employees use to protect against threats such as ransomware, where criminals seek compensation for allowing a target back into its own systems and files. This involves a combination of technologies, including threat monitoring services. (Wellesley suffered a ransomware attack in 2016, but thanks to good backup and other protocols did not pay ransom and was able to restore encrypted files.)

The town plans to boost its adoption of multi-factor authentication, which you may be familiar with as a requirement for something you know (like a password) and have (like a smartphone) before allowing access. Wellesley’s employees largely went remote during the pandemic, and their systems are protected using multi-factor authentication, but there are some challenges to address involving individuals uncomfortable with using personal devices to authenticate themselves.

Helping to make sure all of the above happens, the town is looking to fill a new cybersecurity administrator position, which replaces a long-vacant systems administrator position. The market for such talent is competitive.

The biggest immediate challenge for the IT department is its temporary relocation of the server room during the Town Hall’s interior renovation.

“I’m going to be perfectly honest with you here—we are going to be hard pressed to tackle any sort of larger scale initiatives here until probably at least the spring,” DuPont told the Select Board, terming the server room relocation as “the single most impactful project” in the department’s history.

None of this is going to be cheap. “The budget impact of these recommendations is significant,” DuPont told the Board. The IT department has a fiscal year ’23 operating budget of about $1.3M and the prospect of a new managed detection and response service that goes for some $50K a year, plus other rising software and service costs, is going to present new financial challenges in upcoming budgets. This holds true despite the existence of grant funding that should be available to cover at least some initial expenses.

The FY ’23 operating budget included a $41K line item for cybersecurity. Breaking the cost out is designed to help the town gauge its cybersecurity spending versus that of other organizations.

DuPont is a member of a state planning committee exploring development of a statewide cybersecurity plan and figuring out how some $3.2M in cybersecurity funds coming from the federal Infrastructure Investment and Jobs Act will be spent. So that should keep him very much in the loop about new grant opportunities as they arise.


  • Subscribe to Swellesley’s daily email
  • Please send tips, photos, ideas to theswellesleyreport@gmail.com
print

Filed Under: Government, Technology

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Linden Square, Wellesley
Riverbend, Natick

Tip us off…

Please send tips, photos, ideas to theswellesleyreport@gmail.com

 

Advertisements

Wellesley Square, Wellesley Merchants
Wellesley, Jesamondo
Beacon Hill Athletic Club, Wellesley
Fay School, Southborough
Sexton test prep
Feldman Law
Wellesley Theatre Project
Volvo
Cheesy Street Grill
Mature Caregivers
Admit Fit, Wellesley
  • Facebook
  • Instagram
  • Twitter
Never miss a post with our free daily Swellesley Report email
Name: 
Your email address:*
Please wait...
Please enter all required fields Click to hide
Correct invalid entries Click to hide

You can subscribe for free, though we appreciate any contribution that supports our independent journalism.

Click on Entering Natick sign to read our Natick Report

Entering Natick road sign

Most Read Posts

  • Letters-to-the-editor day in Wellesley—important election-time updates
  • Wellesley business buzz: Board business liaison phased out; Help ID top business leaders of color; Hospital taps new president
  • Business buzz: Nantucket wine bar to boast Wasik's cheeses; Needham Bank has new Wellesley branch manager; Thanks to new sponsor Beacon Hill Athletic Clubs
  • Wellesley Veterans Parade will be one big wonderful Tea Party
  • Does Wellesley need a new traffic light? Slow down before you drive to any conclusions

Upcoming Events

Jan 31
9:00 am - 11:00 am Recurring

Coffee and Conversation with the Wetlands Administrator and Staff

Jan 31
7:00 pm - 8:00 pm

Families Eat Together online presentation

Feb 1
11:59 pm

Deadline for Wellesley Hills Junior Women’s Club grants application

Feb 3
10:00 am - 6:00 pm

Sara Campbell winter warehouse sale

Feb 4
10:00 am - 6:00 pm

Sara Campbell winter warehouse sale

View Calendar

Popular pages

  • Wellesley’s 7 official scenic roads

Recent Comments

  • David B on Does Wellesley need a new traffic light? Slow down before you drive to any conclusions
  • LADY WELLESLEY on Wellesley police officer injured in crash at intersection of Grove and Benvenue
  • Peggy Heffernan on Wellesley police officer injured in crash at intersection of Grove and Benvenue
  • Beth Dublin on Wellesley police officer injured in crash at intersection of Grove and Benvenue
  • Erika on Where to buy the Wellesleyest stuff in Wellesley

Links we like

  • Danny's Place
  • Great Runs
  • Jack Sanford: Wellesley's Major League Baseball Star
  • Tech-Tamer
  • The Wellesley Wine Press
  • Universal Hub
  • Wellesley Sports Discussion Facebook Group

Categories

  • 2021 Town Election (24)
  • 2023 Town Election (2)
  • Animals (428)
  • Antiques (49)
  • Art (592)
  • Beyond Wellesley (52)
  • Books (376)
  • Business (1,557)
  • Camp (10)
  • Careers/jobs (53)
  • Churches (82)
  • Clubs (236)
  • Construction (300)
  • Dump (130)
  • Education (3,189)
    • Babson College (252)
    • Bates Elementary School (18)
    • Dana Hall School (36)
    • Fiske Elementary School (11)
    • Hardy Elementary School (47)
    • Hunnewell Elementary School (46)
    • MassBay (57)
    • Schofield Elementary School (26)
    • Sprague Elementary School (19)
    • St. John School (2)
    • Tenacre Country Day School (11)
    • Upham Elementary School (35)
    • Wellesley College (613)
    • Wellesley High School (996)
    • Wellesley Middle School (204)
  • Embracing diversity (84)
  • Entertainment (814)
  • Environment (772)
  • Fashion (144)
  • Finance (15)
  • Fire (173)
  • Food (358)
  • Fundraising (641)
  • Gardens (164)
  • Government (604)
    • 2020 Town Election (47)
    • 2022 Town Election (15)
  • Health (866)
    • COVID-19 (203)
  • Hikes (6)
  • History (400)
  • Holidays (440)
  • Houses (162)
  • Humor (47)
  • Kids (867)
  • Law (8)
  • Legal notices (10)
  • Letters to the Editor (71)
  • Media (72)
  • METCO (4)
  • Military (13)
  • Morses Pond (109)
  • Music (580)
  • Natick Report (30)
  • Neighbors (280)
  • Obituaries & remembrances (86)
  • Outdoors (655)
  • Parenting (63)
  • Police (778)
    • Crime (395)
  • Politics (554)
  • POPS Senior Profile (10)
  • RDF (6)
  • Real estate (344)
  • Religion (138)
  • Restaurants (340)
  • Safety (155)
  • Scouts (2)
  • Seniors (127)
  • Shopping (163)
  • Sponsored (6)
  • Sports (1,012)
    • Athlete of the Week (12)
  • STEM (108)
  • Technology (165)
  • Theatre (397)
  • Town Meeting (23)
  • Transportation (240)
  • Travel (17)
  • Uncategorized (1,244)
  • Volunteering (350)
  • Weather (179)
  • Wellesley Election 2019 (21)
  • Wellesley Free Library (280)
  • Wellesley Holiday Gift Guide (2)
  • Wellesley's Wonderful Weekend (20)

© 2023 The Swellesley Report
Site by Tech-Tamer · Login