Board looks to create online security policy


BRANDON — A plan was made to draft a cyber-security policy at the Brandon Selectboard meeting on Oct. 28. The town does not currently have a policy in place regarding cyber security.

“I attended a webinar recently that really heightened my awareness as for the need for cyber security,” Selectman Tim Guiles said. “Since then I talked with people around the town offices about how they use their computers and what they would do if there was an issue and I feel that there are three ways of looking at the problem.”

One way to decrease the risk to the town without costing anything, according to Guiles, would be simple training.

“We need to make sure that anyone using a computer knows basic computer hygiene,” Guiles, who has a background in computer programming, said. “It sounds simple, but the scams and viruses change enough that it really is necessary.”

Another issue is that beginning on Jan. 17 of 2020, Microsoft will no longer be supporting versions of Windows prior to Windows 10.

“That’s important because that is how the virus protection is updated,” he said. “There are a couple of computers that I saw around that have Window 7 on them.”

The last step of Guiles’ plan would likely be the most costly.

“We could also look into creating a network administrator position,” he said. “That would be someone who would come in to make sure there were systems and everything was in place.”

Worrying about cyber security in such a beautiful, quaint town may seem like paranoia to some, but Brandon has already suffered a ransomware attack two years ago and hackers often target places like this.

Ransomware is a form of malware, or virus, that infects the victim’s data files. The attacker then demands a ransom to restore access to the data. The most common way of contracting ransomware is through phishing spam emails.

“Small towns are the biggest targets,” said Town Manager Dave Atherton. “Hackers consider them the most vulnerable.”

In the previous attack, Atherton said the town did not suffer any financial loss, but the town clerk did lose several months of work product that was fortunately backed up by hard copies.

“There are two differing views on this, one is to lockdown everything, almost going back to the floppy disk where all data is offline and safe,” Guiles said. “The other is to make everything as accessible as possible to promote openness and freedom of information.”

“I think we need to find a balance with the necessity of protecting ourselves from harm and being as open as possible with the public records,” he continued.

There are no cyber security policies available to use as a guide with the Vermont League of Cities and Towns, the board’s usual go-to for policy guidance, because there simply are not that many out there in place. The board agreed to have Guiles, board chair Seth Hopkins and Atherton create a policy for cyber security.

Other business conducted included appointing Barry Varian and Cindy Bell as budget committee members to work with the board to create the town budget for the next fiscal year.

Share this story:
Back to Top