‘Having Your Cybersecurity Antenna Up’: How Burlington’s Information Systems Security Advisory Committee Works to Combat Cyber Scares

October was Cybersecurity Awareness month, and Burlington’s Information Systems Security Advisory Committee (ISSAC) is here to remind town employees and residents to remain diligent about the potential cyber threats all around us.

A standing committee of the town, ISSAC’s mission is to ensure the town is prepared for any threats that may arise. Chair David Hughes said the committee is made up of town employees and of citizen representatives who all have a deep background within the cybersecurity field. Hughes himself has 25 years of experience working in cybersecurity and running cybersecurity companies, so he said the committee was a natural fit.

The committee has taken on objectives including writing and updating cybersecurity policies, Hughes said, and generally “increasing the focus on the areas that we believe need attention” to prepare the town in the case of future cyber attacks.

At the October 20 Select Board meeting, Hughes shared some updates and future plans that the committee has been working on. He emphasized that cybersecurity is not just IT’s responsibility at a company, but rather the responsibility of every individual on the staff.

Hughes also stressed the importance of Human Resources working to incorporate cybersecurity projects throughout their standard operating procedures – specifically in the onboarding and offboarding processes when working with and training new employees. 

“It’s very important that the town be vigilant with respect to cybersecurity best practices,” Hughes said. “But it’s not just the town, it’s every employee.”

Hughes said municipalities like Burlington are prime targets for cyber attacks. He named areas including Lowell, Arlington, Oak Bluffs on Martha’s Vineyard, and Littleton where attacks were extremely costly, shutting down computer systems, affecting utilities, and harming the town’s functionality. 

The primary role of the committee is advisory rather than “operational responsibility,” Hughes said, and while ISSAC has focused their efforts on helping town government, they also spend time educating Burlington residents on best practices for cyber security. 

“Digital criminals don't set boundaries. There's no group that is off limits. And that means citizens are frequent targets of customer support scams, banking scams, grandparent scams, disaster relief scams, you name it,” Hughes said.

Hughes said at the Burlington Civic Expo, the ISSAC table had handouts detailing the dos and don'ts to handling different types of cyber situations. He also said the committee has given a presentation at the Council On Aging, and they’ve worked with Burlington High School “to support their work on cybersecurity education for high school students.” He said they hope to have the opportunity to do this work again next year.

Now,  with technology being so prominent in our everyday lives, Hughes said it’s important that everyone has their “cybersecurity antenna up.” He said that maintaining a certain level of skepticism is vital with online activity, considering the different ways people can be targeted and potentially scammed.

“Never click on a link in an email that you weren’t expecting. Never click on a file that you weren’t expecting,” Hughes said. “Some of these basic hygiene guidelines are really important.”

Hughes also encourages residents to seek information and tips from trusted online organizations like Consumer Reports, to ensure their applications are up to date and they’re aware of any potential threats.

If he had one piece of advice to share, it would be to be vigilant of potential threats at all times. “In today’s world, given the sophistication of cyber criminals,” said Hughes, every month really needs to be Cybersecurity Awareness month.”