The city recently learned it was awarded the grant from the state Department of Homeland Security it will use to purchase a new email system and computer software.
The new email system “will significantly improve the city’s IT security and reliability, as well as ensuring that these two major software products are kept up to date with protection against the latest security threats,” according to a memo by City Manager Rick Finn.
City Council members got an update about the grant and the improvements on Monday night.
“This is something we’ve been working on for some time,” Mayor Joseph M. Butler Jr. said. “This is good to see.”
The grant will pay about 95 percent of its cost of the first year of the program, Mr. Finn said Monday.
In December 2017, the state’s comptroller’s office strongly criticized the city for not adequately safeguarding sensitive employee and financial information in its computer system.
The comptroller’s office conducted audits in 2015 and 2017 that determined the city did not have cybersecurity policies and procedures in place for “granting, revoking, modifying and monitoring” access rights to the city’s information technology network and financial system.
During budget deliberations last spring, council members discussed how to solve problems with the city’s obsolete email system after it went down for several days.
The state grant should solve those problems, IT manager David Wurzburg said.
The agreement for the grant must be signed by the city before work on the new email system begins.
“We can start moving on it at that point,” Mr. Finn said.
Mr. Wurzburg said that he will work with the city’s purchasing department to find a vendor to install the new equipment.
According to the comptroller’s report, the council did not adopt “adequate information technology security policies and city officials do not have formal procedures to address disaster recovery, disposal of electronic devices, data backup and password security management.”
The issues include procedures involving when the system goes down, ensuring sensitive information cannot be accessed when devices are disposed of and employees knowing how to adequately protect their passwords.
Many of the policies and procedures were already in place but not written down, city officials explained then.
The city had to submit a corrective action plan to the comptroller’s office to explain how the cybersecurity issues were going to be corrected.
Last spring, Mr. Wurzburg suggested spending as much as $90,000 to purchase a “cloud” system to handle the city’s 347 email accounts.
©2019 Watertown Daily Times (Watertown, N.Y.). Distributed by Tribune Content Agency, LLC.
