Technology plays a vital role in the lives of Massachusetts municipalities and citizens, and it has only become more critical since the onset of the COVID-19 pandemic. Services once considered “nice to have” have become required, as people have moved to working and attending school from home and technologies like virtual meeting applications have become mainstream.

The changing role of technology has created larger threats to the information we need to live and work. That has led to an increased focus on cybersecurity and a growing need to actively protect and defend the networks and systems that hold that information.

Cyber adversaries have increased the volume of attacks, taking advantage of a crisis to find new ways to exploit information systems. Recent attacks on major hospitals, universities and public agencies underscore the point that there has never been a greater need for people to be aware of cybersecurity.

Municipalities and school systems are among the most vulnerable organizations during this pandemic, facing cyber threats while trying to maintain “business as usual,” often while working remotely and without the usual day-to-day support.

Minimum Baseline of Cybersecurity
The MassCyberCenter and the Cyber Resilient Massachusetts Working Group have been working on cybersecurity initiatives aimed at bolstering municipal cybersecurity and resiliency. In order to help municipalities address the growing cybersecurity risks, the Working Group recently released a Minimum Baseline of Cybersecurity for Municipalities guide, part of the Cyber Center’s Municipal Toolkit.

The purpose of defining a “minimum baseline” – the lowest level of cybersecurity municipalities should achieve – is to encourage municipalities to improve their ability to protect and defend themselves from a cyberattack, inspire collaboration, and strengthen cybersecurity resilience across Massachusetts. These basics can be done fairly inexpensively, but require an investment of time from municipal employees.

The Minimum Baseline is made up of four goals:
1. Trained and Cyber-secure Employees – to reduce risk of cybersecurity incident by improving the training and awareness of system users.
2. Improved Threat Sharing – for a faster response to threats and improved regional awareness and resilience.
3. Cyber Incident Response Planning – to create an effective strategy to respond to incidents and to strengthen municipal defenses against incidents.
4. Secure Technology Environment and Best Practices – to reduce the threat of cybersecurity incidents and minimize incident impacts.

Each goal includes a description of how to attain the goal and associated resources that provide tools and information to help municipalities along the way.

Annual Meeting workshop
The Minimum Baseline of Cybersecurity and how to protect your municipality will be the focus of a workshop during the MMA Annual Meeting & Trade Show on Jan. 21, from 12:30 to 1:15 p.m.

“Setting and Achieving Cybersecurity Goals for Your Community” will be moderated by MassCyberCenter Director Stephanie Helm and will feature four panelists:
• Sam Curry, Chief Security Officer, Cybereason
• Michael Kar, cybersecurity attorney, Wilson Elser Moskowitz Edelman & Dicker LLP
• Meg Speranza, Resiliency Program Manager, MassCyberCenter
• Mike Steben, Chief Information Officer, City of Pittsfield

The workshop, presented by the Massachusetts Interlocal Insurance Association (MIIA), will provide an overview of current cyber threats, tools available to help municipalities strengthen their cybersecurity posture, and examples of how municipalities are using the tools and creating a cybersecurity culture. Information about services available to those insured through the MIIA program, specifically around how services fit into a community’s Cyber Incident Response Plan, will also be provided. Time will be set aside at the end of the program for questions.

Written by Meg Speranza, Resiliency Program Manager at the MassCyberCenter. For more about the MassCyberCenter, visit