JASON SETNYK
Cornwall City Council has endorsed an updated Cybersecurity Awareness and Training Policy which aims to strengthen the City’s defence against modern cyber threats by reinforcing training requirements and system access controls.
The Information Technology and Telecommunications (ITT) department emphasized that updating the policy is no longer optional but a “critical necessity” as municipalities are increasingly targeted by phishing, ransomware, and AI-driven attacks.
“A single click on a malicious link can disrupt operations, compromise public trust, and incur significant financial and reputational damage,” the report stated. The newly endorsed policy introduces a more proactive and adaptive approach. Notably, monthly micro-trainings (under 5 minutes) will replace quarterly refreshers to ensure continuous learning. These topical updates will be tailored to current events, such as heightened risk during the holiday season.
New employees are now required to complete a 90-minute cybersecurity onboarding course within one week of account creation. Failure to complete training results in restricted internet access, limited to the training portal and email, until compliance is achieved. Similar restrictions apply for employees who fail to complete monthly refreshers or who fall for simulated phishing attempts.
Employees who click on simulated phishing emails must complete remedial training. Repeat offenders (second click) face more intensive modules, while a third infraction within 12 months triggers a mandatory meeting with IT security staff and a customized awareness development plan. Further violations may result in permanent suspension of internet access.
The policy also extends expectations to contractors, vendors, and elected officials. Members of Council are required to attend an annual in-person cybersecurity refresher to retain system access.
L’article Updated cybersecurity “a critical necessity” est apparu en premier sur Cornwall Seaway News.
