Citizen Portal
Sign In

Waukesha IT board approves three cybersecurity policies and renews AT&T phone contract

3221425 · April 2, 2025

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

At its April 2 meeting the Waukesha City Information Technology Board approved new acceptable-use, security-awareness and malware-defense policies and voted to renew an AT&T phone-services contract intended to address recurring nonemergency call issues.

The Waukesha City Information Technology Board on April 2 approved three IT policies — an acceptable-use policy, a security awareness training policy and a malware defense policy — and voted to renew the city’s AT&T phone-services contract to move certain nonemergency phone lines onto a new circuit.

Board members unanimously approved the acceptable-use policy, which the staff said consolidates existing rules about employee use of city-owned devices and clarifies responsibilities for end users and IT. The board also unanimously approved a new one-page security awareness training policy requiring regular training for users, and a malware defense policy that will supersede the city’s older antivirus policy.

The policies were presented by city IT staff as part of a broader effort to map the city’s policies to the Center for Internet Security (CIS) critical controls and to reduce overlapping language across policies driven by PCI, CJIS and insurance requirements. Staff said the acceptable-use policy will be part of an end-user handbook and that the city is switching its enterprise password-management tool from LastPass to 1Password. The security awareness training policy formalizes existing quarterly training provided through the KnowBe4 platform; managers receive compliance notices and are expected to follow up with staff who do not complete training. The malware defense policy modernizes terminology (replacing “antivirus” with “malware defense”), notes the use of Microsoft Defender and Intune for endpoint controls, and will supersede the older antivirus policy once adopted.

On telecommunications, the board also unanimously approved renewing the AT&T contract for phone services. City staff said the renewal adds a third circuit routed to the police department and moves certain nonemergency numbers off an older copper/PRI arrangement that had required a Mitel intermediary to connect into the Intrado/9-1-1 phone system. Staff and police department representatives told the board the change aims to reduce recurring stability and interoperability problems affecting outbound and transferred nonemergency calls by routing those numbers over fiber directly into the dispatch phone system. The presentation said adding the third circuit will increase that line’s monthly cost by about $400 but that the overall per-circuit costs for the city’s telephony setup will decrease; staff said the city will absorb the line in IT’s phone budget (account 1916) and continue internal chargebacks to departments.

Votes at a glance

- IT acceptable-use policy — Motion to approve by McElderry; seconded by Hansen. Roll call recorded: Paul (yes), Bob (yes), Sean (yes), Dan (yes), Frank (yes), Brian (yes). Outcome: approved unanimously. Note: staff described the policy as a new consolidated acceptable-use document that will be maintained with a matching end-user handbook and may lead to a redline of HRB-20 to remove duplicated material.

- Security awareness training policy — Motion to approve by McElderry; seconded by Corcoran. Roll call recorded: Paul (yes), Bob (yes), Sean (yes), Dan (yes), Frank (yes), Ryan (yes). Outcome: approved unanimously. Note: the policy formalizes quarterly training delivered via KnowBe4; managers will receive compliance notices and handle enforcement.

- Malware defense policy (supersedes antivirus policy) — Motion to approve (mover noted in transcript); seconded (noted in transcript). Roll call recorded: Paul (yes), Bob (yes), Sean (yes), Frank (yes), Ryan (yes). Outcome: approved unanimously. Note: policy updates terminology, documents responsibilities for IT and users, and will supersede the prior antivirus policy.

- AT&T phone-services contract renewal — Motion to renew by Bruder; seconded by Hansen. Roll call recorded: Paul (yes), Bob (yes), Sean (yes), Frank (yes), Ryan (yes). Outcome: approved unanimously. Note: staff said the renewal adds a third circuit, routes nonemergency numbers into the Intrado/dispatch system over fiber (eliminating the Mitel middleman), and is expected to reduce recurring stability problems for nonemergency call transfers. Staff said the monthly cost change for the added circuit is “about $400,” and that the phone budget will likely be consolidated into IT account 1916 with internal chargebacks to departments.

Board members asked several clarifying questions during discussion, including how enforcement of user training would work (managers receive notifications), how the malware defense policy interacts with cloud protections (Microsoft Defender, Intune, and firewall controls were described), and whether the AT&T fiber circuit will create a measurable improvement for dispatch operations; staff said AT&T and Mitel have committed to the change and that the new arrangement eliminates a known point of failure. Several board members asked staff to follow up if any remaining issues emerge after implementation and to return the item to the board if changes are required.

The actions conclude the board’s business for the evening. The board also noted that Alderman Frank McElderry was attending his last meeting and thanked him for his service.