CitySmart Blog

Thursday, July 28, 2016
Nathan Eisner, COO

Nathan EisnerYou most likely have city employees who work at departmental sites that are separate from your office building. At the very least, they check emails on their smartphones. Are you finding it difficult to support employees who work across separate sites? Could it be that your IT staff or vendor hasn’t kept up with the pace of technology?

Department heads and staff at these remote sites grow frustrated because their technology is essentially broken—and responses to technical issues are very slow. A modernized helpdesk remains inexpensive and yet accommodates the needs of a remote site workforce. If you’re evaluating whether or not your helpdesk meets these needs, then consider the following areas where they must succeed.

1. 24/7/365 Support

Obviously, time comes into play when supporting city workers. It’s not uncommon that staff need help with their laptops, smartphones, and tablets before and after normal workday hours. Also, servers may fail at two in the morning or a night shift officer may need support when encountering an IT issue. An IT helpdesk can’t go home at the end of a workday and return the next morning. They must remain available to handle IT problems 24/7/365.

2. Multiple Devices

Employees will need help with laptops, smartphones, tablets, printers, and other machines spanning many devices and operating systems. An IT helpdesk cannot limit itself to only a select few devices such as workstations in the office. A wide breadth of knowledge and experience with both old and new devices, operating systems, and applications is critical in supporting the needs of cities as technology continues to rapidly change.

3. Security

Any modern IT helpdesk helping remote employees must have security down to a science. While serving remote sites, your helpdesk can help with making sure:

  • Firewalls are manually “hardened”—which just means that any entryways to your servers and workstations from the outside world (such as hackers) are closed off unless needed by authorized users.
  • Network accounts are only set up and accessed by authorized users.
  • Users are authenticated when contacting helpdesk and gaining access to applications.
  • Users have the correct permissions and rights to access certain types of information within databases and applications.
  • The city logs information about user activity in order to help document data access and diagnose issues.

4. Remote Sessions

An essential element of remote help is the use of remote helpdesk sessions. That’s when an IT engineer will temporarily request access to your computer so that they can help resolve a specific issue as if they were physically present. Whatever software your helpdesk chooses with which to conduct remote helpdesk sessions needs to be secure and non-intrusive so the user remains aware when support is engaged. Remote sessions can even take place with smartphones and tablets.


If after taking a look through these four areas you realize that you’ve got some holes in your IT helpdesk, then work with your IT staff or vendor to address these gaps. Some of these elements may seem out of your reach or like overkill (such as a 24/7/365 helpdesk), but they’re really not. IT helpdesks have evolved as quickly as the technology you now hold in your hands. If you want to better serve or enable your employees, then a modern IT helpdesk is a must.

Evaluating IT helpdesk options for your city? Reach out to us with any questions.

Thursday, July 21, 2016
Victoria Boyko, Software Development Consultant

Victoria BoykoMany cities post minutes to their websites. However, questions remain about how to best do it. Currently, there are no specific laws that require cities to provide minutes on their website (because all cities do not have websites). As a result, cities may not post minutes to their website at all, they may post them irregularly, or they may post them in ways that make it hard for citizens to find.

While not a legal requirement, posting minutes to your city’s website is a helpful service to provide your citizens. This activity hits upon many things that are important to cities and citizens—government transparency, information sharing, and civic participation. Plus, sharing minutes on your website gets your information out to the most people in the quickest, most convenient fashion.

Use this checklist to see if you’re posting your minutes properly and making them easy for citizens to find.

Publish approved minutes at a minimum.

If you have a website, at least post your approved minutes when they are ready. However, you also have the option to post draft minutes before they are approved if you’d like to quickly share information with citizens. Make sure you clearly indicate if you are posting draft minutes versus approved minutes.

Post your minutes in a timely fashion, and keep them indefinitely on your website.

Similar to how you normally distribute minutes, you can follow a similar process for your website. Either post the draft minutes to your website (such as within two business days of the meeting) or wait to post the approved minutes. Once posted, keep the minutes on your website indefinitely—similar to how you keep them indefinitely in your city’s archive.

Unfortunately, it’s not uncommon for a city to fail to keep minutes updated on their website. That can be frustrating for citizens. Make the task of posting minutes to your website as routine as your normal drafting and approving of your minutes as dictated by law and ordinance.

On your meeting minutes webpage, at least show the current year’s minutes, previous year’s minutes, and a link to archived minutes with all previous years.

To keep your minutes webpage uncluttered and easy to use, consider at least showing links to:

  • The current year’s minutes.
  • The previous year’s minutes.
  • An archive of all other minutes.

By highlighting the current and previous year on your minutes webpage, you make it easier for people to find these most commonly searched for minutes. It is less likely that people will search for old minutes, so you can create a link to an archived minutes page for that purpose. Many cities also just put up links on their minutes webpage for each year, which is also fine—as long as the current and previous year’s minutes are prominent and easy to find.

Make it easy for people to find and access minutes from any webpage.

Your city website likely has navigation links at the top of each page that never change—such as Home, Government, Departments, Business, Community. etc. Make sure that people can easily find minutes through these links. For example, there may be a link right on the Home page for Agendas and Minutes. Or, there may possibly be a link under Government to the City Council page where the Agendas and Minutes link could be found. Either would be easy to find.

On the other hand, if a person can’t find an easy path to your minutes then you are making them hard to locate. Grab three or four people who don’t know your website well and ask them to try finding your minutes. If they’re all having trouble, then consider rearranging how you get people to this information on your website.

Label the minutes by year, month, and day, and publish in PDF form.

When people look for specific minutes, they will look for the year, month, and day. Label files with that information so that filenames communicate what the document actually contains. Also, minutes need to be presented in an unaltered, official, and final form. A PDF is usually the best publishing format for this requirement. Publishing a PDF is the best way to ensure that you are offering the official, final version and it's also the most convenient type of file for people to download and print. A PDF is a universal file format that works on any computer and it's usually preferred by city clerks.

Overall, publishing minutes to your website is one of the services you can provide your citizens who primarily access information through the internet. When doing so, it’s best to follow your current laws and ordinances, make it easy for people to find minutes, and provide the files in the most convenient format. If you follow the tips above, then you’re scoring some major service and transparency points with your citizens.

Questions about posting minutes to your website? Reach out to us today.

Thursday, July 14, 2016
Brian Ocfemia, Technical Account Manager

Brian OcfemiaAs we talk to cities at various events and conferences, we sometimes hear that they don’t have a centralized place to access shared files—such as a server or a location in the cloud. That means cities may still store important files on individual desktop computers. Let’s take a step back and look at three major risks in such a situation.

Risk #1: Data backup and disaster recovery

Storing important files on a single computer means that if something happens to that computer then you will lose all of your files. You may occasionally back up files on an external hard drive or flash drive, but relying on a manual process that can be skipped or performed incorrectly is a risk—especially because you may not regularly test those backups. Plus, you’re also relying on a single person’s computer—and that single person may accidentally or purposely delete files without you ever knowing they’re gone. No matter how much you trust that person, they may act as the sole owner of those files—not your city.

Risk #2: Security

A single computer isn’t guaranteed to make sure your files are consistently secured against threats. Employee error (such as clicking on a malicious website link or email attachment) is one of the most common sources of viruses and malware which opens your city up to hackers. With that kind of security hole, a hacker may steal your information or prevent you from accessing your files. Weak or irregularly updated antivirus and antimalware software on a single person’s desktop computer just isn’t enough to adequately protect important city information. No matter how well-intentioned, a single user presents too many security risks if files are primarily stored on their personal desktop computer.

Risk #3: Access

City employees shouldn’t have to rely on one person to give them access to important city files. What if that person is sick or on vacation? What if they get fired or leave their job? Any user who has been granted authorized access to important files should be able to access them in a centralized, neutral location. A single user also has the potential to be arbitrary, whimsical, unavailable, or difficult about giving access to important files—which can be a hindrance to productivity, operations, or answering open records requests.

So, what should you do instead of storing files on a personal desktop computer?

No matter how small your city, you still need to create a place where electronic files are centrally maintained and secured—and where users with authorized access can find these files. Some options (depending on your budget and technology limitations) include:

  • Onsite server with network drives. Essentially, this server works like a central computer that authorized users at your city can access. You store your files here, city staff can access those files just as if they were on their computer, and your IT staff or vendor helps maintain and secure the server.
  • Online file storage services. These services exist in the cloud which means—with the help of your IT staff or vendor—they are secure and accessible (only to authorized users) from any device or location. Use business-class versions of these services—not the consumer-grade versions.
  • Document management system. A document management system will give you a business-class way to store, search, and securely access documents. With a document management system, you’re able to not only centrally store and manage documents but you also get to tag, label, and organize them in ways that will help your day-to-day work (such as more easily responding to open records requests). These systems contain a lot of capabilities that are especially important to city clerks.

If you still want to store files on a computer, then a newer computer will generally offer a lot of room. But that’s still not wise—no matter how much space that computer offers. What’s more important is where the files are located, protecting the files from data loss, and securing who has access to the files. Limiting file access to a single person’s desktop computer is just way too risky for a city.

Questions about file storage? Reach out to us today.

Tuesday, July 12, 2016
Dave Mims, CEO
Dave MimsAt the Georgia Municipal Assocation's (GMA) 2016 Annual Convention, GMA's Kelli Bennett interviewed me about IT in a Box. Watch the video to learn more about what IT in a Box includes and why these services help cities save money, modernize their technology, and serve citizens.

 
Thursday, July 07, 2016
John Miller, Senior Consultant

John MillerMany cities—especially smaller cities—often ask us if they need to “go digital.” By that, they’re usually asking if they should transition their information from paper to electronic, start centrally storing and managing electronic information in the cloud, and modernize their technology to help with accessing that information such as upgrading their email system, document management system, or website.

These are good questions for smaller cities. After all, they have minimal staff who are strapped for time and working with limited budgets. If going digital is a convenience, then smaller cities could probably push it off to the side.

However, it’s clear that going digital is a necessity. And not going digital leads to a variety of critical problems. Think of it like carrying insurance. You don’t think about your insurance a lot during your day-to-day work, but it’s there when a disaster hits. Let’s look at some critical areas where “going digital” is a necessity.

Data Backup and Disaster Recovery

With paper, it’s very difficult to assure yourself that your information will survive a fire, a flood, or a tornado. We’ve even encountered situations where paper with valuable information has aged so much that it starts to crumble or termites have gotten at it. All it takes is one incident like a fire and your valuable city information is destroyed.

By scanning your paper information and turning it into electronic information, you are able to protect it from disaster. With offsite data backup, you can store that information in a data center far from your city and know that you will be able to access that information even after the worst disaster.

Information Access and Retrieval

Quite simply, it’s easier to find electronic information. Once you are digital, you can find important documents and information in seconds rather than spending lots of time sifting through paper records. Modern document management systems help you label and organize documents so that they are easy to find. Similar to how you search for things on Google, you can search for documents and information in the same way. This capability helps with compliance (see below) and also makes your time-strapped staff much happier when they can find information quicker.

Information Portability

By portability, we mean the ability to share information with others. It’s fairly standard today for many government entities and businesses to share and receive digital information. In fact, you may even find that electronic sharing and retrieval of information is required by some entities. Even if it’s not required, it’s way more convenient to citizens, businesses, and government entities to offer electronic information. Whether you post information directly to your website, offer it on a PDF, or have it stored electronically at your city in a document management system, you can easily send and share information with authorized people when it’s in electronic form.

Security

Often overlooked, going digital helps with security. Sure, with paper you can lock rooms and prohibit physical access to file cabinets. But it’s not uncommon that access to city assets can be easily—in fact, very easily—obtained on-site. When your information is digital, your IT staff or vendor can make sure it’s only accessible to authorized people.

Open Records Compliance

Open records laws, regulations, and policies evolve each year so that expectations related to information access, retrieval, and security continue to grow. With paper, you risk slowly responding to open records requests. You may also have the opposite problem of not purging documents on a regular schedule. As a result, you might store decades-old documents that you’re not legally required to keep.

Going digital better equips you to respond to open records requests in a timely fashion, set up automated processes that ensure you’re following record retention schedules, purge documents that you legally no longer need, and back up data in case of disaster.

Going digital strikes at the heart of many necessities around information today—security, compliance, backup, and ease of access. So even if you’re a smaller city, you need to consider digitizing any information you have that currently resides on paper along with modernizing your technology enough to be able to easily access and share that information.

Questions about going digital? Reach out to us with any questions.

Thursday, June 30, 2016
Dave Mims, CEO

Dave MimsYou spoke. We listened. Over the past year, cities have told us that their requirements for data backup and video archiving grow more and more immense. For example, the requirement for many cities to capture, record, and store body camera video has drastically increased the amount of storage space they need. In fact, some cities (such as in Georgia after a new law passed in 2016) must store that information or face legal penalties. Also, cities (such as those in Arkansas) are feeling more pressure from state legislatures about strictly adhering to laws and best practices related to cybersecurity.

Overall, there’s just too much at risk today to neglect a city’s electronic storage capabilities and underlying information security. Here are some new features of IT in a Box that help address these concerns:

Data Backup Archiving

We already provide cities with onsite data backup storage for quick data recovery and unlimited offsite data backup storage for disaster recovery. That now includes storing and archiving all versions of your important files, documents, and data. Archiving is the long-term storage and indefinite retention of your backed up data. This archived information is always accessible in case you need it (such as for an open records request).

Video Archiving

Cities tell us that body camera and squad car video storage costs are a big concern for them—and storage needs for video data will only continue to grow at an increasingly rapid pace. IT in a Box saves cities money with our unlimited offsite video storage and retention. That means:

  • No more buying additional expensive onsite storage for video. With IT in a Box, you can now keep your most recent videos onsite for quick access while we archive all of your videos offsite for long-term access.
  • As the quantity of your squad car and body camera video footage continues to rapidly grow, your storage costs do not change over time.

Policy and Compliance

To best protect against cyberattacks, our IT in a Box staff will help you adopt policies and best practices to educate staff and make sure your technology helps you comply with state law. In addition to staff training, we shore up any security holes by securing, documenting, regularly testing, and proactively managing all of your technology including:

  • Applications and systems
  • Vendor access
  • Network access
  • Wireless access
  • Physical access
  • User access
  • Remote access
  • And more

For Arkansas specifically, we help cities become compliant with the state’s Legislative Audit.

Questions about these new services? Reach out to us with questions.

Learn more about IT in a Box.

Tuesday, June 28, 2016
Dave Mims, CEO
Dave MimsIT in a Box is one of the many services provided by the Georgia Municipal Association to Georgia cities. To learn about all GMA services, check out the "We Are GMA" video below.
Thursday, June 23, 2016
Dave Mims, CEO

Dave MimsRecently, I gave a presentation at the 2016 Arkansas Municipal League Annual Convention about cyberthreats. As part of a three-hour training session entitled “Working in a Social World” that featured Arkansas cities (including Gravette, Fayetteville, and Mayflower) sharing various social media successes, I ended the session with some caution about cyberthreats. Cyberthreats threaten the technology that underpins many of these social media successes—and my observations were tailored to complement the overall discussion.

Overall, I addressed how to protect cities from cyberthreats. A cyberattack does more than just shut down a city’s IT operations. Today, we see incidents where hackers and some “hacktivists” hold a city’s information for ransom. These attacks can be very dangerous to cities and need fending off.

Check out my entire presentation here. In it, you’ll read in more detail about: 

What? - What do I need to know?

  • Passwords
  • Virus
  • Attacks
  • Data Backup
  • Security Updates
  • Physical Security
  • City Websites

How? – How have some real cities been impacted?

Based on real cities, I provide examples that accurately represent what we often see at cities. Cyberattacks are costly, destructive, and embarrassing for cities.

  • City #1: Virus initiates $90,000 transaction!
  • City #2: Virus deletes financial data!
  • City #3: Virus hacks city website!
  • Ransomware: Again!

Help! – Where is help!

  • The Arkansas Legislative Audit requirements
  • The Top 10 most common Arkansas Legislative Audit Issues
  • IT in a Box - a review of the latest IT in a Box developments that help resolve these issues
  • How IT in a Box drives Legislative Audit compliance

Takeaways

  • Is your city at risk from a cyberattack? Data loss? Unauthorized access (external or internal)? Erroneous changes? Website?
  • Is your technology dated? Unlicensed? Unsupported? No longer maintained? Still using paper?
  • Are you frustrated with anything (or even all things) IT?
  • Are you unable to meet legislative audit compliance?

When you subscribe to IT in a Box:

  • Cyber protection is provided and proactively managed.
  • IT needs are addressed and technology is proactively kept modern.
  • Legislative Audit compliance is met in Arkansas and proactively maintained.

Questions about your ability to fend off cyberthreats? Reach out to us today.

Thursday, June 16, 2016
Anthony Fantino, Network Infrastructure Consultant

Anthony FantinoSomeone attempted a $90,000 transaction from my machine. What do I do?

Let that sink in. As the finance officer, city clerk, treasurer, or city manager, how would you feel? What would you do? How did it happen? Where would you look?

When a person, externally or even internally, attempts to steal money or data from a city, investigators will start looking for information to help them find the culprit. So, what information will lead them to finding the person who committed the crime?

Unfortunately, your city may not have the right policies in place to not only prevent unauthorized access to information but also to track who accesses it, what’s accessed, and when it’s accessed. That leaves your city with security holes that open you up to hacking, theft, and even fraud.

What can you do as a city to make sure only authorized users have access to sensitive information? Look carefully at the following areas.

User Access and Authorization

First, begin with making sure your systems and software allow you to set different levels of permission for different users. For example, some users may not need access to payroll information. Modern technology systems allow for granular user permissions within servers, websites, and applications. If you don’t set these permissions appropriately, you risk users looking at information that they should not access—and they may possibly misuse, change, or delete that information. Users should only be able to access information relevant to their job function.

Physical Access

Often overlooked, it’s important for cities to physically secure important technology like servers. An unauthorized person should not have physical access to your servers or be able to walk into your server room as if it’s the breakroom. All it takes is one disgruntled employee to steal information or damage your computer equipment and hardware (which may lead to permanent data loss). Secure rooms with servers so that only authorized employees can access them. Require use of a key fob or similar security checkpoint.

Wireless Access

Second only to physical access, wireless access is another common security hole. Cities are at risk when they leave wireless access open and unencrypted, or if they use weak or well-known default administrative passwords for securing wireless devices. Hackers can easily hop onto your network through these access points and begin sniffing around your most sensitive information right from the parking lot. You need to keep your wireless access password protected with a strong password, encrypted, and limited to authorized users.

Remote Access

Obviously, employees sometimes need access to a city application through a secure remote connection to a server. But it needs to be logged and tracked. Too many cities don’t track and monitor who logs on and when they log on. This creates security problems. If you don’t know the identity of someone logging in, or even that they’re logging in at all, then how do you know that it’s an authorized user? By tracking remote access, you make sure that only authorized users are accessing your servers and applications.

Access and authorization vulnerabilities that cities face are not just addressed by technology. They begin to get addressed by setting policy. Cities need to set the right policies and work with their technology staff and vendors to implement training, processes, and technology to meet these policies. If your current technology systems cannot handle these demands, you may need to modernize your technology in order to accommodate current security requirements and best practices for government data.

Questions about how to begin addressing these gaps? Reach out to us to further discuss these areas.

Thursday, June 02, 2016
Ryan Warrick, Network Infrastructure Consultant

Ryan WarrickLet’s say you get in one morning to work and you’re checking your billing records in a city database. You discover that three important billing records are missing. Gone. No one is supposed to delete those records. You have a serious situation on your hands. Was it an accident? A data breach? You need to figure that out.

So, what do you do next?

One of your next steps is for your IT staff or vendor to check the logs. What are the logs? Let’s learn a bit of Logging 101 and then look at some critical problems a city can have by neglecting proper logging practices.

Logging 101

We’ll avoid a lot of the technical aspects of logging and just focus on the important business aspects for your city. First, logging has two primary purposes.

  • Documentation: Who is accessing your data? And when are they accessing it? Logging software tracks things like remote access, people accessing shared files, and web surfing activity.
  • Diagnostics: On a granular level, logging also provides visibility into what’s going on with your systems such as servers, workstations, and software. For example, logging software tracks things like issues with your accounting application, hardware issues on your computer, or routine server maintenance.

Your IT staff and vendor depend heavily on logging for information to diagnose technical issues. That’s why you might hear an IT engineer say, “Let me look at the logs” when a problem is reported. Those logs often provide clues to the root of a problem.

Configuring logging for most systems requires some technical background. The detail level can vary. For example, some systems log a literal play-by-play of every little thing that goes on. It can track that John Doe opened an application, entered his password successfully, successfully launched the application, accessed a specific module in the application, etc. Others provide more basic information such as that John Doe opened the application, closed the application, etc.

Now, let’s look at two problems related to logging that may lead to critical security problems.

Failure to Oversee Logging

Let’s go back to our example in the introduction. Let’s say you call in an IT vendor to investigate and they report to you that there have actually been 42 unauthorized billing record deletions over the past six months.

Obviously, you’ve got yourself a problem. The unauthorized deletions are a data breach—whether or not it’s an internal employee making mistakes or an outside hacker doing it on purpose. More importantly, it’s clear that your city hasn’t had someone overseeing the logs. You’re capturing important security information but you’re not reviewing it.

Failure to Log At All

Again returning to our example in the introduction, let’s imagine you don’t have logging enabled. That means you have little to no information about who may have deleted those billing records—and when. It’s like having a bank without security cameras or a court proceeding without recording or transcribing it. If something goes wrong, you can’t go back and figure out what happened.

---

While your IT staff or vendor will need to use logging for technical diagnostics, they should also reassure you that logging is enabled to:

  • Track which users are accessing, adding, changing, and deleting information.
  • Track which hardware, workstations, and applications are being used.
  • Track when any of these events happen.

Otherwise, you simply lack important information that helps you diagnose and get to the bottom of data breaches and other security issues.

Questions about your logging and information security? Reach out to us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom