about denial of service attacks? That’s where hackers will pummel an
organization’s website servers with tons of bogus traffic so that the website
becomes impossible for people to access. A recent story from the Columbia Daily Tribune reported that the city of Columbia,
Missouri experienced a denial of service attack that led to a three-day website
outage. That meant citizens could not access city services and information
while valuable city staff time was tied up helping deal with the emergency.
bad news? Denial of service attacks are hard to prevent. If a relatively
sophisticated hacker wants to go after you, they will likely be able to have a
negative effect on your website. However, it helps when your city can respond
within hours rather than days to eliminate the negative effects of a denial of
are some tips and best practices that you can implement to best handle a denial
of service attack and recover as quickly as possible—without overtaxing your
For cities on a tight budget, simply moving your website hosting to the cloud and engaging the ongoing monitoring services of experienced IT professionals will help you more likely respond and recover from denial of service attacks in hours rather than days. Plus, these kinds of technology investments also help you with important areas such as:
To talk more about mitigating the risk from denial of service attacks, please contact us.
One of our colleagues (let’s call him “Joe”) is particularly tech-savvy. While not an IT professional, he has been involved in the information technology field for over 10 years. He’s immersed in that world and can easily talk to us about the many nuances of data backup, website content management systems, and software. That’s why it surprised us when he called us up a few weeks ago and told us about how he eliminated a particularly nasty computer virus.
Luckily, the computer he used was brand new, so he was able to erase all his data and reset the computer to the original factory settings. However, it was a stark reminder that even the most tech-savvy people can click on the wrong attachment and download a computer virus.
We’re sharing this lesson as a case study (with “Joe’s” permission but keeping the person’s identity anonymous) in order to highlight to you the importance of making sure your information is protected. Because even well-intentioned people can accidentally upload a computer virus in a matter of seconds, we want to make sure that a virus doesn’t knock out your network or cause you to lose important information.
Here’s how it happened.
He used the computer’s default Internet browser and search engine to search for “Chrome browser download.” A list of search results displayed and Joe clicked on what he thought was the first legitimate search result.
At this point, we should note that the search engine’s ads did not look terribly different from an organic search result. Unbeknownst to Joe, he clicked on an ad, not a search result. In hindsight, he realized that the ad led to a website that was not Google’s.
While the page looked somewhat like the typical Google sign-in page, there were clear differences that he was savvy enough to notice. He came within a few seconds of sharing his important Google username and password with hackers, but unfortunately he had already downloaded malware to his computer.
At this point, the antivirus program that came with his computer started alerting him that it detected malware on his computer. However, the malware was so cleverly written and installed (and remember, installed voluntarily by Joe) that it could not be removed manually. The malware kept reinstalling itself every time the antivirus program quarantined or removed it.
More dangerously, the malware hijacked his Internet browsers with fake search engine and login pages. His computer also began to take actions on his behalf that he was not agreeing to. The “bundleware” software that originally looked like innocent, helpful programs began to open up on his computer and fill his screen with pop-ups.
Luckily, the story has a positive ending, but it required some brutal tactics. Thank goodness that Joe literally only had bought the computer several hours ago and had yet to store any important data on it. He followed the steps below to combat the computer virus.
A scan of Joe’s computer detected nothing. At that point, Joe was able to use his computer normally although he obviously kept an eye out for unusually slow performance, strange popups, and any interruptions or odd computer behavior when doing online banking or payments.
We’re sharing this case study to warn you that it isn’t just the non-tech savvy people who get viruses by accident. With Joe, all it took was some haste and distractions, and he went down a dark path that led to vicious malware voluntarily installed on his computer. To head off any disruptions related to events like this, we recommend that you:
Accidents happen, so you want to make sure you’re covered in even the worst computer virus situation. That way, you mitigate the risk of losing data, losing money, and losing time spent recovering from the virus.
To talk more about antivirus protection, please contact us.
While Windows XP market share has fallen to about 18%, that still means a lot of computers are using this outdated operating system. Microsoft stopped supporting Windows XP on April 8, 2014, which means that any computers using it have not received any security patches or updates from Microsoft. Like a decaying building not kept up anymore, it becomes more and more dangerous to “live” in the condemned, abandoned house of Windows XP.
We’ve written before about some of the immediate malware and security risks that immediately started to happen once Microsoft cut off support. Because we still see many computers using Windows XP, we wanted to review some new risks along with some earlier warnings that grow more urgent with each passing day.
Modern operating systems improved the way that IT professionals can manage and oversee your network. That includes things like managing security patches, user permissions, and remote help. The city of Detroit is struggling with this exact issue, and even with a new CIO the city’s IT environment is considered “dysfunctional” with so many computers on Windows XP. If your IT staff or vendor is prevented from properly administering your IT network, that puts you at risk and make IT’s job ridiculously hard with no guarantee of successful service.
To talk about these concerns in more detail, please contact us.
As organizations continue to shift their hardware, software, and data storage into the cloud, there are just as many organizations still clinging to more traditional technology setups with onsite servers, software installation, and long-term licenses. Despite significant technology advances, it’s easy to grow accustomed to traditional yet outdated ways of handling your most important business applications. Or perhaps you understand that data backup and storage is effective in the cloud, but you’re not convinced about something like accounting software.
In our experience, we see a wide range of common applications that benefit from the cloud’s low cost and high reliability, security, and ease of management. Here are five business applications that we find particularly suited to the cloud, and why.
Again, you’ll lower costs and maintenance headaches by going to the cloud for project management. But project management software especially works well in the cloud. Think about it. A project often involves a variety of employees in the office, employees offsite, vendors, and other third party contacts. They all need to coordinate with each other and produce results. With more and more people working remotely today, traditional onsite project management software becomes more of a bottleneck with each passing year. If someone cannot access the software without coming into the office, it creates lags in the status of projects and interferes with real-time collaboration. By using one of many great cloud project management software solutions, multiple people can access the software from anywhere, you can set clear permissions for users, and centralize all communication and deliverables concerning a project.
To talk about cloud software benefits in more detail, please contact us.
Sometimes, you’ve got a special project in mind that requires a significant investment in technology. You might need specialized hardware, software, a mobile app, or other form of technical project expertise. In the past, you may have given the specialized technology vendor a lot of freedom and just assumed they were taking good care of the project. After all, they’re the expert. You’re not. Right?
Actually, there is a lot you can do to mitigate risk that happens when technology vendors are given free reign over a project: going over budget, not meeting deadlines, watching scope creep bloat the project, and ending up with a solution that doesn’t meet your needs.
The way to avoid those risks? It’s all about smart vendor management, and this post provides some tips on how you and your trusted IT staff or vendor can help ensure that using a specialized technology vendor doesn’t break your budget or introduce excessive risk into your organization.
When it makes sense, collaborate with the specialized vendor instead of just having only their people handle all of the work. When your team is integrated into the vendor’s work, there is more of a chance to understand and oversee what the specialized vendor is doing. Ideally, a non-technical business decision maker and an IT representative from your staff or a vendor will take part in a project. Build in roles and responsibilities into your requirements to ensure that key stakeholders from your organization have a clear involvement in the project.
To talk about vendor management for specialized technology projects in more detail, please contact us.
You may often hear the phrase “business driver” when some consultants refer to information technology. It’s an overused phrase and often gets thrown around without meaning a great deal. In the meantime, it’s much easier to think of information technology as extremely tactical, purchased out of bare bones necessity to accomplish basic things like run software, provide employees with computers, and share electronic data. Beyond that, information technology as a “business driver” might sound like inflated rhetoric.
However, there are some important insights for organizations once they unpack the term “business driver” and apply it to information technology. In our work with organizations, we try to bridge the gap between business and technology for non-technical people by showing that many technology decisions should be spearheaded by non-technical decision makers. Of course, it helps to have experienced IT staff or a vendor to suggest what’s possible and how to get it done, but there are many ways that non-technical decision makers can use technology to drive the business.
Many business goals and objectives are often set without an organization knowing fully if technology can help or hinder those goals and objectives. Your organization might want to offer a way for people to pay for products and services online. Cities might want a mobile app that allows citizens to report problems and issues such as potholes. Even a website redesign involves a lot of parts and pieces that may lead to disaster or excessive cost if done poorly. An information technology consultant can help you discuss feasibility, cost, and options that include possibilities you may not have known were possible—but you need to be the one who throws out possibilities and see if they can work.
To talk about the business impact of information technology, please contact us.
It’s always great when we
help cities save money. A little publicity doesn’t hurt either! The Polk Fish Wrap recently reported that we saved the city of Rockmart, Georgia
$36,000 a year in IT costs as they transitioned to us when their full-time IT
manager left for another position elsewhere. Many cities are starting to
realize that our IT in a Box offering has the capacity and scale to do more for less.
That’s why the article says, “The decision was made to
outsource the work after research was completed and the Georgia Municipal
Association (GMA) recommended the firm.” That research included looking into
not only our low costs but also our capacity to handle the city’s website, data
backup, document management, email, and server, desktop, and mobile device
management. In addition, the city benefits from our helpdesk available 7 days a
week and the management of all the city’s communications with technical vendors
so that city staff doesn’t have to worry about it.
We look forward to serving Rockmart, Georgia and
continuing to help cities in Georgia—and around the country—save money on IT
costs while also modernizing their technology.
When organizations think cybersecurity, they often think about it from an IT tactical perspective. That’s important. A few weeks ago, we published a post about taking a serious look at passwords, virus attacks, data backup, security updates, physical security, and websites to help strengthen cybersecurity. But these efforts often do little good if higher level questions aren’t answered and taken into account.
Even the word “cybersecurity” sounds like it’s only in the realm of technology, and it’s easy to blame information technology staff or vendors for every cybersecurity problem. But there are important policy decisions that you need to make to supplement the work done by IT.
Ask yourself these non-technical cybersecurity questions to see if there are higher level actions you need to take to protect your organization.
Is it harder to secure one big house or 10 small houses scattered in different locations? Data works the same way. Too many organizations store sensitive information in a variety of locations on a variety of servers through a variety of vendors - leading to a variety of cybersecurity problems! A related problem is when organizations take shortcuts by using a free personal email provider for work (such as yahoo.com addresses), which scatters email across too many locations. By centralizing your information and managing it through a public or private cloud platform, you decrease your number of security vulnerability points and allow your IT staff or vendor to more easily track and lock down information.
To talk more about cybersecurity, please contact us.
While open records
and Freedom of Information Acts (FOIA) vary from state to state, they generally
share a common theme: Government records are open to the public unless exempted
by law. That means cities need to always prepare to respond to open records
requests or Freedom of Information Act requests. They can be politically messy
but, more importantly, quite expensive.
That’s why it’s
good to have processes and technology to handle these kinds of requests as
quickly and inexpensively as possible. How expensively can a
technology-equipped city handle a request versus a city without the proper
technology? Let’s look at some examples.
We’ll keep the
cities anonymous, but we’ll analyze four records requests. For each request, we
show how many hours it took us to complete an open records or FOIA request with
a city optimized to handle the process. We also provide an estimate based on
our municipal experience of how long it takes without the technology.
City 2 - Request 1
City 2 - Request 2
City 2 - Request 3
IT services, we can average the cost of handling an open records or FOIA request
at $150/hour. In some areas of the country, a company or person may charge
less, but it usually balances out because less experienced (cheaper) staff or
vendors will take significantly longer to complete the same task.
That means the normal
projected cost for an open records or FOIA request at 34.875 hours per request
However, when your
city becomes “optimized” to handle open records or FOIA requests through the
right processes and technology, the cost goes down significantly. How do we
drive this cost down?
without process and technology optimization:
Because email that
is relevant to the open records or FOIA request is not centralized, it will
have to be located (in a time consuming fashion), reviewed (in a time consuming
fashion), and then extracted for the legal team to review. All of this activity
is handled by the city’s IT team or the hourly support vendor, which is costly.
We keep costs down
by using a cloud email solution that centralizes city email services and makes
it easy for us to run any required searches. When email is centralized and
accessible in one place, it’s much easier to run searches without having to dig
and investigate across many decentralized locations. Plus, modern cloud email
software is built in with search-friendly tools that make searching much easier
It also helps that our staff has extensive experience
with handling these requests for municipalities. That allows us to handle these
kinds of requests more efficiently than an IT resource who has never processed
one before. Even at $150/hour, an
optimized environment cuts each open records or FOIA request cost by a third.
Even better, under a service such as Sophicity’s IT in a Box, any labor for a
record request is included. That means no additional fees and no extra
To optimize your ability to handle open records or FOIA requests
and cut your costs:
To talk more about the cost of your email open records or FOIA request, please contact us.
The “cloud” has become part of mainstream technology terminology, but it’s still a word that confuses a lot of people. Partly, that’s because the word is vague and also because it’s not really a new technology—just a powerful augmentation of existing technologies like servers and data centers.
First, the “cloud” means that your data and applications are stored and run on the internet as opposed to your local computer or network. In the past, you would typically access your data and applications from an onsite computer or server. For large amounts of data or powerful applications, you might traditionally also have used a data center. Many organizations like to use data centers to store data and run applications because these facilities are designed to prevent physical intrusion to your servers and they rarely lose power or Internet connectivity.
Cloud service providers are actually massive data centers that remove the need for you to own or lease servers at a typical data center. Instead, advanced cloud technology allows you to essentially “subscribe” to an application or service over the Internet like turning on a utility without even bothering to own or lease any machines. In your mind, the machines might as well just “go away.”
There are two types of clouds that you can use.
Whether it’s a public or private cloud, your data and applications are accessed over the internet. But why go with the cloud?
Public clouds are a great solution for cities because the cloud providers have implemented redundancy (e.g. power, Internet connections, etc.) and security measures that a city simply cannot afford. This means better maximum uptime and a lower risk of a security breach. It also means a much lower cost than running your servers in-house. When cloud providers like Amazon, Google, and Microsoft are running cloud infrastructure, believe us when we say nobody has more resources to invest in redundancy and security than these companies!
The cloud also makes it easier for you to access your data and applications from anywhere on any device. It removes your dependence on hard-to-use VPN connections and other remote access technology that’s becoming more and more obsolete every day.
While it seems like the cloud moves your data farther and farther away from you, the public cloud has really existed since the beginning of the Internet when people started using email. When you think about it, any kind of web based email is actually a cloud application because you access the service over the Internet without needing to maintain your own servers.
An increasing percentage of technology that we use every day is moving to the cloud. And this is a good thing because of its increased reliability and security. Don’t be afraid of the cloud. Despite bad press when there is a rare incident with a cloud provider, the reputable public cloud providers have an outstanding security record (as seen by many government organizations using them). If you follow some basic rules for security (such as having good passwords), your chances of having your data compromised through the cloud are very low.
To learn more about the cloud, please contact us.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2015 Sophicity, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Sophicity.