CitySmart Blog

Tuesday, October 21, 2014
Nathan Eisner, CMO

Seemingly every day, a news story breaks about yet another security breach and more data stolen from an organization. We hear about big organizations such as Kmart and government operations such as the Oregon Department of Employment, but we don’t often hear about smaller organizations. Because hackers pick easy targets, smaller cities are even more at risk than larger entities. And that’s a major driver behind Kentucky’s House Bill 5.

The language of House Bill 5 is quite clear and includes the following provisions:

  • Requires public agencies and nonaffiliated third parties to implement, maintain, and update security procedures and practices, including taking any appropriate corrective action to safeguard against security breaches.
  • Requires public agencies that maintain personal information to notify persons impacted by security breaches.
  • Requires that public agencies establish reasonable security and breach investigation procedures.

While specific to Kentucky, House Bill 5 is reflective of similar legislation and expected best practices around the United States. So, cities must take reasonable steps to protect their data and, in the event of a security breach, notify affected parties. This situation makes security much more urgent for cities, but they often ask us, “What now? How do we protect our data?”

The good and the bad news is that many methods of shoring up security are easy. Good because fixes are relatively easy to implement. Bad because it suggests that the biggest threat to most cities is your own staff. A little education goes a long way toward making your staff—both your IT and non-IT employees—aware of activities they can do every day to make sure that your city stays as secure as possible.

Here are some areas you can tackle immediately.

Passwords

A recent study by a technology research company in California found that one out of three people had their passwords written down somewhere around their desk. Many people used obvious passwords such as a child’s name, pet name, college mascot, birthdate, etc. Overall, researchers figured out passwords for 50% of the people in the study. Before you laugh, ask yourself, “How secure are your city’s passwords?”

To make sure your passwords aren’t opening up major security holes:

  • Do not write passwords down and leave them lying around.
  • Use a password on all of your devices including your computer, smartphone, iPad, etc.
  • Do not use obvious passwords that are easy to guess.
  • Use long and complex passwords with uppercase and lowercase letters, numbers, and symbols.
  • Do not save passwords to websites and applications on your Internet browser.
  • Rotate your passwords periodically.

Virus Attacks

A few years ago, a city finance officer was contacted by their local bank. Wire transfers in the amount of $90,000 were attempted from the finance officer’s computer. Compromised by a virus, the computer was remotely controlled by an outside party. Luckily, the local bank’s fraud prevention efforts saved the city from any significant financial damage. But imagine if the transactions had been allowed to complete. The city and the bank would have had to spend money on legal action and recouping any financial loss. That’s real money lost—all because of a simple computer virus.

To combat viruses, we recommend that you:

  • Install antivirus software on every computer.
  • Audit your antivirus software regularly by confirming that it’s installed and licensing is up-to-date.
  • Educate your staff about the common sources of viruses such as email attachments and websites.

Data Backup

Last year, we heard about a city’s server that became infected with a virus. That server contained the city’s financial system. The city’s backup system failed to recover the data. The city had backed up the data, but they did not test their backups. And what happened? They lost 13 months of financial records. To get that data back, their only recourse was to hire contract labor to re-enter every transaction manually. Talk about a lot of significant unplanned expenses!

With data backup, start by asking some important questions:

  • What data is critical to your city?
  • How will your city be affected when that data cannot be accessed for extended periods of time?
  • How will departments such as public safety function without access to their data?

Once you get a better sense of your data needs and priorities, apply the following best practices.

  • Perform onsite backups of important city data.
  • Perform offsite backups to recover your data from events like theft and catastrophic disasters.
  • At a minimum, back up your data daily.
  • Remove human interaction—and reduce error—by automating your data backup.
  • Plan what you will do in a disaster, such as a fire or tornado.
  • Test your backups regularly.

Security Updates

Recent studies have shown that

  • 80% of cyberattacks can be prevented by keeping computers up to date.
  • Applications like Adobe Reader and Java are more likely to be exploited than Windows.
  • Most people ignore messages on their computer about installing updates.

To stay up on security updates, make sure your IT staff or vendor ensures the following:

  • Let those updates run on people’s computers. Make sure your employees don’t ignore them.
  • If you have servers, make sure your IT staff or vendor updates them.
  • Upgrade any applications that have reached “end of life”—which means that the software is so old that the vendor has stopped supporting it.

Physical Security

Don’t forget the old-fashioned way of stealing! Protecting city data also involves protecting physical equipment. A stolen backup drive or a disgruntled employee with a USB stick can be just as harmful to your city as a hacked computer. To tighten up your physical security:

  • Have employees lock their computers when away from their desks.
  • Ensure that servers and network equipment are locked up in a secure room.
  • Store any external media such as USB drives or backup tapes in a safe place.
  • Use encryption on your data if possible. If someone does steal your data, it will be useless to them.

Websites

Last year, citizens trying to reach a particular city’s website found nothing but advertisements on it. What happened? The website had been hacked and all of the city’s content was replaced by ads. The hacker found a weak spot by infiltrating the city’s utility billing system through a hole in the online bill pay software. If the problem lingered, a citizen going to the city’s website, thinking it was a trusted source of information, could have been infected with spyware or malware. That citizen’s private information may have been stolen and the city would have been liable.

To ensure a problem like this never happens, make sure you:

  • Ensure that your city’s website is hosted by a reputable provider.
  • Know where your city’s website is hosted.
  • Ask your website’s hosting provider to have your site objectively audited for potential risks by a third party.

Remember, cybercrimes affect all cities—not just the big ones. Be proactive, ask questions, and stay informed. Use this post as a guide to get you started, identify gaps, or check up on any doubts you have with your IT staff or vendor.

If you want to talk more about cyber liability, please contact us.

Thursday, October 16, 2014
John Miller, Senior Consultant

Just when you’ve gotten used to the idea of shifting your servers and software applications to the cloud, you might hear about the option of moving your phone system there too. Many businesses and organizations still rely on landlines or maybe even a Voice over Internet Protocol (VoIP) system that may run on a server in your office or at a data center. Isn’t the phone something distinct from the rest of your data and software? Why would you move it into the cloud?

When VoIP came out many years ago, it primarily stunned a lot of people because it made them realize that phone information could be reduced to packets of data transmitted over the Internet. That meant you could treat your phone system the same way you treat a software application, and you used an Internet connection to communicate with other people instead of landline technology. But VoIP was software and usually required an onsite or data center-hosted server to run the application. With the cloud, you even remove the need for a server.

Despite this advance in technology, you might wonder about the practical reasons for moving your phone to the cloud. Here are some compelling reasons that hit home with the businesses and organizations we work with. 

1. Immediately cut costs.

Without a landline connection, you essentially just pay for an Internet connection. Because landline equipment is expensive to maintain, landline providers pass on that cost to you. And if you use traditional VoIP, you’re paying for server hardware and maintenance. Cloud phone systems just need an Internet connection (that you already have and pay for), and you often set up the system in minutes. With no hardware or equipment costs getting in the way, your phone costs go way down.

2. Quickly fix problems and add features.

Landline providers move extremely slowly— to implement your service, to repair equipment, to fix problems, to resolve issues, and to add features to your service. Cloud phone systems are maintained in cutting-edge data centers, and there is very little to implement or fix. Problems are often just glitches resolved in minutes, and features can be added in the same amount of time. True, traditional VoIP service also benefits from quick problem resolution and added features, but the cloud can be even faster because your IT staff or vendor are not spending time maintaining your VoIP servers.

3. Receive all of your communications in one place.

Cloud software simply has advantages that landlines lack. Because landlines do not transmit Internet data, they cannot integrate phone data with your software. Cloud phone software sees everything as data. That means voicemails, faxes, text messages, multimedia, and emails can all go to the same place in software such as Microsoft Outlook. Traditional VoIP does this too, but cloud phone software data can be even simpler to set up, integrate, and manage.

4. Add and subtract numbers and features with a click.

Landlines make it difficult to scale up and down. Usually, you’re locked into a set number of lines and features and it can be difficult to change quickly. To help with scaling up and down as your business and organization grows and shrinks, cloud phone software allows you to add and subtract phone numbers and features with a simple click. Your monthly fee adjusts based on what you actually need—and you’re not locked in based on what you were sold.

5. Take your office phone with you everywhere.

Cloud software makes it extremely easy to essentially carry your office phone with you everywhere. That’s impossible with a landline. With cloud phone software, you install a mobile app that connects to the software from anywhere. Access the mobile app, and then any call that comes into your office number rings your mobile phone. This helps businesses and organizations make it easier for employees to work remotely, keeping personal and professional phone data separate.


Some businesses and organizations might still need landlines for critically important functions that need to stay up if power goes out, such as 911 call centers. Otherwise, for most common business needs, cloud phone software is a compelling option. If you’re still happy with your traditional VoIP system, you may just want to do a cost analysis to compare it against cloud phone software. Similar to other cloud software, you might find an additional cost savings in getting rid of hardware, giving employees more mobile flexibility, and making it even easier for your IT staff or vendor to manage your phone services.

To talk about cloud phone software in more detail, please contact us.

Thursday, October 09, 2014
Brian Ocfemia, Technical Account Manager

Matching our experiences with watching cities embrace the cloud, we liked a recent August GovTech article that outlined the thoughts of technology leaders from the city of San Francisco to the state of Delaware. While each government entity’s challenges are complex and unique, they all agree that moving to the cloud is helping them with many essential business and operational functions.

While it can seem like the needs of extremely large cities and states don’t necessarily relate to small and medium cities, we find that the article included several aspects about the cloud that can impact your city’s budget and operations. Here are some important points we’ve extracted from this article that will convince you to take a closer look at the cloud if you haven’t yet shifted over from a more traditional setup.

1. Your investment is an operational expense, not a capital expense.

Paying from month to month eases the burden of what used to be a multi-year capital expense commitment for servers and licenses. Moving data and applications to the cloud works more like a utility that you turn on rather than equipment you buy. We’ve seen many small and medium cities reduce their technology expenses and get rid of expensive hardware by moving to the cloud.

2. You can add or subtract users, and add technology resources with a click.

Scalability and flexibility for your business needs directly impacts your bottom line. Traditionally, cities tended to get locked into a certain number of software licenses and technology features. If you purchased it, you couldn’t get rid of it until the contract ended. With the cloud, you can add or subtract users depending on your real-time staffing needs, which helps if you suddenly gain a burst of employees or have to let many go. Also, it helps if you can turn off certain features or tools in the cloud and only use them when you need them—trimming costs while doing so.

3. You can set up your cloud technology quickly.

Without hardware installation and configuration, you can often set up your cloud technology over the Internet in hours. We often help set up a city’s applications, storage space, document management, or website rather quickly. Data migration from old systems may still take a lot of time and planning, but the cloud technology and tools are ready to go as soon as possible. Configuration takes place in easy to use dashboards, allowing your IT staff or vendor to get you set up in the cloud almost immediately.

4. Your employees can access the cloud through mobile devices.

The cloud makes it easy for people to securely access files, documents, data, and applications without having to be at the office or use difficult VPN connections. It’s becoming more routine and expected for people to access data remotely when they work from home, travel, or stop at any place with public wireless access. The cloud allows you to provide that mobile access with ease while keeping data secure.

5. You still have options to protect your most sensitive data in-house.

We often hear, “But we have sensitive data that we absolutely cannot risk by having in a public cloud.” While public clouds are often more secure than any IT environment you can set up, we understand that cities may be wary about extremely sensitive information going into the cloud. Cloud providers offer many hybrid options including private clouds (meaning that you have your own cloud network walled off from any other data) or simply keeping certain servers locked down and secure in-house if you absolutely don’t want that data in the cloud. For the rest of your data, you can still take advantage of the cloud’s cost savings and benefits.

If you’re still wary about the cloud, articles like the one in GovTech should reassure you that major cities and states would not move to the cloud if they haven’t already evaluated the major risks. We encourage you to explore your options by talking to an IT professional or service provider experienced in working with municipalities. They should have experience with crafting hybrid cloud solutions for municipalities so that you know they are looking at your situation objectively (rather than applying a cookie-cutter cloud solution). The cloud can save you a lot of money, offer you more flexibility, and still provide you the data security you need.

To talk about the cloud in the more detail, please contact us.

Thursday, October 02, 2014
Nathan Eisner, CMO

A recent story reported in PC Magazine and other news outlets talked about a vicious form of malware that affected many retail point of sale systems. The most disturbing fact? Up-to-date antivirus and software patches failed to prevent this malware from taking over the point of sale systems, stealing information, and wreaking havoc.

Stories like these tempt small businesses and city governments to throw up their hands. If antivirus and patching can’t prevent malware and hackers stealing information, then how can you really secure yourself?

In fact, there’s plenty you can do. A common misconception is that antivirus serves as the be-all-end-all solution for protecting your information. But antivirus is only one tool to prevent such dangerous attacks. Here are some others. 

1. Back up your data, both onsite and offsite.

The best defense is often having a plan in case the worst happens. If your data is stolen, held for ransom, or corrupted, then you need to have an automated onsite and offsite data backup and disaster recovery solution in place. No antivirus software is perfect. Even if it’s a rare event, there is always a chance you can get hit by a virus. If a computer or server is so infected that it needs to be wiped clean and decommissioned, it’s essential that you have that data backed up. 

2. Train employees about phishing and malicious links, emails, and attachments.

All of the antivirus software in the world won’t prevent a virus if an employee clicks on a malicious website link or opens a suspicious attachment. Hackers and cyber criminals play on the human factor. After all, if a person gives them permission to access company or government data by clicking on something, they are inside your gates at that point. The more your employees show wariness and caution about suspicious links, emails, and attachments, the less chance that a virus will creep past your antivirus software.

3. Build strong network security.

While your antivirus software might be great, it has to work overtime when many virus attempts are getting inside your network. Perform a network assessment to judge the strength of your firewall, the ease or difficulty of unauthorized user access, administrator password strength, and wireless access points. If your network security is weak, the chances of an attack succeeding are much greater because more threats are getting inside your network. Even the best antivirus software shows its weakness when too many threats hit it at once on a daily basis.

4. Use enterprise antivirus software with people managing it.

Off-the-shelf antivirus software installed ad hoc on people’s computers is simply not good enough for businesses or government. Enterprise antivirus software is managed by people. Because businesses and government entities are such high targets by having intellectual property, money, and sensitive data potentially exposed, the stakes are higher. When IT professionals are helping managing your antivirus, they can more easily spot red flags and respond to virus attacks immediately. They stay on top of virus threats in a way that individual non-technical users simply can’t do. 

5. Encrypt your data.

Even if hackers can access your data, encryption can make that data useless to them. Many high profile data breaches in the past few years were made worse when the data stolen wasn’t encrypted. Compared to the cost of data loss, fines, and emergency remedies, the cost of encrypting data is quite a bargain. Especially for your most sensitive information, encrypting data on your servers and computers is essential and a great way to frustrate hackers.


Despite the fear of malware attacks that crippled organizations like UPS and Supervalu, there is more to protecting your network than simple antivirus. To take next steps, we recommend assessing the strength of your data backup, network security, and encryption. Shore up any holes. Then make sure that IT professionals are managing your antivirus while complementing that service with employee training that mitigates the risk of someone clicking on an attachment with a virus. By applying a more holistic strategy, you’ll up your cyber security and decrease your cyber liability.

To talk about cybersecurity in more detail, please contact us.

Thursday, September 25, 2014
Clint Nelms, COO

IT vendors are both an expensive investment and a commitment. Like any relationship, a good IT vendor is often hard to find but it’s a great thing once you find one. And like any relationship, there are signs indicating when it’s bad, and when it’s good.

I know. We’re an IT vendor, so you might be a bit suspect if we were to share our four signs of when you should break up. Instead, we’ve collected specific points and complaints that we’ve heard from actual city decision makers from a large number of sales meetings this year. These insights include customers, prospective customers, and other decision makers who have had good and bad experiences with IT vendors.

Here are the things they point out as red flags. If you’re seeing these signs repeatedly, then city decision makers nearly all say you need to look for a new IT vendor. 

1. Your IT vendor confuses you with too much technical language.

We often hear, “If you ask our IT vendor for the time, he tells you how to build a clock.” Great IT vendors speak to you in concise, relevant business terms. That means taking something complex and making it simple. Or simply just sharing the bottom line about a particular issue. Throwing around too much technical mumbo-jumbo isn’t a sign that your IT vendor is brilliant—it’s a sign that they’re likely hiding behind confusing language and not explaining or understanding your business problems correctly.

2. Your IT vendor blames and passes on responsibility to other vendors.

We’ve written about the discipline of vendor management and why it quickly becomes one of our most popular services for our customers. We make sure other vendors stick to your business requirements, ensure proper installation and configuration, and work with vendors on technical issues. Bad IT vendors will routinely blame other vendors for IT problems, throw up their hands, and say that the hardware or software vendor needs to fix the problem themselves. It’s a classic complaint about IT service providers. Instead of working with software vendors when there is a problem, they point the finger at the software vendor and say. “It’s their problem, not mine.”

3. Your IT vendor always wants you to buy something.

Many IT vendors often get your business because they seem so cheap. Then, once they’re inside, they start telling you, “That costs extra” when you thought many services were included. They may also try to sell you hardware, software, or other products as a remedy to a real technical issue. It’s another classic complaint. Many IT providers make money from reselling hardware (or worse, from building and selling their own hardware). The best IT providers simply provide services without trying to upsell you at every given opportunity.

4. Your IT vendor implements their own policies instead of working in partnership with you.

A good IT provider listens to your city when implementing any technology-related policies that affect your operations (such as security policies). That requires true consulting—working with cities to craft policies tailored to your organization. Unfortunately though, many lazy IT vendors simply implement a standard policy without discussing what your city considers appropriate. This situation can result in your staff unable to fully function because they are locked down too tight by an arbitrary policy that may not fit your organization.  


The common theme of these red flags isn’t surprising. These bad IT vendors simply don’t listen to you, they don’t do the hard work of strategizing and customizing their services to your needs, and they don’t accept the responsibility of creatively and efficiently solving your technology problems. Instead, they try to cut costs through shortcuts and cookie cutter services that may do you more harm than good. Look instead for an IT vendor that listens to you, crafts services around your needs, and accept the responsibility of managing your IT environment—including working with other hardware and software vendors to resolve problems.

To talk more about selecting the right IT vendor, please contact us.

Thursday, September 18, 2014
Dave Mims, CEO

Mr. Stan Brown, City Manager, Oakwood, GAAs you or others you know have probably experienced, tablets (such as Surfaces, iPads, Nooks, Nexuses, etc.) have entered our lives as a way to both increase our productivity and entertain us. They are easy to use and provide many of the same functions as traditional desktops or laptops—without the hassle. Because tablets provide you on-the-go email, document access, and Internet access, we find they are also becoming essential productivity tools for mayors and council members, as well as others involved in council meetings.

In fact, we've heard over and over that cities want tablets—especially for elected officials. Based on this feedback, we’re happy to announce that IT in a Box will include tablets for council members.

So, why tablets? And why IT in a Box? With IT in a Box tablets, you’ll experience the following benefits.

  • Go paperless. Tablets help eliminate the costly, burdensome process of your city printing and delivering paper meeting agendas and related documents.

  • Enjoy the ease of modern technology. Access agendas, documents, the Internet, and other productivity tools with a swipe of your finger.

  • Mr. Andrew Hartley, City Attorney, Georgetown, KYTake your IT in a Box tablet wherever you go. IT in a Box tablets aren’t just for council meetings. Carry your tablet everywhere for secure, anywhere / anytime access to your city email, calendar, Internet, documents, and more.

  • Keep your data secure and protected. Keep your data secure and protected with the latest antivirus, antispam, software security patching, and automated tablet maintenance—all included with IT in a Box.

  • Be prepared for open records requests. Your city email account clearly separates city business from your personal email, making it easy to respond to open records requests.

  • Enjoy full 7 days a week IT support. Technical issue? We’ll support you whether you’re in the office, working from home, or on the road—7 days a week.

  • Microsoft productivity software included. IT in a Box tablets come with commonly used software such as Microsoft Outlook, Word, Excel, OneNote, and more.

  • Full Windows 8.1. Run the same applications from your tablet that you do on your desktop or laptop!

Mr. Jim Windham, Councilman, Oxford, GAAt this time, we are currently piloting the use of IT in a Box tablets and collecting feedback to make this service even more effective for you before rolling it out.

A big thank you goes out to Mr. Andrew Hartley (City Attorney at Georgetown KY), Mr. Stan Brown (City Manager at Oakwood GA), and Mr. Jim Windham (Councilman at Oxford GA) for signing up to be our early adopters (aka testers). Each represents a vital role in council meetings, so gaining their feedback and perspectives will be very beneficial. We plan to fully roll out the IT in a Box tablets in January 2015.

To learn more about this service, please contact us

Thursday, September 11, 2014
Alicia Klemola, Account Manager

With the media using its usual scare tactics, it’s tempting to follow their alarmist lead and view the recent celebrity cloud nude photo hacking scandal as a sign that the cloud is an unsecure place to store data, files, and documents. After all, if private nude pictures cannot be protected from hackers, then how will you protect your business’s much more important confidential information and intellectual property? One alarming fact you’ve probably read is that many of the celebrities said they had deleted their photos long ago. Yet, those photos were still found by hackers in the cloud despite this deletion.

Let’s slow down a bit and digest this incident. First, despite their celebrity status, these people are still non-technical individuals—not IT experts. Many common individual errors in personal data privacy were committed by these celebrities. And the flaws mostly came down to weak passwords and a misunderstanding of how cloud security works.

For your business or city, we offer some reassurances in the wake of the scandal to let you know where these celebrities messed up and how your business should differently operate. 

1. Your cloud data should be protected by enterprise-level firewalls.

Free cloud software managed by vendors usually has solid firewalls in place. But because they are serving millions of consumers who are not paying for the cloud services, these vendors may not ratchet up their security as much as for a business or government entity that needs more firewall power. For example, different classes of firewalls exist that enforce higher security to keep out unauthorized users. These firewalls can be customized for your particular security needs.

2. You need to enforce strong passwords and possibly extra layers of user authentication security.

In many of the nude photo hacking scandal articles, a common point of entry was weak passwords and user authentication. It’s easy for many hackers to go after sensitive information with programs that crack weak- to medium-strength passwords. You need a policy that enforces strong passwords with a mix of letters, numbers, and characters. The passwords should also be a certain minimum length such as 8 characters and changed monthly or quarterly. In addition, you can doubly ensure password security by adding an extra layer of authentication such as a mobile confirmation once a password is entered.

3. Train your people to spot phishing scams and other suspicious links and attachments.

People are still one of the weakest links in your cyber security chain. They often present easy access points for hackers attempting to steal your sensitive information. Train your employees about how phishing scams work, how to spot suspicious emails and attachments, and when giving away usernames and passwords is legitimate. There are still too many cases when employees are fooled by an email with links that look legitimate, and the employee ends up giving hackers an access point to your data.

4. Deleting files is not as simple as clicking delete.

We talked about this in detail in a recent post, but it’s extremely important to know that deleting a file may not delete it for good. First, simply deleting a file on your computer only means that the space it takes up is available to be overwritten by a new file. It’s often still there. Second, files may or may not be synced everywhere in the cloud. Or, new files may be synced but not deleted files. Deleting in one place may not delete a file everywhere. In the celebrities’ cases, they thought that deleting a file on an iPhone meant it was also deleted in iCloud. In their case, it wasn’t. An IT professional can help you configure your archiving and deletion policies to make sure that deleted files are truly deleted.

5. Syncing files without proper oversight exposes you to security and data backup risks.

Be very careful about syncing cloud data to other devices. Ideally, you should store data and allow access to it from one central cloud location. If the data replicates itself locally on various devices, you open up the risk of your data appearing in a less secure location. It may be easier for a hacker to hack a personal device rather than your cloud servers. But if your sensitive data is encrypted and only accessible via your cloud servers (with view-only mobile access), then it’s much harder for a hacker to grab that data.


Waves of alarm always occur about the cloud when something like this scandal happens. It’s easy to blame cloud security when we should be using this incident as cloud education. If these celebrities understood how their data is stored, accessed, and deleted, then they would not have run into this issue. These are individuals, and so they can survive such an attack relatively unscathed. But as a business or government organization, you need to take advantage of the cloud’s benefits and high security while adopting common sense best practices that help protect your most sensitive data. Use the cloud, but don’t make the same mistakes as these celebrities.

To about cloud security in more detail, please contact us.

Thursday, September 04, 2014
John Miller, Senior Consultant

In many organizations, email is quite simply a mess. Sometimes, you might have loose policies where you can keep any email forever as long as there is storage space. In other cases, you might have arbitrary or necessary storage limits where you are responsible for deleting emails just to make room for more email. Either extreme is not healthy for a business or government organization.

You might say that keeping emails is understandable, for obvious reasons. If emails are needed for legal reasons or a city receives an open records request, it’s important that emails are accessible. As long as the email is somewhere, everything is fine. Right?

Actually, there’s much more to email archiving than just storing your emails in any old place. In this post, we offer up five reasons why you need to have business-class email archiving in place at your organization. 

1. Employee searching and reference.

The most obvious and prosaic argument for email archiving is simply that emails often contain a lot of important business and historical information that is useful to employees. Old emails might include notes about a project from two years ago, a forgotten vendor name from a meeting last year, or login information to a website. If employees are forced to delete emails or if they’re responsible for storing emails, there is a risk of losing important information. Email archiving ensures that employees can easily look up information from past emails.

2. Protection of sensitive information.

With a business-class email system, your email will be encrypted and protected by a variety of security measures. If employees are left to do their own archiving, there is a risk of storing old emails in insecure locations such as an external hard drive, thumb drive, or folders on the desktop that an unauthorized person might be able to access. With automatic archiving features in a business-class email system, the archived email will be set aside, encrypted, and protected against unauthorized users.

3. Storage.

Despite many cloud email systems offering more and more storage space, email storage can still grow unwieldy with many zip files, PDFs, PowerPoint presentations, pictures, audio files, and video files. Email archiving goes a long way toward compressing the size of old emails and storing them in a place where it’s expected you won’t be accessing them often. If your server storage is limited, this aspect of email archiving is critical to free up space.

4. Data backup and disaster recovery.

Email archiving forms part of a comprehensive data backup and disaster recovery strategy. Any archived emails need to be encrypted, easily accessible, and stored properly when backed up both onsite and offsite. If an email server fails, you need to make sure you don’t lose archived emails. You are still legally bound to produce important emails if requested, and the excuse of poor data backup and disaster recovery will not cut it with authorities.

5. Legal requests and compliance.

Your records management is extremely important when you are bound by law to produce emails. For businesses, you may need to produce emails as the result of following a contract, responding to a legal request, or complying with something like Sarbanes-Oxley. For government, you may need to respond to open records requests and correlate your archived email with record retention laws. You don’t want to be caught in a situation where you’re legally bound to produce an email and you are unable to do so. That failure could result in lawsuits and expensive fines.


To get started with email archiving, it’s good to look at the quality of your current email system. Are you using a free email service (like organization@yahoo.com)? Are you using an outdated email server with limited archiving and storage capabilities? Are you storing sensitive emails in insecure locations such as tape backups or thumb drives? Once you assess your current email capabilities, consider switching over to a more modern email system that encompasses email archiving and mechanisms to help you follow the law and retain emails the right way.

To talk about email archiving in more detail, please contact us.

Tuesday, August 26, 2014
Brian Ocfemia, Technical Account Manager
A recent Forbes article references a study from Docurated that highlights some alarming statistics about the current state of document management. Some key stats that the Forbes author highlights in the article include:
  • “Despite the hype around Cloud, 77% of respondents still use file servers as their primary repository.”
  • “Cloud Storage is being deployed but more than 79% of documents are still stored on-premises.”
  • “68% of organizations have 5 or more storage repositories.”
It’s likely that many cities and small businesses are in the same boat as the majority of respondents from Docurated’s survey. With the cloud and modern document management systems making it easier for cities and small businesses to create, store, and maintain documents, there’s no reason why these organizations need to settle for obsolete solutions that make business more difficult to conduct. Here are some tips that will help you get up to speed and put yourself in the minority of organizations that are doing document management right. 

1. Move your documents to the cloud to help disaster recovery.

As the statistics relate, too many documents are still stored on-premises. This increases the risk of a fire, flood, tornado, or other disaster wiping out important city or business documents. Ask yourself: If your documents were completely lost, how would that affect business? You would probably experience irreparable harm and possibly go out of business. Many cities would become crippled and unable to serve citizens effectively. Moving your documents to the cloud stores them safely offsite, including all of your paper documents (once you scan and store them). 

2. Move your documents to the cloud to make them more accessible from different locations.

If you still store documents on file servers, those servers tend to be closed off unless you’re at the office. In today’s world, people use laptops, tablets, and smartphones to work on the go. Teleworking becomes more and more of the norm as salespeople, creative workers, and business travelers work outside the office. They need access to documents without having to come into the office or use a difficult remote access VPN connection. The cloud makes it easy to not only keep documents secure but also gives people access to them while away from the office.

3. Move to one cloud document management solution to centralize your documents in one place.

So, you’re looking for an important business document. Is it on this file server? Another file server? Someone’s individual computer? The statistic about an average of more than five document storage repositories at many organizations is a sign of undisciplined document management. Different departments, probably out of frustration, simply started storing their documents themselves through the lack of an organization-wide policy. Moving to the cloud gives your organization the opportunity to centralize your documents in one place so that it’s easier for people to find them.

4. Organize and label your documents to help people find them.

Even if documents are centralized in one place, it can still be difficult to find them due to poor organization and labeling. This activity is something your organization should tackle anyway, so moving to the cloud in a centralized location presents the opportunity to sort out documents into a specific structure, decide what to keep or toss, and label using metadata (such as department, author, date approved, etc.). We’ve written some articles about this difficult but rewarding process.

5. Update your document management to help you follow the law.

For cities, this means following laws related to open records requests and record retention schedules. Modern document management systems help you store documents without fear of losing them, allow you to easily access them, and give you the ability to archive or delete them through the help of automation. Sure, you can follow the law manually, but isn’t that a lot tougher and more prone to human error? Leverage technology to ease your burden and automate your legal policies and procedures for documents.
If the above tips intrigue you and you had not been aware of how document management can solve a variety of your current business problems, shop around for some cloud solutions and explore the capabilities of modern document management systems. In this case, it helps to build out some requirements about what you’re looking for. You might be surprised to find that there’s a document management system out there waiting for you that can tackle your requirements—and a whole lot more. To talk about document management systems in more detail, please contact us.  
Friday, August 22, 2014
Nathan Eisner, CMO

It takes a lot of effort to purchase software. But once it’s inside an organization, the vigilance and due diligence seems to stop. It’s a like a person who spends a lot of time shopping for clothes but neglects the clothes once they’re bought and hanging in a closet. Because software needs to support business functions, unused software becomes a bad investment that wastes your money. In fact, the technology industry has a term for unused software: “shelfware.”

If you doubt the severity of this problem, consider the Internal Revenue Service. They wasted $11 million in unused mainframe software licenses. Other research confirms that a majority of organizations do not track software or know how much of it goes unused. While wrapping your head around your organization’s software can be intimidating, it’s a necessary step toward potentially saving you a lot of money.

Software grows like weeds, cropping up on computers everywhere throughout an organization and accruing over the years. Here are some tips to pin down and declutter your software with the goal of streamlining your budget. 

1. Take a software inventory.

Too many organizations don’t even have a sense of what software they have. If they do, it’s recorded on random Excel spreadsheets floating around an organization. Conduct an inventory to track down every last piece of software you’re using on computers and servers. Collect this information in a centralized place that’s easy to access. That information should include essential information about the software such as the version, date of purchase, number of licenses, etc. Automated software is available to help you with this inventory if your environment is large and complex.

2. Describe the business problem solved by the software.

This is a reality check for your organization. It may seem like a time waster, but this is an important question that rarely gets asked head on about your software. Why did you purchase it? What business problem is it solving? Just writing down the reason makes you realize if the software has a clear use, a vague use, or no use at all. If people begin debating the software’s use, then that’s a discussion worth having. Describing the business problem the software solves brings a lot of inefficiency and waste to light.

3. Prioritize the software’s importance to your organization.

After outlining the business problems, analyze your software based on priority. What software is mission critical? What software is for specialized use? What software seems to just waste space and collect dust? For example, you may have initially invested in an electronic note-taking software that had a clear business purpose but that no one ever adopted. Or, you might have GIS software that a particular department heavily uses to do their jobs but that no one else uses. A sense of software priority helps you understand if you’re maximizing your investments.

4. Look at the frequency of use.

While different kinds of software may have different intensity levels of use, it’s good to look at the reality of the actual use. For example, is the note-taking software referenced above not used because of user apathy or lack of training? Or is it because traditional note-taking is faster or the note-taking software’s benefits are too incremental to make an impact? Frequency of use will bring to light software that may be underused, which means your investment is not paying off. It helps you spot areas that you can remedy through policy and training, or possibly software that isn’t of much use that you can let go.

5. Explore options to reduce software costs.

Based on the data you collected in the first four steps, you now have the analysis needed to justify what you can cut, adapt, and save. For example, you might find that your GIS software is used heavily by five people but you bought 30 software licenses. In that case, you might consider switching to a cloud version where you pay by the user, and pay for only what you need. Or, you might revitalize the use of a particular piece of “shelfware” by training users, leveraging your support contract more, and creating policies that require use of the software in order to save you time and increase employee productivity.


Software is an investment, and it needs to pay off. If you scrutinize every capital purchase and analyze monthly operational expenses, then it doesn’t make sense to ignore software investments that flush money down the drain through disuse. There are plenty of remedies to apply once you get a handle on your software. Getting rid of it, cutting down the number of licenses, and moving your software to the cloud can all help you reduce costs. Use our tips on collecting the data, and then cut the bloat from your software costs to positively impact your bottom line.

To talk more about conducting a software inventory, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom