CitySmart Blog

Thursday, December 18, 2014
Alicia Klemola, Account Manager

Sometimes, you’ve got a special project in mind that requires a significant investment in technology. You might need specialized hardware, software, a mobile app, or other form of technical project expertise. In the past, you may have given the specialized technology vendor a lot of freedom and just assumed they were taking good care of the project. After all, they’re the expert. You’re not. Right?

Actually, there is a lot you can do to mitigate risk that happens when technology vendors are given free reign over a project: going over budget, not meeting deadlines, watching scope creep bloat the project, and ending up with a solution that doesn’t meet your needs.

The way to avoid those risks? It’s all about smart vendor management, and this post provides some tips on how you and your trusted IT staff or vendor can help ensure that using a specialized technology vendor doesn’t break your budget or introduce excessive risk into your organization. 

1. Establish clear expectations and accountability through requirements.

Draft a set of requirements that specifically outlines what the vendor is providing you. What do you expect as a final product? How long will it take? Who will do what? Often, when a project begins it’s hard to figure out what the vendor is actually doing and who your point of contact is on the project. Without clear requirements, you will lack a roadmap, set of expectations, and clear roles for all people involved.

2. Set realistic timelines.

If you bully a vendor enough, they sometimes overpromise a tight deadline just to get the business. Then, they push back your unrealistic timelines once you start paying them, knowing they’re in too deep for you to pull the plug. Work with an experienced project manager, preferably as part of your IT staff or a vendor, who can plan appropriately based on any requirements. An experienced IT project manager can help you figure out if a timeline is realistic based on a variety of factors such as dependencies related to your business or organization that the specialized vendor would not know about.

3. Ensure that people with the right skills are assigned to your project.

It’s not uncommon for vendors to use experienced salespeople to sell you on a product or solution. Then, once they’ve sold you, the vendor assigns junior level and other inexperienced engineers and managers to work on your project. Experienced IT staff or a vendor can help you identify what skill sets are needed for a project, such as having senior engineers closely oversee or even do some of the critical work. It’s a red flag if the vendor is unable to provide critical skilled talent on an important project.

4. Have IT professionals manage the day-to-day details of the specialized vendor.

We are passionate about the concept of vendor management. While organizations can set or oversee some of the high level business requirements, it helps when your IT staff or vendor can oversee the technical work of specialized vendors. For example, when a software vendor needs to integrate its software with your organization’s existing systems or databases, having an independent IT professional stay in communication with the vendor and ensure that technical tasks are followed correctly is essential in reducing errors and delays.

5. Collaborate with the specialized vendor as much as possible.

When it makes sense, collaborate with the specialized vendor instead of just having only their people handle all of the work. When your team is integrated into the vendor’s work, there is more of a chance to understand and oversee what the specialized vendor is doing. Ideally, a non-technical business decision maker and an IT representative from your staff or a vendor will take part in a project. Build in roles and responsibilities into your requirements to ensure that key stakeholders from your organization have a clear involvement in the project.


A hands-off approach to vendor management puts you at risk even if it’s something as simple as buying a computer or router. Why risk even more with complex specialized technology projects? When these five tips are followed, we see that specialized technology vendors do a much more thorough, responsible job at staying in communication with you and following a rigorous project schedule. Plus, you make sure that your staff stays informed and educated about the project, transferring important knowledge into your organization. Remember that vendors often leave after a project, so it’s important to keep as much knowledge of the project in-house as possible.

To talk about vendor management for specialized technology projects in more detail, please contact us.

Thursday, December 11, 2014
John Miller, Senior Consultant

You may often hear the phrase “business driver” when some consultants refer to information technology. It’s an overused phrase and often gets thrown around without meaning a great deal. In the meantime, it’s much easier to think of information technology as extremely tactical, purchased out of bare bones necessity to accomplish basic things like run software, provide employees with computers, and share electronic data. Beyond that, information technology as a “business driver” might sound like inflated rhetoric.

However, there are some important insights for organizations once they unpack the term “business driver” and apply it to information technology. In our work with organizations, we try to bridge the gap between business and technology for non-technical people by showing that many technology decisions should be spearheaded by non-technical decision makers. Of course, it helps to have experienced IT staff or a vendor to suggest what’s possible and how to get it done, but there are many ways that non-technical decision makers can use technology to drive the business. 

1. Save time, money, and resources.

The most common reason that many technology solutions exist is to trim operational costs. By nature, most information technology solutions were designed to create a more efficient way of doing things—from backing up data to sharing meeting notes. Look for areas of your organization where you feel excessive time, money, or other resources are draining your budget. Then explore if technology solutions exist to automate a manual process or reduce hardware that you have to maintain.

2. Mitigate risk.

Through federal and state law, information technology becomes more essential as a way to enhance legally mandated levels of cybersecurity. That includes data backup (both onsite and offsite), encryption, antivirus, firewalls, and any other information technology that helps secure and protect data. Too many data breaches and stolen electronic information along with significant advances in cybersecurity means that your organization needs a certain standard of information technology to mitigate the risk of lawsuits, fines, public anger, and lost business.

3. Enhance employee productivity, mobility, and morale.

Information technology helps your employees work happier and more efficiently. If you can use information technology to free up time such as automating a manual process, then your employees can direct their energies toward more productive tasks. The cloud can help employees access data and information remotely, allowing them the flexibility of working from home or while traveling. And when it’s difficult to compete for talented employees, good technology that enables them to work productively and flexibly means less chance of turnover and losing good workers.

4. Connect separated departments and groups.

It’s not uncommon in some organizations for one department to use their own software or set of servers and another department to use completely separate software and servers. When these groups are supposed to work together and share information, the results of such separation can be disastrous and wasteful. In today’s business and government organizations, cooperation and interdisciplinary projects become more and more frequent in order to accomplish major business goals. Consider centralized email, document management, software, and servers to manage resources from one place, provide a common experience for everyone in the organization, and make sharing information much easier.

5. Accelerate business goals and objectives.

Many business goals and objectives are often set without an organization knowing fully if technology can help or hinder those goals and objectives. Your organization might want to offer a way for people to pay for products and services online. Cities might want a mobile app that allows citizens to report problems and issues such as potholes. Even a website redesign involves a lot of parts and pieces that may lead to disaster or excessive cost if done poorly. An information technology consultant can help you discuss feasibility, cost, and options that include possibilities you may not have known were possible—but you need to be the one who throws out possibilities and see if they can work.


Obviously, you’re not expected to understand technology in technical detail in order to make decisions about it. At the same time, it helps to surround yourself with experienced IT professionals who understand both business drivers and the technology that best helps accomplish specific business goals and objectives. From operational cost savings to empowering your biggest business decisions, using technology can help or hinder your organization depending on how well you integrate it into everything you do.

To talk about the business impact of information technology, please contact us.

Friday, December 05, 2014
Dave Mims, CEO

It’s always great when we help cities save money. A little publicity doesn’t hurt either! The Polk Fish Wrap recently reported that we saved the city of Rockmart, Georgia $36,000 a year in IT costs as they transitioned to us when their full-time IT manager left for another position elsewhere. Many cities are starting to realize that our IT in a Box offering has the capacity and scale to do more for less.

That’s why the article says, “The decision was made to outsource the work after research was completed and the Georgia Municipal Association (GMA) recommended the firm.” That research included looking into not only our low costs but also our capacity to handle the city’s website, data backup, document management, email, and server, desktop, and mobile device management. In addition, the city benefits from our helpdesk available 7 days a week and the management of all the city’s communications with technical vendors so that city staff doesn’t have to worry about it.

We look forward to serving Rockmart, Georgia and continuing to help cities in Georgia—and around the country—save money on IT costs while also modernizing their technology.

Thursday, December 04, 2014
Brian Ocfemia, Technical Account Manager

When organizations think cybersecurity, they often think about it from an IT tactical perspective. That’s important. A few weeks ago, we published a post about taking a serious look at passwords, virus attacks, data backup, security updates, physical security, and websites to help strengthen cybersecurity. But these efforts often do little good if higher level questions aren’t answered and taken into account.

Even the word “cybersecurity” sounds like it’s only in the realm of technology, and it’s easy to blame information technology staff or vendors for every cybersecurity problem. But there are important policy decisions that you need to make to supplement the work done by IT.

Ask yourself these non-technical cybersecurity questions to see if there are higher level actions you need to take to protect your organization. 

1. Assume the worst. Someone gets hold of your data. What happens?

Start with the worst case scenario. Look at all of your data and talk about the consequences of a hacker or thief accessing certain information. This kind of discussion will help you prioritize and focus on protecting more important data. Obvious critical data includes personal, financial, and confidential data. If that data gets stolen, it may lead to lawsuits, fines, and loss of business. Businesses may worry about loss of intellectual property or customer data. You’ll also better understand what data would not have much impact if it got stolen.

2. Are you including organizational leaders, information technology staff and vendors, and employees in any security conversation?

Leaders need to set priorities, create policy, and make business decisions about cybersecurity. Information technology staff or vendors help consult and recommend best practices to meet an organization’s specific cybersecurity needs. Employees need training in basic cybersecurity such as spotting red flags they encounter on the web or email. Too many organizations think they’re solving their cybersecurity problems by installing some antivirus software. But if employees don’t know about suspicious email attachments or executive leadership doesn’t budget enough to properly protect financial information, then antivirus – and IT – won’t do much good on its own.

3. Are you accounting for the security of personal mobile devices?

IT can lock down organizational assets like servers, workstations, and business-issued mobile devices. But what about employees who bring their own devices and use them for work? IT can help with recommending that those employees use strong passwords, encrypt their phone data, or install security apps that provide extra protection. But those devices can still get stolen, and then thieves have access to your data. Leaders at your organization need to address deeper questions about how information is stored and how people access that information on their mobile devices.

4. How are people authorized to access information at your organization?

It still surprises us that despite how fancy the technology at a given organization, authorization to access information is often loose and dangerously informal. People may share passwords with each other, passwords may be extremely weak (e.g. “admin” or “123456”), or too many people have access to sensitive information due to a lazy server configuration or document management system where any and all files are dumped without any thought. We recommend that leadership helps decide who can access what information. Then, IT should use a system (such as the cloud) with centralized management to set user permissions. For extra security, you may require 2- or 3-factor authentication such as captchas, a mobile confirmation code, or a passkey to have people access extremely sensitive information.

5. How is your information centralized and managed?

Is it harder to secure one big house or 10 small houses scattered in different locations? Data works the same way. Too many organizations store sensitive information in a variety of locations on a variety of servers through a variety of vendors - leading to a variety of cybersecurity problems! A related problem is when organizations take shortcuts by using a free personal email provider for work (such as yahoo.com addresses), which scatters email across too many locations. By centralizing your information and managing it through a public or private cloud platform, you decrease your number of security vulnerability points and allow your IT staff or vendor to more easily track and lock down information.


Many cybersecurity decisions actually rest upon non-technical organization leaders, and employees need to follow certain policies and be restricted from access to important information. Your IT staff or vendor also needs to understand that cybersecurity goes far beyond antivirus and firewalls. If they aren’t talking with your leadership or recommending best practices for your employees to follow, then they aren’t thinking strategically. Cybersecurity is no laughing matter, and the penalties - both tangible and intangible - are severe. By addressing the highest level questions, the details soon follow and your IT provider can execute a much more effective cybersecurity plan.

To talk more about cybersecurity, please contact us.

Thursday, November 20, 2014
Clint Nelms, COO

While open records and Freedom of Information Acts (FOIA) vary from state to state, they generally share a common theme: Government records are open to the public unless exempted by law. That means cities need to always prepare to respond to open records requests or Freedom of Information Act requests. They can be politically messy but, more importantly, quite expensive.

That’s why it’s good to have processes and technology to handle these kinds of requests as quickly and inexpensively as possible. How expensively can a technology-equipped city handle a request versus a city without the proper technology? Let’s look at some examples.

We’ll keep the cities anonymous, but we’ll analyze four records requests. For each request, we show how many hours it took us to complete an open records or FOIA request with a city optimized to handle the process. We also provide an estimate based on our municipal experience of how long it takes without the technology.

City Request

Sophicity Time

Normal Projected Time

City 1

14

42

City 2 - Request 1

10.5

31.5

City 2 - Request 2

11.75

35.25

City 2 - Request 3

10.25

30.75

Average

11.625

34.875

For non-contracted IT services, we can average the cost of handling an open records or FOIA request at $150/hour. In some areas of the country, a company or person may charge less, but it usually balances out because less experienced (cheaper) staff or vendors will take significantly longer to complete the same task.

That means the normal projected cost for an open records or FOIA request at 34.875 hours per request is $5,231.25.

However, when your city becomes “optimized” to handle open records or FOIA requests through the right processes and technology, the cost goes down significantly. How do we drive this cost down?

Typically, cities without process and technology optimization:

  • Have email hosted by different email providers and located in different places.
  • Have email located on employee workstations or servers scattered across a city’s office, network, or at people’s homes.

Because email that is relevant to the open records or FOIA request is not centralized, it will have to be located (in a time consuming fashion), reviewed (in a time consuming fashion), and then extracted for the legal team to review. All of this activity is handled by the city’s IT team or the hourly support vendor, which is costly.

We keep costs down by using a cloud email solution that centralizes city email services and makes it easy for us to run any required searches. When email is centralized and accessible in one place, it’s much easier to run searches without having to dig and investigate across many decentralized locations. Plus, modern cloud email software is built in with search-friendly tools that make searching much easier and quicker.

It also helps that our staff has extensive experience with handling these requests for municipalities. That allows us to handle these kinds of requests more efficiently than an IT resource who has never processed one before. Even at $150/hour, an optimized environment cuts each open records or FOIA request cost by a third. Even better, under a service such as Sophicity’s IT in a Box, any labor for a record request is included. That means no additional fees and no extra invoices.

To optimize your ability to handle open records or FOIA requests and cut your costs:

  • Switch to a cloud email solution that centralizes your email in one place. Cloud email also helps you avoid mixing up personal and professional email.
  • Establish an email archiving policy that follows the law and helps your employees quickly find information.

To talk more about the cost of your email open records or FOIA request, please contact us.

Thursday, November 13, 2014
Nathan Eisner, CMO

The “cloud” has become part of mainstream technology terminology, but it’s still a word that confuses a lot of people. Partly, that’s because the word is vague and also because it’s not really a new technology—just a powerful augmentation of existing technologies like servers and data centers.

First, the “cloud” means that your data and applications are stored and run on the internet as opposed to your local computer or network. In the past, you would typically access your data and applications from an onsite computer or server. For large amounts of data or powerful applications, you might traditionally also have used a data center. Many organizations like to use data centers to store data and run applications because these facilities are designed to prevent physical intrusion to your servers and they rarely lose power or Internet connectivity.

Cloud service providers are actually massive data centers that remove the need for you to own or lease servers at a typical data center. Instead, advanced cloud technology allows you to essentially “subscribe” to an application or service over the Internet like turning on a utility without even bothering to own or lease any machines. In your mind, the machines might as well just “go away.”

There are two types of clouds that you can use. 

  • Public clouds. More commonly used, especially by cities, public clouds offer a way for multiple organizations to store their data and applications in the same place—securely.
  • Private clouds. Less commonly used, private clouds are instances in which a single or small number of organizations store their data and applications in a data center and access their applications and/or data from outside locations. Whether you own or lease the equipment, you know that the machines being used are only used for you or a small number of organizations.

Whether it’s a public or private cloud, your data and applications are accessed over the internet. But why go with the cloud?

Public clouds are a great solution for cities because the cloud providers have implemented redundancy (e.g. power, Internet connections, etc.) and security measures that a city simply cannot afford. This means better maximum uptime and a lower risk of a security breach. It also means a much lower cost than running your servers in-house. When cloud providers like Amazon, Google, and Microsoft are running cloud infrastructure, believe us when we say nobody has more resources to invest in redundancy and security than these companies!

The cloud also makes it easier for you to access your data and applications from anywhere on any device. It removes your dependence on hard-to-use VPN connections and other remote access technology that’s becoming more and more obsolete every day.

While it seems like the cloud moves your data farther and farther away from you, the public cloud has really existed since the beginning of the Internet when people started using email. When you think about it, any kind of web based email is actually a cloud application because you access the service over the Internet without needing to maintain your own servers.

An increasing percentage of technology that we use every day is moving to the cloud. And this is a good thing because of its increased reliability and security. Don’t be afraid of the cloud. Despite bad press when there is a rare incident with a cloud provider, the reputable public cloud providers have an outstanding security record (as seen by many government organizations using them). If you follow some basic rules for security (such as having good passwords), your chances of having your data compromised through the cloud are very low.

To learn more about the cloud, please contact us.

Friday, November 07, 2014
Dave Mims, CEO

There might seem to be a wide disconnect between how you run your network infrastructure and how you serve citizens. Servers are one thing, service is another. But they are more tied together than you’d think at first glance. That’s because the quality of your technology infrastructure affects:

  • How fast you respond to citizens.
  • Having the right information on hand when you respond to citizens.
  • The safety and security of your information.

We write quite a bit about our preference for cloud hosting as the preferred infrastructure when possible, so we won’t reiterate those details. The slant of this post is to get you thinking about the state of your technology now and how it might affect the quality of your relationships with citizens.

Here are some common technology problems we see at cities that end up negatively impacting citizen relationships.

  1. Too many software systems. When citizens call in with requests or inquiries, their information might get stored in one piece of software. Then, they may interact with another department with different software and the citizens have to repeat their information all over again. You might experience that frustration as a customer when calling up large banks or cable companies. A technology assessment allows you to take a look at your environment, potentially reduce and consolidate software, and save money in the process. Once consolidated, you’ll find that your citizen service (related to information collection and access) increases.
  2. Scattered and fragmented information. Have you ever looked up information about citizen requests and inquiries like a detective? Maybe you hunt through several databases, search through your emails, and even ask people with years of institutional knowledge. Document management systems, citizen relationship management software, and other solutions exist that can help your city centralize information. It often takes a lot of work to centralize that information and migrate it to a consolidated system, but that effort pays off in the long-term by improving your efficiency and citizen service.
  3. Outdated software. It’s all too common that many cities use software that is just simply too old to handle the modern demands of the Internet and mobile devices. You’ve probably experienced technical support calls where the person helping you has to waste valuable minutes waiting for software to load. Or you’ve experienced retail stores where a clerk can’t help process your transaction because their computer froze. It’s embarrassing when old, outdated software slows down or prevents you from serving citizens. A technology assessment can identify weak points and suggest more modern options that will help you improve service.
  4. Citizen service access limited to normal office hours. The Internet and mobile devices have shattered the notion of the 9-5 workday. Yet, many cities still limit their services to a 9 a.m. – 5 p.m. schedule. What if citizens report issues or problems before or after hours? What if they start up conversations on social media? What if they want to pay a bill or join a committee while at home, at a coffee shop, or while traveling? The cloud allows cities to adapt their underlying technology to a mobile world. Once essential hardware and software resides in the cloud, both citizens and city employees can access important information and applications while on the go, anytime/anywhere, from any device.
  5. No visibility into citizen data, patterns about problems, and signs of opportunity. Without centralized data collected and stored in modern software, cities run the risk of failing to generate reports that may identify problems with citizen service or signify opportunities to improve service. Older software (especially if it’s siloed and separated from other important data) can limit the amount of reporting you can do. While it still takes some time to identify what data is important to you and what you want to report, it’s best to start thinking about collecting data that allows you to identify problems long before citizens storm a council meeting or you realize you’ve been underpaid in revenue by citizens, cable companies, or lodging providers.

If any of these points hit home, we recommend at least conducting an assessment to identify areas of highest opportunity for improvement. You may have a limited budget, but if service is crippled or you’re failing to collect revenue from lack of insight, then you’re losing money anyway. Remember, it’s your highest priority to serve citizens. They are your customers. No matter how great your city staff treats citizens, if technology fails, then your city staff fails. Great technology supports great service, and we hope you now better see the connection between the “boring” back end technical side and the excitement of successfully serving a citizen.

To talk more about assessing your technology, please contact us.

Thursday, October 30, 2014
Alicia Klemola, Account Manager

While there isn’t a debate anymore about the benefits of cloud hosting, governments and businesses still balk at moving into the cloud. A recent article from Marketplace highlights a few of those legitimate concerns from various government organizations that have made the shift along with various privacy experts sounding off.

Any remaining objections usually come down to two points: 

  1. Is the cloud secure?
  2. Does the cloud follow all privacy laws?

From here, organizations usually talk themselves into the false sense of security that comes from sticking with their own onsite servers or those they own or lease at a data center. But cloud hosting can overcome these two objections. In fact, the Marketplace article even states that Australia, a country with some of the strictest privacy laws, has moved into the cloud. They wouldn’t do that if it wasn’t secure.

Let’s look at some of the key reasons why cloud hosting is worth considering, starting from the two objections and then expanding out into a few other points. 

1. The cloud tends to be more secure than your onsite servers or servers co-located at a data center.

We’ve written before about a false sense of security that goes like this: If you can see your own servers, they must be safer and more secure. In the article, the CIO of the state of Wyoming says, “Folks say, 'It’s more secure because I control the server.' Well, yeah, but I can pick it up and walk out to my car with it. And that citizen data isn’t secure anymore.” Companies like Microsoft, Google, and Amazon host your information in cloud data centers that are like fortresses. From physical security to information security, they have the most industry-leading resources on hand to protect your data—resources that you or smaller data centers simply lack.

2. Cloud hosting providers are usually reputable as a result of their reliability and following strict legal and regulatory compliance.

When so many large organizations now rely on the cloud, that means those organizations have forced cloud hosting providers to be competitive. That means upholding strict service level agreements (SLAs) and following legal and regulatory compliance to a level unmatched by any other hosting entity. If absolutely needed, they can even carve you out private clouds or create you an onsite cloud. With multiple Internet connections, massive amounts of redundant backup power, and data spread out across different cloud hosting facilities across the country or world, cloud hosting providers give you the best assurance of reliability and privacy to date.

3. Cloud hosting providers ensure even better data backup and disaster recovery than onsite servers or data centers.

Because cloud data is accessed from any device, it’s hard to lose data or a place to access it. Cloud hosting providers offer such robust reliability and uptime that it’s extremely rare for them to lose your data. While losing power or an Internet connection may prevent you from accessing your data, you won’t lose it. As a result, cloud hosting adds to your data backup and disaster recovery resources, meaning you can rebound from a bad weather event, fire, or theft much faster.

4. You can access data anytime or anywhere.

Because cloud hosting providers require strict yet easy-to-set-up permissions for only authorized users, you can breathe a sigh of relief when employees access business data from home or through their mobile devices. Traditional servers or data centers require that employees only access data while at the office or through difficult-to-use VPN connections. With the cloud, your employees can work from anywhere as if they’re at the office—without losing one iota of security or privacy.

5. Moving to a cloud hosting provider usually cuts your costs significantly.

Think about it. No more onsite hardware to purchase or maintain. No more data center servers to buy or lease. So why does the cost of shifting to a cloud hosting provider drop so much? Think of cloud hosting like a utility. Is it more cost-effective to buy your own electricity generators, or to use the collective power of an energy company that provides you electricity for a low cost due to the scale of their operations. Cloud data centers work the same way. By storing data in cost-efficient ways at such large hosting centers, those hosting centers pass on the cost savings of scale to you because they are more efficient than any onsite servers or data centers you could use.


We encourage you to ask cloud hosting providers and vendors your toughest questions about security, privacy, and reliability. Better yet, find their biggest and most conservative customers—the ones who would have the most privacy concerns—and hear what their business stakeholders and technology experts have to say. Like the CIO of Wyoming in the Marketplace article, you’ll find that many people have thought through most of these concerns—forcing the competitive cloud hosting providers to deal with these issues. The good news? You now benefit from any trial and error that occurred many years ago when this technology first started out, and you can slash your costs while upping the quality of your technology infrastructure.

To talk more about cloud hosting, please contact us.

Thursday, October 30, 2014
Nathan Eisner, CMO

Seemingly every day, a news story breaks about yet another security breach and more data stolen from an organization. We hear about big organizations such as Kmart and government operations such as the Oregon Department of Employment, but we don’t often hear about smaller organizations. Because hackers pick easy targets, smaller cities are even more at risk than larger entities. And that’s a major driver behind Kentucky’s House Bill 5 that our CMO, Nathan Eisner, recently spoke about during a talk at the Kentucky League of Cities annual conference.

Nathan Eisner talks to KLC about cyber security 

The language of House Bill 5 is quite clear and includes the following provisions:

  • Requires public agencies and nonaffiliated third parties to implement, maintain, and update security procedures and practices, including taking any appropriate corrective action to safeguard against security breaches.
  • Requires public agencies that maintain personal information to notify persons impacted by security breaches.
  • Requires that public agencies establish reasonable security and breach investigation procedures.

While specific to Kentucky, House Bill 5 is reflective of similar legislation and expected best practices around the United States. So, cities must take reasonable steps to protect their data and, in the event of a security breach, notify affected parties. This situation makes security much more urgent for cities, but they often ask us, “What now? How do we protect our data?” Those were common questions we heard at Nathan's conference session on cyber security.

KLC Session on Cyber Security

The good and the bad news is that many methods of shoring up security are easy. Good because fixes are relatively easy to implement. Bad because it suggests that the biggest threat to most cities is your own staff. A little education goes a long way toward making your staff—both your IT and non-IT employees—aware of activities they can do every day to make sure that your city stays as secure as possible.

Here are some areas you can tackle immediately.

Passwords

A recent study by a technology research company in California found that one out of three people had their passwords written down somewhere around their desk. Many people used obvious passwords such as a child’s name, pet name, college mascot, birthdate, etc. Overall, researchers figured out passwords for 50% of the people in the study. Before you laugh, ask yourself, “How secure are your city’s passwords?”

To make sure your passwords aren’t opening up major security holes:

  • Do not write passwords down and leave them lying around.
  • Use a password on all of your devices including your computer, smartphone, iPad, etc.
  • Do not use obvious passwords that are easy to guess.
  • Use long and complex passwords with uppercase and lowercase letters, numbers, and symbols.
  • Do not save passwords to websites and applications on your Internet browser.
  • Rotate your passwords periodically.

Virus Attacks

A few years ago, a city finance officer was contacted by their local bank. Wire transfers in the amount of $90,000 were attempted from the finance officer’s computer. Compromised by a virus, the computer was remotely controlled by an outside party. Luckily, the local bank’s fraud prevention efforts saved the city from any significant financial damage. But imagine if the transactions had been allowed to complete. The city and the bank would have had to spend money on legal action and recouping any financial loss. That’s real money lost—all because of a simple computer virus.

To combat viruses, we recommend that you:

  • Install antivirus software on every computer.
  • Audit your antivirus software regularly by confirming that it’s installed and licensing is up-to-date.
  • Educate your staff about the common sources of viruses such as email attachments and websites.

Data Backup

Last year, we heard about a city’s server that became infected with a virus. That server contained the city’s financial system. The city’s backup system failed to recover the data. The city had backed up the data, but they did not test their backups. And what happened? They lost 13 months of financial records. To get that data back, their only recourse was to hire contract labor to re-enter every transaction manually. Talk about a lot of significant unplanned expenses!

With data backup, start by asking some important questions:

  • What data is critical to your city?
  • How will your city be affected when that data cannot be accessed for extended periods of time?
  • How will departments such as public safety function without access to their data?

Once you get a better sense of your data needs and priorities, apply the following best practices.

  • Perform onsite backups of important city data.
  • Perform offsite backups to recover your data from events like theft and catastrophic disasters.
  • At a minimum, back up your data daily.
  • Remove human interaction—and reduce error—by automating your data backup.
  • Plan what you will do in a disaster, such as a fire or tornado.
  • Test your backups regularly.

Security Updates

Recent studies have shown that

  • 80% of cyberattacks can be prevented by keeping computers up to date.
  • Applications like Adobe Reader and Java are more likely to be exploited than Windows.
  • Most people ignore messages on their computer about installing updates.

To stay up on security updates, make sure your IT staff or vendor ensures the following:

  • Let those updates run on people’s computers. Make sure your employees don’t ignore them.
  • If you have servers, make sure your IT staff or vendor updates them.
  • Upgrade any applications that have reached “end of life”—which means that the software is so old that the vendor has stopped supporting it.

Physical Security

Don’t forget the old-fashioned way of stealing! Protecting city data also involves protecting physical equipment. A stolen backup drive or a disgruntled employee with a USB stick can be just as harmful to your city as a hacked computer. To tighten up your physical security:

  • Have employees lock their computers when away from their desks.
  • Ensure that servers and network equipment are locked up in a secure room.
  • Store any external media such as USB drives or backup tapes in a safe place.
  • Use encryption on your data if possible. If someone does steal your data, it will be useless to them.

Websites

Last year, citizens trying to reach a particular city’s website found nothing but advertisements on it. What happened? The website had been hacked and all of the city’s content was replaced by ads. The hacker found a weak spot by infiltrating the city’s utility billing system through a hole in the online bill pay software. If the problem lingered, a citizen going to the city’s website, thinking it was a trusted source of information, could have been infected with spyware or malware. That citizen’s private information may have been stolen and the city would have been liable.

To ensure a problem like this never happens, make sure you:

  • Ensure that your city’s website is hosted by a reputable provider.
  • Know where your city’s website is hosted.
  • Ask your website’s hosting provider to have your site objectively audited for potential risks by a third party.

Remember, cybercrimes affect all cities—not just the big ones. Be proactive, ask questions, and stay informed. Use this post as a guide to get you started, identify gaps, or check up on any doubts you have with your IT staff or vendor.

If you want to talk more about cyber liability, please contact us.

Thursday, October 16, 2014
John Miller, Senior Consultant

Just when you’ve gotten used to the idea of shifting your servers and software applications to the cloud, you might hear about the option of moving your phone system there too. Many businesses and organizations still rely on landlines or maybe even a Voice over Internet Protocol (VoIP) system that may run on a server in your office or at a data center. Isn’t the phone something distinct from the rest of your data and software? Why would you move it into the cloud?

When VoIP came out many years ago, it primarily stunned a lot of people because it made them realize that phone information could be reduced to packets of data transmitted over the Internet. That meant you could treat your phone system the same way you treat a software application, and you used an Internet connection to communicate with other people instead of landline technology. But VoIP was software and usually required an onsite or data center-hosted server to run the application. With the cloud, you even remove the need for a server.

Despite this advance in technology, you might wonder about the practical reasons for moving your phone to the cloud. Here are some compelling reasons that hit home with the businesses and organizations we work with. 

1. Immediately cut costs.

Without a landline connection, you essentially just pay for an Internet connection. Because landline equipment is expensive to maintain, landline providers pass on that cost to you. And if you use traditional VoIP, you’re paying for server hardware and maintenance. Cloud phone systems just need an Internet connection (that you already have and pay for), and you often set up the system in minutes. With no hardware or equipment costs getting in the way, your phone costs go way down.

2. Quickly fix problems and add features.

Landline providers move extremely slowly— to implement your service, to repair equipment, to fix problems, to resolve issues, and to add features to your service. Cloud phone systems are maintained in cutting-edge data centers, and there is very little to implement or fix. Problems are often just glitches resolved in minutes, and features can be added in the same amount of time. True, traditional VoIP service also benefits from quick problem resolution and added features, but the cloud can be even faster because your IT staff or vendor are not spending time maintaining your VoIP servers.

3. Receive all of your communications in one place.

Cloud software simply has advantages that landlines lack. Because landlines do not transmit Internet data, they cannot integrate phone data with your software. Cloud phone software sees everything as data. That means voicemails, faxes, text messages, multimedia, and emails can all go to the same place in software such as Microsoft Outlook. Traditional VoIP does this too, but cloud phone software data can be even simpler to set up, integrate, and manage.

4. Add and subtract numbers and features with a click.

Landlines make it difficult to scale up and down. Usually, you’re locked into a set number of lines and features and it can be difficult to change quickly. To help with scaling up and down as your business and organization grows and shrinks, cloud phone software allows you to add and subtract phone numbers and features with a simple click. Your monthly fee adjusts based on what you actually need—and you’re not locked in based on what you were sold.

5. Take your office phone with you everywhere.

Cloud software makes it extremely easy to essentially carry your office phone with you everywhere. That’s impossible with a landline. With cloud phone software, you install a mobile app that connects to the software from anywhere. Access the mobile app, and then any call that comes into your office number rings your mobile phone. This helps businesses and organizations make it easier for employees to work remotely, keeping personal and professional phone data separate.


Some businesses and organizations might still need landlines for critically important functions that need to stay up if power goes out, such as 911 call centers. Otherwise, for most common business needs, cloud phone software is a compelling option. If you’re still happy with your traditional VoIP system, you may just want to do a cost analysis to compare it against cloud phone software. Similar to other cloud software, you might find an additional cost savings in getting rid of hardware, giving employees more mobile flexibility, and making it even easier for your IT staff or vendor to manage your phone services.

To talk about cloud phone software in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom