CitySmart Blog

Thursday, January 29, 2015
Dave Mims, CEO

Heard about denial of service attacks? That’s where hackers will pummel an organization’s website servers with tons of bogus traffic so that the website becomes impossible for people to access. A recent story from the Columbia Daily Tribune reported that the city of Columbia, Missouri experienced a denial of service attack that led to a three-day website outage. That meant citizens could not access city services and information while valuable city staff time was tied up helping deal with the emergency.

The bad news? Denial of service attacks are hard to prevent. If a relatively sophisticated hacker wants to go after you, they will likely be able to have a negative effect on your website. However, it helps when your city can respond within hours rather than days to eliminate the negative effects of a denial of service attack.

Here are some tips and best practices that you can implement to best handle a denial of service attack and recover as quickly as possible—without overtaxing your budget.

  1. Host your website in the cloud. It’s getting more and more difficult to effectively host your own website servers onsite or even in smaller data centers. By hosting your website in the cloud, you benefit from the largest, most advanced, and most secure hosting providers on the planet. Cloud data centers are usually much more capable of handling denial of service attacks than your onsite setup.
  2. Consider investing in a content delivery network. A new buzzword related to the cloud that you may occasionally hear is “content delivery network.” It’s a very technical concept, but all you need to know is that it’s a way for your website content to be copied to multiple cloud data centers across the country. Then, let’s say someone in Oregon wants to access a Georgia city’s website content. Your website content may be copied to 10 servers around the country and so a server at the closest cloud data center in Portland, Oregon ends up delivering the content to the person. By having your website content and data more geographically distributed across so many servers, it makes it harder for a denial of service attack to be as effective than if only one location is delivering up content.
  3. Make sure you back up your data. While denial of service attacks don’t usually lead to data loss, it’s still possible that you won’t be able to access critical data for a long time. It helps to have your website (and all critical) data backed up both for quick onsite recovery and offsite disaster recovery. That way, if you’re unable to access certain data or information for days, you’ll at least have a copy that’s backed up separately from your temporarily inaccessible website servers.
  4. Proactively monitor your network and set up alerts. If you’re not continuously monitoring your network and instead only reacting when something like a denial of service attack happens, then you waste valuable time in handling the problem. Investing in experienced IT professionals who monitor your network means they will detect problems related to denial of service attacks very early. They’ll address the problem almost as soon as it happens. Otherwise, you may take hours to even realize that a denial of service attack is happening and more hours calling in staff and IT consultants to start addressing it. It’s like firefighters arriving at a fire several hours late.
  5. Rely on experienced IT professionals to manage all vendor communication. If non-technical city staff need to get on the phone and try to explain what’s happening, you risk wasting valuable time and possibly handling the problem in the wrong way. Experienced IT professionals can coordinate communication with multiple vendors such as Internet service providers, cloud data centers, website hosting providers, and any other relevant vendors. There are often many technical components to recovering from a denial of service attack, and you want to make sure you have the right people helping you in that recovery.

For cities on a tight budget, simply moving your website hosting to the cloud and engaging the ongoing monitoring services of experienced IT professionals will help you more likely respond and recover from denial of service attacks in hours rather than days. Plus, these kinds of technology investments also help you with important areas such as: 

  • Cybersecurity and cyber liability
  • Website reliability and uptime
  • Data backup and disaster recovery

To talk more about mitigating the risk from denial of service attacks, please contact us.

Thursday, January 22, 2015
John Miller, Senior Consultant

One of our colleagues (let’s call him “Joe”) is particularly tech-savvy. While not an IT professional, he has been involved in the information technology field for over 10 years. He’s immersed in that world and can easily talk to us about the many nuances of data backup, website content management systems, and software. That’s why it surprised us when he called us up a few weeks ago and told us about how he eliminated a particularly nasty computer virus.

Luckily, the computer he used was brand new, so he was able to erase all his data and reset the computer to the original factory settings. However, it was a stark reminder that even the most tech-savvy people can click on the wrong attachment and download a computer virus.

We’re sharing this lesson as a case study (with “Joe’s” permission but keeping the person’s identity anonymous) in order to highlight to you the importance of making sure your information is protected. Because even well-intentioned people can accidentally upload a computer virus in a matter of seconds, we want to make sure that a virus doesn’t knock out your network or cause you to lose important information.

Here’s how it happened. 

1. Joe purchased a new computer and wanted to download the Google Chrome Browser.

Joe set up his computer and made it through the preliminary setup. He was ready to get onto the Internet. Joe prefers the Google Chrome Browser, so in order to download it he had to open up the computer’s default Internet browser and find the right webpage.

2. On a search engine, he searched for “Chrome browser download” and clicked on the first search result.

He used the computer’s default Internet browser and search engine to search for “Chrome browser download.” A list of search results displayed and Joe clicked on what he thought was the first legitimate search result.

At this point, we should note that the search engine’s ads did not look terribly different from an organic search result. Unbeknownst to Joe, he clicked on an ad, not a search result. In hindsight, he realized that the ad led to a website that was not Google’s. 

3. He landed on a seemingly legitimate Google Chrome browser download page and clicked on a button to download the browser.

Malicious sites are often good at replicating the look and feel of legitimate sites. Joe was in a hurry. Because he already thought he had clicked on the top search result (which he logically thought must be Google’s page), he assumed this page was legitimate and he clicked “Download.”

4. While going through the downloading process, he noticed many more agreements and “bundleware” than usual.

It was while he clicked “I Accept” for many pages of agreements and noticed a great deal of “bundleware” (additional software options that he could download in addition to the Chrome browser) that red flags started to go off in his head. However, he went through the entire process because many kinds of software often feature similar processes (such as Java downloads from Oracle).

5. Finally, he realized something was wrong when the Chrome browser opened and asked him for his Google username and password in an unusual way.

While the page looked somewhat like the typical Google sign-in page, there were clear differences that he was savvy enough to notice. He came within a few seconds of sharing his important Google username and password with hackers, but unfortunately he had already downloaded malware to his computer.

At this point, the antivirus program that came with his computer started alerting him that it detected malware on his computer. However, the malware was so cleverly written and installed (and remember, installed voluntarily by Joe) that it could not be removed manually. The malware kept reinstalling itself every time the antivirus program quarantined or removed it.

More dangerously, the malware hijacked his Internet browsers with fake search engine and login pages. His computer also began to take actions on his behalf that he was not agreeing to. The “bundleware” software that originally looked like innocent, helpful programs began to open up on his computer and fill his screen with pop-ups.

Luckily, the story has a positive ending, but it required some brutal tactics. Thank goodness that Joe literally only had bought the computer several hours ago and had yet to store any important data on it. He followed the steps below to combat the computer virus. 

1. Joe shut off Internet access to his computer.

Joe severed all wireless and wired Internet connections to his computer. At that point, the antivirus alerts stopped. The malware hackers needed Internet access to access Joe’s computer, so cutting off Internet access cut off the hackers’ communication channel.

2. Joe assessed if any important damage had occurred, and if any data or software programs were salvageable.

Luckily, no important data resided on the computer and Joe had not entered any login information into a browser. However, because the malware kept reinstalling itself, there was no manual way to remove the virus and maintain the integrity of his computer.

3. Joe reset his computer to the original factory settings.

This is the step that eliminated the virus, but did so at the cost of any important data on the computer. The reset took several hours, but it wiped out any extraneous programs that appeared on the computer other than the original factory installed programs.

4. Joe discovered one computer virus remnant lingering in the default Internet browser and reset the browser to its default settings.

When Joe opened up the default Internet browser, he was stunned to see a remnant of the virus lingering after even a factory reset. The browser’s home page was set to a malicious search engine page that sort of looks like Google but is clearly not Google. He restored the browser to its default settings.

5. He ran a spyware scanner to scan for any viruses still left.

A scan of Joe’s computer detected nothing. At that point, Joe was able to use his computer normally although he obviously kept an eye out for unusually slow performance, strange popups, and any interruptions or odd computer behavior when doing online banking or payments.

We’re sharing this case study to warn you that it isn’t just the non-tech savvy people who get viruses by accident. With Joe, all it took was some haste and distractions, and he went down a dark path that led to vicious malware voluntarily installed on his computer. To head off any disruptions related to events like this, we recommend that you: 

  • Back up your data, both onsite and offsite.
  • Train employees about phishing and malicious links, emails, and attachments.
  • Build strong network security.
  • Use enterprise antivirus software with IT professionals managing it.
  • Encrypt your data.

Accidents happen, so you want to make sure you’re covered in even the worst computer virus situation. That way, you mitigate the risk of losing data, losing money, and losing time spent recovering from the virus.

To talk more about antivirus protection, please contact us.

Thursday, January 15, 2015
Brian Ocfemia, Technical Account Manager

While Windows XP market share has fallen to about 18%, that still means a lot of computers are using this outdated operating system. Microsoft stopped supporting Windows XP on April 8, 2014, which means that any computers using it have not received any security patches or updates from Microsoft. Like a decaying building not kept up anymore, it becomes more and more dangerous to “live” in the condemned, abandoned house of Windows XP.

We’ve written before about some of the immediate malware and security risks that immediately started to happen once Microsoft cut off support. Because we still see many computers using Windows XP, we wanted to review some new risks along with some earlier warnings that grow more urgent with each passing day.

1. Security problems are so significant that vendors are starting to refuse service for machines using Windows XP.

We recently saw an email from one of our client’s software vendors in which the vendor stated that any computers with Windows XP would be blocked from accessing that vendor’s servers. In other words, the security risks of Windows XP have become so significant that vendors may soon not even want to deal with a potentially contaminated computer. In our example, the email was spurred by a new security vulnerability that the vendor had to protect itself against. While the vendor could ensure that its own equipment and any modern client equipment and software were protected, the vendor could not ensure that Windows XP computers were protected.

2. These kinds of security problems will only get worse.

Based on past experience, we feel that this vendor warning is only the tip of the iceberg. Again, consider the house example. When a house is abandoned and no one keeps it up, will it become a better place to live over time? Or a worse place to live? The longer Windows XP exists, the more it is vulnerable to greater and greater hacking attempts, security vulnerabilities, and cyber liability. Eventually, these massive security problems will place your organization at such high risk that you could be legally at fault for negligence if something bad happens.

3. The newest versions of Microsoft Office won’t work with WIndows XP.

One of the most commonly used productivity software packages, Microsoft Office, simply won’t work with Windows XP in its newest versions. With so many organizations now using software like Microsoft Office in the cloud, that means more organizations are using the newest versions. If you’re working with employees or outside vendors who use Microsoft Office 2013 and you literally cannot open the files, you’re unnecessarily slowing your productivity to a crawl. And like the earlier security problems, this compatibility problem will only get worse over time.

4. Windows XP limits your organization from using modern software.

Because Windows XP was created in 2001, that means it’s 13 years behind modern software. So many improvements came along in Windows Vista, 7, and 8 that were added to keep up with the rapid pace of information technology. When your organization needs new software for accounting, project management, agenda and meeting management, document management, or other important business functions, you’re restricted from many choices because of Windows XP. It’s like wanting to make major improvements to a house that doesn’t have indoor plumbing or three-pronged electrical outlets.

5. Windows XP cripples your IT staff or vendor from managing your network.

Modern operating systems improved the way that IT professionals can manage and oversee your network. That includes things like managing security patches, user permissions, and remote help. The city of Detroit is struggling with this exact issue, and even with a new CIO the city’s IT environment is considered “dysfunctional” with so many computers on Windows XP. If your IT staff or vendor is prevented from properly administering your IT network, that puts you at risk and make IT’s job ridiculously hard with no guarantee of successful service.


Sometimes, we make recommendations—even strong recommendations—about certain technologies. But this post is more than a recommendation. Quite simply, if you choose to not replace your Windows XP machines, you are placing your organization at great risk. Plus, in order to benefit from the many low-cost, high-impact software and IT services that continually improve all the time, you need to modernize your IT environment. Newer operating systems will be a breath of fresh air to your employees, your organization’s productivity, and your IT staff or vendor management.

To talk about these concerns in more detail, please contact us.

Thursday, January 08, 2015
Nathan Eisner, COO

As organizations continue to shift their hardware, software, and data storage into the cloud, there are just as many organizations still clinging to more traditional technology setups with onsite servers, software installation, and long-term licenses. Despite significant technology advances, it’s easy to grow accustomed to traditional yet outdated ways of handling your most important business applications. Or perhaps you understand that data backup and storage is effective in the cloud, but you’re not convinced about something like accounting software.

In our experience, we see a wide range of common applications that benefit from the cloud’s low cost and high reliability, security, and ease of management. Here are five business applications that we find particularly suited to the cloud, and why. 

1. Data backup, disaster recovery, and data storage.

While you still might want to have some onsite data storage capabilities for quick data recovery, we recommend that you store the majority of your data offsite in the cloud. Cloud data centers offer low-cost storage while also providing you high security, encryption, and fast recovery. Unlike traditional models where it might take a data center up to 48 hours to send you a fully loaded server containing your data, you can often instantaneously access your data after a disaster as long as you have an Internet connection. Plus, your data is automatically and continuously backed up over the Internet, so you don’t need to have your staff creating manual backups.

2. Business productivity software.

In the past, business productivity software was incredibly expensive. For example, the Microsoft Office suite of products (including everything from Microsoft Word to Microsoft Outlook) required an onsite server (or servers) and a set amount of expensive software licenses. You were locked into agreements for a set number of licenses that often lasted years. Now, services like Microsoft Office work similarly to subscription models over the Internet. Your staff pays a low monthly fee to “subscribe” to the latest versions of Microsoft Office. You benefit from no hardware maintenance and only paying for the exact amount of users you have at any given time. Plus, you don’t have to worry about updating your software—that all happens automatically over the Internet.

3. Document management.

Not only does the cloud provide more security for documents but it also offers permission-based, authorized access to documents by employees anytime / anywhere. Because people often work now from a variety of locations (office, home, coffee shops, airports) and through a variety of devices (desktops, laptops, tablets, smartphones), it helps to have your organization’s documents stored, centralized, and accessible in one place. Traditional setups such as onsite servers lead to access problems and headaches maintaining the equipment and managing storage space. Plus, cities can more easily apply record retention schedules to keep their document archives up-to-date through the cloud.

4. Accounting and financial software.

Moving your accounting and financial software to the cloud provides many of the same benefits as stated above: it lowers your costs, eliminates hardware, provides employees anytime / anywhere access, and secures your financial data more effectively. We often see organizations with traditional accounting software struggle with keeping data updated, upgrading the software, and giving people (especially third parties) access. With cloud accounting software, the right people have authorized access and you can limit access as needed. People can access the system from anywhere, and your data is more likely to stay up-to-date in real time. The accounting data is also likely to be backed up more rigorously and routinely by a cloud vendor.

5. Project management software.

Again, you’ll lower costs and maintenance headaches by going to the cloud for project management. But project management software especially works well in the cloud. Think about it. A project often involves a variety of employees in the office, employees offsite, vendors, and other third party contacts. They all need to coordinate with each other and produce results. With more and more people working remotely today, traditional onsite project management software becomes more of a bottleneck with each passing year. If someone cannot access the software without coming into the office, it creates lags in the status of projects and interferes with real-time collaboration. By using one of many great cloud project management software solutions, multiple people can access the software from anywhere, you can set clear permissions for users, and centralize all communication and deliverables concerning a project.


Of course, there are plenty more business applications that work well in the cloud, but these are some of the most common that work best for most organizations. The common themes are that you’ll reduce your overall costs, eliminate on premise hardware that’s expensive to maintain, only pay for the exact number of users using the software, and provide anytime / anywhere access that remains secure and permission-based. With so many benefits, you’ve got nothing to lose and everything to gain by making the switch.

To talk about cloud software benefits in more detail, please contact us.

Thursday, December 18, 2014
Alicia Klemola, Account Manager

Sometimes, you’ve got a special project in mind that requires a significant investment in technology. You might need specialized hardware, software, a mobile app, or other form of technical project expertise. In the past, you may have given the specialized technology vendor a lot of freedom and just assumed they were taking good care of the project. After all, they’re the expert. You’re not. Right?

Actually, there is a lot you can do to mitigate risk that happens when technology vendors are given free reign over a project: going over budget, not meeting deadlines, watching scope creep bloat the project, and ending up with a solution that doesn’t meet your needs.

The way to avoid those risks? It’s all about smart vendor management, and this post provides some tips on how you and your trusted IT staff or vendor can help ensure that using a specialized technology vendor doesn’t break your budget or introduce excessive risk into your organization. 

1. Establish clear expectations and accountability through requirements.

Draft a set of requirements that specifically outlines what the vendor is providing you. What do you expect as a final product? How long will it take? Who will do what? Often, when a project begins it’s hard to figure out what the vendor is actually doing and who your point of contact is on the project. Without clear requirements, you will lack a roadmap, set of expectations, and clear roles for all people involved.

2. Set realistic timelines.

If you bully a vendor enough, they sometimes overpromise a tight deadline just to get the business. Then, they push back your unrealistic timelines once you start paying them, knowing they’re in too deep for you to pull the plug. Work with an experienced project manager, preferably as part of your IT staff or a vendor, who can plan appropriately based on any requirements. An experienced IT project manager can help you figure out if a timeline is realistic based on a variety of factors such as dependencies related to your business or organization that the specialized vendor would not know about.

3. Ensure that people with the right skills are assigned to your project.

It’s not uncommon for vendors to use experienced salespeople to sell you on a product or solution. Then, once they’ve sold you, the vendor assigns junior level and other inexperienced engineers and managers to work on your project. Experienced IT staff or a vendor can help you identify what skill sets are needed for a project, such as having senior engineers closely oversee or even do some of the critical work. It’s a red flag if the vendor is unable to provide critical skilled talent on an important project.

4. Have IT professionals manage the day-to-day details of the specialized vendor.

We are passionate about the concept of vendor management. While organizations can set or oversee some of the high level business requirements, it helps when your IT staff or vendor can oversee the technical work of specialized vendors. For example, when a software vendor needs to integrate its software with your organization’s existing systems or databases, having an independent IT professional stay in communication with the vendor and ensure that technical tasks are followed correctly is essential in reducing errors and delays.

5. Collaborate with the specialized vendor as much as possible.

When it makes sense, collaborate with the specialized vendor instead of just having only their people handle all of the work. When your team is integrated into the vendor’s work, there is more of a chance to understand and oversee what the specialized vendor is doing. Ideally, a non-technical business decision maker and an IT representative from your staff or a vendor will take part in a project. Build in roles and responsibilities into your requirements to ensure that key stakeholders from your organization have a clear involvement in the project.


A hands-off approach to vendor management puts you at risk even if it’s something as simple as buying a computer or router. Why risk even more with complex specialized technology projects? When these five tips are followed, we see that specialized technology vendors do a much more thorough, responsible job at staying in communication with you and following a rigorous project schedule. Plus, you make sure that your staff stays informed and educated about the project, transferring important knowledge into your organization. Remember that vendors often leave after a project, so it’s important to keep as much knowledge of the project in-house as possible.

To talk about vendor management for specialized technology projects in more detail, please contact us.

Thursday, December 11, 2014
John Miller, Senior Consultant

You may often hear the phrase “business driver” when some consultants refer to information technology. It’s an overused phrase and often gets thrown around without meaning a great deal. In the meantime, it’s much easier to think of information technology as extremely tactical, purchased out of bare bones necessity to accomplish basic things like run software, provide employees with computers, and share electronic data. Beyond that, information technology as a “business driver” might sound like inflated rhetoric.

However, there are some important insights for organizations once they unpack the term “business driver” and apply it to information technology. In our work with organizations, we try to bridge the gap between business and technology for non-technical people by showing that many technology decisions should be spearheaded by non-technical decision makers. Of course, it helps to have experienced IT staff or a vendor to suggest what’s possible and how to get it done, but there are many ways that non-technical decision makers can use technology to drive the business. 

1. Save time, money, and resources.

The most common reason that many technology solutions exist is to trim operational costs. By nature, most information technology solutions were designed to create a more efficient way of doing things—from backing up data to sharing meeting notes. Look for areas of your organization where you feel excessive time, money, or other resources are draining your budget. Then explore if technology solutions exist to automate a manual process or reduce hardware that you have to maintain.

2. Mitigate risk.

Through federal and state law, information technology becomes more essential as a way to enhance legally mandated levels of cybersecurity. That includes data backup (both onsite and offsite), encryption, antivirus, firewalls, and any other information technology that helps secure and protect data. Too many data breaches and stolen electronic information along with significant advances in cybersecurity means that your organization needs a certain standard of information technology to mitigate the risk of lawsuits, fines, public anger, and lost business.

3. Enhance employee productivity, mobility, and morale.

Information technology helps your employees work happier and more efficiently. If you can use information technology to free up time such as automating a manual process, then your employees can direct their energies toward more productive tasks. The cloud can help employees access data and information remotely, allowing them the flexibility of working from home or while traveling. And when it’s difficult to compete for talented employees, good technology that enables them to work productively and flexibly means less chance of turnover and losing good workers.

4. Connect separated departments and groups.

It’s not uncommon in some organizations for one department to use their own software or set of servers and another department to use completely separate software and servers. When these groups are supposed to work together and share information, the results of such separation can be disastrous and wasteful. In today’s business and government organizations, cooperation and interdisciplinary projects become more and more frequent in order to accomplish major business goals. Consider centralized email, document management, software, and servers to manage resources from one place, provide a common experience for everyone in the organization, and make sharing information much easier.

5. Accelerate business goals and objectives.

Many business goals and objectives are often set without an organization knowing fully if technology can help or hinder those goals and objectives. Your organization might want to offer a way for people to pay for products and services online. Cities might want a mobile app that allows citizens to report problems and issues such as potholes. Even a website redesign involves a lot of parts and pieces that may lead to disaster or excessive cost if done poorly. An information technology consultant can help you discuss feasibility, cost, and options that include possibilities you may not have known were possible—but you need to be the one who throws out possibilities and see if they can work.


Obviously, you’re not expected to understand technology in technical detail in order to make decisions about it. At the same time, it helps to surround yourself with experienced IT professionals who understand both business drivers and the technology that best helps accomplish specific business goals and objectives. From operational cost savings to empowering your biggest business decisions, using technology can help or hinder your organization depending on how well you integrate it into everything you do.

To talk about the business impact of information technology, please contact us.

Friday, December 05, 2014
Dave Mims, CEO

It’s always great when we help cities save money. A little publicity doesn’t hurt either! The Polk Fish Wrap recently reported that we saved the city of Rockmart, Georgia $36,000 a year in IT costs as they transitioned to us when their full-time IT manager left for another position elsewhere. Many cities are starting to realize that our IT in a Box offering has the capacity and scale to do more for less.

That’s why the article says, “The decision was made to outsource the work after research was completed and the Georgia Municipal Association (GMA) recommended the firm.” That research included looking into not only our low costs but also our capacity to handle the city’s website, data backup, document management, email, and server, desktop, and mobile device management. In addition, the city benefits from our helpdesk available 7 days a week and the management of all the city’s communications with technical vendors so that city staff doesn’t have to worry about it.

We look forward to serving Rockmart, Georgia and continuing to help cities in Georgia—and around the country—save money on IT costs while also modernizing their technology.

Thursday, December 04, 2014
Brian Ocfemia, Technical Account Manager

When organizations think cybersecurity, they often think about it from an IT tactical perspective. That’s important. A few weeks ago, we published a post about taking a serious look at passwords, virus attacks, data backup, security updates, physical security, and websites to help strengthen cybersecurity. But these efforts often do little good if higher level questions aren’t answered and taken into account.

Even the word “cybersecurity” sounds like it’s only in the realm of technology, and it’s easy to blame information technology staff or vendors for every cybersecurity problem. But there are important policy decisions that you need to make to supplement the work done by IT.

Ask yourself these non-technical cybersecurity questions to see if there are higher level actions you need to take to protect your organization. 

1. Assume the worst. Someone gets hold of your data. What happens?

Start with the worst case scenario. Look at all of your data and talk about the consequences of a hacker or thief accessing certain information. This kind of discussion will help you prioritize and focus on protecting more important data. Obvious critical data includes personal, financial, and confidential data. If that data gets stolen, it may lead to lawsuits, fines, and loss of business. Businesses may worry about loss of intellectual property or customer data. You’ll also better understand what data would not have much impact if it got stolen.

2. Are you including organizational leaders, information technology staff and vendors, and employees in any security conversation?

Leaders need to set priorities, create policy, and make business decisions about cybersecurity. Information technology staff or vendors help consult and recommend best practices to meet an organization’s specific cybersecurity needs. Employees need training in basic cybersecurity such as spotting red flags they encounter on the web or email. Too many organizations think they’re solving their cybersecurity problems by installing some antivirus software. But if employees don’t know about suspicious email attachments or executive leadership doesn’t budget enough to properly protect financial information, then antivirus – and IT – won’t do much good on its own.

3. Are you accounting for the security of personal mobile devices?

IT can lock down organizational assets like servers, workstations, and business-issued mobile devices. But what about employees who bring their own devices and use them for work? IT can help with recommending that those employees use strong passwords, encrypt their phone data, or install security apps that provide extra protection. But those devices can still get stolen, and then thieves have access to your data. Leaders at your organization need to address deeper questions about how information is stored and how people access that information on their mobile devices.

4. How are people authorized to access information at your organization?

It still surprises us that despite how fancy the technology at a given organization, authorization to access information is often loose and dangerously informal. People may share passwords with each other, passwords may be extremely weak (e.g. “admin” or “123456”), or too many people have access to sensitive information due to a lazy server configuration or document management system where any and all files are dumped without any thought. We recommend that leadership helps decide who can access what information. Then, IT should use a system (such as the cloud) with centralized management to set user permissions. For extra security, you may require 2- or 3-factor authentication such as captchas, a mobile confirmation code, or a passkey to have people access extremely sensitive information.

5. How is your information centralized and managed?

Is it harder to secure one big house or 10 small houses scattered in different locations? Data works the same way. Too many organizations store sensitive information in a variety of locations on a variety of servers through a variety of vendors - leading to a variety of cybersecurity problems! A related problem is when organizations take shortcuts by using a free personal email provider for work (such as yahoo.com addresses), which scatters email across too many locations. By centralizing your information and managing it through a public or private cloud platform, you decrease your number of security vulnerability points and allow your IT staff or vendor to more easily track and lock down information.


Many cybersecurity decisions actually rest upon non-technical organization leaders, and employees need to follow certain policies and be restricted from access to important information. Your IT staff or vendor also needs to understand that cybersecurity goes far beyond antivirus and firewalls. If they aren’t talking with your leadership or recommending best practices for your employees to follow, then they aren’t thinking strategically. Cybersecurity is no laughing matter, and the penalties - both tangible and intangible - are severe. By addressing the highest level questions, the details soon follow and your IT provider can execute a much more effective cybersecurity plan.

To talk more about cybersecurity, please contact us.

Thursday, November 20, 2014
Clint Nelms, COO

While open records and Freedom of Information Acts (FOIA) vary from state to state, they generally share a common theme: Government records are open to the public unless exempted by law. That means cities need to always prepare to respond to open records requests or Freedom of Information Act requests. They can be politically messy but, more importantly, quite expensive.

That’s why it’s good to have processes and technology to handle these kinds of requests as quickly and inexpensively as possible. How expensively can a technology-equipped city handle a request versus a city without the proper technology? Let’s look at some examples.

We’ll keep the cities anonymous, but we’ll analyze four records requests. For each request, we show how many hours it took us to complete an open records or FOIA request with a city optimized to handle the process. We also provide an estimate based on our municipal experience of how long it takes without the technology.

City Request

Sophicity Time

Normal Projected Time

City 1

14

42

City 2 - Request 1

10.5

31.5

City 2 - Request 2

11.75

35.25

City 2 - Request 3

10.25

30.75

Average

11.625

34.875

For non-contracted IT services, we can average the cost of handling an open records or FOIA request at $150/hour. In some areas of the country, a company or person may charge less, but it usually balances out because less experienced (cheaper) staff or vendors will take significantly longer to complete the same task.

That means the normal projected cost for an open records or FOIA request at 34.875 hours per request is $5,231.25.

However, when your city becomes “optimized” to handle open records or FOIA requests through the right processes and technology, the cost goes down significantly. How do we drive this cost down?

Typically, cities without process and technology optimization:

  • Have email hosted by different email providers and located in different places.
  • Have email located on employee workstations or servers scattered across a city’s office, network, or at people’s homes.

Because email that is relevant to the open records or FOIA request is not centralized, it will have to be located (in a time consuming fashion), reviewed (in a time consuming fashion), and then extracted for the legal team to review. All of this activity is handled by the city’s IT team or the hourly support vendor, which is costly.

We keep costs down by using a cloud email solution that centralizes city email services and makes it easy for us to run any required searches. When email is centralized and accessible in one place, it’s much easier to run searches without having to dig and investigate across many decentralized locations. Plus, modern cloud email software is built in with search-friendly tools that make searching much easier and quicker.

It also helps that our staff has extensive experience with handling these requests for municipalities. That allows us to handle these kinds of requests more efficiently than an IT resource who has never processed one before. Even at $150/hour, an optimized environment cuts each open records or FOIA request cost by a third. Even better, under a service such as Sophicity’s IT in a Box, any labor for a record request is included. That means no additional fees and no extra invoices.

To optimize your ability to handle open records or FOIA requests and cut your costs:

  • Switch to a cloud email solution that centralizes your email in one place. Cloud email also helps you avoid mixing up personal and professional email.
  • Establish an email archiving policy that follows the law and helps your employees quickly find information.

To talk more about the cost of your email open records or FOIA request, please contact us.

Thursday, November 13, 2014
Nathan Eisner, CMO

The “cloud” has become part of mainstream technology terminology, but it’s still a word that confuses a lot of people. Partly, that’s because the word is vague and also because it’s not really a new technology—just a powerful augmentation of existing technologies like servers and data centers.

First, the “cloud” means that your data and applications are stored and run on the internet as opposed to your local computer or network. In the past, you would typically access your data and applications from an onsite computer or server. For large amounts of data or powerful applications, you might traditionally also have used a data center. Many organizations like to use data centers to store data and run applications because these facilities are designed to prevent physical intrusion to your servers and they rarely lose power or Internet connectivity.

Cloud service providers are actually massive data centers that remove the need for you to own or lease servers at a typical data center. Instead, advanced cloud technology allows you to essentially “subscribe” to an application or service over the Internet like turning on a utility without even bothering to own or lease any machines. In your mind, the machines might as well just “go away.”

There are two types of clouds that you can use. 

  • Public clouds. More commonly used, especially by cities, public clouds offer a way for multiple organizations to store their data and applications in the same place—securely.
  • Private clouds. Less commonly used, private clouds are instances in which a single or small number of organizations store their data and applications in a data center and access their applications and/or data from outside locations. Whether you own or lease the equipment, you know that the machines being used are only used for you or a small number of organizations.

Whether it’s a public or private cloud, your data and applications are accessed over the internet. But why go with the cloud?

Public clouds are a great solution for cities because the cloud providers have implemented redundancy (e.g. power, Internet connections, etc.) and security measures that a city simply cannot afford. This means better maximum uptime and a lower risk of a security breach. It also means a much lower cost than running your servers in-house. When cloud providers like Amazon, Google, and Microsoft are running cloud infrastructure, believe us when we say nobody has more resources to invest in redundancy and security than these companies!

The cloud also makes it easier for you to access your data and applications from anywhere on any device. It removes your dependence on hard-to-use VPN connections and other remote access technology that’s becoming more and more obsolete every day.

While it seems like the cloud moves your data farther and farther away from you, the public cloud has really existed since the beginning of the Internet when people started using email. When you think about it, any kind of web based email is actually a cloud application because you access the service over the Internet without needing to maintain your own servers.

An increasing percentage of technology that we use every day is moving to the cloud. And this is a good thing because of its increased reliability and security. Don’t be afraid of the cloud. Despite bad press when there is a rare incident with a cloud provider, the reputable public cloud providers have an outstanding security record (as seen by many government organizations using them). If you follow some basic rules for security (such as having good passwords), your chances of having your data compromised through the cloud are very low.

To learn more about the cloud, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom