likely have city employees who work at departmental sites that are separate
from your office building. At the very least, they check emails on their
smartphones. Are you finding it difficult to support employees who work across
separate sites? Could it be that your IT staff or vendor hasn’t kept up with
the pace of technology?
heads and staff at these remote sites grow frustrated because their technology
is essentially broken—and responses to technical issues are very slow. A modernized
helpdesk remains inexpensive and yet accommodates the needs of a remote site workforce.
If you’re evaluating whether or not your helpdesk meets these needs, then
consider the following areas where they must succeed.
time comes into play when supporting city workers. It’s not uncommon that staff
need help with their laptops, smartphones, and tablets before and after normal
workday hours. Also, servers may fail at two in the morning or a night shift
officer may need support when encountering an IT issue. An IT helpdesk can’t go
home at the end of a workday and return the next morning. They must remain
available to handle IT problems 24/7/365.
will need help with laptops, smartphones, tablets, printers, and other machines
spanning many devices and operating systems. An IT helpdesk cannot limit itself
to only a select few devices such as workstations in the office. A wide breadth
of knowledge and experience with both old and new devices, operating systems,
and applications is critical in supporting the needs of cities as technology
continues to rapidly change.
IT helpdesk helping remote employees must have security down to a science.
While serving remote sites, your helpdesk can help with making sure:
element of remote help is the use of remote helpdesk sessions. That’s when an
IT engineer will temporarily request access to your computer so that they can
help resolve a specific issue as if they were physically present. Whatever
software your helpdesk chooses with which to conduct remote helpdesk sessions
needs to be secure and non-intrusive so the user remains aware when support is
engaged. Remote sessions can even take place with smartphones and tablets.
taking a look through these four areas you realize that you’ve got some holes
in your IT helpdesk, then work with your IT staff or vendor to address these
gaps. Some of these elements may seem out of your reach or like overkill (such
as a 24/7/365 helpdesk), but they’re really not. IT helpdesks have evolved as
quickly as the technology you now hold in your hands. If you want to better
serve or enable your employees, then a modern IT helpdesk is a must.
Evaluating IT helpdesk options for your city? Reach out to us with any questions.
Many cities post minutes to their
websites. However, questions remain about how to best do it. Currently, there
are no specific laws that require cities to provide minutes on their website
(because all cities do not have websites). As a result, cities may not post minutes
to their website at all, they may post them irregularly, or they may post them
in ways that make it hard for citizens to find.
While not a legal requirement,
posting minutes to your city’s website is a helpful service to provide your
citizens. This activity hits upon many things that are important to cities and
citizens—government transparency, information sharing, and civic participation.
Plus, sharing minutes on your website gets your information out to the most
people in the quickest, most convenient fashion.
Use this checklist to see if
you’re posting your minutes properly and making them easy for citizens to find.
If you have a website, at least post
your approved minutes when they are ready. However, you also have the option to
post draft minutes before they are approved if you’d like to quickly share
information with citizens. Make sure you clearly indicate if you are posting
draft minutes versus approved minutes.
Similar to how you normally
distribute minutes, you can follow a similar process for your website. Either
post the draft minutes to your website (such as within two business days of the
meeting) or wait to post the approved minutes. Once posted, keep the minutes on
your website indefinitely—similar to how you keep them indefinitely in your
Unfortunately, it’s not uncommon
for a city to fail to keep minutes updated on their website. That can be
frustrating for citizens. Make the task of posting minutes to your website as
routine as your normal drafting and approving of your minutes as dictated by
law and ordinance.
To keep your minutes webpage
uncluttered and easy to use, consider at least showing links to:
By highlighting the current and
previous year on your minutes webpage, you make it easier for people to find
these most commonly searched for minutes. It is less likely that people will
search for old minutes, so you can create a link to an archived minutes page for
that purpose. Many cities also just put up links on their minutes webpage for each
year, which is also fine—as long as the current and previous year’s minutes are
prominent and easy to find.
Your city website likely has
navigation links at the top of each page that never change—such as Home, Government,
Departments, Business, Community. etc. Make sure that people can easily find minutes
through these links. For example, there may be a link right on the Home page
for Agendas and Minutes. Or, there may possibly be a link under Government to the
City Council page where the Agendas and Minutes link could be found. Either would
be easy to find.
On the other hand, if a person
can’t find an easy path to your minutes then you are making them hard to locate.
Grab three or four people who don’t know your website well and ask them to try
finding your minutes. If they’re all having trouble, then consider rearranging
how you get people to this information on your website.
When people look for specific
minutes, they will look for the year, month, and day. Label files with that
information so that filenames communicate what the document actually contains.
Also, minutes need to be presented in an unaltered, official, and final form. A
PDF is usually the best publishing format for this requirement. Publishing a
PDF is the best way to ensure that you are offering the official, final
version and it's also the most convenient type of file for people to download and print. A
PDF is a universal file format that works on any computer and it's usually preferred
by city clerks.
Overall, publishing minutes to
your website is one of the services you can provide your citizens who primarily
access information through the internet. When doing so, it’s best to follow
your current laws and ordinances, make it easy for people to find minutes, and
provide the files in the most convenient format. If you follow the tips above,
then you’re scoring some major service and transparency points with your
Questions about posting minutes to your website? Reach out to us today.
As we talk to cities at various
events and conferences, we sometimes hear that they don’t have a centralized
place to access shared files—such as a server or a location in the cloud. That
means cities may still store important files on individual desktop computers. Let’s take a step back and look at
three major risks in such a situation.
Storing important files on a
single computer means that if something happens to that computer then you will
lose all of your files. You may occasionally back up files on an external hard
drive or flash drive, but relying on a manual process that can be skipped or
performed incorrectly is a risk—especially because you may not regularly test those backups.
Plus, you’re also relying on a single person’s computer—and that single person
may accidentally or purposely delete files without you ever knowing they’re
gone. No matter how much you trust that person, they may act as the sole owner
of those files—not your city.
A single computer isn’t
guaranteed to make sure your files are consistently secured against threats.
Employee error (such as clicking on a malicious website link or email
attachment) is one of the most common sources of viruses and malware which
opens your city up to hackers. With that kind of security hole, a hacker may
steal your information or prevent you from accessing your files. Weak or irregularly
updated antivirus and antimalware software on a single person’s desktop computer
just isn’t enough to adequately protect important city information. No matter
how well-intentioned, a single user presents too many security risks if files are
primarily stored on their personal desktop computer.
City employees shouldn’t have to
rely on one person to give them access to important city files. What if that
person is sick or on vacation? What if they get fired or leave their job? Any
user who has been granted authorized access to important files should be able
to access them in a centralized, neutral location. A single user also has the
potential to be arbitrary, whimsical, unavailable, or difficult about giving
access to important files—which can be a hindrance to productivity, operations,
or answering open records requests.
So, what should you do instead of
storing files on a personal desktop computer?
No matter how small your city,
you still need to create a place where electronic files are centrally
maintained and secured—and where users with authorized access can find these
files. Some options (depending on your budget and technology limitations)
If you still want to store files
on a computer, then a newer computer will generally offer a lot of room. But
that’s still not wise—no matter how much space that
computer offers. What’s more important is where the files are located,
protecting the files from data loss, and securing who has access to the files.
Limiting file access to a single person’s desktop computer is just way too
risky for a city.
file storage? Reach out to us today.
Many cities—especially smaller
cities—often ask us if they need to “go digital.” By that, they’re usually
asking if they should transition their information from paper to electronic,
start centrally storing and managing electronic information in the cloud, and modernize
their technology to help with accessing that information such as upgrading
their email system, document management system, or website.
These are good questions for
smaller cities. After all, they have minimal staff who are strapped for time
and working with limited budgets. If going digital is a convenience, then
smaller cities could probably push it off to the side.
However, it’s clear that going
digital is a necessity. And not going digital leads to a variety of critical
problems. Think of it like carrying insurance. You don’t think about your
insurance a lot during your day-to-day work, but it’s there when a disaster
hits. Let’s look at some critical areas where “going digital” is a necessity.
With paper, it’s very difficult to
assure yourself that your information will survive a fire, a flood, or a
tornado. We’ve even encountered situations where paper with valuable
information has aged so much that it starts to crumble or termites have gotten
at it. All it takes is one incident like a fire and your valuable city
information is destroyed.
By scanning your paper
information and turning it into electronic information, you are able to protect
it from disaster. With offsite data backup, you can store that information in a
data center far from your city and know that you will be able to access that
information even after the worst disaster.
simply, it’s easier to find electronic information. Once you are digital, you
can find important documents and information in seconds rather than spending
lots of time sifting through paper records. Modern document management systems
help you label and organize documents so that they are easy to find. Similar to
how you search for things on Google, you can search for documents and
information in the same way. This capability helps with compliance (see below)
and also makes your time-strapped staff much happier when they can find
portability, we mean the ability to share information with others. It’s fairly
standard today for many government entities and businesses to share and receive
digital information. In fact, you may even find that electronic sharing and
retrieval of information is required by some entities. Even if it’s not
required, it’s way more convenient to citizens, businesses, and government
entities to offer electronic information. Whether you post information directly
to your website, offer it on a PDF, or have it stored electronically at your
city in a document management system, you can easily send and share information
with authorized people when it’s in electronic form.
overlooked, going digital helps with security. Sure, with paper you can lock
rooms and prohibit physical access to file cabinets. But it’s not uncommon that
access to city assets can be easily—in fact, very easily—obtained on-site. When
your information is digital, your IT staff or vendor can make sure it’s only accessible
to authorized people.
Open records laws, regulations,
and policies evolve each year so that expectations related to information
access, retrieval, and security continue to grow. With paper, you risk slowly responding
to open records requests. You may also have the opposite problem of not purging
documents on a regular schedule. As a result, you might store decades-old
documents that you’re not legally required to keep.
Going digital better equips you to
respond to open records requests in a timely fashion, set up automated
processes that ensure you’re following record retention schedules, purge
documents that you legally no longer need, and back up data in case of
Going digital strikes at the
heart of many necessities around information today—security, compliance,
backup, and ease of access. So even if you’re a smaller city, you need to
consider digitizing any information you have that currently resides on paper
along with modernizing your technology enough to be able to easily access and
share that information.
Questions about going digital? Reach out to us with any questions.
You spoke. We listened. Over the past year, cities have told us that
their requirements for data backup and video archiving grow more and more
immense. For example, the requirement for many cities to capture, record, and
store body camera video has drastically increased the amount of storage space
they need. In fact, some cities (such as in Georgia after a new law passed in 2016) must store that information or face legal
penalties. Also, cities (such as those in Arkansas) are feeling more pressure
from state legislatures about strictly adhering to laws and best practices related
Overall, there’s just too much at risk today to neglect a city’s
electronic storage capabilities and underlying information security. Here are
some new features of IT in a Box that help address these concerns:
We already provide cities with onsite data backup storage for quick
data recovery and unlimited offsite data backup storage for disaster recovery.
That now includes storing and archiving all versions of your important files,
documents, and data. Archiving is the long-term storage and indefinite
retention of your backed up data. This archived information is always
accessible in case you need it (such as for an open records request).
Cities tell us that body camera and squad car video
storage costs are a big concern for them—and storage needs for video data will
only continue to grow at an increasingly rapid pace. IT in a Box saves cities
money with our unlimited offsite video storage and retention. That means:
To best protect against cyberattacks, our IT in a Box staff will help
you adopt policies and best practices to educate staff and make sure your
technology helps you comply with state law. In addition to staff training, we
shore up any security holes by securing, documenting, regularly testing, and
proactively managing all of your technology including:
For Arkansas specifically, we help cities become compliant with the
state’s Legislative Audit.
about these new services? Reach out to us with questions.
Learn more about IT in a Box.
gave a presentation at the 2016 Arkansas Municipal League Annual Convention
about cyberthreats. As part of a three-hour training session entitled “Working
in a Social World” that featured Arkansas cities (including Gravette,
Fayetteville, and Mayflower) sharing various social media successes, I ended the session with some
caution about cyberthreats. Cyberthreats threaten the technology that underpins
many of these social media successes—and my observations were tailored to
complement the overall discussion.
Overall, I addressed how to protect cities from cyberthreats. A
cyberattack does more than just shut down a city’s IT operations. Today, we see
incidents where hackers and some “hacktivists” hold a city’s information for
ransom. These attacks can be very dangerous to cities and need fending off.
Check out my entire presentation here. In it, you’ll read in more detail about:
Based on real cities, I provide examples that accurately represent what
we often see at cities. Cyberattacks are costly, destructive, and embarrassing
When you subscribe to IT in a Box:
Questions about your ability to fend off cyberthreats? Reach out to us today.
attempted a $90,000 transaction from my machine. What do I do?
sink in. As the finance officer, city clerk, treasurer, or city manager, how
would you feel? What would you do? How did it happen? Where would you look?
person, externally or even internally, attempts to steal money or data from a
city, investigators will start looking for information to help them find the
culprit. So, what information will lead them to finding the person who
committed the crime?
your city may not have the right policies in place to not only prevent
unauthorized access to information but also to track who accesses it, what’s
accessed, and when it’s accessed. That leaves your city with security holes
that open you up to hacking, theft, and even fraud.
What can you
do as a city to make sure only authorized users have access to sensitive
information? Look carefully at the following areas.
with making sure your systems and software allow you to set different levels of
permission for different users. For example, some users may not need access to
payroll information. Modern technology systems allow for granular user
permissions within servers, websites, and applications. If you don’t set these
permissions appropriately, you risk users looking at information that they
should not access—and they may possibly misuse, change, or delete that
information. Users should only be able to access information relevant to their
overlooked, it’s important for cities to physically secure important technology
like servers. An unauthorized person should not have physical access to your
servers or be able to walk into your server room as if it’s the breakroom. All
it takes is one disgruntled employee to steal information or damage your computer
equipment and hardware (which may lead to permanent data loss). Secure rooms
with servers so that only authorized employees can access them. Require use of
a key fob or similar security checkpoint.
to physical access, wireless access is another common security hole. Cities are
at risk when they leave wireless access open and unencrypted, or if they use
weak or well-known default administrative passwords for securing wireless
devices. Hackers can easily hop onto your network through these access points
and begin sniffing around your most sensitive information right from the parking
lot. You need to keep your wireless access password protected with a strong
password, encrypted, and limited to authorized users.
employees sometimes need access to a city application through a secure remote
connection to a server. But it needs to be logged and tracked. Too many cities
don’t track and monitor who logs on and when they log on. This creates security
problems. If you don’t know the identity of someone logging in, or even that
they’re logging in at all, then how do you know that it’s an authorized user?
By tracking remote access, you make sure that only authorized users are
accessing your servers and applications.
authorization vulnerabilities that cities face are not just addressed by technology.
They begin to get addressed by setting policy. Cities need to set the right
policies and work with their technology staff and vendors to implement
training, processes, and technology to meet these policies. If your current
technology systems cannot handle these demands, you may need to modernize your
technology in order to accommodate current security requirements and best
practices for government data.
Questions about how to begin addressing these gaps? Reach out to us to further discuss these areas.
you get in one morning to work and you’re checking your billing records in a
city database. You discover that three important billing records are missing.
Gone. No one is supposed to delete those records. You have a serious situation
on your hands. Was it an accident? A data breach? You need to figure that out.
So, what do
you do next?
One of your
next steps is for your IT staff or vendor to check the logs. What are the logs?
Let’s learn a bit of Logging 101 and then look at some critical problems a city
can have by neglecting proper logging practices.
a lot of the technical aspects of logging and just focus on the important
business aspects for your city. First, logging has two primary purposes.
staff and vendor depend heavily on logging for information to diagnose
technical issues. That’s why you might hear an IT engineer say, “Let me look at
the logs” when a problem is reported. Those logs often provide clues to the
root of a problem.
logging for most systems requires some technical background. The detail level
can vary. For example, some systems log a literal play-by-play of every little
thing that goes on. It can track that John Doe opened an application, entered
his password successfully, successfully launched the application, accessed a
specific module in the application, etc. Others provide more basic information
such as that John Doe opened the application, closed the application, etc.
look at two problems related to logging that may lead to critical security problems.
back to our example in the introduction. Let’s say you call in an IT vendor to
investigate and they report to you that there have actually been 42
unauthorized billing record deletions over the past six months.
you’ve got yourself a problem. The unauthorized deletions are a data breach—whether
or not it’s an internal employee making mistakes or an outside hacker doing it
on purpose. More importantly, it’s clear that your city hasn’t had someone
overseeing the logs. You’re capturing important security information but you’re
not reviewing it.
returning to our example in the introduction, let’s imagine you don’t have
logging enabled. That means you have little to no information about who may
have deleted those billing records—and when. It’s like having a bank without
security cameras or a court proceeding without recording or transcribing it. If
something goes wrong, you can’t go back and figure out what happened.
IT staff or vendor will need to use logging for technical diagnostics, they
should also reassure you that logging is enabled to:
you simply lack important information that helps you diagnose and get to the
bottom of data breaches and other security issues.
Questions about your logging and information security? Reach out to us.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2016 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.