In recent posts, we’ve talked about disasters at cities that
result in permanent data loss, incredible damage to city operations, and city
department heads wondering if their job is now at risk—all sadly because of preventable
risk. The stories we use to illustrate these disasters—and the lessons learned—are
based on a combination of many, many scenarios we’ve witnessed at cities
throughout the years.
recently saw a story that’s quite specific to one city and a very public, front
page news illustration of some important IT-related lessons. Let’s look at what
happened to the City of Miami Beach, Florida in December 2016.
nutshell, unknown third parties stole the account and routing numbers from the
city’s banking account. According to the Miami Herald, the criminals “[rerouted] automatic
payments intended to pay vendors and other government bills.” The criminals did
it for six months and stole $3.6 million before staff in the finance department
reviewed the Miami Herald article and
the city manager’s report. While this crime is a form of
cybersecurity, the situation also includes lessons about IT-related processes
and controls that are incredibly important to cities. A few bad practices stick
out from our analysis of the report that cities need to avoid.
The city of
Miami Beach was offered free fraud control tools when they set up the account
in 2012—the same kind of fraud control tools that many individual banking
customers enjoy. Did the city take advantage of these tools? No. Maybe they had
a reason at the time such as wanting to implement their own fraud controls. If
so, that never happened.
to stay aware of and implement important best practices that help mitigate information
security risks. In this case, both finance and IT staff needed to say “yes” to
such an obvious best practice back in 2012.
how many people in a city can take a quick peek at a check. If third parties could
steal city money through only this information, then the city had a security
vulnerability that was wide open for people to exploit.
We find that
cities also have similar weaknesses in areas such as passwords, unencrypted
wireless devices, and website hosting that makes it easy for hackers to exploit
In a recent post about data processing, we said, “Experienced IT
professionals should monitor everything related to your data processing such as
transactions and processing, errors and incorrect information, overrides,
unauthorized use of the application (especially when it appears that someone is
altering data or ignoring/tampering with processes), reconciliations, and
application performance (such as after a power outage or server failure).”
finance department staff have an even more important role in monitoring this
information too. While online banking is great, it’s unwise for even an
individual consumer to not regularly review banking transactions. Great risk
was introduced by not reviewing for six months and hoping that everything was
okay. Cities need to become more proactive at monitoring and reviewing important
aspects of their operations where data changes constantly—from accounts payable
to information technology.
often hear the word “modernize” and think of it as “unnecessarily wasting money
or time on something new and fancy that we don’t need.” Sure, some solutions
might fit that definition. But technology modernization is important especially
when your old technologies and processes lead to security vulnerabilities,
inefficient operations, and significant liability.
In the case
of Miami Beach, the city manager’s report includes many “sudden” modernizations
in one fell swoop such as ACH fraud controls and using UPIC (Universal
Promotional Identification Code) to avoid sharing confidential banking
information. The city manager even notes in the report that “the ACH Fraud
Control program already prevented an unauthorized ACH transfer.”
I know we
beat this drum a lot. But why do cities wait? Why do cities put off modernizing
their technology and processes until a massive crisis hits? We see this
“putting off” logic holds true at many cities for data backup, disaster
recovery, website hosting, records and document management, email, and aging
hardware. In all of these cases, lack of modernization increases the risk of a
significant city incident or disaster.
cities like Miami Beach. Are you sure that fraudsters aren’t currently stealing
money from you? Is your technology modernized in such a way that you aren’t
headed for a major disaster like permanent data loss?
If you are
worried about addressing critical technology aspects of your city before a
disaster happens, reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.