When organizations think cybersecurity, they often think about it from an IT tactical perspective. That’s important. A few weeks ago, we published a post about taking a serious look at passwords, virus attacks, data backup, security updates, physical security, and websites to help strengthen cybersecurity. But these efforts often do little good if higher level questions aren’t answered and taken into account.
Even the word “cybersecurity” sounds like it’s only in the realm of technology, and it’s easy to blame information technology staff or vendors for every cybersecurity problem. But there are important policy decisions that you need to make to supplement the work done by IT.
Ask yourself these non-technical cybersecurity questions to see if there are higher level actions you need to take to protect your organization.
Is it harder to secure one big house or 10 small houses scattered in different locations? Data works the same way. Too many organizations store sensitive information in a variety of locations on a variety of servers through a variety of vendors - leading to a variety of cybersecurity problems! A related problem is when organizations take shortcuts by using a free personal email provider for work (such as yahoo.com addresses), which scatters email across too many locations. By centralizing your information and managing it through a public or private cloud platform, you decrease your number of security vulnerability points and allow your IT staff or vendor to more easily track and lock down information.
To talk more about cybersecurity, please contact us.
While open records
and Freedom of Information Acts (FOIA) vary from state to state, they generally
share a common theme: Government records are open to the public unless exempted
by law. That means cities need to always prepare to respond to open records
requests or Freedom of Information Act requests. They can be politically messy
but, more importantly, quite expensive.
That’s why it’s
good to have processes and technology to handle these kinds of requests as
quickly and inexpensively as possible. How expensively can a
technology-equipped city handle a request versus a city without the proper
technology? Let’s look at some examples.
We’ll keep the
cities anonymous, but we’ll analyze four records requests. For each request, we
show how many hours it took us to complete an open records or FOIA request with
a city optimized to handle the process. We also provide an estimate based on
our municipal experience of how long it takes without the technology.
City 2 - Request 1
City 2 - Request 2
City 2 - Request 3
IT services, we can average the cost of handling an open records or FOIA request
at $150/hour. In some areas of the country, a company or person may charge
less, but it usually balances out because less experienced (cheaper) staff or
vendors will take significantly longer to complete the same task.
That means the normal
projected cost for an open records or FOIA request at 34.875 hours per request
However, when your
city becomes “optimized” to handle open records or FOIA requests through the
right processes and technology, the cost goes down significantly. How do we
drive this cost down?
without process and technology optimization:
Because email that
is relevant to the open records or FOIA request is not centralized, it will
have to be located (in a time consuming fashion), reviewed (in a time consuming
fashion), and then extracted for the legal team to review. All of this activity
is handled by the city’s IT team or the hourly support vendor, which is costly.
We keep costs down
by using a cloud email solution that centralizes city email services and makes
it easy for us to run any required searches. When email is centralized and
accessible in one place, it’s much easier to run searches without having to dig
and investigate across many decentralized locations. Plus, modern cloud email
software is built in with search-friendly tools that make searching much easier
It also helps that our staff has extensive experience
with handling these requests for municipalities. That allows us to handle these
kinds of requests more efficiently than an IT resource who has never processed
one before. Even at $150/hour, an
optimized environment cuts each open records or FOIA request cost by a third.
Even better, under a service such as Sophicity’s IT in a Box, any labor for a
record request is included. That means no additional fees and no extra
To optimize your ability to handle open records or FOIA requests
and cut your costs:
To talk more about the cost of your email open records or FOIA request, please contact us.
The “cloud” has become part of mainstream technology terminology, but it’s still a word that confuses a lot of people. Partly, that’s because the word is vague and also because it’s not really a new technology—just a powerful augmentation of existing technologies like servers and data centers.
First, the “cloud” means that your data and applications are stored and run on the internet as opposed to your local computer or network. In the past, you would typically access your data and applications from an onsite computer or server. For large amounts of data or powerful applications, you might traditionally also have used a data center. Many organizations like to use data centers to store data and run applications because these facilities are designed to prevent physical intrusion to your servers and they rarely lose power or Internet connectivity.
Cloud service providers are actually massive data centers that remove the need for you to own or lease servers at a typical data center. Instead, advanced cloud technology allows you to essentially “subscribe” to an application or service over the Internet like turning on a utility without even bothering to own or lease any machines. In your mind, the machines might as well just “go away.”
There are two types of clouds that you can use.
Whether it’s a public or private cloud, your data and applications are accessed over the internet. But why go with the cloud?
Public clouds are a great solution for cities because the cloud providers have implemented redundancy (e.g. power, Internet connections, etc.) and security measures that a city simply cannot afford. This means better maximum uptime and a lower risk of a security breach. It also means a much lower cost than running your servers in-house. When cloud providers like Amazon, Google, and Microsoft are running cloud infrastructure, believe us when we say nobody has more resources to invest in redundancy and security than these companies!
The cloud also makes it easier for you to access your data and applications from anywhere on any device. It removes your dependence on hard-to-use VPN connections and other remote access technology that’s becoming more and more obsolete every day.
While it seems like the cloud moves your data farther and farther away from you, the public cloud has really existed since the beginning of the Internet when people started using email. When you think about it, any kind of web based email is actually a cloud application because you access the service over the Internet without needing to maintain your own servers.
An increasing percentage of technology that we use every day is moving to the cloud. And this is a good thing because of its increased reliability and security. Don’t be afraid of the cloud. Despite bad press when there is a rare incident with a cloud provider, the reputable public cloud providers have an outstanding security record (as seen by many government organizations using them). If you follow some basic rules for security (such as having good passwords), your chances of having your data compromised through the cloud are very low.
To learn more about the cloud, please contact us.
seem to be a wide disconnect between how you run your network infrastructure
and how you serve citizens. Servers are one thing, service is another. But they
are more tied together than you’d think at first glance. That’s because the
quality of your technology infrastructure affects:
We write quite a bit about our preference for cloud hosting as the preferred infrastructure when
possible, so we won’t reiterate those details. The slant of this post is to get
you thinking about the state of your technology now and how it might affect the
quality of your relationships with citizens.
some common technology problems we see at cities that end up negatively
impacting citizen relationships.
If any of
these points hit home, we recommend at least conducting an assessment to
identify areas of highest opportunity for improvement. You may have a limited
budget, but if service is crippled or you’re failing to collect revenue from
lack of insight, then you’re losing money anyway. Remember, it’s your highest
priority to serve citizens. They are your customers. No matter how great your
city staff treats citizens, if technology fails, then your city staff fails.
Great technology supports great service, and we hope you now better see the
connection between the “boring” back end technical side and the excitement of
successfully serving a citizen.
To talk more about assessing your technology, please contact us.
While there isn’t a debate anymore about the benefits of cloud hosting, governments and businesses still balk at moving into the cloud. A recent article from Marketplace highlights a few of those legitimate concerns from various government organizations that have made the shift along with various privacy experts sounding off.
Any remaining objections usually come down to two points:
From here, organizations usually talk themselves into the false sense of security that comes from sticking with their own onsite servers or those they own or lease at a data center. But cloud hosting can overcome these two objections. In fact, the Marketplace article even states that Australia, a country with some of the strictest privacy laws, has moved into the cloud. They wouldn’t do that if it wasn’t secure.
Let’s look at some of the key reasons why cloud hosting is worth considering, starting from the two objections and then expanding out into a few other points.
Think about it. No more onsite hardware to purchase or maintain. No more data center servers to buy or lease. So why does the cost of shifting to a cloud hosting provider drop so much? Think of cloud hosting like a utility. Is it more cost-effective to buy your own electricity generators, or to use the collective power of an energy company that provides you electricity for a low cost due to the scale of their operations. Cloud data centers work the same way. By storing data in cost-efficient ways at such large hosting centers, those hosting centers pass on the cost savings of scale to you because they are more efficient than any onsite servers or data centers you could use.
To talk more about cloud hosting, please contact us.
Seemingly every day, a news story breaks about yet
another security breach and more data stolen from an organization. We hear
about big organizations such as Kmart and government operations such as the Oregon Department of Employment, but we don’t often hear
about smaller organizations. Because hackers pick easy targets, smaller cities
are even more at risk than larger entities. And that’s a major driver behind Kentucky’s House Bill 5 that our CMO, Nathan Eisner, recently spoke about during a talk at the Kentucky League of Cities annual conference.
The language of House Bill 5 is quite clear and includes
the following provisions:
While specific to Kentucky, House Bill 5 is reflective of similar legislation and expected best practices around the United States. So, cities must take reasonable steps to protect their data and, in the event of a security breach, notify affected parties. This situation makes security much more urgent for cities, but they often ask us, “What now? How do we protect our data?” Those were common questions we heard at Nathan's conference session on cyber security.
The good and the bad news is that many methods of shoring
up security are easy. Good because fixes are relatively easy to implement. Bad
because it suggests that the biggest threat to most cities is your own staff. A
little education goes a long way toward making your staff—both your IT and
non-IT employees—aware of activities they can do every day to make sure that
your city stays as secure as possible.
Here are some areas you can tackle immediately.
A recent study by a technology research company in
California found that one out of three people had their passwords written down
somewhere around their desk. Many people used obvious passwords such as a child’s
name, pet name, college mascot, birthdate, etc. Overall, researchers figured
out passwords for 50% of the people in the study. Before you laugh, ask
yourself, “How secure are your city’s passwords?”
To make sure your passwords aren’t opening up major
A few years ago, a city finance officer was contacted by
their local bank. Wire transfers in the amount of $90,000 were attempted from
the finance officer’s computer. Compromised by a virus, the computer was
remotely controlled by an outside party. Luckily, the local bank’s fraud
prevention efforts saved the city from any significant financial damage. But
imagine if the transactions had been allowed to complete. The city and the bank
would have had to spend money on legal action and recouping any financial loss.
That’s real money lost—all because of a simple computer virus.
To combat viruses, we recommend that you:
Last year, we heard about a city’s server that became
infected with a virus. That server contained the city’s financial system. The
city’s backup system failed to recover the data. The city had backed up the
data, but they did not test their backups. And what happened? They lost 13
months of financial records. To get that data back, their only recourse was to
hire contract labor to re-enter every transaction manually. Talk about a lot of
significant unplanned expenses!
With data backup, start by asking some important
Once you get a better sense of your data needs and
priorities, apply the following best practices.
Recent studies have shown that
To stay up on security updates, make sure your IT staff
or vendor ensures the following:
Don’t forget the old-fashioned way of stealing!
Protecting city data also involves protecting physical equipment. A stolen
backup drive or a disgruntled employee with a USB stick can be just as harmful to
your city as a hacked computer. To tighten up your physical security:
Last year, citizens trying to reach a particular city’s
website found nothing but advertisements on it. What happened? The website had
been hacked and all of the city’s content was replaced by ads. The hacker found
a weak spot by infiltrating the city’s utility billing system through a hole in
the online bill pay software. If the problem lingered, a citizen going to the
city’s website, thinking it was a trusted source of information, could have
been infected with spyware or malware. That citizen’s private information may
have been stolen and the city would have been liable.
To ensure a problem like this never happens, make sure
Remember, cybercrimes affect all cities—not just the big
ones. Be proactive, ask questions, and stay informed. Use this post as a guide
to get you started, identify gaps, or check up on any doubts you have with your
IT staff or vendor.
If you want to talk more about cyber liability, please contact us.
Just when you’ve gotten used to the idea of shifting your servers and software applications to the cloud, you might hear about the option of moving your phone system there too. Many businesses and organizations still rely on landlines or maybe even a Voice over Internet Protocol (VoIP) system that may run on a server in your office or at a data center. Isn’t the phone something distinct from the rest of your data and software? Why would you move it into the cloud?
When VoIP came out many years ago, it primarily stunned a lot of people because it made them realize that phone information could be reduced to packets of data transmitted over the Internet. That meant you could treat your phone system the same way you treat a software application, and you used an Internet connection to communicate with other people instead of landline technology. But VoIP was software and usually required an onsite or data center-hosted server to run the application. With the cloud, you even remove the need for a server.
Despite this advance in technology, you might wonder about the practical reasons for moving your phone to the cloud. Here are some compelling reasons that hit home with the businesses and organizations we work with.
Cloud software makes it extremely easy to essentially carry your office phone with you everywhere. That’s impossible with a landline. With cloud phone software, you install a mobile app that connects to the software from anywhere. Access the mobile app, and then any call that comes into your office number rings your mobile phone. This helps businesses and organizations make it easier for employees to work remotely, keeping personal and professional phone data separate.
To talk about cloud phone software in more detail, please contact us.
experiences with watching cities embrace the cloud, we liked a recent August GovTech article that
outlined the thoughts of technology leaders from the city of San Francisco to
the state of Delaware. While each government entity’s challenges are complex
and unique, they all agree that moving to the cloud is helping them with many
essential business and operational functions.
While it can
seem like the needs of extremely large cities and states don’t necessarily
relate to small and medium cities, we find that the article included several
aspects about the cloud that can impact your city’s budget and operations. Here
are some important points we’ve extracted from this article that will convince
you to take a closer look at the cloud if you haven’t yet shifted over from a
more traditional setup.
Paying from month to month eases the burden of what
used to be a multi-year capital expense commitment for servers and licenses.
Moving data and applications to the cloud works more like a utility that you
turn on rather than equipment you buy. We’ve seen many small and medium cities
reduce their technology expenses and get rid of expensive hardware by moving to
Scalability and flexibility for your business needs
directly impacts your bottom line. Traditionally, cities tended to get locked
into a certain number of software licenses and technology features. If you
purchased it, you couldn’t get rid of it until the contract ended. With the
cloud, you can add or subtract users depending on your real-time staffing
needs, which helps if you suddenly gain a burst of employees or have to let
many go. Also, it helps if you can turn off certain features or tools in the
cloud and only use them when you need them—trimming costs while doing so.
Without hardware installation and configuration, you can often set
up your cloud technology over the Internet in hours. We often help set up a
city’s applications, storage space, document management, or website rather
quickly. Data migration from old systems may still take a lot of time and
planning, but the cloud technology and tools are ready to go as soon as possible.
Configuration takes place in easy to use dashboards, allowing your IT staff or
vendor to get you set up in the cloud almost immediately.
The cloud makes it easy for people to securely access
files, documents, data, and applications without having to be at the office or
use difficult VPN connections. It’s becoming more routine and expected for people
to access data remotely when they work from home, travel, or stop at any place
with public wireless access. The cloud allows you to provide that mobile access
with ease while keeping data secure.
We often hear, “But we have sensitive data that we
absolutely cannot risk by having in a public cloud.” While public clouds are often more
secure than any IT environment you can set up, we understand that cities may be wary about
extremely sensitive information going into the cloud. Cloud providers offer
many hybrid options including private clouds (meaning that you have your own
cloud network walled off from any other data) or simply keeping certain servers
locked down and secure in-house if you absolutely don’t want that data in the
cloud. For the rest of your data, you can still take advantage of the cloud’s
cost savings and benefits.
still wary about the cloud, articles like the one in GovTech should reassure
you that major cities and states would not move to the cloud if they haven’t
already evaluated the major risks. We encourage you to explore your options by
talking to an IT professional or service provider experienced in working with
municipalities. They should have experience with crafting hybrid cloud
solutions for municipalities so that you know they are looking at your
situation objectively (rather than applying a cookie-cutter cloud solution).
The cloud can save you a lot of money, offer you more flexibility, and still
provide you the data security you need.
To talk about the cloud in the more detail, please contact us.
A recent story reported in PC Magazine and other news outlets talked about a vicious form of malware that affected many retail point of sale systems. The most disturbing fact? Up-to-date antivirus and software patches failed to prevent this malware from taking over the point of sale systems, stealing information, and wreaking havoc.
Stories like these tempt small businesses and city governments to throw up their hands. If antivirus and patching can’t prevent malware and hackers stealing information, then how can you really secure yourself?
In fact, there’s plenty you can do. A common misconception is that antivirus serves as the be-all-end-all solution for protecting your information. But antivirus is only one tool to prevent such dangerous attacks. Here are some others.
Even if hackers can access your data, encryption can make that data useless to them. Many high profile data breaches in the past few years were made worse when the data stolen wasn’t encrypted. Compared to the cost of data loss, fines, and emergency remedies, the cost of encrypting data is quite a bargain. Especially for your most sensitive information, encrypting data on your servers and computers is essential and a great way to frustrate hackers.
To talk about cybersecurity in more detail, please contact us.
IT vendors are both an expensive investment and a commitment. Like any relationship, a good IT vendor is often hard to find but it’s a great thing once you find one. And like any relationship, there are signs indicating when it’s bad, and when it’s good.
I know. We’re an IT vendor, so you might be a bit suspect if we were to share our four signs of when you should break up. Instead, we’ve collected specific points and complaints that we’ve heard from actual city decision makers from a large number of sales meetings this year. These insights include customers, prospective customers, and other decision makers who have had good and bad experiences with IT vendors.
Here are the things they point out as red flags. If you’re seeing these signs repeatedly, then city decision makers nearly all say you need to look for a new IT vendor.
A good IT provider listens to your city when implementing any technology-related policies that affect your operations (such as security policies). That requires true consulting—working with cities to craft policies tailored to your organization. Unfortunately though, many lazy IT vendors simply implement a standard policy without discussing what your city considers appropriate. This situation can result in your staff unable to fully function because they are locked down too tight by an arbitrary policy that may not fit your organization.
To talk more about selecting the right IT vendor, please contact us.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.