We put the IT in city®

CitySmart Blog

Thursday, October 29, 2015
Alicia Klemola, Account Manager

Alicia KlemolaWireless technology has gotten to the point where many cities see it as an affordable option of providing Internet access to employees. After all, most cable companies now offer a wireless modem as a standard component for consumers, and wireless technology has both lowered in cost and improved in quality.

These cost reductions and advances in technology may mean more cities using wireless—but often with a do-it-yourself mentality. Because people often set up wireless access points in their home, it’s easy to think you just need to go to a retail store, buy the equipment, and set it up for your city.

This hands on approach can lead to a host of critical performance and security issues for cities that increase cyber risk. Use this list to see if your city might be at risk.

  1. Using consumer-grade wireless hardware. Consumer-grade wireless hardware is great for homes and very small businesses. Not for cities. You need secure, scalable wireless hardware that accommodates your envisioned Internet access needs along with leaving you plenty of margin for expansion.
  2. Setting up wireless access points with weak security. At many cities, we often find wireless access points with simple, default, or even no passwords. We even see wireless hardware sitting out in the open. A weak wireless access point presents a ripe opportunity for unsophisticated and even novice hackers to access sensitive city data or take down your network. It’s like leaving a door wide open at your house.
  3. Failing to provide enough coverage area. It’s easy for wireless connectivity to be obstructed depending on where the access point is located (such as in a basement or on a top floor), the thickness of walls, and other electronic devices and appliances interfering with the signal. Proper planning and deployment are key to prevent this issue.
  4. Relying on non-technical city employees to manage your wireless network. Just like your non-technical city employees wouldn’t monitor and maintain servers, you don’t want them managing your wireless network. Business-grade wireless access points have a lot of technical configurations that need to be set properly. If not, you could be exposing your city to major security risks. In addition, your IT staff or vendor can help keep your wireless network up-to-date with patches and upgrades, monitor for unauthorized access, and address the root cause of problems so that they don’t affect you long-term.

With wireless, don’t mess around. An experienced IT professional or vendor will be able to identify what kind of wireless hardware you need, how many wireless access points, where they should go, how your wireless hardware fits into your entire network, and how to provide the best security for your employee needs.

Got questions about your city’s wireless connections? Reach out to us today.

Thursday, October 22, 2015
Brian Ocfemia, Technical Account Manager

Brian OcfemiaOver the years, many cities have been slow to adopt and incorporate advancements in information technology. Begrudgingly, some are required to upgrade when the technology just stops working and vendors no longer support it. Plus, technology continues to improve in leaps and bounds, and it becomes available at an ever faster pace.

As a result, cities encounter a tough uphill climb because servers, computers, and laptops cost a lot of money. Maintaining onsite hardware and software also requires a lot of complicated technical equipment and know-how. Today, information technology is still a necessary investment but often hard to understand.

With the above said, don’t be so quick to dismiss using tablets at your city. Tablets can be leveraged for all sorts of city business—from public works employees using them in the field to councilmembers using them for meetings.

If your city hasn’t embraced tablets yet, then consider a few compelling reasons why you should.

  1. Easy-to-use. Tablets don’t require a lot of complicated setup and software, and they are built very intuitively. A few icons serve as shortcuts to the commonly used apps that you will need (such as your email, the Internet, and your documents), and you’re ready to go. Unlike desktops and laptops, tablets are unusually user-friendly.
  2. Extremely portable. A tablet is easier to carry around than a laptop. In fact, despite laptops always being touted as a great form of mobile computing, they can be unusually cumbersome to carry around and place on your lap or a small table. By contrast, tablets are about the size and feel of a magazine, and you’ll find yours easy to carry with you wherever you go.
  3. Anytime, anywhere access to your documents. If you store your documents in the cloud, your tablet can access them anywhere, anytime. That means access to presentations, PDFs, Word files, and other documents you use during your day-to-day city work. This kind of access becomes especially valuable when you’re at home, traveling, or at a city council meeting.
  4. Comfortable way to read. Tablets are designed for reading. Desktops and laptops are not very comfortable to read on, and smartphones often present text or a screen that is too small. Tablets are just right for reading and you can easily read work documents sitting on your sofa, waiting to catch a flight, or grabbing a meal at your local diner without having to get out a laptop or squint to see something on your phone.
  5. Eliminate most of your paper needs. A tablet can help eliminate your city’s need for paper. Imagine your city council meetings run with tablets instead of printing up agendas and supporting documentation. If you have access to city documents through your tablet, you’re less likely to use up paper and ink on a constant basis to print up documents that you want to read or reference later.

Also, because tablets have lowered in cost and increased in functionality, they are often relatively inexpensive investments that don’t require a large upfront cost.

Wondering if tablets might work well for your city? Reach out to us to chat more about these handy devices.

Thursday, October 15, 2015
Nathan Eisner, COO

Nathan EisnerFollowing open records laws and records retention policies is serious business. However, email sometimes gets treated like an informal type of communication. But when email is considered a public record, an informal approach to email becomes hard-to-manage, expensive, and time-consuming when responding to an open records request.

Unfortunately, many cities have not modernized their email systems. As a result, they open themselves up to greater risk by not having proper business-class functionality to help properly archive and maintain email.

Here are a few serious mistakes that jeopardize a city’s ability to respond to open records requests that involve email.

  1. Using free or personal email accounts. Free software platforms often lack a central way to manage and maintain email that can effectively match your city’s records retention policies. Personal email accounts involve even more risk because they blur the boundary between business and personal information. Politicians from Sarah Palin to Hillary Clinton have run into ugly, expensive problems when using personal emails for government business. Conduct all city business with a business-class email system that your IT staff or vendor manages and maintains.
  2. Lacking an email archiving policy. To reduce the risk of deleting or losing important emails, it helps to set up archiving on your email platform. That means taking a serious look at storage. Reducing employee email storage increases the risk of employees deleting emails that need to be retained. If you know how long you need to keep your emails and when they can be deleted, then you can automate your email system to take care of this.
  3. Failing to properly back up emails both onsite and offsite. Emails for city business are public records. In other words, failing to back up emails is not optional. If you already have a data backup plan for your email, then you need to examine if you back up that data both onsite and offsite. Also, you need to test your backups at least quarterly to ensure they work.
  4. Relying on email for document management. We’ve written before that email is no substitute for a document management system. Document management systems work exceptionally well for creating, editing, reviewing, and finalizing official documents while collaborating transparently with other people. Documents don’t get lost, they are seen by any authorized user, and they are easy to find when you receive an open records request. By contrast, documents become much harder to manage when they only reside in people’s emails.

To avoid the above mistakes, your city can follow this simple checklist.

  • Use a business-class email system.
  • Archive email to match with your city’s retention schedule.
  • Back up emails both onsite and offsite.
  • Create official documents in a document management system.
  • Clarify city policy and procedures about using personal and business email.

Worried about how your city handles open records requests that involve email? Reach out to us with your questions.

Friday, October 2, 2015
Dave Mims, CEO
Thursday, October 1, 2015
John Miller, Senior Consultant

John MillerIt’s safe to say that we still find too much uncertainty when it comes to data backup at cities. Typically, we investigate and find that the city has the potential for data loss.

For example, we often see the following common risks:

  • Onsite data backup but no consideration of offsite backup.
  • Not all data backed up. Data backups fail to include certain servers, databases, and files.
  • Failing backups. While data backup errors might be logged, no one is checking and resolving them.
  • Hope that data restoration will work, but no one is testing the backups.
  • Relying too heavily on manual backups. For example, when was a manual backup last performed? Who is carrying the backup, and where? What if someone’s briefcase or purse is stolen with the backup in it?

Cities often overlook or too lightly consider the critical offsite data backup component as part of an overall data backup and disaster recovery strategy. Why do cities need to re-think offsite data backup so badly? Here’s why.

  1. Power outages and natural disasters. Fire, floods, tornados, hurricanes, massive thunderstorms, and even a leaking roof or termites. When disaster strikes, onsite data backup may fail you. A days-long power outage means you (and the community you are serving) won’t have access to any of your onsite data, and a disaster may damage or destroy your onsite equipment. And because natural disasters often strike a large area, that’s why an “offsite” backup location only a few miles from City Hall doesn’t properly meet your needs.
  2. Open records requests. A city increases their risk for legal liability if they are not able to produce public records. Data loss from negligence or a lack of sufficient data backup investment is not an excuse for failing to produce a public record. Offsite data backup ensures that public records are safe and accessible even in the event of onsite data loss.
  3. Security. Offsite data is usually stored in one or more geographically dispersed data centers that adhere to the highest standards of physical security, information security, and encrypted data. But we find many cities are uncertain where their data is stored? Do you know if your data is stored within sovereign United States borders? Is it encrypted?
  4. Storage costs and limits. To store data backups offsite, cities often encounter storage space and cost barriers with their current setup. Fees increase quickly as the volume of data grows. If cities don’t switch to a modern offsite data backup platform, this data and associated costs will continue to grow at a faster pace—especially because of video and body cameras.
  5. Viruses. While related to security, we’re highlighting viruses specifically just because we’ve heard from cities that unfortunately did not have proper offsite data backup in place. When a virus hit their city, they permanently lost data because a machine had been completely compromised by a virus. With viruses becoming craftier over time (such as the dangerous ransomware virus), it’s essential that data is backed up and stored offsite just in case a virus compromises a server or workstation.

An offsite component to your data backup strategy that considers the points above will help to ensure that you have a mechanism in place that safeguards your data in the event of a disaster. The investment pays off in so many ways, encompassing disaster recovery, insurance, liability, security, and compliance. Onsite data backup is great, and it’s better than nothing. But offsite data backup completes the picture and gives you peace of mind.

Need to assess your offsite data backup? Reach out to us with any questions.

Thursday, September 24, 2015
Alicia Klemola, Account Manager

Alicia KlemolaYour city deals in documents. That’s the way you capture, retain, and share much of your information. You may still use a lot of paper documents or store your documents somewhat chaotically on servers and computers. And you know that situation makes it tough to store, access, and track documents.

With open records laws and higher importance placed on electronic information, you may consider upgrading to a modern document management system. But will it immensely help you compared to what you have now? Most likely. Here’s how.

  1. Store documents in a central, accessible location. At cities, one of the toughest challenges is simply finding documents. If you’re trying to figure out what servers, desktops, or laptops are storing the information (or which folder holds the correct document), you’re working too hard. A document management system will ensure that documents are uploaded, stored, and accessed in the same location. It’s no longer a mystery where a document may reside.
  2. Access documents from any device through the cloud. A modern document management system will store documents in the cloud, meaning that you can access those documents from any device—including desktop computers, laptops, tablets, or smartphones. This is especially beneficial when people work from home, from another remote location, or while traveling—and especially in the event that there is no longer a building because of a disaster!
  3. Restrict documents to only authorized users. The great thing about easy access from anywhere is that modern document management systems also supply excellent security that restricts access. From a dashboard that you control, you can designate which users have access to particular documents. For example, you might designate that only your finance staff has access to financial and accounting documents.
  4. Check in and check out documents to avoid editing conflicts. Documents are often collaborative, and many people will help edit a document over a period of weeks or months. Don’t you hate it when you’ve edited a document and you find out someone copied over the document—losing all of the changes you made? With modern document management systems, people can maintain the history of their document changes in order to return to previous versions so that changes are not lost. And because of check in / check out features, you can lock documents so that only one person edits them at a time.
  5. Establish final versions of documents to help with documentation and open records. Without a document management system, it’s sometimes hard to find the final, official version of a document. The document names might confuse you or it might be difficult to figure out the date when a document was last modified. Document management systems use document versioning to clearly show you the final version. This versioning feature helps cities clearly know which documents are the latest, and it also helps cities more quickly find official documents for open records requests.

Modern document management systems are often quite an advance versus what cities currently use. The basic theme of the advantages listed above are speed and efficiency. The faster you can find, access, edit, and finalize documents, the more time you save—and that gives you margin to tackle the many other items on your busy plate. Added security also helps not only with protection against hackers but also by ensuring that city employees access only the documents for which they have permission.

Thinking about upgrading the way you manage documents? Send us a note and we’ll talk to you in more detail.

Thursday, September 17, 2015
Brian Ocfemia, Technical Account Manager

Brian OcfemiaData breaches have become a regular part of the news. It seems that every day we hear about a new attempt by hackers to steal sensitive information from large companies and government agencies. These big cases hide the fact that many hackers attack smaller cities because they are easy targets.

How can smaller cities especially focus on preventing hackers from stealing sensitive information like social security numbers, credit card information, and other personal identifying information? After making an effort to classify data based on sensitivity and identifying where it resides in your city, you’ll want to do the following.

  1. Encrypt your data. Take steps to encrypt all of your sensitive data onsite, in transit, and offsite. Encryption is one of the most important preventative security actions you can take because it makes data worthless to hackers—even if they do steal it. You’ll want to make sure your data is encrypted on your servers and workstations, your data backup hardware and software, your wireless access points, and your mobile devices. Many of the biggest government data breaches in recent years were made worse by unencrypted data.
  2. Provide information on a “need to use” basis. Known as the “principle of least privilege,” your city needs to consider giving employee access to only the information that people need to use for their job.
  3. Raise the standards of your physical security. Often overlooked, physical security lapses are an easy way for sensitive information to get stolen and exposed. All a thief needs is an unlocked room of servers or computers, a USB drive that downloads the desired information, and a quick exit. Laptops and mobile devices are also incredibly easy to steal, and they’re often jam-packed with sensitive information or access to sensitive information. Revisit your physical security—especially how you lock down rooms and restrict access.
  4. Use complex passwords that change every few months. Passwords are still one of the weakest links in a city’s security chain. Because of ease, many passwords are often simple (like “superman” or “123456”), used by multiple people, and visible on desks (such as sticky notes on a computer screen). Your passwords need length and complexity such as a combination of letters, numbers, and special characters. Your IT staff and vendor can enforce the use of complex passwords and require that they change every three months or so. If employees grumble about it, remind them why this is important for data security at your city.
  5. Keep software upgraded and antivirus software current. We left software for last because the other four tips are very important but many times overlooked. However, keeping all of your software patched, upgraded, and current makes sure you sew up any security holes. We still see too many cities that haven’t patched and upgraded software for many many months. That means also keeping your antivirus software up-to-date, as viruses are another way for hackers to steal data from your city.

Even the best information security will not prevent the most sophisticated hackers from stealing data. However, there’s a difference between being an open target and significantly lessening the risk. Think about an unlocked house with open doors and windows. By starting with the tips above, you’re taking steps to lock down your house. Threats will still exist, but you are decreasing the likelihood of something happening.

Need to start assessing the state of your data security? Reach out to us and we’ll be happy to answer your questions.

Thursday, September 10, 2015
Victoria Boyko, Software Development Consultant

Victoria BoykoImagine going to a restaurant where you look at the menu and it’s just a list of 100 items. There are no sections of the menu for “Appetizers,” “Entrees,” or “Desserts.” Or maybe the menu is organized around themes that relate to things important to the restaurant like “Fresh from the Farmer’s Market,” “For Vegans,” or “Chef’s Favorites.” That’s nice, but...where are the entrees?

That’s how your citizens may feel about your city’s website. Often, it’s easier to just put information “wherever” on your website or organize it in a way that benefits you rather than the people looking for it. In today’s Internet age, people are scanners, not readers. They’re scanning websites quickly to find the information they want—and they grow impatient when websites don’t intuitively deliver up the information they want.

So how can you make sure your city’s website content connects better with your audience? Here are five questions you should ask about the information you put on your website.

  1. How do your citizens and website users look for information? The way that people look for information might differ from how you organize information on your city’s website. For example, you may think of organizing information by department. But people may not think that way. Instead, think of people’s needs when they come to your website. For example, you might organize your website information by indicating what’s for residents, businesses, visitors, and job seekers.
  2. How can you organize a lot of topics to make them easier to navigate? In many cases, city websites often list too many unorganized topics on a webpage that make it hard to find anything. Imagine you’re a business owner needing information and you go to a city’s website. What would they need most? How can you make finding that information easy on the user? It helps when you organize topics into incredibly user-friendly chunks that make it easy for people to know where to go next.
  3. How can you get people to do something? Encourage people to do something on your website. These encouragements are known as “calls to action.” They may include things like:
    • Get started
    • Learn more
    • Pay your ticket
    • Sign up for our newsletter
    • Follow us on Twitter
  4. How can you highlight important information while hiding excessive detail? Be careful about providing too much detail, too soon. Think of your city’s website like you’re helping someone at City Hall. Start off with general questions on the high-level pages of your website and then provide detailed specifics as people click deeper.
  5. How can you better organize information on each page? In the introduction, we mentioned that people scan more instead of read. To make your information more scannable, add headings, subheadings, bulleted lists, numbered lists, and links. For example, you might offer an easy to scan list of things people need to start a business. Then, each step can offer a link for people to access more information. Otherwise, people will have to work hard to figure out how to find things on your website—which will frustrate them and makes it more likely they will call you.

When you take extra care in organizing your website, it’s the difference between piles of books on the floor versus going to a public library. At a public library, books are organized by an overall system that’s easy for people to navigate. They can search by author, topic, title, and many other labels, and it’s easy to move around and find what they want. The same needs to be true of your website.

Even if you’re a small city and you don’t have that much information on your website, still take the time to organize the information you do have. You will help your citizens more and appear better organized to potential residents or business owners wishing to relocate to your city.

To talk about these tips in more detail, reach out to us.

Thursday, September 3, 2015
Dave Mims, CEO

Dave MimsIn discussions about transitioning existing onsite hardware into the cloud, non-technical city administrators and employees understandably sometimes wonder what IT staff or a vendor will do once there is nothing or very little onsite hardware to manage. If nothing is there, what’s there to do? If a city just accesses cloud services over the Internet, then it seems like the IT staff or vendor’s role disappears.

Fortunately (or unfortunately, depending on your point of view!), there is still plenty for IT staff or a vendor to do. Cloud technology has certainly shaken up the world of technology, and it constantly requires new skill sets and ways of managing IT.

Here are a few critical areas where your IT staff or vendor will spend much of their time.

  1. Consulting and planning. It’s more critical than ever that your IT staff or vendor has business experience (preferably municipal experience) to help you analyze your needs and goals on an ongoing basis. Cloud services make a lot of sense for cities, but you need the right combination of services to make sure you can run your applications, store and back up all of your data, and scale quickly up or down as needed.
  2. Managing and communicating with cloud vendors. Cloud vendors provide you services but they don’t know your particular day-to-day needs, problems, and issues. For example, instead of spending hours and days on the phone figuring out the source of a software issue, your IT staff or vendor would quickly understand the issue and work with the cloud vendor to resolve it.
  3. Ongoing management and maintenance of your cloud applications, tools, and data. You will still need someone to keep watch over your cloud application performance, security, patching, and upgrades. Some of these services are more automated at the cloud data centers, but you will still need personalized monitoring of day-to-day cloud services performance particular to your city.
  4. Ongoing management and support of your remaining onsite hardware and technology assets. You will still need to manage and support some onsite hardware and technology assets, especially in making sure they interact well with the cloud. That may include your desktop computers, laptops, tablets, phones, firewalls, routers, printers, and other hardware. You need reliable onsite hardware to receive the full benefits of cloud services and you will still need help with onsite cybersecurity, software support, and vendor communications.
  5. Storage needs. This area of cloud services is extremely particular and nuanced for your city, especially because more or less storage affects your budget. Only your IT staff or vendor will have the know-how to work out your storage needs—not only for your current situation but also for your future situation. The good news is that the cloud easily scales up and down to accommodate any of your storage needs, but that kind of scaling requires planning and knowledge from your IT staff or vendor.
  6. Data backup and disaster recovery. Your IT staff or vendor will need to monitor and maintain your offsite data backups in the cloud with rigor and thoroughness. That means making sure that all your critical data is backed up, that your backups are tested at least quarterly, and that all issues with backups are resolved as soon as possible.

Obviously, there are more technical, complex, and lesser priority IT activities still required to manage the cloud. But you can see that there is plenty to keep your IT staff or vendor busy. It’s worth noting that skill sets have changed so fast that you will occasionally find people who distrust the cloud. Often, they are not equipped with the knowledge and know-how to manage your technology through the cloud. Your IT staff or vendor needs to:

  • Understand both traditional and modern technology, including the cloud.
  • Approach your technology with a business mindset.
  • Have experience working with municipalities and their particular challenges.

Questions about transitioning to the cloud? Give us a shout and we’ll help answer them.

Thursday, August 27, 2015
Nathan Eisner, COO

Nathan EisnerIn Part 1, we talked about the capital expenses of hardware and software such as purchasing, licenses, procurement, asset management, maintenance, and repair. In this post, we look more at some of the ongoing operational expenses related to aging technology.

Operational expenses can sneak up on cities because they are less apparent and often involve reactive, unplanned expenses. Like a leech, aging technology operationally eats away at your city’s money and time in a few areas.

  1. Building space and utilities. Maintaining a lot of hardware first requires a lot of building space. Freeing that space up can be a small boon, giving your employees more room without having to buy or rent additional space. Also, hardware maintenance requires a lot of electricity, heating, and cooling. Those utility costs add up over a year, so reducing those expenses by using less hardware can lower your energy bills.
  2. Reactive IT support. Aging technology is often accompanied by reactive IT support. We often encounter cities that think it’s cheaper to call a vendor who serves more like a repairperson, repairing old hardware similar to maintaining an old car. Not only does aging technology break down more often but reactive IT support also merely puts out fires without addressing the root cause. Because you never know when or how many fires will crop up again, this situation leads to unpredictable IT support costs that gets expensive quickly.
  3. Cybersecurity. When you haven’t modernized your technology, you drastically increase your city’s risk of a data breach or a hacker stealing information. Older hardware and software often lacks modern security features that help prevent viruses and hacker exploits. And we find that some cities fail to regularly patch and upgrade software to keep up with increasing security threats. Cloud software often builds in security upgrades in a seamless, automatic fashion, taking that activity off your plate while keeping you more secure.
  4. Data backup and disaster recovery. Lack of effective data backup often accompanies aging technology. Sometimes, the data backup process is manual and untested, meaning that data backup either doesn’t happen or it fails to actually work when a city attempts to restore data. Modern data backup and disaster recovery ensures you have a combination of onsite and offsite data backup, with the offline component making sure that you can recover your data in case of severe disasters like a tornado or flood.
  5. IT staff and employee training. Do you have IT staff (or non-technical city staff) who simply put out technology fires every day? Or are they more strategic about using IT to help your city complete important projects? Do your employees need training to help them learn or keep up with complicated software? Modernizing your technology can both reduce city staff time spent battling fires (similar to reactive IT support) and reduce the learning curve that your city employees have with new software.

As part of lowering your operational costs, it helps to consider using an IT vendor that costs less than adding a full time employee and has an experienced team of engineers who can quickly and efficiently handle your ongoing technology needs. By investing in proactive IT support, you take care of many operational technology needs in one fell swoop from data backup to security. Staying on top of these operational technology areas helps keep your costs low and predictable.

Interested in addressing your operational IT costs and risks? Give us a shout to talk in more detail.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |