We put the IT in city®

CitySmart Blog

Thursday, October 30, 2014
Alicia Klemola, Account Manager

While there isn’t a debate anymore about the benefits of cloud hosting, governments and businesses still balk at moving into the cloud. A recent article from Marketplace highlights a few of those legitimate concerns from various government organizations that have made the shift along with various privacy experts sounding off.

Any remaining objections usually come down to two points: 

  1. Is the cloud secure?
  2. Does the cloud follow all privacy laws?

From here, organizations usually talk themselves into the false sense of security that comes from sticking with their own onsite servers or those they own or lease at a data center. But cloud hosting can overcome these two objections. In fact, the Marketplace article even states that Australia, a country with some of the strictest privacy laws, has moved into the cloud. They wouldn’t do that if it wasn’t secure.

Let’s look at some of the key reasons why cloud hosting is worth considering, starting from the two objections and then expanding out into a few other points. 

1. The cloud tends to be more secure than your onsite servers or servers co-located at a data center.

We’ve written before about a false sense of security that goes like this: If you can see your own servers, they must be safer and more secure. In the article, the CIO of the state of Wyoming says, “Folks say, 'It’s more secure because I control the server.' Well, yeah, but I can pick it up and walk out to my car with it. And that citizen data isn’t secure anymore.” Companies like Microsoft, Google, and Amazon host your information in cloud data centers that are like fortresses. From physical security to information security, they have the most industry-leading resources on hand to protect your data—resources that you or smaller data centers simply lack.

2. Cloud hosting providers are usually reputable as a result of their reliability and following strict legal and regulatory compliance.

When so many large organizations now rely on the cloud, that means those organizations have forced cloud hosting providers to be competitive. That means upholding strict service level agreements (SLAs) and following legal and regulatory compliance to a level unmatched by any other hosting entity. If absolutely needed, they can even carve you out private clouds or create you an onsite cloud. With multiple Internet connections, massive amounts of redundant backup power, and data spread out across different cloud hosting facilities across the country or world, cloud hosting providers give you the best assurance of reliability and privacy to date.

3. Cloud hosting providers ensure even better data backup and disaster recovery than onsite servers or data centers.

Because cloud data is accessed from any device, it’s hard to lose data or a place to access it. Cloud hosting providers offer such robust reliability and uptime that it’s extremely rare for them to lose your data. While losing power or an Internet connection may prevent you from accessing your data, you won’t lose it. As a result, cloud hosting adds to your data backup and disaster recovery resources, meaning you can rebound from a bad weather event, fire, or theft much faster.

4. You can access data anytime or anywhere.

Because cloud hosting providers require strict yet easy-to-set-up permissions for only authorized users, you can breathe a sigh of relief when employees access business data from home or through their mobile devices. Traditional servers or data centers require that employees only access data while at the office or through difficult-to-use VPN connections. With the cloud, your employees can work from anywhere as if they’re at the office—without losing one iota of security or privacy.

5. Moving to a cloud hosting provider usually cuts your costs significantly.

Think about it. No more onsite hardware to purchase or maintain. No more data center servers to buy or lease. So why does the cost of shifting to a cloud hosting provider drop so much? Think of cloud hosting like a utility. Is it more cost-effective to buy your own electricity generators, or to use the collective power of an energy company that provides you electricity for a low cost due to the scale of their operations. Cloud data centers work the same way. By storing data in cost-efficient ways at such large hosting centers, those hosting centers pass on the cost savings of scale to you because they are more efficient than any onsite servers or data centers you could use.

We encourage you to ask cloud hosting providers and vendors your toughest questions about security, privacy, and reliability. Better yet, find their biggest and most conservative customers—the ones who would have the most privacy concerns—and hear what their business stakeholders and technology experts have to say. Like the CIO of Wyoming in the Marketplace article, you’ll find that many people have thought through most of these concerns—forcing the competitive cloud hosting providers to deal with these issues. The good news? You now benefit from any trial and error that occurred many years ago when this technology first started out, and you can slash your costs while upping the quality of your technology infrastructure.

To talk more about cloud hosting, please contact us.

Thursday, October 30, 2014
Nathan Eisner, CMO

Seemingly every day, a news story breaks about yet another security breach and more data stolen from an organization. We hear about big organizations such as Kmart and government operations such as the Oregon Department of Employment, but we don’t often hear about smaller organizations. Because hackers pick easy targets, smaller cities are even more at risk than larger entities. And that’s a major driver behind Kentucky’s House Bill 5 that our CMO, Nathan Eisner, recently spoke about during a talk at the Kentucky League of Cities annual conference.

Nathan Eisner talks to KLC about cyber security 

The language of House Bill 5 is quite clear and includes the following provisions:

  • Requires public agencies and nonaffiliated third parties to implement, maintain, and update security procedures and practices, including taking any appropriate corrective action to safeguard against security breaches.
  • Requires public agencies that maintain personal information to notify persons impacted by security breaches.
  • Requires that public agencies establish reasonable security and breach investigation procedures.

While specific to Kentucky, House Bill 5 is reflective of similar legislation and expected best practices around the United States. So, cities must take reasonable steps to protect their data and, in the event of a security breach, notify affected parties. This situation makes security much more urgent for cities, but they often ask us, “What now? How do we protect our data?” Those were common questions we heard at Nathan's conference session on cyber security.

KLC Session on Cyber Security

The good and the bad news is that many methods of shoring up security are easy. Good because fixes are relatively easy to implement. Bad because it suggests that the biggest threat to most cities is your own staff. A little education goes a long way toward making your staff—both your IT and non-IT employees—aware of activities they can do every day to make sure that your city stays as secure as possible.

Here are some areas you can tackle immediately.


A recent study by a technology research company in California found that one out of three people had their passwords written down somewhere around their desk. Many people used obvious passwords such as a child’s name, pet name, college mascot, birthdate, etc. Overall, researchers figured out passwords for 50% of the people in the study. Before you laugh, ask yourself, “How secure are your city’s passwords?”

To make sure your passwords aren’t opening up major security holes:

  • Do not write passwords down and leave them lying around.
  • Use a password on all of your devices including your computer, smartphone, iPad, etc.
  • Do not use obvious passwords that are easy to guess.
  • Use long and complex passwords with uppercase and lowercase letters, numbers, and symbols.
  • Do not save passwords to websites and applications on your Internet browser.
  • Rotate your passwords periodically.

Virus Attacks

A few years ago, a city finance officer was contacted by their local bank. Wire transfers in the amount of $90,000 were attempted from the finance officer’s computer. Compromised by a virus, the computer was remotely controlled by an outside party. Luckily, the local bank’s fraud prevention efforts saved the city from any significant financial damage. But imagine if the transactions had been allowed to complete. The city and the bank would have had to spend money on legal action and recouping any financial loss. That’s real money lost—all because of a simple computer virus.

To combat viruses, we recommend that you:

  • Install antivirus software on every computer.
  • Audit your antivirus software regularly by confirming that it’s installed and licensing is up-to-date.
  • Educate your staff about the common sources of viruses such as email attachments and websites.

Data Backup

Last year, we heard about a city’s server that became infected with a virus. That server contained the city’s financial system. The city’s backup system failed to recover the data. The city had backed up the data, but they did not test their backups. And what happened? They lost 13 months of financial records. To get that data back, their only recourse was to hire contract labor to re-enter every transaction manually. Talk about a lot of significant unplanned expenses!

With data backup, start by asking some important questions:

  • What data is critical to your city?
  • How will your city be affected when that data cannot be accessed for extended periods of time?
  • How will departments such as public safety function without access to their data?

Once you get a better sense of your data needs and priorities, apply the following best practices.

  • Perform onsite backups of important city data.
  • Perform offsite backups to recover your data from events like theft and catastrophic disasters.
  • At a minimum, back up your data daily.
  • Remove human interaction—and reduce error—by automating your data backup.
  • Plan what you will do in a disaster, such as a fire or tornado.
  • Test your backups regularly.

Security Updates

Recent studies have shown that

  • 80% of cyberattacks can be prevented by keeping computers up to date.
  • Applications like Adobe Reader and Java are more likely to be exploited than Windows.
  • Most people ignore messages on their computer about installing updates.

To stay up on security updates, make sure your IT staff or vendor ensures the following:

  • Let those updates run on people’s computers. Make sure your employees don’t ignore them.
  • If you have servers, make sure your IT staff or vendor updates them.
  • Upgrade any applications that have reached “end of life”—which means that the software is so old that the vendor has stopped supporting it.

Physical Security

Don’t forget the old-fashioned way of stealing! Protecting city data also involves protecting physical equipment. A stolen backup drive or a disgruntled employee with a USB stick can be just as harmful to your city as a hacked computer. To tighten up your physical security:

  • Have employees lock their computers when away from their desks.
  • Ensure that servers and network equipment are locked up in a secure room.
  • Store any external media such as USB drives or backup tapes in a safe place.
  • Use encryption on your data if possible. If someone does steal your data, it will be useless to them.


Last year, citizens trying to reach a particular city’s website found nothing but advertisements on it. What happened? The website had been hacked and all of the city’s content was replaced by ads. The hacker found a weak spot by infiltrating the city’s utility billing system through a hole in the online bill pay software. If the problem lingered, a citizen going to the city’s website, thinking it was a trusted source of information, could have been infected with spyware or malware. That citizen’s private information may have been stolen and the city would have been liable.

To ensure a problem like this never happens, make sure you:

  • Ensure that your city’s website is hosted by a reputable provider.
  • Know where your city’s website is hosted.
  • Ask your website’s hosting provider to have your site objectively audited for potential risks by a third party.

Remember, cybercrimes affect all cities—not just the big ones. Be proactive, ask questions, and stay informed. Use this post as a guide to get you started, identify gaps, or check up on any doubts you have with your IT staff or vendor.

If you want to talk more about cyber liability, please contact us.

Thursday, October 16, 2014
John Miller, Senior Consultant

Just when you’ve gotten used to the idea of shifting your servers and software applications to the cloud, you might hear about the option of moving your phone system there too. Many businesses and organizations still rely on landlines or maybe even a Voice over Internet Protocol (VoIP) system that may run on a server in your office or at a data center. Isn’t the phone something distinct from the rest of your data and software? Why would you move it into the cloud?

When VoIP came out many years ago, it primarily stunned a lot of people because it made them realize that phone information could be reduced to packets of data transmitted over the Internet. That meant you could treat your phone system the same way you treat a software application, and you used an Internet connection to communicate with other people instead of landline technology. But VoIP was software and usually required an onsite or data center-hosted server to run the application. With the cloud, you even remove the need for a server.

Despite this advance in technology, you might wonder about the practical reasons for moving your phone to the cloud. Here are some compelling reasons that hit home with the businesses and organizations we work with. 

1. Immediately cut costs.

Without a landline connection, you essentially just pay for an Internet connection. Because landline equipment is expensive to maintain, landline providers pass on that cost to you. And if you use traditional VoIP, you’re paying for server hardware and maintenance. Cloud phone systems just need an Internet connection (that you already have and pay for), and you often set up the system in minutes. With no hardware or equipment costs getting in the way, your phone costs go way down.

2. Quickly fix problems and add features.

Landline providers move extremely slowly— to implement your service, to repair equipment, to fix problems, to resolve issues, and to add features to your service. Cloud phone systems are maintained in cutting-edge data centers, and there is very little to implement or fix. Problems are often just glitches resolved in minutes, and features can be added in the same amount of time. True, traditional VoIP service also benefits from quick problem resolution and added features, but the cloud can be even faster because your IT staff or vendor are not spending time maintaining your VoIP servers.

3. Receive all of your communications in one place.

Cloud software simply has advantages that landlines lack. Because landlines do not transmit Internet data, they cannot integrate phone data with your software. Cloud phone software sees everything as data. That means voicemails, faxes, text messages, multimedia, and emails can all go to the same place in software such as Microsoft Outlook. Traditional VoIP does this too, but cloud phone software data can be even simpler to set up, integrate, and manage.

4. Add and subtract numbers and features with a click.

Landlines make it difficult to scale up and down. Usually, you’re locked into a set number of lines and features and it can be difficult to change quickly. To help with scaling up and down as your business and organization grows and shrinks, cloud phone software allows you to add and subtract phone numbers and features with a simple click. Your monthly fee adjusts based on what you actually need—and you’re not locked in based on what you were sold.

5. Take your office phone with you everywhere.

Cloud software makes it extremely easy to essentially carry your office phone with you everywhere. That’s impossible with a landline. With cloud phone software, you install a mobile app that connects to the software from anywhere. Access the mobile app, and then any call that comes into your office number rings your mobile phone. This helps businesses and organizations make it easier for employees to work remotely, keeping personal and professional phone data separate.

Some businesses and organizations might still need landlines for critically important functions that need to stay up if power goes out, such as 911 call centers. Otherwise, for most common business needs, cloud phone software is a compelling option. If you’re still happy with your traditional VoIP system, you may just want to do a cost analysis to compare it against cloud phone software. Similar to other cloud software, you might find an additional cost savings in getting rid of hardware, giving employees more mobile flexibility, and making it even easier for your IT staff or vendor to manage your phone services.

To talk about cloud phone software in more detail, please contact us.

Thursday, October 09, 2014
Brian Ocfemia, Technical Account Manager

Matching our experiences with watching cities embrace the cloud, we liked a recent August GovTech article that outlined the thoughts of technology leaders from the city of San Francisco to the state of Delaware. While each government entity’s challenges are complex and unique, they all agree that moving to the cloud is helping them with many essential business and operational functions.

While it can seem like the needs of extremely large cities and states don’t necessarily relate to small and medium cities, we find that the article included several aspects about the cloud that can impact your city’s budget and operations. Here are some important points we’ve extracted from this article that will convince you to take a closer look at the cloud if you haven’t yet shifted over from a more traditional setup.

1. Your investment is an operational expense, not a capital expense.

Paying from month to month eases the burden of what used to be a multi-year capital expense commitment for servers and licenses. Moving data and applications to the cloud works more like a utility that you turn on rather than equipment you buy. We’ve seen many small and medium cities reduce their technology expenses and get rid of expensive hardware by moving to the cloud.

2. You can add or subtract users, and add technology resources with a click.

Scalability and flexibility for your business needs directly impacts your bottom line. Traditionally, cities tended to get locked into a certain number of software licenses and technology features. If you purchased it, you couldn’t get rid of it until the contract ended. With the cloud, you can add or subtract users depending on your real-time staffing needs, which helps if you suddenly gain a burst of employees or have to let many go. Also, it helps if you can turn off certain features or tools in the cloud and only use them when you need them—trimming costs while doing so.

3. You can set up your cloud technology quickly.

Without hardware installation and configuration, you can often set up your cloud technology over the Internet in hours. We often help set up a city’s applications, storage space, document management, or website rather quickly. Data migration from old systems may still take a lot of time and planning, but the cloud technology and tools are ready to go as soon as possible. Configuration takes place in easy to use dashboards, allowing your IT staff or vendor to get you set up in the cloud almost immediately.

4. Your employees can access the cloud through mobile devices.

The cloud makes it easy for people to securely access files, documents, data, and applications without having to be at the office or use difficult VPN connections. It’s becoming more routine and expected for people to access data remotely when they work from home, travel, or stop at any place with public wireless access. The cloud allows you to provide that mobile access with ease while keeping data secure.

5. You still have options to protect your most sensitive data in-house.

We often hear, “But we have sensitive data that we absolutely cannot risk by having in a public cloud.” While public clouds are often more secure than any IT environment you can set up, we understand that cities may be wary about extremely sensitive information going into the cloud. Cloud providers offer many hybrid options including private clouds (meaning that you have your own cloud network walled off from any other data) or simply keeping certain servers locked down and secure in-house if you absolutely don’t want that data in the cloud. For the rest of your data, you can still take advantage of the cloud’s cost savings and benefits.

If you’re still wary about the cloud, articles like the one in GovTech should reassure you that major cities and states would not move to the cloud if they haven’t already evaluated the major risks. We encourage you to explore your options by talking to an IT professional or service provider experienced in working with municipalities. They should have experience with crafting hybrid cloud solutions for municipalities so that you know they are looking at your situation objectively (rather than applying a cookie-cutter cloud solution). The cloud can save you a lot of money, offer you more flexibility, and still provide you the data security you need.

To talk about the cloud in the more detail, please contact us.

Thursday, October 02, 2014
Nathan Eisner, CMO

A recent story reported in PC Magazine and other news outlets talked about a vicious form of malware that affected many retail point of sale systems. The most disturbing fact? Up-to-date antivirus and software patches failed to prevent this malware from taking over the point of sale systems, stealing information, and wreaking havoc.

Stories like these tempt small businesses and city governments to throw up their hands. If antivirus and patching can’t prevent malware and hackers stealing information, then how can you really secure yourself?

In fact, there’s plenty you can do. A common misconception is that antivirus serves as the be-all-end-all solution for protecting your information. But antivirus is only one tool to prevent such dangerous attacks. Here are some others. 

1. Back up your data, both onsite and offsite.

The best defense is often having a plan in case the worst happens. If your data is stolen, held for ransom, or corrupted, then you need to have an automated onsite and offsite data backup and disaster recovery solution in place. No antivirus software is perfect. Even if it’s a rare event, there is always a chance you can get hit by a virus. If a computer or server is so infected that it needs to be wiped clean and decommissioned, it’s essential that you have that data backed up. 

2. Train employees about phishing and malicious links, emails, and attachments.

All of the antivirus software in the world won’t prevent a virus if an employee clicks on a malicious website link or opens a suspicious attachment. Hackers and cyber criminals play on the human factor. After all, if a person gives them permission to access company or government data by clicking on something, they are inside your gates at that point. The more your employees show wariness and caution about suspicious links, emails, and attachments, the less chance that a virus will creep past your antivirus software.

3. Build strong network security.

While your antivirus software might be great, it has to work overtime when many virus attempts are getting inside your network. Perform a network assessment to judge the strength of your firewall, the ease or difficulty of unauthorized user access, administrator password strength, and wireless access points. If your network security is weak, the chances of an attack succeeding are much greater because more threats are getting inside your network. Even the best antivirus software shows its weakness when too many threats hit it at once on a daily basis.

4. Use enterprise antivirus software with people managing it.

Off-the-shelf antivirus software installed ad hoc on people’s computers is simply not good enough for businesses or government. Enterprise antivirus software is managed by people. Because businesses and government entities are such high targets by having intellectual property, money, and sensitive data potentially exposed, the stakes are higher. When IT professionals are helping managing your antivirus, they can more easily spot red flags and respond to virus attacks immediately. They stay on top of virus threats in a way that individual non-technical users simply can’t do. 

5. Encrypt your data.

Even if hackers can access your data, encryption can make that data useless to them. Many high profile data breaches in the past few years were made worse when the data stolen wasn’t encrypted. Compared to the cost of data loss, fines, and emergency remedies, the cost of encrypting data is quite a bargain. Especially for your most sensitive information, encrypting data on your servers and computers is essential and a great way to frustrate hackers.

Despite the fear of malware attacks that crippled organizations like UPS and Supervalu, there is more to protecting your network than simple antivirus. To take next steps, we recommend assessing the strength of your data backup, network security, and encryption. Shore up any holes. Then make sure that IT professionals are managing your antivirus while complementing that service with employee training that mitigates the risk of someone clicking on an attachment with a virus. By applying a more holistic strategy, you’ll up your cyber security and decrease your cyber liability.

To talk about cybersecurity in more detail, please contact us.

Thursday, September 25, 2014
Clint Nelms, COO

IT vendors are both an expensive investment and a commitment. Like any relationship, a good IT vendor is often hard to find but it’s a great thing once you find one. And like any relationship, there are signs indicating when it’s bad, and when it’s good.

I know. We’re an IT vendor, so you might be a bit suspect if we were to share our four signs of when you should break up. Instead, we’ve collected specific points and complaints that we’ve heard from actual city decision makers from a large number of sales meetings this year. These insights include customers, prospective customers, and other decision makers who have had good and bad experiences with IT vendors.

Here are the things they point out as red flags. If you’re seeing these signs repeatedly, then city decision makers nearly all say you need to look for a new IT vendor. 

1. Your IT vendor confuses you with too much technical language.

We often hear, “If you ask our IT vendor for the time, he tells you how to build a clock.” Great IT vendors speak to you in concise, relevant business terms. That means taking something complex and making it simple. Or simply just sharing the bottom line about a particular issue. Throwing around too much technical mumbo-jumbo isn’t a sign that your IT vendor is brilliant—it’s a sign that they’re likely hiding behind confusing language and not explaining or understanding your business problems correctly.

2. Your IT vendor blames and passes on responsibility to other vendors.

We’ve written about the discipline of vendor management and why it quickly becomes one of our most popular services for our customers. We make sure other vendors stick to your business requirements, ensure proper installation and configuration, and work with vendors on technical issues. Bad IT vendors will routinely blame other vendors for IT problems, throw up their hands, and say that the hardware or software vendor needs to fix the problem themselves. It’s a classic complaint about IT service providers. Instead of working with software vendors when there is a problem, they point the finger at the software vendor and say. “It’s their problem, not mine.”

3. Your IT vendor always wants you to buy something.

Many IT vendors often get your business because they seem so cheap. Then, once they’re inside, they start telling you, “That costs extra” when you thought many services were included. They may also try to sell you hardware, software, or other products as a remedy to a real technical issue. It’s another classic complaint. Many IT providers make money from reselling hardware (or worse, from building and selling their own hardware). The best IT providers simply provide services without trying to upsell you at every given opportunity.

4. Your IT vendor implements their own policies instead of working in partnership with you.

A good IT provider listens to your city when implementing any technology-related policies that affect your operations (such as security policies). That requires true consulting—working with cities to craft policies tailored to your organization. Unfortunately though, many lazy IT vendors simply implement a standard policy without discussing what your city considers appropriate. This situation can result in your staff unable to fully function because they are locked down too tight by an arbitrary policy that may not fit your organization.  

The common theme of these red flags isn’t surprising. These bad IT vendors simply don’t listen to you, they don’t do the hard work of strategizing and customizing their services to your needs, and they don’t accept the responsibility of creatively and efficiently solving your technology problems. Instead, they try to cut costs through shortcuts and cookie cutter services that may do you more harm than good. Look instead for an IT vendor that listens to you, crafts services around your needs, and accept the responsibility of managing your IT environment—including working with other hardware and software vendors to resolve problems.

To talk more about selecting the right IT vendor, please contact us.

Thursday, September 18, 2014
Dave Mims, CEO

Mr. Stan Brown, City Manager, Oakwood, GAAs you or others you know have probably experienced, tablets (such as Surfaces, iPads, Nooks, Nexuses, etc.) have entered our lives as a way to both increase our productivity and entertain us. They are easy to use and provide many of the same functions as traditional desktops or laptops—without the hassle. Because tablets provide you on-the-go email, document access, and Internet access, we find they are also becoming essential productivity tools for mayors and council members, as well as others involved in council meetings.

In fact, we've heard over and over that cities want tablets—especially for elected officials. Based on this feedback, we’re happy to announce that IT in a Box will include tablets for council members.

So, why tablets? And why IT in a Box? With IT in a Box tablets, you’ll experience the following benefits.

  • Go paperless. Tablets help eliminate the costly, burdensome process of your city printing and delivering paper meeting agendas and related documents.

  • Enjoy the ease of modern technology. Access agendas, documents, the Internet, and other productivity tools with a swipe of your finger.

  • Mr. Andrew Hartley, City Attorney, Georgetown, KYTake your IT in a Box tablet wherever you go. IT in a Box tablets aren’t just for council meetings. Carry your tablet everywhere for secure, anywhere / anytime access to your city email, calendar, Internet, documents, and more.

  • Keep your data secure and protected. Keep your data secure and protected with the latest antivirus, antispam, software security patching, and automated tablet maintenance—all included with IT in a Box.

  • Be prepared for open records requests. Your city email account clearly separates city business from your personal email, making it easy to respond to open records requests.

  • Enjoy full 7 days a week IT support. Technical issue? We’ll support you whether you’re in the office, working from home, or on the road—7 days a week.

  • Microsoft productivity software included. IT in a Box tablets come with commonly used software such as Microsoft Outlook, Word, Excel, OneNote, and more.

  • Full Windows 8.1. Run the same applications from your tablet that you do on your desktop or laptop!

Mr. Jim Windham, Councilman, Oxford, GAAt this time, we are currently piloting the use of IT in a Box tablets and collecting feedback to make this service even more effective for you before rolling it out.

A big thank you goes out to Mr. Andrew Hartley (City Attorney at Georgetown KY), Mr. Stan Brown (City Manager at Oakwood GA), and Mr. Jim Windham (Councilman at Oxford GA) for signing up to be our early adopters (aka testers). Each represents a vital role in council meetings, so gaining their feedback and perspectives will be very beneficial. We plan to fully roll out the IT in a Box tablets in January 2015.

To learn more about this service, please contact us

Thursday, September 11, 2014
Alicia Klemola, Account Manager

With the media using its usual scare tactics, it’s tempting to follow their alarmist lead and view the recent celebrity cloud nude photo hacking scandal as a sign that the cloud is an unsecure place to store data, files, and documents. After all, if private nude pictures cannot be protected from hackers, then how will you protect your business’s much more important confidential information and intellectual property? One alarming fact you’ve probably read is that many of the celebrities said they had deleted their photos long ago. Yet, those photos were still found by hackers in the cloud despite this deletion.

Let’s slow down a bit and digest this incident. First, despite their celebrity status, these people are still non-technical individuals—not IT experts. Many common individual errors in personal data privacy were committed by these celebrities. And the flaws mostly came down to weak passwords and a misunderstanding of how cloud security works.

For your business or city, we offer some reassurances in the wake of the scandal to let you know where these celebrities messed up and how your business should differently operate. 

1. Your cloud data should be protected by enterprise-level firewalls.

Free cloud software managed by vendors usually has solid firewalls in place. But because they are serving millions of consumers who are not paying for the cloud services, these vendors may not ratchet up their security as much as for a business or government entity that needs more firewall power. For example, different classes of firewalls exist that enforce higher security to keep out unauthorized users. These firewalls can be customized for your particular security needs.

2. You need to enforce strong passwords and possibly extra layers of user authentication security.

In many of the nude photo hacking scandal articles, a common point of entry was weak passwords and user authentication. It’s easy for many hackers to go after sensitive information with programs that crack weak- to medium-strength passwords. You need a policy that enforces strong passwords with a mix of letters, numbers, and characters. The passwords should also be a certain minimum length such as 8 characters and changed monthly or quarterly. In addition, you can doubly ensure password security by adding an extra layer of authentication such as a mobile confirmation once a password is entered.

3. Train your people to spot phishing scams and other suspicious links and attachments.

People are still one of the weakest links in your cyber security chain. They often present easy access points for hackers attempting to steal your sensitive information. Train your employees about how phishing scams work, how to spot suspicious emails and attachments, and when giving away usernames and passwords is legitimate. There are still too many cases when employees are fooled by an email with links that look legitimate, and the employee ends up giving hackers an access point to your data.

4. Deleting files is not as simple as clicking delete.

We talked about this in detail in a recent post, but it’s extremely important to know that deleting a file may not delete it for good. First, simply deleting a file on your computer only means that the space it takes up is available to be overwritten by a new file. It’s often still there. Second, files may or may not be synced everywhere in the cloud. Or, new files may be synced but not deleted files. Deleting in one place may not delete a file everywhere. In the celebrities’ cases, they thought that deleting a file on an iPhone meant it was also deleted in iCloud. In their case, it wasn’t. An IT professional can help you configure your archiving and deletion policies to make sure that deleted files are truly deleted.

5. Syncing files without proper oversight exposes you to security and data backup risks.

Be very careful about syncing cloud data to other devices. Ideally, you should store data and allow access to it from one central cloud location. If the data replicates itself locally on various devices, you open up the risk of your data appearing in a less secure location. It may be easier for a hacker to hack a personal device rather than your cloud servers. But if your sensitive data is encrypted and only accessible via your cloud servers (with view-only mobile access), then it’s much harder for a hacker to grab that data.

Waves of alarm always occur about the cloud when something like this scandal happens. It’s easy to blame cloud security when we should be using this incident as cloud education. If these celebrities understood how their data is stored, accessed, and deleted, then they would not have run into this issue. These are individuals, and so they can survive such an attack relatively unscathed. But as a business or government organization, you need to take advantage of the cloud’s benefits and high security while adopting common sense best practices that help protect your most sensitive data. Use the cloud, but don’t make the same mistakes as these celebrities.

To about cloud security in more detail, please contact us.

Thursday, September 04, 2014
John Miller, Senior Consultant

In many organizations, email is quite simply a mess. Sometimes, you might have loose policies where you can keep any email forever as long as there is storage space. In other cases, you might have arbitrary or necessary storage limits where you are responsible for deleting emails just to make room for more email. Either extreme is not healthy for a business or government organization.

You might say that keeping emails is understandable, for obvious reasons. If emails are needed for legal reasons or a city receives an open records request, it’s important that emails are accessible. As long as the email is somewhere, everything is fine. Right?

Actually, there’s much more to email archiving than just storing your emails in any old place. In this post, we offer up five reasons why you need to have business-class email archiving in place at your organization. 

1. Employee searching and reference.

The most obvious and prosaic argument for email archiving is simply that emails often contain a lot of important business and historical information that is useful to employees. Old emails might include notes about a project from two years ago, a forgotten vendor name from a meeting last year, or login information to a website. If employees are forced to delete emails or if they’re responsible for storing emails, there is a risk of losing important information. Email archiving ensures that employees can easily look up information from past emails.

2. Protection of sensitive information.

With a business-class email system, your email will be encrypted and protected by a variety of security measures. If employees are left to do their own archiving, there is a risk of storing old emails in insecure locations such as an external hard drive, thumb drive, or folders on the desktop that an unauthorized person might be able to access. With automatic archiving features in a business-class email system, the archived email will be set aside, encrypted, and protected against unauthorized users.

3. Storage.

Despite many cloud email systems offering more and more storage space, email storage can still grow unwieldy with many zip files, PDFs, PowerPoint presentations, pictures, audio files, and video files. Email archiving goes a long way toward compressing the size of old emails and storing them in a place where it’s expected you won’t be accessing them often. If your server storage is limited, this aspect of email archiving is critical to free up space.

4. Data backup and disaster recovery.

Email archiving forms part of a comprehensive data backup and disaster recovery strategy. Any archived emails need to be encrypted, easily accessible, and stored properly when backed up both onsite and offsite. If an email server fails, you need to make sure you don’t lose archived emails. You are still legally bound to produce important emails if requested, and the excuse of poor data backup and disaster recovery will not cut it with authorities.

5. Legal requests and compliance.

Your records management is extremely important when you are bound by law to produce emails. For businesses, you may need to produce emails as the result of following a contract, responding to a legal request, or complying with something like Sarbanes-Oxley. For government, you may need to respond to open records requests and correlate your archived email with record retention laws. You don’t want to be caught in a situation where you’re legally bound to produce an email and you are unable to do so. That failure could result in lawsuits and expensive fines.

To get started with email archiving, it’s good to look at the quality of your current email system. Are you using a free email service (like organization@yahoo.com)? Are you using an outdated email server with limited archiving and storage capabilities? Are you storing sensitive emails in insecure locations such as tape backups or thumb drives? Once you assess your current email capabilities, consider switching over to a more modern email system that encompasses email archiving and mechanisms to help you follow the law and retain emails the right way.

To talk about email archiving in more detail, please contact us.

Tuesday, August 26, 2014
Brian Ocfemia, Technical Account Manager
A recent Forbes article references a study from Docurated that highlights some alarming statistics about the current state of document management. Some key stats that the Forbes author highlights in the article include:
  • “Despite the hype around Cloud, 77% of respondents still use file servers as their primary repository.”
  • “Cloud Storage is being deployed but more than 79% of documents are still stored on-premises.”
  • “68% of organizations have 5 or more storage repositories.”
It’s likely that many cities and small businesses are in the same boat as the majority of respondents from Docurated’s survey. With the cloud and modern document management systems making it easier for cities and small businesses to create, store, and maintain documents, there’s no reason why these organizations need to settle for obsolete solutions that make business more difficult to conduct. Here are some tips that will help you get up to speed and put yourself in the minority of organizations that are doing document management right. 

1. Move your documents to the cloud to help disaster recovery.

As the statistics relate, too many documents are still stored on-premises. This increases the risk of a fire, flood, tornado, or other disaster wiping out important city or business documents. Ask yourself: If your documents were completely lost, how would that affect business? You would probably experience irreparable harm and possibly go out of business. Many cities would become crippled and unable to serve citizens effectively. Moving your documents to the cloud stores them safely offsite, including all of your paper documents (once you scan and store them). 

2. Move your documents to the cloud to make them more accessible from different locations.

If you still store documents on file servers, those servers tend to be closed off unless you’re at the office. In today’s world, people use laptops, tablets, and smartphones to work on the go. Teleworking becomes more and more of the norm as salespeople, creative workers, and business travelers work outside the office. They need access to documents without having to come into the office or use a difficult remote access VPN connection. The cloud makes it easy to not only keep documents secure but also gives people access to them while away from the office.

3. Move to one cloud document management solution to centralize your documents in one place.

So, you’re looking for an important business document. Is it on this file server? Another file server? Someone’s individual computer? The statistic about an average of more than five document storage repositories at many organizations is a sign of undisciplined document management. Different departments, probably out of frustration, simply started storing their documents themselves through the lack of an organization-wide policy. Moving to the cloud gives your organization the opportunity to centralize your documents in one place so that it’s easier for people to find them.

4. Organize and label your documents to help people find them.

Even if documents are centralized in one place, it can still be difficult to find them due to poor organization and labeling. This activity is something your organization should tackle anyway, so moving to the cloud in a centralized location presents the opportunity to sort out documents into a specific structure, decide what to keep or toss, and label using metadata (such as department, author, date approved, etc.). We’ve written some articles about this difficult but rewarding process.

5. Update your document management to help you follow the law.

For cities, this means following laws related to open records requests and record retention schedules. Modern document management systems help you store documents without fear of losing them, allow you to easily access them, and give you the ability to archive or delete them through the help of automation. Sure, you can follow the law manually, but isn’t that a lot tougher and more prone to human error? Leverage technology to ease your burden and automate your legal policies and procedures for documents.
If the above tips intrigue you and you had not been aware of how document management can solve a variety of your current business problems, shop around for some cloud solutions and explore the capabilities of modern document management systems. In this case, it helps to build out some requirements about what you’re looking for. You might be surprised to find that there’s a document management system out there waiting for you that can tackle your requirements—and a whole lot more. To talk about document management systems in more detail, please contact us.  
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 |