We put the IT in city®

CitySmart Blog

Tuesday, March 04, 2014
Alicia Klemola, Account Manager

Recently, an alarming cybersecurity report from the U.S. Senate highlighted some disturbing security breaches at three major agencies: the Department of Homeland Security, the Nuclear Regulatory Commission, and the IRS.

A few quotes from the report included:

  • Referring to the Department of Homeland Security: "Independent auditors physically inspected offices and found passwords written down on desks, sensitive information left exposed, unlocked laptops, even credit card information."
  • Referring to the Nuclear Regulatory Commission: "The NRC has had trouble keeping track of its laptop computers, including those which access sensitive information about the nuclear sites the commission regulates."
  • Referring to the IRS: "In March 2012, IRS computers had 7,329 “potential vulnerabilities” because critical software patches had not been installed on computer servers which needed them. [...] IRS officials said they expect critical patches to be installed within 72 hours. But TIGTA found it took the IRS 55 days, on average, to get around to installing critical patches."

When hackers are trying to steal government data on a daily basis, these kinds of weaknesses are simply unacceptable. While these agencies get more scrutiny than local government, they highlight the importance of implementing basic cybersecurity protections that are actually quite simple and cost-effective.

Here’s what you can learn from this report to make sure that your city is ahead of the game—and doing a better job than our federal government at protecting its most sensitive information.

  1. Create a strong password policy. Recent studies show that organizations—including the highest levels of government—use extremely weak passwords such as “password” or “123456.” When you have weak passwords, even amateur hackers are able to get into your servers and computers to steal sensitive information. Create a password policy that forces users to use strong passwords with a combination of letters, numbers, and symbols. They should also change their passwords monthly or quarterly.
  2. Install software patches and updates. It’s not uncommon to audit government servers and find important patches and updates have simply not been installed. Waiting a few days or a week is one thing. We’re talking about waiting months or even years to install patches, which means that your IT staff or vendor is simply not responsibly maintaining your equipment. Not installing patches and updates makes you liable for security breaches and indicates negligence on the part of IT staff. This is one of the most basic technology maintenance functions that should always take place.
  3. Use an enterprise antivirus program and keep it up-to-date. Government entities need enterprise-level antivirus software. You can’t rely on individual employees to install and update their own antivirus software. Enterprise antivirus software ensures that IT staff or a vendor is managing, updating, and maintaining it on an ongoing basis. On the off chance that you do get a virus, your IT staff or vendor will professionally handle the situation and work to eliminate the virus with minimal collateral damage. Since new viruses are created every day, you need to stay on top of those threats with professional antivirus software and management.
  4. Cover the physical side of information security. It’s easy to forget “real life” when dealing with bits and bytes, and apparently the federal government forgot real life a lot. The report detailed physical breaches of information security, especially in the Department of Homeland Security. Learn from their mistakes. Sensitive information (such as passwords) should not be written on paper or post-it notes and exposed to people who walk into a room. Printed out information lying on a desk is just as much of a security risk as stealing it off a computer. And make sure your employees lock their computers with a password so that someone can’t hop on and start snooping around for information.
  5. Perform a hardware inventory and track assets. You should never wonder where a laptop, desktop, or server might be. With modern IT asset management, devices can be commissioned, decommissioned, monitored, and maintained remotely. No device should be “off the grid” in this scenario. However, the situation becomes more complicated when people bring in their own devices. The simplest solution is to assign devices to people and not allow them to use personal devices for work activity. But if you do allow people to use their own computers, create a clear policy that accounts for how sensitive work data is handled. Consider cloud computing options to keep all information secure and off people’s individual computers.

Sadly, many of the federal government’s IT problems are easily preventable. The good news for you is that cities can follow the steps above to create a great foundation for cybersecurity. While there is more work to do beyond what’s listed above, by focusing on policies around passwords, IT maintenance, antivirus, physical security, and devices, you’ll eliminate a lot of easy security holes that hackers can exploit.

To talk about cybersecurity in more detail, please contact us.

Thursday, February 27, 2014
Nathan Eisner, CMO

When cleaning out your house, you’ve probably experienced the shock of realizing you’ve acquired way more stuff than you thought. After staying in one place for a while, it’s tough to go through your attic, garage, shed, basement, or other storage areas to decide what to keep and what to throw out. However, it’s quite a relief when you finally throw out a lot of unneeded things and free up space.

Information technology works similarly. Over time, technology objects pile up and lead to excess servers, desktops, laptops, network equipment, and software. Each city department may accrue excess technology, and that multiplies the extent of the problem. When it comes time to assess your technology, you might be surprised or shocked to find a bunch of useless or redundant equipment and software.

That’s because IT assessment and consolidation is always an ongoing process for any business or organization. From our experiences consolidating many city IT environments, we’ve provided some tips in case you’re about to tackle this kind of initiative. When you’re consolidating, always ask, “What are my city’s business goals? And how is a particular technology investment helping me achieve those goals?”

  1. Shed hardware. Excess hardware is one of the easiest places to start. We find that cities accrue extra servers, desktops, and laptops over time that aren’t needed. Plus, advances in cloud technology mean that you may be able to access many services directly through the Internet – allowing you to eliminate many (if not all) of your servers. Take the time to do a hardware inventory, track down unused or unnecessary equipment, and decommission those pieces of hardware as soon as possible. You can even take advantage of an online auction service to sell this unneeded equipment and collect some extra revenue.
  2. Shed software. Eliminating excess software is much more difficult but worth the effort. Here, you really need to look at your software from a business point of view and challenge its cost and usefulness. If the software is more than 5 years old and you haven’t looked at new options lately, you may want to see if less expensive software exists with more features. If you’re paying for expensive software licenses and hosting servers onsite, then you may want to explore cloud software options that are more cost-effective and easier to upgrade and maintain. Look out for software that you barely use or have stopped using. Those may be wasted costs that you need to eliminate.
  3. Review voice and data services. Often overlooked, voice and data costs often multiply because cities don’t consolidate. Individual departments and buildings buy their own services over the years, and those individual purchases don’t get questioned. Can you consolidate Internet services under one vendor? Is it possible to consolidate multiple landline phone systems under one landline? Or have you considered VoIP instead of a traditional phone system? We’ve guided many cities through voice and data consolidation that saved them thousands of dollars per year. If you haven’t assessed your telecom services in more than three years, then you definitely want to look for consolidation opportunities.
  4. Centralize your technology. Once you figure out what you can eliminate, now it’s time to see what you can centralize. Here, you’re looking for duplicate technology—especially hardware and software—between different departments and buildings. For example, instead of different departments each managing its own network, you should look to consolidate those resources into one network that serves everyone. Otherwise, you are wasting money, increasing security risks, and duplicating work. Similarly, look for departments that might have purchased software individually that really does the same thing for everyone. You might consolidate that software under one vendor.

While assessing your technology can involve a lot of upfront time, the benefits are worth it. Like cleaning your house, you’ll free up space and get rid of unnecessary junk. More importantly, your city stands to reduce costs, gain a lot of efficiency, and simplify your IT management. Once you consolidate, plan to reevaluate your technology assets at least once a year to see if any new or improved hardware and software may help you with further consolidation. IT consolidation is an ongoing process, and you’re always fighting against inertia, time, and technology innovations.

To talk more about IT consolidation, please contact us.

Tuesday, February 25, 2014
John Miller, Senior Consultant

A recent article from Microsoft points out that technology alone cannot improve your IT security. You need informed, participating end users—your city employees. When they are informed about security policies through proper communication and training, the true power of your IT security blossoms.

However, this article overrates the trickle-down effect of communicating security policies to employees. Don’t get us wrong. Establishing security policies are absolutely important and provide a great way to detail all important aspects of a security strategy for your city. But ask an employee about the last time they read or looked at a security policy.

We find that a great way to tie security policy to employees is by illustrating tactical, everyday scenarios that often place a city at risk. Through these everyday scenarios, you can discuss IT security policy in a way that relates to everyone.

  1. Internet Browsing. No matter how many years we’ve surfed the Internet, even the best of us get tricked or misled occasionally into a bad website. Usually, most modern browsers provide warnings that keep us out of the worst sites. But employees can be lured by the ruse of useful software, games, or information that is not what it seems. Employees need to be reminded to use only trusted or well-referenced sites, not to download software or plug-ins without the approval of IT, and to never click on a website link from an unknown source.
  2. Passwords. While IT might implement a password policy that employees are forced to use, it’s still helpful to let employees know about the importance of using strong passwords that change every few months. Recently, news organizations widely reported some research from SplashData, a password management company, that the most common password is “123456.” Hackers become more adept every year at breaking into email accounts, websites, and software applications. Your employees shouldn’t make it easier for these hackers. Strong passwords are long and use a combination of letters, numbers, and symbols.
  3. Social media. With so many social media outlets constantly full of people sharing links and information every day, employees can sometimes be unaware of the dangers inherent in sharing the wrong kind of information. Whether publicly or to a large social group, employees might not know what city information is proprietary, secret, or inappropriate to share. People with ill-intent often use social networks to extract information from employees—and local governments are a prime target.
  4. Email. We’ve put email a bit lower on the list since people have gotten better at understanding spam, while technology helps prevent malicious emails from even getting to the inbox. However, email is still a prime source of security issues. All it takes is one person to give up username and password information, open a malicious file containing a virus, or click on a website link that downloads malware, and your city is compromised. Keep employees informed about the dangers always lurking in their inbox and tell them to only open messages and attachments from people they trust.
  5. Physical security and internal threats. Often overlooked, employees will sometimes think IT security threats all come via the Internet. However, leaving a laptop laying around, a computer logged in, or a door open to a server room are all potential breaches of security. Similarly, especially in larger organizations, it’s easy to be tricked by someone who seems like they are another employee or get pressured by an actual employee without authorization to give you certain kinds of information. No matter how glib or natural someone seems, if an employee feels any doubt about a request for information or security access to a particular area, they should check with their boss or IT staff.

By sharing everyday tangible security examples with employees, you will be able to connect normally abstract security policy to their day-to-day jobs. After all, it’s in these specific scenarios that most security breaches occur. The biggest breach in the last few years (in South Carolina) happened when an employee clicked on an email. Weak passwords have allowed hackers to publicly expose sensitive information. And we hear stories about stolen laptops every so often, with those stolen laptops containing social security numbers and other publically identifiable information. When employees hear these kinds of examples, it’s more visceral—making your security policy more likely to stick in their minds.

To talk about IT security in more detail, please contact us.

Friday, February 21, 2014
Brian Ocfemia, Technical Account Manager

You probably recall times when you’ve had to manage documents through email. Most of the time, you’re trying to figure out who has the document, who already provided feedback, and who hasn’t reviewed or approved it yet. It’s like herding cats, and you expend more effort managing the document workflow than you do actually creating or reviewing the document.

In a document management system, you have the ability to set up workflows that force people to follow a series of tasks. From document creation to review to approval, workflows help you focus on the work—not managing the workflow. While there are some technical aspects to setting up a workflow (and some workflows at large organizations can be extremely complicated), most smaller cities will have relatively simple workflows that help manage document creation.

Here are some tips to help you think about how you create workflows. As you can see, these are mostly business decisions, not technical decisions.

  1. Workflow Design. Each department at a city will have a specific way of handling document workflow, so you need to set up workflow processes based on those particular needs. Workflows will differ if you’re creating public-facing web content, internal documentation, invoices, or customer support tickets. For each document created, what needs to happen? How is the document created? How many reviewers? What happens after it’s approved? Focus on creating generic roles such as document creator, reviewer, or approver that are assigned to people. For example, don’t designate Steve or Melanie as the third step of a workflow. Instead, designate a reviewer role for the third step. That way, if Steve or Melanie leave the city, you know that you’ll need to fill the reviewer role with someone else.
  2. Document Creation. Without workflows, people tend to create documents however they like. Word documents appear in different versions, and the person using Office 2003 can’t open up the Office 2010 file. Someone gives you a PDF to edit, but you can’t edit it with the software on your computer. The document creation step of the workflow ensures that everyone is using the same process. That may include the kind of software used, document templates that make users fill in certain kinds of information, and document naming conventions that make them easy to find later. This step of the workflow helps make documents look consistent and ensures that people can open and edit them.
  3. Document Review. Document review is an important step of the document workflow, and it’s usually a chaotic bottleneck when people don’t have a document management system. Who’s reviewing the document? Did they track their changes? Did everyone get the email? When setting up the review step of your workflow, decide how many reviewers you need, how they will be notified, and how many automatic reminders they will receive. These automated features will help the document management system manage the process, not you. You can also decide to limit feedback loops so that a document isn’t in eternal review. Document versioning and locking editing also help streamline the document review process by avoiding duplicate edits and cross-communication.
  4. Document Approval. Approvals tend to be a common bottleneck without document management systems. While we can’t promise that busy approvers can approve your documents faster, we do know that a good document management workflow means that approvers know when documents are ready. No more, “Can you resend the email?” or doubts about if certain reviewers have looked at it. By the time it gets to the approver, they know everything is ready. While the workflow might become more complex if there are more approvers, the process is still streamlined even for multiple approvers. Document management systems can even help collect digital signatures if needed for approval.
  5. Document storage and archiving. After a document is approved, it’s easy to see the project as over and not care about where the document resides afterward. Document management workflows can help you eliminate this mystery and wrap up the final destination of a document in a nice bow. Once approved, who needs a copy of the document? Where will the document be stored in case someone needs to look at it? Who has permission to look at it or change it later? When will it be archived, or deleted? By addressing these important workflow questions, you will strengthen your document and records management retention processes and make it easier to handle open records requests.

With a strong document management workflow, you increase the morale of city employees and make it much easier for them to do their work. Managing documents through email or document management systems without a clear process increases stress, errors, duplicate work, and frustration. If your city is especially working toward greater transparency, document management workflow is a small but important step to clarifying how documents are created, reviewed, approved, archived, and deleted.

To talk about document management workflow in more detail, please contact us.

Wednesday, February 19, 2014
Clint Nelms, COO

Back in the 1980s, Judge Wapner used to open up each case on The People’s Court by saying, “I know you've been sworn, and I have read your complaint.” The popular show, still running to this day (unfortunately without Judge Wapner), gave people a surface understanding of the workings of a municipal court—albeit with all of the tedious parts edited out. People often see the legal system as obscure and mysterious, and it helps when an entertaining show shines some light on how it works.

However, when citizens have to actually go to municipal court for whatever reason, the process is often just the opposite. People get confused, worried, and tripped up over what to do, where to show up, and how a certain legal process works. While court can be a hassle, you can make it less of a hassle by providing clear, useful information on your website.

Since people usually don’t voluntarily plan to go to court, they will often come to your website on a mission and probably not in the best mood. What greets them when they’re looking for information? The following tips will help you make this website visit as pleasant as possible for your citizens or those needing to use your court system.

  1. When and where. More than other sections of your website, the when and where of municipal court is the most important information on this page. It should be upfront and absolutely clear when municipal court is in session and where municipal court is located. Otherwise, people will call you and tie up the time of your city staff asking this simple question. Don’t just give a physical address. Provide detailed directions that take difficult-to-find parking, landmarks, and non-descript buildings into account. Getting to court should never be a mystery.
  2. What requires your presence, and what doesn’t. When people are saddled with a parking ticket, accident ticket, or other citation, they might not immediately know if they can pay it without showing up to court. Explain on your municipal court page what can be paid online, what doesn’t require an appearance in court, and what absolutely does require a court appearance. Just because you know this information inside out doesn’t mean you should assume that citizens know.
  3. What lies within your jurisdiction. To many people, a court is a court is a court. They often don’t realize that different courts serve different functions. Your city court, for example, may only deal with violations of city ordinances, enforcement of local laws, and misdemeanors. Different kinds of cases may be served by a county court, and more serious court cases usually take place at the state level. Clarify what falls under your municipal court and help citizens know to work with the county or state courts for other cases.
  4. Easy-to-find contact information. Court produces anxiety, fears, and doubts, which produce lots of questions. No matter how thorough your website, people often like to double-check if they’re doing the right thing when paying a fine or appearing in court. Be ready to answer questions by placing contact information front and center. At a minimum, provide a phone number and an email address. Communicate that you will respond within a specific timeframe, and then do it. This basic information goes a long way toward being helpful to people.
  5. Segmented content based on different needs. Avoid lumping all content on the same page, especially if your court handles different functions. When people visit your website, they will have different processes if they are dealing with a traffic ticket, child support, jury duty, or other court situation. For example, child support information should be clearly called out by heading and section, or even linked to a separate page. Sectioning your content like this helps people find the answers to their specific questions much faster and better meets their needs.

Additionally, when applying the tips above, it’s tempting to provide reams of legal information. After all, it’s a court and it deals with law. While accurate and thorough, legal language is intimidating to most people. You can provide it as extra detailed information, but make sure you don’t bury your most helpful information in legalese. It will only frustrate and confuse people visiting your site.

Municipal courts ultimately reduce all legal situations to simple processes—what to do, where to show up, and how to resolve the issue. Your website is an extension of that simplification and, with the right content, provides a great public service to your citizens. Then, citizens won’t mind getting sworn in, and having their complaint read.

To discuss your municipal court website content in more detail, please contact us.

Thursday, February 13, 2014
Dave Mims, CEO

KLC helps city stabilize data backup and disaster recovery, better respond to open record requests, and delegate all IT support to experienced professionals.

Residing in the beautiful northeastern Kentucky mountains within the Daniel Boone National Forest, Morehead is a city of almost 7,000 people approximately 70 miles east of Lexington. It’s also home to Morehead State University, ranked as a top public school in the south, and Cave Run Lake, an 8,270-acre reservoir that attracts many recreational enthusiasts.

Like many smaller cities throughout the United States, a small dedicated staff oversees many of the day-to-day operations. That means everyone, including the mayor, is hands on helping citizens. But as information technology becomes more complicated in its variety, requirements, and integration with legal aspects of local government, it can be overwhelming to add its hassles to an already overburdened staff workload.


For many years, the mayor and city staff handled any technology needs and requirements for their city. That meant setting up their own computers and calling software, Internet, telecom, and hardware vendors for support requests. Not surprisingly, this essential work can get overlooked and even shelved when day-to-day tasks take over.

This frantic scramble to keep up with technology was a symptom of deeper problems. Without a dedicated person to focus on technology, the city also had uncertainty related to the reliability of its data backup, a compromised ability to respond to e-discovery or open records requests from using an email service that was difficult to support, and no website to communicate with citizens.

However, the potential high cost of hiring IT staff and upgrading the city’s technology prevented Morehead from moving forward.


Morehead solved these challenges by using KLC’s “IT in a Box” service. Powered by Sophicity, “IT in a Box” is a complete IT solution for cities and local governments. The service includes a website, online payments, onsite data backup, unlimited offsite storage of backups, email, document management, Microsoft Office for desktops, server, desktop, and mobile management, vendor management and a 7-day a week helpdesk.


“IT in a Box” helped Morehead:

  • Launch a high quality, user-friendly website.
  • Mitigate the risk of data loss through onsite and offsite server backups.
  • Ensure a highly available and dependable email system.
  • Support its city staff 24/7 through ongoing monitoring and maintenance of all servers and workstations, coupled with 7 days a week helpdesk support.
  • Mitigate the risk of paper document loss and increase document retrieval ability through a document management system.
Morehead also saved $28,134 (or 60%) of the costs typically spent modernizing a city network of their environment and size.

We now have a level of security unimagined beforehand with constant monitoring and reliable offsite backups. I worry much less with the Sophicity team watching things for the City of Morehead. – Mayor David Perkins
If you're interested in learning more, contact us about IT in a Box.

Print-friendly version of the Morehead, Kentucky IT in a Box case study.

About Sophicity

Sophicity is an IT services and consulting company providing technology solutions to city governments and municipal leagues. Among the services Sophicity delivers in “IT in a Box” are a website, online payments, onsite data backup, unlimited offsite storage of data backups, email, document management, Microsoft Office for desktops, server, desktop, and mobile management, vendor management and a seven-day a week helpdesk. Read more about IT in a Box.

Thursday, February 13, 2014
Alicia Klemola, Account Manager

While larger cities benefit from having procurement offices to spend time researching, selecting, and negotiating with vendors, smaller cities can feel at a disadvantage when procuring items—especially technology products and services. And even procurement directors can have trouble keeping up with the latest hardware, software, and technology solutions.

Despite the overwhelming technical aspects of technology procurement, we’ve found through our experience that there are some basic tips that help cities get the best bang for their buck. Even if you’re not a technical expert, these tips can help you better prepare when you’re ready to invest in technology.

  1. Spend time defining what you need. It’s easy to just think “I need a computer” and go to a retail store to pick up one. Or to think that you know exactly what kind of software you need when you put out an RFP. However, we find that it helps to define what you need from a business point of view before starting to shop for a solution. What business problem do you need solved? What specific capabilities are currently lacking in your current situation? What capabilities do you need? If you can’t invest in everything you need at once, what are the priorities? Asking these kinds of questions helps you define your business problem and reduce the temptation of an impulse or gut purchase.
  2. Shop around and know the industry. This is where your IT staff or vendor comes in handy. You need someone with extensive knowledge of technology to do some shopping. An IT professional will stick to your requirements, understand when vendors are blowing smoke or distracting you with unnecessary features, and ask technical questions that you may overlook. All of this information will affect the price. Since the B2B technology industry is so competitive, starting prices are often ripe for negotiation. When you shop around, never view a price as final (unless it’s a clear-cut price listed in black and white on a vendor’s website).
  3. Know your government pricing. Government pricing isn’t always obviously apparent on major vendor websites and especially not when you shop retail. Take advantage of special discounts for local government offered by major hardware, software, and technology vendors. Sometimes it can be tough to navigate vendor websites to find pricing for specific contracts, select the right menu options that apply to your situation, and understand what’s specially priced and what’s not. Make sure your IT or procurement expert is able to figure out the best pricing for your city.
  4. Don’t just settle on lowest price. Technology is not like buying pens. If three pen vendors are in the running and one has the lowest price, you probably don’t risk a whole lot from buying the lower priced pens. With information technology, we’ve seen so many cities over the years treat a handful of complex IT vendors as equal and simply choose the lowest priced vendor. During the RFP or purchasing process, make sure you evaluate each vendor rigorously against your business needs. What exactly are you getting? What is the vendor’s reputation and experience? Will your business needs be solved? Price is a factor in your final decision, but not the only factor.
  5. Look out for indirect costs. Not vetting technology properly leads to many risks such as indirect costs. One common example is a low-priced vendor offering “24/7” support and maintenance. In many cases, that means installing some monitoring software on your computers but billing you at a high rate when a problem actually occurs—leading to an unpredictable annual IT budget. Another example is when a software vendor sells you software on the premise that it’s easy to install. Once you purchase the software, “suddenly” you find that you need to buy another kind of software, or a server, or additional Internet bandwidth, when you thought you were just paying for the software. Indirect costs usually strike when non-IT professionals buy a technology solution and lack experience to detect major red flags or ask the right evaluation questions.

Technology purchases can be quite expensive and complex. That’s why it helps to follow the steps above to make sure you’re vetting each purchase rigorously and appropriately. With many city revenue streams in a precarious state, you want to make sure you’re investing in the right technology responsibly. You don’t want to become so paralyzed with fear that you don’t buy anything, but you need to have the right guidance and expertise on hand to help you step boldly forward in your investments that will help achieve your city’s vision and business goals.

To talk more about technology purchasing, please contact us.

Tuesday, February 11, 2014
Nathan Eisner, CMO

In a December 2013 report titled “Cyber Security: Pay Now or Pay More Later. A Report on Cyber Security in Kentucky,” author Adam Edelen discusses some of the biggest cyber security risks to government—including local government. Coming from the state of Kentucky’s auditor of public accounts, the recommendations are serious and worth a read.

I had the good fortune to be on a panel discussion with Adam back in October 2013 at the Kentucky League of Cities’s annual conference. Together, we talked about the risks of cyber security for cities. While we’ve shared our insights concerning the basics of cyber liability in a past blog post, we want to highlight some important and often overlooked cyber security points that Adam mentioned in his report.

  1. Human-related incidents are the most dangerous cyber security threats. While a natural disaster can be devastating to your data, at least it’s understandable, somewhat predictable, and rare. Contrast that with human beings who attempt to hack your systems every day, internal breaches of security from loose security policy or poor server configuration, and employees downloading malware and falling for phishing scams. Adam points out that the biggest security breach in recent years (at the State of South Carolina) resulted from an employee falling for an email phishing scam. If you don’t have the proper cyber security measures in place, you’re exposing your data to attack every single day from human-related threats.
  2. Improper server configurations leave open gaping security holes. Even if you have antivirus, antimalware, and antispam software, all of those efforts may not mean anything if your servers were set up incorrectly. These problems are often hard to detect because usually your “IT expert” set them up—whether they are an employee or vendor. Unless you get another IT expert to check on that person’s or vendor’s work, shabby configuration can go undetected for years. Adam’s report points out common issues from poor configuration such as open ports—the equivalent of having an unlocked door in your building that people can walk right through.
  3. Organizations often forget “less important” devices and access points. Your city might focus on security for servers, desktops, and laptops. That’s good. But cities and many other organizations often forget that devices such as printers, scanners, or wireless routers also provide potential ways for hackers to gain access to sensitive information. Remember, any machine that connects to your network is a target for exploitation. Your printers and scanners should be locked down with strong passwords just like your servers and computers. And since people do something called “war-driving” (i.e. looking for open wireless access points), you need to make sure your wireless routers are password-protected and all wireless data transmission is encrypted.
  4. Physical security is an overlooked aspect of cyber security. It’s good to focus on all of the technical aspects of cyber security such as encryption, firewalls, and server configuration. But what about the rooms that host your servers, computers, and other equipment? In many cases, anyone could walk into those rooms, access the servers and computers, and harm them either accidentally or maliciously. Only authorized people should have access to equipment that holds your most sensitive information.
  5. Authorized access to information is one of the most referenced points of the Kentucky report. While there were many variations of issues related to authorized and unauthorized access in Adam’s report, the common theme is to make sure that you clearly give the right people access to the right information. In too many cases, people have either inappropriate access to information or even have access to information after they’ve quit or been fired. Adam talks about paying attention to “logical security” which “involves, but is not limited to, restricting access to only authorized users, strong password settings, and appropriate levels of access granted to a user.”

While there are many more issues contained in the report, these are the five most important cyber security points that we feel are overlooked by cities. Sometimes, IT vendors can be accused or suspected of hyping up these same security issues in order to sell products and solutions. So when the state of Kentucky’s auditor of public accounts is discussing these cyber security threats in such detail as part of an official report, it’s an extra signal to take action and address these issues at your city.

The good news is that most of the security breaches that Adam mentions in the report could have been prevented by addressing some of the basic security measures above, along with implementing preventative tactics such as data backup, ongoing IT support, and antivirus software. In the report, Adam says, “When attacks against public sector entities are successful, citizens begin to lose confidence in government’s ability to protect the data it stores.” If you don’t want your citizens to lose confidence in your city, it’s best to address your cyber security risks now—rather than after an embarrassing disaster.

To talk about cyber security in more detail, please contact us.

Thursday, February 06, 2014
Nathan Eisner, CMO

If you’ve ever added or updated content to a website without doing anything technical, you’ve most likely used a content management system. The phase “content management system” (or CMS) is a bulky term for a tool that simply makes creating web content easy. After all, its goal is to remove technical barriers that prevent you from making changes to your city’s website.

However, confusion sometimes exists about what exactly a content management system is and does. In our latest article to help demystify a common technology term, we will explain what a content management system is and what it’s supposed to do for you.

Content Management Systems Give You Control Over Your Website

When websites first evolved, technical webmasters, coders, and software developers made any and all changes. In order to make changes yourself, you would need to know how to code, how to access the technical back end of your website, and how to upload and publish any changes. These were the days when technical professionals held the keys to your website. Making any changes without technical knowledge was all but impossible.

Of course, websites were also simpler back in the 1990s and early 2000s. But as websites grew more complex, they also began to mature and require more timely information. Updating simple news items or correcting an error on a website became more important to business but could take a long time if there were other requests in the webmaster’s queue. This situation was not sustainable as the Internet became a more critical source of communication for businesses and organizations.

While content management systems have existed since the 1990s, these early systems were technical and hard-to-use. By the mid-2000s, content management systems began to incorporate user-friendly features and remove many of the technical obstacles that prevented non-technical users from publishing website content. When blogging exploded in popularity in the mid-2000s, blog content management systems became so easy to use that those tools pressured website content management systems to replicate many of these easy-to-use features. Today, every organization with a website is, in a sense, a publisher. And it needs a CMS to quickly publish and update content.

Content Management Systems Help You Publish and Update Your Website

As an application, a content management system may either be part of your website or a third party application that needs to be integrated with your website. This content management system application gives you a back end interface connected to your website that allows you to create, upload, edit, publish, and update content without technical knowledge.

  • Create. Most content management systems offer an interface that works similarly to Microsoft Word. You decide to create a new piece of content and you can type or paste it right into the content management system. Just like a Word document, you can enter and format text, upload images, and even embed audio files or videos.
  • Publish. Content management systems put the publishing process in your hands. It’s best to set up permissions and workflows to ensure a quality publishing process. Once it’s clear who can publish and who needs to approve content, then it’s easy for people to add and update website content without any technical obstacles. And in case you accidentally publish something you shouldn’t, a content management system usually allows you to go back to a previous version of the website or web page.
  • Store. Your content management system also serves as a central repository for all of your website content including text, images, documents, videos, audio files, and other specialized items such as third party applications or code. Content usually consists of important fields such as page, page title, author, and tags to help identify and index content. This storage capability makes it easy to find and search for content on your website if you need to edit something.
  • Edit. If content needs correcting or updating, it’s easy to simply go into your content management system and make the changes. This is especially important for cities when incorrect information can be a liability, and also when communicating important, timely updates to citizens.

Additional Anytime/Anywhere Benefits

Beyond these features, modern content management systems are also often cloud-based. That means they are accessible from anywhere as long as you have an Internet connection. In the early days of the Internet, someone would have to be at the city and access a web server to make any changes. With a content management system, people can manage your website content if they are at work, at home, or traveling.

As long as you explore a website option that includes remote hosting in a data center or through the cloud, your content management system will likely have the benefit of remote access. Such ease-of-use also reduces the cost of having a technical professional having to help you create, publish, and update content. That’s because you are able to do it yourself.

While content management systems certainly are capable of much more than we’ve discussed here, these features are the core of why content management systems have become standard back end applications for websites. If you’re still using a webmaster or someone is coding your website updates, then you’re long overdue to explore some website options that offer a content management system.

To talk about content management systems in more detail, please contact us.

Tuesday, February 04, 2014
Dave Mims, CEO

With so many recent advances in website design, email software, and social media, the importance of online website forms are often overlooked. Yet, they remain one of the best ways to capture information and serve citizens.

Online forms are not great for every situation. When used in the wrong place (such as having someone fill out a form to read an article), they can annoy people and cause them to leave your website. But for situations such as general contact submissions, specific customer service requests, and questions targeted for a department (rather than a specific person), online forms can be a great tool.

With online forms now easier to create and implement on websites more than ever before, we’ve shared some benefits that may get you thinking about how to use this helpful tool on your website.

  1. Collects data in a centralized place. If people are contacting a city employee or department via email, the emails can get scattered across a variety of people’s individual or group inboxes. Even a contact@city.com email address can be spread across a variety of people’s email accounts and the responsibility of answering can easily get lost. With online forms, you can collect citizen requests and communications in a centralized place. Then, it’s easy to find, assess if someone has responded, and close out the communication transparently.
  2. Ensures data consistency. If people contact you through email with a specific kind of request, they may not include the right information. That means it can be difficult to help and you might have to waste time asking the person for additional information. With an online form, you can ensure that you capture specific information such as first and last name, a phone number, location, a clear description of the problem, etc. Every incoming communication then gives you a basic set of information to work from when handling a request.
  3. Reduces unnecessary emails. When people are desperate or in need of contacting you, a lack of online forms means they are tempted to send an email to somebody—anybody! You already receive enough emails during the day that clutter up your inbox. General requests from people visiting your website can add to that burden and increase your daily emails unnecessarily. Use online forms to route general requests from citizens and other website visitors into a separate repository.
  4. Increases customer service. While we still recommend providing specific city employee names and emails on your website in case someone needs to contact a particular person, online forms help streamline communications between citizens and cities for general customer service requests. A short online form can make a website visitor feel there is a customer service process in place and that someone will respond to them within a certain timeframe. With emails, it’s more of a gamble if someone will respond or not, especially if a city employee is out of the office or on vacation.
  5. Creates mobile friendly communication. Especially if an online form requires some basic information and even some dropdown menu choices, you can provide mobile-friendly methods of communication with online forms that work well with smartphones and tablets. For example, an online form for reporting a pothole would work great for mobile devices since people would discover potholes while out and about. Since mobile device adoption continues to drastically increase, having easy ways to submit a request or question to a city through an online form can benefit your citizens.

A recent Mashable article listed online forms as a great alternative to email in certain situations, signifying that online forms definitely remain a great tool to use on your website. Take a look at common questions that inundate your email inboxes, customer service requests that typically take place by email or phone, and forms that you have tied up in PDFs or paper. Then consider if online forms might be an easier way to deal with these requests for information while also increasing customer service for citizens and easing the email burden on city employees.

To talk about online forms in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 |