Lengthy telecom contracts – those giant documents that mostly go unread – often contain language and conditions that work against your city’s best interests. In most cases, telecom works much like a utility. You purchase it once, become accustomed to its quality of service (good or bad), and rarely think of it again.
When beginning our work with a new city, we usually find old telecom contracts and technical setups that are expensive, low quality, and relying on outdated technology. All this despite new technology existing that works better, faster, and cheaper. For less cost, cities could experience a quantum leap in quality of telecom service.
But where to begin? Here are some common questions to ask when starting to sift through your telecom contracts and services.
We’ve been amazed that so many cases exist where cities are simply paying too much for inferior technology and poor service. If you haven’t examined your telecom services in a long time, you have the opportunity to save a great deal of money. These situations apply to rural and non-metro cities too, especially with the advent of increased high-speed broadband connections and mobile services. Whether you’re a large metro city or a small rural city, it’s worth taking a critical look at your telecom contracts.
To discuss your telecom contracts in more detail, please contact us.
While more and more government organizations are moving their email to the cloud, backed up by significant examples that it is one of the safest places for your email, we still see many cities clinging to old or obsolete email hosting methods. Unfortunately, hosting your email improperly or through a method that is no longer a best practice can put your city at risk.
Those risks can involve security, compliance, retention, and responsiveness to open records requests. Poor email hosting jeopardizes the safety of your emails and opens your city up to legal troubles—especially if people need to find and retrieve specific emails in response to an official request.
Here are five things to look out for with bad email hosting. If any of these situations applies to you, it is imperative that you begin to consider enterprise cloud email hosting.
Cloud email hosting from experienced, widely used vendors (e.g. Microsoft) eliminates these problems by offering enterprise level service and support, documented security and compliance policies and procedures, and data backup. And with a lean, scalable model (usually per user) that does not require expensive onsite hardware, software, and licenses, that means you can pay (like a utility) for exactly how much email hosting you need.
Especially on the cyber liability side, considering cloud email hosting becomes less of a “nice to have” service and more of a required service. If you cannot guarantee that you are following essential security and compliance related to your email hosting, then you need to leave it up to experts that regularly host email for many government institutions.
To talk more about email hosting, please contact us.
“Metadata” is an intimidating word, often sounding very technical and from the complex world of search engines. Quite simply, metadata is data about data. Let’s say books are data. How would you describe and order groups of books? Probably by genre, by author (A to Z), and maybe even by “most popular” or “bestsellers.” Those categories of genre, author, and “most popular” are metadata, and that metadata helps you navigate through a bookstore—instead of just sifting through a giant pile of books.
In a document management system, you probably know the feeling of sifting through information when it is poorly labeled and organized. You search over and over for something, you get too many search results in return, and it seems like keyword searches just don’t work right. Those kinds of document management systems often have poor metadata.
So where you do start if you’re a metadata novice? While we recommend also talking to someone technically conversant with your document management system (and if you’re a large city, you might want to have an information architecture expert in the mix), we focus here on some metadata basics that we notice when we help cities with their document management systems.
Our advice in this article focuses primarily on the business side of metadata, and less on the technical side. For most cities we work with, they just need to be using metadata on a basic level so that users can more easily find documents. With larger cities, document management and metadata grow much more complex, and we recommend bringing in more technical expertise at that level. Otherwise, as long as you can get your users labeling and categorizing documents consistently, and in a way that makes them easy to find, then you’re on the right track.
To discuss document management and metadata in more detail, please contact us.
When we sit down to talk with cities about vendor relationships, many of the war stories center around how vendors waste a city’s time. An important part of any vendor relationship boils down to two things: expertise and communication. Can the vendor do the job, and can they communicate about issues and problems effectively?
To this day, we are still amazed at some of the stories we hear. You would think that vendors would learn from the best in the business or listen to the feedback that municipalities regularly share at events and conferences. Many vendors unfortunately prey on cities, secure the deal, and then take a hands off approach to the engagement.
Cities need to understand that wasted time equals wasted money. Here are some warning signs to look out for.
The shame about these issues is that problems often do not emerge until you start working with a vendor. If you are researching IT vendors, make sure you have a senior experienced IT person at the table. Have them ask tough questions about the vendor’s experience, processes, and problem resolution. Talk to customers who work with that vendor. And if you’re seeing too many of these negative signs with your current IT vendor, then it’s time to start looking for a new IT vendor.
If you want to discuss these vendor management problems in more detail, please contact us.
While very large cities and other large organizations find website design an expensive but necessary proposition, expensive website design is something small- to medium-sized cities should avoid. It’s tempting to read the press about what the latest government websites should offer, but the press usually reports on very large government entities that use cutting-edge social media, big data and open data applications, and extensive mapping software.
From our experience, budget-conscious small and medium cities need essential website functionality and a professional appearance, but they often lose money when website vendors oversell them on supposedly “must have” features and custom design. Here’s a quick list of what small and medium sized-cities need and don’t need in their website design.
These tips give you a quick idea about what you need and don’t need in website design. As you can see, in most cases website vendors are good at upselling design aspects that small or medium cities just don’t need. Sure, some of these aspects do create great-looking websites. There are some great custom website designers out there, and some slick features and apps that can really enhance a website. But those features really only start to make sense once thousands and thousands of people start to visit a website, usually at large cities over 100,000 people.
To discuss website design in more detail, please contact us.
One of the most common yet overlooked tasks of anyone taking care of servers and workstations is basic hardware maintenance. That includes monitoring hardware, applying patches, and upgrading software. Like a car, basic maintenance ensures that your investments run smoothly from purchase to decommission.
However, in our many network assessments over the years, we’ve found that lack of server and workstation maintenance often crops up as a critical problem at many cities. The city’s IT staff might be inexperienced or strapped for time, or the city’s IT vendor might not be maintaining equipment at a professional level. The result? Slow servers, poor computer performance, unhappy employees, and city operations interrupted.
While hardware maintenance involves many complex technical aspects, we are providing a high level overview of five basic activities that your IT staff or vendor must perform to keep your hardware optimally running.
When you buy a car, you can decide to worry about maintenance only when it breaks down. But you know that your car performs better when you have your oil changed every three months, tires rotated every six months, and a full inspection at least every year. Server and workstation maintenance works similarly, although much more frequently. With 24x7 monitoring and maintenance by experienced IT professionals, a data backup and disaster recovery plan, and a hardware lifecycle replacement strategy in place, your hardware investment will be maximized and run in the most optimal fashion.
To talk more about hardware monitoring and maintenance, please contact us.
Even at smaller cities, it’s easy for your IT assets to get out of hand. Servers and workstations accrue, software lingers after being purchased many years ago, and data backup media piles up. A good question to always ask about your IT assets is, “Am I using them?”
Taking a look through your existing assets can be enlightening, and sometimes shocking. Often, valuable real estate, power, and IT staff time is consumed maintaining assets you don’t need. Here, we take a look at some common IT infrastructure assets and offer ways to eliminate or trim them down.
IT infrastructure is expensive, so you want to make sure you are using all of your assets wisely. Even hardware and equipment that you bought three to five years ago can potentially be reduced or eliminated by newer cloud services. And any organization, unless you’re rigorously auditing your IT assets on a regular basis, can find itself with too many servers, workstations, printers, and other equipment that is excessive or lies unused. Cities can’t waste a penny, and so it might be time for your city to do some IT spring cleaning.
To talk more about reducing your IT infrastructure clutter, please contact us.
As cities transition to an online payment system or reevaluate their online payment vendor, it’s good to look at the basics of what makes a city’s online payment information safe and secure. In this multi-part series, we will cover the basic Payment Card Industry Data Security Standard (PCI DSS) requirements one by one, teaching you about what a city and its online payment vendor needs to be compliant.
The basics of secure online payments starts at the network level, and the PCI DSS requirements begin by examining firewall and password policies. These best practices also correspond to many other IT-related services and provide good questions for other aspects of your city business.
Both you and your online payment vendor need at least an enterprise-level firewall to handle sensitive payment data. Coupled with enterprise-level antivirus, this essential network configuration creates strict access for outside sources wishing to communicate with you.
As you may know, firewalls work rather like a border crossing or airport security. Only specific approved information is allowed inside your network. When you’re dealing with sensitive online payment data, it’s imperative that any information requests are authentic—both inbound and outbound. Hackers are always trying to access valuable data, and payment data is worth more to them than many other kinds of data. Not only must your online payment vendor have sufficient firewalls, but you should also make sure your firewalls match their high standards if possible—especially since it’s likely that online payment data will cross in and out of your environment (e.g. in your accounting software, on your website, etc.). Hackers look for gaps to exploit, and it would be unfortunate if your network was their way into your online payment data.
You may have had the experience of accessing online payment websites and...suddenly the experience changes. There are different passwords. Maybe a passkey, or another kind of user authentication. The URL on your browser switches to a higher level of security and encryption. That’s because the level of authentication needs to be higher when sensitive online payment data is involved. That means password best practices that include:
If your online payment vendor cannot confirm the rigor and security of these two items to your IT staff or vendor, then that lack of information should raise a red flag. But know that even if your online payment vendor can handle these requirements, you should also close the loop by providing your city with at least an enterprise-level firewall and a strong password policy. These two items form the basic foundation of securing a network from most common hacking and unauthorized access to data.
Having a strong firewall and password policy is like having locks on your doors and windows, along with personal security to make sure that only authorized people enter your house.
In our next online payments post, we will discuss encryption and other ways to protect data. If you want to talk about online payment security in more detail, please contact us.
The rise of cyber liability insurance matches a growing trend in which targets with valuable information (e.g. financial institutions), combined with weak IT security, create rich opportunities for hackers. Since municipalities store sensitive information such as social security numbers and tax information for businesses, then they become obvious targets.
Not only are municipal data breaches embarrassing, but they are also expensive. Computerworld recently reported:
The costs of simply investigating and responding to these losses—not to mention the resulting lawsuits and regulatory fines—can be staggering. For instance, the Ponemon Institute estimates that response costs can be as high as $200 per compromised record. It is not difficult to understand how total costs for a wide breach can quickly escalate well into the millions of dollars.
A great article last year from Dark Reading outlined the top 10 security breaches of 2012, and it’s sad for us to see how many of these breaches were caused by preventable IT best practices. Many municipalities still lack basic IT infrastructure, policies, and training to prevent even amateur hacking attempts.
Last year, we produced a series of articles addressing data loss, website hacking, and virus attacks, but we want to address some other common issues that impact cyber liability. These best practices can help lower your risk, which then lowers your cyber liability insurance premiums.
Cyber liability is understandably a hot topic for cities, since the stakes have never been higher. Hackers have become more sophisticated and aggressive, and small to medium-sized cities become juicy targets—precisely because they often lack basic IT security measures. While the above cyber security tips sound simple—and almost obvious—they are exactly what lead to most data breaches.
In future posts, we will look more closely at some non-technical policies and procedures (such as working from home and employee background checks) that provide a strong foundation for your technical cyber liability. To talk about cyber liability in more detail, contact us.
Just when you thought you may have figured out data backup and disaster recovery for your city’s servers and workstations, along comes mobile. A January 2013 article from Computerworld UK (which also surveyed United States companies) showed that there are deep concerns about backing up mobile data.
Partly, that’s because mobile is still so relatively new and blurs the boundaries between business and personal data. But also, the lack of mobile data backup reflects the continuing failure to follow general data backup and disaster recovery best practices.
If you’re using smartphones, tablets, and other mobile devices at your city, here are some tips on backing up data for those devices.
While we’re still adjusting to the mobile revolution, with new and more sophisticated devices coming out every day, the principles of data backup remain the same. We recommend taking your existing data backup and disaster recovery policy and extending those policies to mobile. If you have not developed an overall data backup and disaster recovery policy, then you can use mobile devices as a good excuse to create a plan today.
To discuss mobile data backup in more detail, please contact us.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.