We put the IT in city®

CitySmart Blog

Friday, December 07, 2012
Dave Mims, CEO

Often, a city will decide it needs a new or redesigned website. Maybe the current website is obsolete and outdated. Maybe it’s difficult for city staff to update content, and so they are looking for an easy-to-use content management system. From our experience, one of two things tends to happen:

  • The project dies from lack of interest and support. A new website never seems to become a priority, or it’s dismissed without discussion because the city “doesn’t have any budget.”
  • The project moves forward, but it’s headed by one powerful decision maker or department. They make a decision about the city’s website without other people’s input, or they make a decision based purely on cost. Disaster ensues when the website is not used or adopted correctly by city staff and there are numerous technical problems that sabotage the investment.

These website decisions are usually the result of failing to get the right internal stakeholders on board. In order to increase the success of modernizing your website, switching to a more usable content management system, and keeping website investment costs low, you need to make sure the following people or departments are on board.

  1. Marketing and Communications Every city has someone in charge of communicating with the public. Remember: A website is a public communication tool to help market, communicate, and provide essential information about your city to a wide audience. Bad websites can cripple your marketing and communications team, which affects how your city appears to citizens, businesses, and people considering locating to your city. Make sure your marketing and communications team outlines what they need in a website to do their job.
  2. Content Creators Any city staff who have to create and update content usually can tell you what works, what is broken, and what they need to update content effectively. Common bottlenecks include working through a webmaster or using a difficult content management system that makes it hard to update. Your content creators—those who upload city council minutes or let the public know about important notices and community events—are in the website trenches every day. Their input is invaluable.
  3. City Administration The city administrator and the finance officer need to look at the website from a financial and operations perspective. So much about a city’s operations ties to a website: maintaining an online payment system, sharing government information (e.g. city council agendas and minutes), and upholding the city’s public reputation. Also, in emergencies, citizens rely on the city’s website for information. City administration can help with the website decision making process by listening to staff and department concerns, building a business case, and convincing elected officials to take action.
  4. City Clerk The city clerk is at the center of all municipal activity. They understand how different department needs and operations intersect. With their institutional knowledge, they have the ability to justify the reasons why a new website or content management system will help overall city operations. They can provide rich, specific, and convincing examples of higher-level reasons why a bad website is hindering city business. When they weigh in, people listen.
  5. Information Technology Websites and content management systems still involve technical aspects that need input from IT—especially about what you can and can’t do. IT staff can also give advice about website features that are more affordable than you think, and caution you against features that may be overkill or too expensive. Most importantly, they can make sure your website is hosted and backed up properly, works easily for non-technical users who need to update content, and integrates complicated features such as online payments, forms, and multimedia (audio, video, images, etc.).

While other department heads can also come to the table and discuss their website needs, especially if the website redesign is a major initiative, having at least these 5 key stakeholders involved will ensure that you have comprehensive feedback guiding your decision.

If you'd like to discuss websites in more detail, please contact us.

Tuesday, December 04, 2012
Nathan Eisner, Network Manager

When talking with cities, we often hear a variety of negative perspectives and observations about online data backup. Like any technology that has rapidly advanced in recent years, combined with many high profile cases of hacking and data theft, it can seem like modern online data backup is less safe than traditional onsite backup methods.

However, many of these perceptions are inaccurate and gloss over the major benefits of online data backup to your city. In fact, your data may be less safe and secure (and more costly) if you are using more obsolete backup methods and basing your investment upon the following online data backup myths.

Myth: The only way I know if my data is safe is if I can see and touch it. We’ve sometimes talked to city officials who feel that unless they can see a server or physical devices where their data is being backed up, then they feel it’s unsafe.

Fact: A server or physical device (such as an external hard drive, tape, or other storage device) is not necessarily any less safe than data backed up outside of city property. Servers can be hacked, or poorly monitored and maintained. Tape and hard drives can be lost, stolen, or corrupted. Unfortunately, just because you own the hardware and can see it in front of you does not mean it’s any less safe.

Myth: Once my data leaves the building, it's unsafe and at risk for getting stolen. There is still a perception that any information “out on the Internet” is automatically unsafe. Stories of hackers and data theft fuel this fear.

Fact: Encryption standards keep getting better and better, making your online data safer and safer. Otherwise, banks, financial institutions, retailers, and government agencies would never be able to do business online. In fact, sometimes your information is better encrypted and secure online than anything your city staff can accomplish. Vendors and companies cannot toy around with sensitive data, so they have learned to protect it with the highest standards.

Myth: With physical data backup and storage, I can personally audit and check to see if it's getting done. Again, the idea is that if you can see it and touch it, it’s more secure. It’s reassuring to look at all of your tapes, or to know that a bunch of external hard drives contain your backup data.

Fact: Physical, manual data backup tends to fail too often from a lack of proper testing and auditing. City employees often assume that tape, disk, or hard drive backups are working. However, these backups usually fail a good portion of the time. Modern online backup systems more rigorously provide you with an audit trail, the ability to test backups, and more proof than you’ll ever need to show that your data backup is getting done.

Myth: Online data backup is too expensive. There is still a perception that any sufficiently rigorous online data backup must be incredibly expensive and only for larger businesses or cities.

Fact: Online data backup costs have become incredibly affordable. Five years ago, online data backup may have been cost prohibitive, but the Internet evolves at a quick pace. Cloud services have drastically improved online data backup services while lowering costs. You might have heard of robust consumer services like Carbonite or Mozy that back up files for a few dollars a month. Cities need a higher standard of services for sensitive data, but the costs are still very low and affordable. You’ll also find that modern online data backup services are actually less expensive than tape, external hard drives, or using your own servers.

Myth: It’s bad that my data will be in the hands of another vendor. There is a fear that when your data is in another vendor’s control, that puts your data at risk.

Fact: Your sensitive data is already in the hands of many vendors. While it’s good to be cautious, think about who you entrust information to on a daily basis. Your bank. Your insurance company. Your contractors. Your accountants. And any company where you use a credit card. If people were afraid of giving control of their data to another company, business in the United States would ground to a halt. Like any trusted relationship, you of course need to make sure your data backup vendor adheres to the highest standards. Make sure any online data backup vendor can explain their process, standards, best practices, security measures, and willingness to be audited in a way that makes sense to your IT staff or trusted IT vendor.

As you can see, there might be opportunity for you to explore a less expensive, more effective data backup solution if you haven’t revisited these myths in some time. Contact us if you’d like to chat about data backup in more detail.

Friday, November 30, 2012
Dave Mims, CEO

We've moved! Our new offices are located at:

13010 Morris Rd.
Bldg 2, Suite 100
Alpharetta, GA 30004

New Sophicity Offices 

Thursday, November 29, 2012
John Miller, Network Infrastructure Manager

When you think of content filtering, you might think of annoying controls that stop you from checking Facebook and Twitter during the day. Content filtering has often had a bad reputation—so bad that many businesses and government entities have all but given up trying to filter content.

However, by giving up you are exposing your employees to security risks. Even the best of us can be fooled by a phishing scam or misleading website. And even the best of us can have our productivity sucked away by tempting timewasters such as Facebook and YouTube.

Here are some areas of content filtering that cities should especially look at given security, productivity, and technical risks that result from failing to filter.

  1. Filter websites to prevent viruses, spyware, and malware. One of the most common reasons cities get infested with viruses or malware is because an employee clicked on a malicious website. While the major browsers have gotten better with their malicious website detection, it’s still often too easy for people to click through to a dangerous website. Proactive website filters can be annoying—especially when you need to get certain websites approved for viewing. However, that upfront annoyance pays off in the long run with a much lower incidence of viruses related to clicking on a bad website.
  2. Filter heavy media use to prevent bandwidth issues. We’d like to think it’s otherwise, but some employees will watch YouTube videos, Netflix videos, and even play video games during work hours. Since these employees conduct such activities secretly, they can anonymously hog bandwidth and slow Internet connectivity to a crawl (especially in cities where bandwidth is still not very high-speed). Solving the problem is simple—without accusing anyone you simply cut off the ability to hog bandwidth. You may still want to allow certain people the ability to watch YouTube videos to do research or perform their job, but the other high-bandwidth activities can definitely be banned without worry.
  3. Filter email to prevent spam and phishing attacks. Few people argue with the practical sense behind this kind of content filtering. While overall spam has lessened over the past few years, it’s still produced in high volume and tricks many people with sophisticated phishing attacks. Good email filtering makes sure that tricky emails never even get to someone’s inbox.
  4. Filter social media sites to curb productivity issues. While many employees at the manager, director, and executive level—or those in marketing and communications—need to use social media as part of their job, for many entities social media is simply a productivity distraction. If social media has no bearing on someone’s job, it may be a good idea to eliminate access. To make a case, you can monitor Facebook, Twitter, and other social media use to see if hours of your employees’ time are being sucked away.
  5. Filter out annoying pop-ups and advertisements. This is another area where employees will be thankful for content filtering. Too many pop-ups, video advertisements, and banner ads that slow down access to websites are still in existence—with some recent methods becoming even more intrusive. By filtering out these annoying ads, employees can access website content faster.

So, content filtering is not all bad. Sure, there will be some grumbling and protests. But overall—as long as you use common sense, do not ban all social media sites for everyone, and implement content filtering with transparency and pragmatism—you’ll have taken a necessary step toward reducing a whole host of security risks.

If you'd like to discuss content filtering in more detail, contact us
 
Tuesday, November 27, 2012
Clint Nelms, COO

A few months ago, a report by OPSWAT made the rounds that pointed out a few interesting insights about how antivirus software is currently being used. More and more people are using free antivirus software, and the report suggests that people believe they are getting the same protection with free antivirus software as they would with an enterprise antivirus solution.

The protection afforded by free software such as Microsoft Security Essentials is actually pretty good, so the problem is really not in the quality of software offered by a lot of these free antivirus providers. The problem—especially for a city— lie in three key areas that relate to liability:

  • Configuration. We find that the same OPSWAT study shows that most antivirus software is configured incorrectly. It may be good software, but it’s useless if configured incorrectly.
  • Management. Many organizations relying on free antivirus software do not ensure that all desktops and servers have it installed and working properly.
  • Prevention and Quarantining. Sometimes a virus gets through, and its severity can easily compromise a person’s computer or an entire network. People sometimes think they’ve caught and eliminated a virus, but viruses can be deceptively nasty and linger on a person’s computer.

The following story is inspired by a real incident that we encountered a few years ago. To protect the city, we had to significantly change many of the details, but the essence of the story is the same.

Cyber Liability for a Virus Attack: Mid-Sized City Manager’s Office

Imagine you’re the city manager at a mid-sized city. You have access to some of the city’s most sensitive information, including some of the city’s bank accounts.

You’re sitting at your desk and the phone rings. It’s the local bank that handles most of the city’s funds. He informs you that someone has accessed the city’s bank account and attempted to withdraw money.

When the city investigated, it discovered that a virus on the city clerk’s computer opened it up to remote access by a criminal somewhere in the world. The city clerk’s computer did not have antivirus software. Unsecured, the virus infected her computer and the criminal attempted to withdraw money.

A lack of antivirus software at the city led to a virus that compromised the city clerk’s computer, which could have led to stolen funds. Embarrassing, to say the least. Frightening, at most—especially when state and local law enforcement had to expend resources to track down the attackers.

Tips For Preventing a Virus Attack From Compromising Your City

A city is high stakes business, with employees handling sensitive information that cannot be risked with free, unmanaged antivirus software. Because of the city’s relationship to its community, issues related to compromised data from a virus can have a negative impact on many citizens and businesses. Here’s how to avoid the fate of the city manager.

Install antivirus on every computer. Such a basic practice, but so often neglected. There’s more to the picture than just installing antivirus software, but at the very least make sure you have something in place. It’s better than nothing.

Get an enterprise solution. An enterprise antivirus software solution means that:

  • Someone is monitoring the software and all virus threat activity.
  • The software is managed by your technology staff or a vendor.
  • It’s up-to-date at all times.

That means your liability is greatly reduced when an enterprise antivirus solution is in place. Equipped to handle any and all servers and workstations, enterprise antivirus software can oversee complex technology environments and protect your most sensitive information. Plus, an enterprise solution is more proactive. Even the best free antivirus software more often takes a reactive approach.

Make sure experienced technology staff or a vendor is managing the antivirus software. Experienced professionals ensure your antivirus software is installed on every server and workstation, updated regularly, and monitored for any red flags. You should always know:

  • Who is monitoring for viruses?
  • Who is reporting to you about viruses?
  • How often are they monitoring and reporting?

Train staff about viruses. Basic user education—such as avoiding going to certain websites, clicking on suspicious emails, or opening unknown files—can help prevent what is usually the most common way viruses get into an organization.

Audit your antivirus software. That means confirming that antivirus software is installed on every machine (servers and workstations) and that all licenses are up-to-date.

We hope you enjoyed our three part series on cyber liability. We encourage you to read Part I and Part II. If you want to discuss in more detail any city liability issues and how to prevent them, feel free to contact us.

Friday, November 16, 2012
Nathan Eisner, Network Manager

Often, we’ve seen cities get excited about the prospects of a new document management system—only to find out their printers and scanners cannot keep up with their document demand. We tend to see two common situations at cities:

  • Printers and scanners unable to handle document management demand. These might be cheap laser or inkjet printers with either limited or no copy and scan abilities. We often see larger cities struggling with smaller, inexpensive printers and scanners when trying to scan massive amounts of documents.
  • Expensive multifunction printers with magnificent capabilities that are not being utilized. These machines can print in any way imaginable, copy, scan, fax, and coordinate with email and your network with ease. They work fast and have the potential to take care of every need. The irony is that we often see these expensive multifunction printer investments (sometimes in the $10,000 price range) for small cities that really only use it as a photocopier.

How do you know if your printer and scanner matches your document management needs? Here are 5 key questions to ask:

  1. What printer and scanner capabilities do I already have? Can you maximize your existing investment? If you have an expensive multifunction printer, it often has excellent scanning abilities that connect well with a document management system. Your IT staff or vendor can work with the multifunction printer vendor’s support team to help figure this out for you.
  2. What if I don’t have adequate document scanning abilities? Five or six years ago, a document feeder and scanner was very expensive. Today, for only a $200-$300 investment you can purchase a document scanner that works fast and meets your document management needs. We’ve equipped cities with such inexpensive scanners to help them scan documents, lessening the time it takes to get their documents electronically filed away.
  3. How do I make sure I’m connecting all of these technical pieces together—document management system, printer, scanner, network, servers, and workstations? Indeed, there are many parts and pieces that often impede progress when they all don’t work together! Start by establishing a relationship between the printer/scanner’s support representative and your IT staff or vendor. Make sure you understand all of the features you can use to maximize your investment and how the equipment integrates with your network and document management system. Often, cities buy the equipment, underutilize it, and don’t take advantage of support agreements. Your IT staff or vendor should be able to leverage this support relationship to make sure all parts and pieces connected to your document management system are humming like a machine.
  4. Who needs these document printing and scanning capabilities? At a small city with less than 10 employees, one scanner or even a basic multifunction printer might be enough for the entire staff. At larger cities, you might want a dedicated scanner for people such as the finance officer, while larger multifunction printers might serve each department.
  5. How fast do I need to scan documents? Speed is very important depending on your needs. If you have large amounts of documents that need to be scanned every day, 5 pages per hour would obviously not cut it. You don’t want a slow scanner creating a backlog of work. Assess your scanning needs (such as how many documents you’ll be scanning per day or week) and look at your scanner’s speed rating (pages per minute). Also, make sure there is an auto document feeder so that you do not have to manually feed documents.

Having the proper printing and scanning equipment is an essential part of ensuring that your document management system investment works optimally. To discuss this aspect in more detail, feel free to contact us.

Wednesday, November 14, 2012
Randy Weaver, Business Development

From October 24 to October 26, the great city of Valdosta hosted this year’s Georgia City-County Management Association (GCCMA) conference. From my experience, this organization hosts some of the best municipal conferences to attend in Georgia. Valdosta provided a great backdrop for this event, hosting dinner in its newly renovated downtown as well as providing tours to the nearby Moody Air Force Base. GCCMA also presented a great segment on Valdosta’s downtown redevelopment project.

The event was attended by more than 60 city and county managers. After sitting in on many sessions, talking to a variety of city and county managers, and taking a lot of notes, I collected some of the key takeaways and themes from the conference.

  1. Stress is weighing down city managers. The fact that the keynote presentation focused on stress shows that the rough economic recovery is forcing city managers to work harder, longer, and under more pressure. Doing more with less is difficult, and managing that stress was a key topic during the conference. Walt Stasinski, President of Potential Unlimited, did a great (and entertaining) job talking about stress and ways to remedy it.
  2. Information technology too often falls upon city managers as another “hat” to wear. Adding to their stress, city managers or assistant city managers are often stuck handling information technology. Often, they have trouble hiring for an IT role and finding people with the appropriate education to handle their most sensitive city operations. IT vendor management is an especially unfortunate time drain. That’s partly why we tend to help cities run small or large projects often just to handle the vendors—whether it’s a fiber optic project or networking computers in a new building. City managers have shown interest in alternative options to IT hiring because of these concerns.
  3. Cities are overpaying for websites. Many cities have continued to put out RFPs for websites expecting to pay anywhere from $10,000 to $50,000. Of course, many vendors will oblige that budget! Cities need to be educated about lower cost website options that can handle all of their needs—from a modern look and feel to sophisticated functions such as online payments. Incorrect website budget expectations are causing cities to waste money.
  4. Making city employees happy is more important than ever. Some of the sessions focused on better ways to negotiate employee contracts to help attract and retain talented employees. As cities go through rough times with hard-hit budgets, the last thing city managers want is for their best employees to go on strike or leave to go work someplace else. Some solutions that were discussed involved managing these potential problems earlier rather than later, and exploring ways to strategically outsource some work to keep employee hiring stable yet flexible.
  5. Pension plan questions need answers. The Great Recession made many people question their pension plans, and those questions still ripple down the road as the economy recovers. Quite a few people were hurt from the stock market crash, and a few sessions focused on helping city staff build sound retirement plans to take care of not only themselves but also their families. As a key part of attracting long-term talent to cities, pensions and retirement plans cannot be ignored.

Overall, attending the GCCMA conference was a great experience. I feel lucky to have talked to and learned from so many admirable city and county managers working hard and doing the best for their cities throughout Georgia. Despite their stresses, they are stepping up to the task of managing their cities. By networking with their peers at conferences like these, they end up sharing best practices and hard-won experience with each other. I can’t think of a better investment of time.

Thursday, November 08, 2012
Dave Mims, CEO

Just like many small businesses, we see a lot of cities that still have old websites with too much outdated content. Usually, these are signs that the city does not have an easy-to-use content management system (CMS) to update website content.

Technology has moved forward so quickly that it’s easy to think that websites still need a technical webmaster to handle everything related to the website. However, most websites today are managed and updated at very low cost by marketing and communications departments with almost no technical expertise.

Here are five things that your website content management system must allow you to do in 2012. If you cannot do these things, you are severely limited in your communications efforts with citizens and wasting too much time on what should be simple tasks.

  1. You must be able to create and publish your own content. A “webmaster” who still uploads all of your content along with handling every technical aspect of your website is a major red flag. A “wearing all hats” webmaster is not needed in 2012. So many content management systems exist that make creating and publishing content as easy to use as Microsoft Word. In addition, citizens expect updated, fresh content about news, city council meetings, and events. If your last news item or city council meeting minutes on your homepage is more than 3 months old, it reflects poorly on your city.
  2. You must be able to update your content anytime, anywhere. Content management systems today are convenient because you can log in from anywhere—home, the office, a coffee shop—and update content. This is especially useful because of the nature of content today. People expect fresh content. When news hits, you should be able to update your website instantaneously from wherever you are. You shouldn’t be stuck without the ability to update until getting into the office at 9 a.m. the next morning.
  3. You must be able to set roles and permissions. Obviously, you don’t want all employees to be able to change your core website content. That’s why setting roles and permissions is standard in most content management systems. You can make sure that some people are administrators, some can update only certain parts of the website, and some can only create and upload content for approval. This keeps content creation flexible and easy while still limiting who can alter the website.
  4. You must be able to collaborate and share the most current versions of content. Good content management systems allow you to collaborate on a piece of content without confusion. Let’s say I’m working on information about a community event downtown. I can upload the event information and then another person can review it and make changes. If someone else also wants to review it, it is clear what the latest version is and who modified it.
  5. You must be able to centralize and organize content. The great thing about a content management system is that all content is centralized and organized. You can review all recent news items, city council agendas, city council minutes, event items, and any other content uploaded to the CMS. Good content management systems organize content by category—by topics (news, events, etc.), type of content (articles, blog posts, etc.), and tags (tax information, public safety information, etc.). This way, it’s easy to keep track of all content that has been published or that is still pending review.

If your city cannot easily do any of these things right now with its website, then you might be delighted to find many compelling, low-cost content management system options on the market that will literally transform the way you create and publish website content. A website that remains updated and fresh shows vitality for your city, and as trends move more toward better and better content on websites, you need to be able to demonstrate that your city is always communicating with its citizens.

To discuss content management systems in more detail, please contact us.

Tuesday, November 06, 2012
John Miller, Network Manager

One of the most common scenarios we see when cities are struggling with document management is when employees rely too much on email for sending, storing, and revising documents. You’ve all felt that pain, right? Which version is the most recent version? When did I send that file? Uh oh, I need that document from two years ago—let me check my archive email folder…

An excellent infographic from KnowledgeTree has been making the rounds, and it quantifies some of the impact of email on document management. We selected some of the stats that particularly struck us as significant – and alarming.

  • 90% of documents are revised more than two times. That means a lot of documents need to be swapped back and forth between various people.
  • 46% of people share draft documents via email.
  • 59% of people gather feedback via email.
  • KnowledgeTree says, “Using email to gather approvals adds a day and a half delay compared to a document management tool.”

Clearly, this reflects a lot of time wasted, frustration, and slowed productivity. No wonder city clerks often tell us they appreciate a document management solution that saves them time and money, while making everyone’s jobs easier. Email alone just does not work for document management.

Switching to a document management tool helps alleviate many of these email inefficiencies.

  • Finding Documents Instead of searching your unorganized email for documents, a document management system centralizes documents and makes them easy to find.
  • Never Losing Documents What if you need an important document for an audit or a legal reason and...you could have sworn it was in your email. With a document management system that scans and stores all city documents, the responsibility of keeping and accessing documents becomes a citywide function and policy – and not relying on employee email inboxes.
  • Better Audit and Open Records Readiness During an audit or open records request, searching emails for information is a costly and logistical nightmare. A document management system makes you audit ready and quick to access any needed documents.
  • Automating Workflow With email, sending off documents for revision and feedback can get haphazard and chaotic. Who is reviewing what, and when? What’s the most recent version? Automated workflow capabilities enforce simple rules, including locking out documents to everyone but the person editing, requiring various steps of a review process to be followed, and ensuring that proper approvals are made to all documents.

If you’d like to talk more about the benefits of document management versus email, contact us.

Thursday, November 01, 2012
Clint Nelms, COO

As cyberattacks continue to affect cities, cities are finding not only their defenses weak but also their knowledge about cybersecurity to be minimal. It’s difficult to keep up, but the consequences of not keeping up are costly. Hackers recently stole $400,000 from the city of Burlington, Washington, and phishing attacks continue to increase in complexity—with often lethal results.

GovTech recently featured a great resource for local government called the Center for Internet Security based in Albany, New York. It’s not only a good website for cybersecurity resources but also for communication between different cities to help share information.

In examining the Center for Internet Security’s website, we were impressed to see various guides targeted toward non-technical decision makers such as elected officials, administrative officials, and business managers (such as finance officers). We wanted to highlight a few of the guides we found most beneficial for cities.

Getting Started

The Getting Started guide is an excellent overview of cybersecurity for those who have not dealt with the topic head on before. Some key insights include:

  • “Cyber security is a business function, and technology is a tool that can be used to more securely protect information assets.” It’s important to understand that it’s a business function, rather than just a technology “nice-to-have.” If you think about cybersecurity more like insurance, your mindset is more aligned with its business importance.
  • The threat of cybersecurity means local government shutting down. The report makes it clear that if a city’s website goes down, data is lost, or information is stolen, then the city becomes fully compromised. These are risks too great to ignore.
  • The guide provides a “Top Ten Cyber Security Action Items” list with excellent prioritization of key cybersecurity activities. We especially like the practical advice about recognizing a problem, recommendations on dealing with a cybersecurity problem, and extra tips about physically securing equipment and hardware (including disposal).

Erasing Information and Disposal of Electronic Media Guide

An often overlooked but important area of cybersecurity, this guide has some excellent non-technical information about how to erase and dispose of sensitive data. Some key insights include:

  • The guide points out that “deleting files does not erase information.” We’ve found that many non-technical users and decision makers believe that deleting information means it’s gone. It’s not—which is especially important if someone steals a device, or a laptop is reused by an employee who should not have access to sensitive information that may still be on it.
  • Data erasing and disposing techniques are discussed, which give an idea of the complexity and seriousness of this activity. The guide recommends using an expert contractor or vendor if no one on a city’s IT staff has experience professionally erasing and disposing of data. This ensures you comply with all laws and regulations around data disposal.
  • An easy-to-use matrix is provided that covers what method you should use to erase and dispose of data for various media types (hard drives, printers, copiers, fax machines, CDs, DVDs, USB drives, tapes, cell phones, etc.).

Secure Credit Card Payment Process

Because so many cities have shifted to online payments, it’s clear that this is an extremely sensitive area that hackers often try to exploit. This guide gives a great non-technical overview of this complex area.

  • The guide describes basic online payment industry standards. If the acronyms PCI-DSS, PA-DSS, and PTS sound unfamiliar, this section is a must read for city officials.
  • Many cities think that they are not considered merchants or, that if they use a third party payment vendor, that these payment compliance laws do not apply directly to them. Think again. The guide discusses how local government is responsible for following payment compliance – even when using third parties.
  • In blunt, stark terms, the guide justifies any costs of compliance. It’s easy to tune out vendors who talk about compliance but then tell you it will cost money to upgrade hardware and software (which may require some fundamental changes to your server and workstation maintenance). But, again, think of it as insurance. What happens if citizens’ credit card information is stolen? The cost—both direct and indirect—is too high to risk.

We recommend visiting the Center for Internet Security’s website, taking a look at the information, and getting more involved with them. Also, if you want to discuss any of these areas in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 |