We put the IT in city®

CitySmart Blog

Thursday, December 20, 2012
Dave Mims, CEO

From my experience, when cities (or any organization) deal with their technology they tend to jump right into technical specifications or complex analyses. But as fascinating as technology can be, you won’t solve your technology problems by focusing on…technology.

Am I contradicting myself? Strangely no. Over the years, I’ve learned that to make technology succeed, people-focused principles are probably more important than technical details. And as I network with experienced technology leaders who have been in the business for 20+ years, I find they also emphasize these people-focused principles in their work.

I was inspired to write this post after talking to a senior IT leader who has decades of experience in both the private sector and local government. At the heart of most technology issues are people issues. But if you avoid the following mistakes, you will create the foundation you need to really benefit from technology.

Mistake #1: Fail to listen. Most people move ahead gung-ho with technology initiatives. Out of frustration, people sometimes feel they must act boldly to resolve productivity issues (such as slow servers or a hard-to-use website). But when you don’t talk to the people who will be using the software, the website, the user interface to a system, etc. or to stakeholders whose departments are impacted by the technology, then you are sowing the seeds of failure. An essential part of planning for any technology initiative is thoroughly interviewing and questioning all relevant stakeholders and users. You need their input—first.

Mistake #2: Focus on the product, not the problem. It’s very common for people to get excited about a specific piece of software, a new mobile application, or a redesigned website. Sometimes you see other cities doing something, and you feel you have to do it too. But there are a lot of shiny objects in the world of technology that don’t necessarily solve your problem. Define your problem first. Where are you losing productivity? Where could you save money? What area, if improved, will have a great impact on your city’s services? Use technology to solve a problem, instead of just using technology because others are using it.

Mistake #3: Don’t prepare a business case. While you would think that most cash-strapped cities would keep an eye on the money, we’ve seen that technology is often the hardest budget area to understand. In order to make a decision, many city councils and administrators often sign off on IT budgets, projects, and software without really understanding the return on investment. It may take some time and outside help, but get someone to objectively compare different options, show how you’re currently losing or wasting money, and show how a technology investment positively impacts the business of the city. Technology should never be a leap of faith.

Mistake #4: Throw more money and resources at a technology problem. One of the things that frustrates taxpayers the most when they hear about failed government initiatives is when government makes a bad problem worse by hoping it goes away with more money. Money alone will not solve a problem. You need to understand the root cause of any technology problem, understand options that may solve it, and then ask some hard questions. Do I need to change my infrastructure (versus buying more servers)? Do I need to hire different staff or vendors, or let some go (versus hiring more people)? Often, you’ll find that understanding the root cause of a technology problem also allows you to save money and become more efficient.

Mistake #5: Fail to plan. We’ve walked into many cities where there is no real plan for technology investments. Hardware is kept around until it dies, software is used even if it’s not solving a problem, and citizen services are often behind the times. Technology planning requires budgeting, outlining short-term and long-term needs, and identifying priorities. With planning and regular evaluation, a city can often achieve more productivity and service enhancements than they could if they were just aimlessly plodding along.

While these sound like easy mistakes to avoid, these kinds of flaws often appear as organizations grow larger. It’s easy for teams of people to become disconnected and siloed. Some of the hardest work in a city has to do with communication and getting multiple stakeholders to agree on how to solve problems. Technology is no different. While the technology is fun (and I really enjoy geeking out to technology!), it’s best to make sure you’ve got a people-focused mindset in place to really make technology improve your city.

If you’d like to talk more about your technology communication and planning, please contact us.

Tuesday, December 18, 2012
Nathan Eisner, Network Manager

Cities are continuing to offer online payments to citizens in record numbers. Pascagoula, Mississippi; Patterson, California; Yakima, Washington; and many other cities are realizing that citizens have come to expect this kind of service. Online payments are no longer a “nice-to-have.” But throwing up an online payment system—any online payment system—isn’t enough to make citizens happy.

Citizens will have expectations once you set up your online payment system. Not meeting these expectations may lead to customer complaint calls which tie up your city staff and cause public frustration expressed toward elected officials. Upfront, it helps to anticipate and address some basic issues to make sure that your online payment system is optimally set up.

In the past, we’ve discussed 10 questions to ask your online payment vendor. In this article, we’re providing more service-oriented technology tips. Not following these tips won’t break your technology, but failing to consider these service features will potentially make your citizens unhappy. Luckily, these are simple service features that you can check off your list when setting up or reevaluating your online payment system.

  1. Try to set up online payments for all city services requiring payment. It’s okay to start off with a pilot test (e.g. property taxes or parking ticket payments). But eventually you will want to place all (or nearly all) payment-related services online. You don’t want people who have paid property taxes online wondering why they can’t pay their parking ticket. If you’re investing in online payments, you might as well provide online payments for all city services.
  2. Provide a variety of payment options. People have many different needs. Your citizens represent a range of income levels and financial sophistication. Can they pay by check, money order, and credit card? Are there plenty of credit card options? Is it easy to route the money from their checking account? Citizens should not be prevented from paying online because a common payment feature isn’t available. Provide options.
  3. Provide a clear record of the transaction. There should be multiple ways to confirm a payment and create a record for a citizen. Again, provide options. Some people like to print out the record, some like an email notification, and some even like for the city to mail them a paper record. The worst nightmare, especially for non-technologically savvy citizens, is thinking their payment did not go through because they hit the back button or a screen exited them without any clear confirmation.
  4. Provide customer support and prompt service. No matter how good your online payment system, there will be problems. We’ve all had that experience where something goes wrong online and we immediately jump on the phone. Your citizens are no different. Make sure there is an easy way for them to troubleshoot basic problems, a visible phone number to call or an email address to send a support request, and people staffed to properly handle problems. As long as citizens know that a friendly, knowledgeable person is there to help when something goes wrong, you’ll alleviate most customer dissatisfaction.

By taking care of these basic service-oriented issues ahead of time, you’ll eliminate most of the common problems that people experience when paying online. If you’d like to talk about online payments in more detail, please contact us.

Friday, December 14, 2012
Clint Nelms, COO

While big data will not apply to the daily concerns of most small- and medium-sized cities, it’s probably one of the biggest buzzwords you’re hearing right now in IT—right after “cloud” and “smart cities.” Is big data something you need to worry about? What does it even mean?

In this blog post, we’ll break big data down for you, cut through the noise, and let you know the basic essentials. While the concept of big data may not apply to your city, it’s good to know what it’s all about and some of the ideas might make you think about your existing data—big or not.

  1. Big data really does mean BIG. For most small and medium cities, it may seem like you have a lot of data. But compare your data with Walmart’s data or the federal government’s data. Nevertheless, you still may have large amounts of data depending on the size of your city. If your current methods of managing data seem to be consistently inadequate (long data processing times, slow servers, the inability to generate reports, etc.) and if you feel you have so much data that it’s staggering, then you might want to at least consider examining some big data solutions.
  2. The volume of data produced every day grows more and more. In recent years, the ways we produce, collect, store, and share data has exploded. One of the reasons “big data” has even emerged is because we are more technologically capable of producing massive amounts of data on a scale that was impossible even a few years ago. Just think about how much data has been produced by Facebook or YouTube over the past five years. Just think about how many “IP-enabled” devices exist: GIS, cameras, audio files, videos, tablets, smartphones, handheld devices, sensors, RFID, printers, scanners, copiers, etc. These items all produce data that needs to be stored and often used.
  3. Most data is unstructured. Unstructured data means that the data is not categorized, labeled, or tagged in a way that helps you find it when you need it. Most emails, Word and Excel documents, social media posts, and videos are unstructured. They are simply produced without categorization. It’s when you need to find that data later that problems emerge. Now just imagine unstructured data on a massive scale—such as thousands and thousands of documents. You have the information you need, but you can’t find it or use it.
  4. When you can understand your data, you can make better decisions. Big data has turned into a lucrative market because organizations with massive amounts of data want to use it to make decisions that help their productivity and services. For example, New York City used big data to increase the safety of building inspectors especially concerned with buildings so unsafe (such as 60 people living in an apartment built only for 6) that they need to be vacated. This CIO Magazine article states, “With the correct data identified, [Michael] Flowers' team created a tool that was directly usable by the inspectors closest to the [unsafe building] problem. Before inspectors had the tool, they found buildings so unsafe that they had to vacate them 13% of the time. Eighteen months after Flowers' project, inspectors now vacate 70% of the buildings. ’We won because we had the right data,’ Flowers says. ‘The city's data is good and we used it in the right way.’”
  5. Some organizations often need to make real-time decisions based on a high volume of data. In many cases, government collects large amounts of data that become incredibly useful during extreme situations. Just imagine how FEMA must use its data when a disaster like Hurricane Sandy occurs. Or at the city-level, imagine how large public safety departments must use data during a murder investigation, 911 emergencies, or local safety issues in which making the right decision must happen in minutes, not days. If cities have massive amounts of data that can be used in emergency or extreme situations, big data solutions will become essential—especially when lives are on the line.

This summary gives you an idea about the basics of why big data exists and why it may be important to local government. If you are dealing with massive amounts of information at a large city, you may have big data needs—but for most small- and medium-sized cities, your levels of data are small enough that they can be managed with more modest solutions.

If you’d like to talk about whether or not “big data” fits your situation, please contact us.

Thursday, December 13, 2012
Dave Mims, CEO

We are excited that Tribune 4.0 is going to be released on Friday! Many new features are included in this release, and you can expect much more to come in future versions. We’ve completed, tested, and ran Tribune 4.0 on Sophicity.com for weeks, and we’re excited to talk about what the new version includes:

  • Basic and Advanced Views. Managing content (e.g. editing a story item) now has a Basic View and Advanced View. The Basic View displays a configurable subset of Tribune fields, which can greatly simplify the content editing user interface. And, the configurable subset of Tribune fields can be customized per Tribune page that you’re creating content for. For example, the Basic View fields for a home page can be different than the Basic View fields for a blog page. The user can toggle back and forth between the Basic View and the Advanced View. (The Advanced View includes all fields).
  • Tribune Field Defaults. Tribune field defaults for content items (e.g. stories, etc.) can now be assigned. The default values can be overridden by the user when they’re editing a content item. Defaults are customized per Tribune page. For example, the field default values for a home page can be different than the field default values for a blog page.
  • Alias URL Support. Alias URL support is now provided for content items (e.g. stories, calendar items, etc.). An alias URL is an alternate friendly page name that can be associated with a content item’s normally verbose URL. This provides a friendlier URL for linking to content items.
  • New Filtering Options. Content management list filtering options are now provided by category, subcategory, and keyword.
  • Payment Processing Enhancements. We implemented payment processing enhancements across the user interface, custom data field encryption, and reporting.

For enterprise customers, Tribune 4.0 includes a centralized error handling service for administering exception handling reporting across multiple Tribune sites. This feature only affects users who are hosting their own Tribune sites.

What’s Next?

  • Growing the core team responsible for Tribune development. This is to both address enhancing the core product with new features and to keep pace with launching the growing number of new websites running on Tribune because of our IT in a Box product release.
  • Mini-releases. Instead of big releases, we will begin to target feature releases. We will implement a feature, test and certify it, live on it ourselves, and then release the feature to customers. Our goal is to greatly increase the frequency of our release cycles.
  • Virtual pages. This feature will allow you or your support staff (non-programmers) to add pages to your website quickly through the administrative screens in Tribune. Yes, no development required! We plan to deliver this feature in February.
  • Menu and navigation management. This feature will allow you or your support staff (non-programmers) to change your website’s navigation through the administrative screens in Tribune. Again, no development required! We plan to deliver this feature in February.

On the Radar

  • Virtual Forms. This feature will allow you or your support staff from the administrative screens in Tribune to add new forms. No development required! For example, a city could add a new form like “Reporting a pothole.”
  • Virtual Products. This feature will allow you or your support staff from the administrative screens in Tribune to add new products for payment processing. Again, no development required! For example, a city could add a Product such as purchasing tickets online to a holiday event.
  • Mobile friendly pages. This feature will allow your website pages to automatically render content in a format friendly to mobile devices.
  • Mobile friendly administration. This feature will allow you to administer and manage content for your website from your mobile devices such as an iPad or a Droid device.

As always, as you have recommendations for product features you would like to see, please contact us.

Wednesday, December 12, 2012
John Miller, Network Infrastructure Manager

You might be able to drive a car or truck for many years until you run it into the ground, but you cannot do the same thing with your servers, workstations, and mobile devices. However, many cities run their IT hardware into the ground because they think they are maximizing their investment. After paying so much for your hardware, you want to feel like you’re getting your money’s worth.

However, IT hardware is much different than a building, a vehicle, or other equipment. Because information technology advances so fast, hardware becomes obsolete after only 3-5 years. After that point, you are risking the operations and services of your city with each passing month or year of relying on old hardware.

In addition, many cities treat their hardware like it’s simply a machine that just needs to work at the end of the day. But computer hardware requires much more sensitive and ongoing maintenance than other simpler, one-dimensional equipment.

If any of the following hardware scenarios apply to you, your city operations and services are at significant risk.

  1. My hardware is more than five years old. When your hardware gets old, you’ll see it breaking down, freezing up, or taking way too much time to do simple tasks. You’ll also find that your servers and workstations cannot utilize new software, web browsing, or cloud applications. And when your hardware gets too old, there’s a chance that the warranty has expired or support is unavailable.
  2. My hardware is not regularly monitored, patched, and upgraded. Many cities unfortunately fail to appropriately monitor the life and health of their hardware. Whether it’s hiring IT staff or a vendor to perform these tasks, hardware must be monitored for red flags that indicate future breakdowns (such as server failure), productivity issues, viruses, and hacking attempts. Regular patches also need to be applied to eliminate major security risks.
  3. My hardware is not backed up. A server or workstation does not need to be old to fail. Malfunction happens. Workstations, laptops, and mobile devices are also easily lost or stolen. If you are not backing up data on all of your hardware, you are placing your city operations at risk. Many automatic data backup systems exist for a reasonable investment that ensure a hardware failure is not the end of your data.
  4. Your staff is constantly complaining about their slow computers. If your staff is continually unhappy from dealing with slow machines, and if these machines have become the source of low morale and cynical jokes, then you’ve got a problem. Old hardware should not prevent simple work from getting done. Usually, this situation signifies aging hardware, insufficient machine memory, not enough servers, insufficient servers that are not up to the task of handling peak city demand, and incorrectly configured hardware.
  5. Your hardware prevents you from using mission critical software or important data. If you have to pass up using a modern ERP system, a new accounting system, or powerful GIS data because your hardware can’t handle it, then you’ve got a serious problem. New municipal systems, software, and data are created to run on newer, faster machines. Since utility, finance, public safety, water/sewer, and other city department services are always improving as a result of new software or data solutions, you must have the infrastructure in place to make sure you can use those solutions.

To prevent these hardware problems in the future, you need to:

  • Establish and budget for a 3-5 year hardware replacement lifecycle.
  • Hire IT staff or an IT vendor to regularly monitor, patch, and upgrade your hardware.
  • Use an automated data backup system in case of hardware failure.
  • Ensure your hardware is configured to accommodate your needs (including any mission critical activities).
  • Understand your hardware limitations and how to overcome them when faced with new software, systems, or data needs that you must have to stay current with the evolution of municipal service.

If you would like to discuss hardware in more detail, please contact us.

Friday, December 07, 2012
Dave Mims, CEO

Often, a city will decide it needs a new or redesigned website. Maybe the current website is obsolete and outdated. Maybe it’s difficult for city staff to update content, and so they are looking for an easy-to-use content management system. From our experience, one of two things tends to happen:

  • The project dies from lack of interest and support. A new website never seems to become a priority, or it’s dismissed without discussion because the city “doesn’t have any budget.”
  • The project moves forward, but it’s headed by one powerful decision maker or department. They make a decision about the city’s website without other people’s input, or they make a decision based purely on cost. Disaster ensues when the website is not used or adopted correctly by city staff and there are numerous technical problems that sabotage the investment.

These website decisions are usually the result of failing to get the right internal stakeholders on board. In order to increase the success of modernizing your website, switching to a more usable content management system, and keeping website investment costs low, you need to make sure the following people or departments are on board.

  1. Marketing and Communications Every city has someone in charge of communicating with the public. Remember: A website is a public communication tool to help market, communicate, and provide essential information about your city to a wide audience. Bad websites can cripple your marketing and communications team, which affects how your city appears to citizens, businesses, and people considering locating to your city. Make sure your marketing and communications team outlines what they need in a website to do their job.
  2. Content Creators Any city staff who have to create and update content usually can tell you what works, what is broken, and what they need to update content effectively. Common bottlenecks include working through a webmaster or using a difficult content management system that makes it hard to update. Your content creators—those who upload city council minutes or let the public know about important notices and community events—are in the website trenches every day. Their input is invaluable.
  3. City Administration The city administrator and the finance officer need to look at the website from a financial and operations perspective. So much about a city’s operations ties to a website: maintaining an online payment system, sharing government information (e.g. city council agendas and minutes), and upholding the city’s public reputation. Also, in emergencies, citizens rely on the city’s website for information. City administration can help with the website decision making process by listening to staff and department concerns, building a business case, and convincing elected officials to take action.
  4. City Clerk The city clerk is at the center of all municipal activity. They understand how different department needs and operations intersect. With their institutional knowledge, they have the ability to justify the reasons why a new website or content management system will help overall city operations. They can provide rich, specific, and convincing examples of higher-level reasons why a bad website is hindering city business. When they weigh in, people listen.
  5. Information Technology Websites and content management systems still involve technical aspects that need input from IT—especially about what you can and can’t do. IT staff can also give advice about website features that are more affordable than you think, and caution you against features that may be overkill or too expensive. Most importantly, they can make sure your website is hosted and backed up properly, works easily for non-technical users who need to update content, and integrates complicated features such as online payments, forms, and multimedia (audio, video, images, etc.).

While other department heads can also come to the table and discuss their website needs, especially if the website redesign is a major initiative, having at least these 5 key stakeholders involved will ensure that you have comprehensive feedback guiding your decision.

If you'd like to discuss websites in more detail, please contact us.

Tuesday, December 04, 2012
Nathan Eisner, Network Manager

When talking with cities, we often hear a variety of negative perspectives and observations about online data backup. Like any technology that has rapidly advanced in recent years, combined with many high profile cases of hacking and data theft, it can seem like modern online data backup is less safe than traditional onsite backup methods.

However, many of these perceptions are inaccurate and gloss over the major benefits of online data backup to your city. In fact, your data may be less safe and secure (and more costly) if you are using more obsolete backup methods and basing your investment upon the following online data backup myths.

Myth: The only way I know if my data is safe is if I can see and touch it. We’ve sometimes talked to city officials who feel that unless they can see a server or physical devices where their data is being backed up, then they feel it’s unsafe.

Fact: A server or physical device (such as an external hard drive, tape, or other storage device) is not necessarily any less safe than data backed up outside of city property. Servers can be hacked, or poorly monitored and maintained. Tape and hard drives can be lost, stolen, or corrupted. Unfortunately, just because you own the hardware and can see it in front of you does not mean it’s any less safe.

Myth: Once my data leaves the building, it's unsafe and at risk for getting stolen. There is still a perception that any information “out on the Internet” is automatically unsafe. Stories of hackers and data theft fuel this fear.

Fact: Encryption standards keep getting better and better, making your online data safer and safer. Otherwise, banks, financial institutions, retailers, and government agencies would never be able to do business online. In fact, sometimes your information is better encrypted and secure online than anything your city staff can accomplish. Vendors and companies cannot toy around with sensitive data, so they have learned to protect it with the highest standards.

Myth: With physical data backup and storage, I can personally audit and check to see if it's getting done. Again, the idea is that if you can see it and touch it, it’s more secure. It’s reassuring to look at all of your tapes, or to know that a bunch of external hard drives contain your backup data.

Fact: Physical, manual data backup tends to fail too often from a lack of proper testing and auditing. City employees often assume that tape, disk, or hard drive backups are working. However, these backups usually fail a good portion of the time. Modern online backup systems more rigorously provide you with an audit trail, the ability to test backups, and more proof than you’ll ever need to show that your data backup is getting done.

Myth: Online data backup is too expensive. There is still a perception that any sufficiently rigorous online data backup must be incredibly expensive and only for larger businesses or cities.

Fact: Online data backup costs have become incredibly affordable. Five years ago, online data backup may have been cost prohibitive, but the Internet evolves at a quick pace. Cloud services have drastically improved online data backup services while lowering costs. You might have heard of robust consumer services like Carbonite or Mozy that back up files for a few dollars a month. Cities need a higher standard of services for sensitive data, but the costs are still very low and affordable. You’ll also find that modern online data backup services are actually less expensive than tape, external hard drives, or using your own servers.

Myth: It’s bad that my data will be in the hands of another vendor. There is a fear that when your data is in another vendor’s control, that puts your data at risk.

Fact: Your sensitive data is already in the hands of many vendors. While it’s good to be cautious, think about who you entrust information to on a daily basis. Your bank. Your insurance company. Your contractors. Your accountants. And any company where you use a credit card. If people were afraid of giving control of their data to another company, business in the United States would ground to a halt. Like any trusted relationship, you of course need to make sure your data backup vendor adheres to the highest standards. Make sure any online data backup vendor can explain their process, standards, best practices, security measures, and willingness to be audited in a way that makes sense to your IT staff or trusted IT vendor.

As you can see, there might be opportunity for you to explore a less expensive, more effective data backup solution if you haven’t revisited these myths in some time. Contact us if you’d like to chat about data backup in more detail.

Friday, November 30, 2012
Dave Mims, CEO

We've moved! Our new offices are located at:

13010 Morris Rd.
Bldg 2, Suite 100
Alpharetta, GA 30004

New Sophicity Offices 

Thursday, November 29, 2012
John Miller, Network Infrastructure Manager

When you think of content filtering, you might think of annoying controls that stop you from checking Facebook and Twitter during the day. Content filtering has often had a bad reputation—so bad that many businesses and government entities have all but given up trying to filter content.

However, by giving up you are exposing your employees to security risks. Even the best of us can be fooled by a phishing scam or misleading website. And even the best of us can have our productivity sucked away by tempting timewasters such as Facebook and YouTube.

Here are some areas of content filtering that cities should especially look at given security, productivity, and technical risks that result from failing to filter.

  1. Filter websites to prevent viruses, spyware, and malware. One of the most common reasons cities get infested with viruses or malware is because an employee clicked on a malicious website. While the major browsers have gotten better with their malicious website detection, it’s still often too easy for people to click through to a dangerous website. Proactive website filters can be annoying—especially when you need to get certain websites approved for viewing. However, that upfront annoyance pays off in the long run with a much lower incidence of viruses related to clicking on a bad website.
  2. Filter heavy media use to prevent bandwidth issues. We’d like to think it’s otherwise, but some employees will watch YouTube videos, Netflix videos, and even play video games during work hours. Since these employees conduct such activities secretly, they can anonymously hog bandwidth and slow Internet connectivity to a crawl (especially in cities where bandwidth is still not very high-speed). Solving the problem is simple—without accusing anyone you simply cut off the ability to hog bandwidth. You may still want to allow certain people the ability to watch YouTube videos to do research or perform their job, but the other high-bandwidth activities can definitely be banned without worry.
  3. Filter email to prevent spam and phishing attacks. Few people argue with the practical sense behind this kind of content filtering. While overall spam has lessened over the past few years, it’s still produced in high volume and tricks many people with sophisticated phishing attacks. Good email filtering makes sure that tricky emails never even get to someone’s inbox.
  4. Filter social media sites to curb productivity issues. While many employees at the manager, director, and executive level—or those in marketing and communications—need to use social media as part of their job, for many entities social media is simply a productivity distraction. If social media has no bearing on someone’s job, it may be a good idea to eliminate access. To make a case, you can monitor Facebook, Twitter, and other social media use to see if hours of your employees’ time are being sucked away.
  5. Filter out annoying pop-ups and advertisements. This is another area where employees will be thankful for content filtering. Too many pop-ups, video advertisements, and banner ads that slow down access to websites are still in existence—with some recent methods becoming even more intrusive. By filtering out these annoying ads, employees can access website content faster.

So, content filtering is not all bad. Sure, there will be some grumbling and protests. But overall—as long as you use common sense, do not ban all social media sites for everyone, and implement content filtering with transparency and pragmatism—you’ll have taken a necessary step toward reducing a whole host of security risks.

If you'd like to discuss content filtering in more detail, contact us
 
Tuesday, November 27, 2012
Clint Nelms, COO

A few months ago, a report by OPSWAT made the rounds that pointed out a few interesting insights about how antivirus software is currently being used. More and more people are using free antivirus software, and the report suggests that people believe they are getting the same protection with free antivirus software as they would with an enterprise antivirus solution.

The protection afforded by free software such as Microsoft Security Essentials is actually pretty good, so the problem is really not in the quality of software offered by a lot of these free antivirus providers. The problem—especially for a city— lie in three key areas that relate to liability:

  • Configuration. We find that the same OPSWAT study shows that most antivirus software is configured incorrectly. It may be good software, but it’s useless if configured incorrectly.
  • Management. Many organizations relying on free antivirus software do not ensure that all desktops and servers have it installed and working properly.
  • Prevention and Quarantining. Sometimes a virus gets through, and its severity can easily compromise a person’s computer or an entire network. People sometimes think they’ve caught and eliminated a virus, but viruses can be deceptively nasty and linger on a person’s computer.

The following story is inspired by a real incident that we encountered a few years ago. To protect the city, we had to significantly change many of the details, but the essence of the story is the same.

Cyber Liability for a Virus Attack: Mid-Sized City Manager’s Office

Imagine you’re the city manager at a mid-sized city. You have access to some of the city’s most sensitive information, including some of the city’s bank accounts.

You’re sitting at your desk and the phone rings. It’s the local bank that handles most of the city’s funds. He informs you that someone has accessed the city’s bank account and attempted to withdraw money.

When the city investigated, it discovered that a virus on the city clerk’s computer opened it up to remote access by a criminal somewhere in the world. The city clerk’s computer did not have antivirus software. Unsecured, the virus infected her computer and the criminal attempted to withdraw money.

A lack of antivirus software at the city led to a virus that compromised the city clerk’s computer, which could have led to stolen funds. Embarrassing, to say the least. Frightening, at most—especially when state and local law enforcement had to expend resources to track down the attackers.

Tips For Preventing a Virus Attack From Compromising Your City

A city is high stakes business, with employees handling sensitive information that cannot be risked with free, unmanaged antivirus software. Because of the city’s relationship to its community, issues related to compromised data from a virus can have a negative impact on many citizens and businesses. Here’s how to avoid the fate of the city manager.

Install antivirus on every computer. Such a basic practice, but so often neglected. There’s more to the picture than just installing antivirus software, but at the very least make sure you have something in place. It’s better than nothing.

Get an enterprise solution. An enterprise antivirus software solution means that:

  • Someone is monitoring the software and all virus threat activity.
  • The software is managed by your technology staff or a vendor.
  • It’s up-to-date at all times.

That means your liability is greatly reduced when an enterprise antivirus solution is in place. Equipped to handle any and all servers and workstations, enterprise antivirus software can oversee complex technology environments and protect your most sensitive information. Plus, an enterprise solution is more proactive. Even the best free antivirus software more often takes a reactive approach.

Make sure experienced technology staff or a vendor is managing the antivirus software. Experienced professionals ensure your antivirus software is installed on every server and workstation, updated regularly, and monitored for any red flags. You should always know:

  • Who is monitoring for viruses?
  • Who is reporting to you about viruses?
  • How often are they monitoring and reporting?

Train staff about viruses. Basic user education—such as avoiding going to certain websites, clicking on suspicious emails, or opening unknown files—can help prevent what is usually the most common way viruses get into an organization.

Audit your antivirus software. That means confirming that antivirus software is installed on every machine (servers and workstations) and that all licenses are up-to-date.

We hope you enjoyed our three part series on cyber liability. We encourage you to read Part I and Part II. If you want to discuss in more detail any city liability issues and how to prevent them, feel free to contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 |