Over time, information security laws only
grow stronger. As information technology continues to mature, expectations grow
higher that cities will protect their data. When data loss occurs or sensitive
information is stolen, the financial and legal repercussions (along with the
public outrage) may increase.
Most laws center around protecting
sensitive information and ensuring that operational continuity occurs even if a
disaster hits. After all, cities are stewards of public information and use
that information to serve citizens. If a city neglects information security,
they’re not just passing over nice-to-have technology perks. They are
neglecting and compromising their very core mission.
In this two-part article, we’ll discuss
best practices in part one and then address policies in part two. Use this
checklist of best practices to begin assessing your information security.
Weak or no passwords remain one of the
biggest information security holes at most cities. Are you using some of these worst passwords like 123456, Password,
or qwerty? Do your employees write passwords down on sticky notes and attach
them in public view on their computers? Remember, hackers use automated
software to crack passwords. The easiest passwords will get cracked, even if
you consider yourself an unimportant target.
While antivirus software helps protect
your city against viruses, don’t forget that human error often leads to viruses
even if you install antivirus software. Hackers usually fool employees by
getting them to click on funny images, social media quizzes, and online games
on websites and social media. Email attachments with viruses also still work
when employees think they come from a legitimate sender (which is easy for
hackers to spoof).
A virus can really wreck your city by
corrupting, deleting, or stealing your data. Protect yourself with:
Cities with any uncertainty related to data backup need to immediately address
this problem. A data breach or information theft is really bad, but don’t
forget about the risk of permanent data loss. To run a city and serve citizens,
electronic information is essential. Losing data lessens trust between you and
Make sure you can perform onsite data
backups for quick recovery and offsite data backups to recover from theft or
Many cities neglect operating system and
software updates. These updates and patches are delivered by software vendors
to fix bugs and patch up security holes. Studies show that most cyber-outbreaks
can be prevented by keeping computers up to date—and yet most people ignore
messages on their computers about installing updates. Apply patches, ideally
with an IT resource overseeing the process. And because vendors eventually stop
supporting and patching applications, operating systems, and hardware when this technology
gets too old, you need to upgrade these items when they have reached that point.
Physical security remains one of the most
overlooked aspects of information security. It’s easy for a disgruntled
employee to steal or take data from a server or computer. And when you
decommission servers and workstations, be careful—those machines may still have
sensitive information on them if you don’t dispose of them correctly.
Make sure you:
People tend to check out your website
first when they want to learn more about your city—whether it’s exploring
tourist attractions, relocating their business, moving, or inquiring about city
services. Not only do people expect a modern website with fresh content but
they also expect it to be secure and safe. They trust you when they exchange
billing information or click on links. It doesn’t take much for a hacker to
defame a weakly secured website, steal people’s information, or shut that
To make sure your website is safe and
In part two, we’ll talk about some sample
policies that will help enforce and reinforce these best practices across your
Questions about the strength of your information security? Reach out to us today.
Cities face more
challenges than ever with video archiving. As an example, cities are capturing
greater amounts of squad car video and enormous amounts of body camera video
footage. Because of greater public safety scrutiny, more sophisticated body
camera technology, and new laws passed each year holding cities accountable for
retaining this footage, cities are understandably growing more worried and
concerned about their video archiving capabilities.
the dark side of these technology and legal requirements is that
budget-strapped cities struggle with video storage restrictions, costs, and
technology limitations. As a result, it’s tempting to take a shortcut with
video archiving or try to keep doing what you’re doing with aging, obsolete, or
post, we’ll look at seven reasons why you need to modernize the way you archive
your videos—before you run into critical operational or legal problems.
reach a point when your video archiving calms down and stays at the same level.
Your city will grow. You will add police officers. Better technology will help
you generate more footage. And think about it—your public safety department
never stops. You’ll never be able to pause or take a breath. Video constantly
comes in without pause. This situation will continually increase your video storage
needs over time.
Depending on your state,
you will need to legally retain body camera video footage consistent with a
specific law. That means you need a place to archive and retain it. Any risk of
data loss associated with body camera video footage may result in severe fines,
penalties, or lawsuits. Understand how long you need to keep specific footage
depending on the law’s requirements, and then use video archiving tools to help
you adhere to the law.
half the battle if you retain your video footage. After all, you can “retain” a
bunch of your belongings in a garage with no organization—and good luck finding
a power tool or a can of paint when you need it! But if you organize, label,
and structure the contents of your garage, you’ll be able to find and grab
something in seconds. A similar logic works with video archiving. Modern video
archiving tools help you organize your footage with the aim of making it easy
to find specific video when you need it.
paying a low cost for unlimited offsite video storage and retention? If you’re
constantly paying more money for additional storage or capping your total
amount of storage, then you need to look at more modern options immediately.
Storage costs have drastically decreased over the past few years. Yet, many
cities still shell out money for expensive storage because they use outdated
technology or haven’t challenged their existing vendor in a long time.
squad car and body camera video footage captures confidential, private, and
sensitive information, you need to secure the footage. No excuses. Old servers
or software may not have enough security precautions in place. Only authorized
users should access the data—and your IT staff or vendor should be able to
centrally manage this security. The information also needs to be physically
secure if stored on your premises.
with physical security above, you don’t want video footage stored in rooms that
are easy for anyone to access. Servers need to reside in rooms with proper storage
conditions such as air conditioning, ventilation, and a high standard of
cleanliness. If you feel unable to keep up such standards, then consider a data
center or cloud storage.
Data loss is
a nightmare—and even more so for video that includes squad car and body camera
footage. If uncertainty exists with your data backup, then take time to
evaluate your weaknesses. Ask yourself:
Cities—small or large—face a huge responsibility for their video. A
modern video archiving system that addresses all of the concerns above is
essential in order to apply record retention laws and compliance to video
footage. Otherwise, you’re risking data loss or theft that can lead to severe
legal repercussions. Thankfully, there is a low-cost video archiving option that
both modernizes your technology while addressing growing storage costs.
Questions about your video archiving? Reach out to us with any questions.
Each state law differs for body
camera records retention. Let’s take a quick look across some of the states we
Even as states continue to refine
video record retention laws as a result of greater public scrutiny, video data
storage growth will outpace policy changes. That means you need to be prepared. And that
preparation involves some technology investments and a few best practices.
You probably already know that
video files take up a lot of storage space. Well, multiply that storage space many
times over by each officer and each squad car day by day collecting new videos,
and you’ll understand how fast body camera video footage will quickly eat up
your available storage space. You don’t want to get caught running out of available
storage space on your servers, or having unexpected high charges and fees as
you need to procure more local storage devices (or increase hosted storage space).
Work with an IT vendor that offers
unlimited offsite video archiving to eliminate these worries for running out of
storage space and increased cost as your video grows. Plus, the video data is
stored offsite so that it’s retrievable in case of disaster.
Obviously, if you store body
camera footage then you also need to find specific footage when you need it.
Similar to how a document management system helps you label and organize
documents, good body camera software will help you label and organize videos
for later use. Sometimes you’ll need to sift through hours of footage, looking
only for an important few minutes. Make sure that your video software allows
you to quickly and efficiently search for and retrieve information.
You need to adhere to state laws
and city policies for video record retention schedules. Ensure that you’re compliant
for how long you are required to keep footage, dispose of it at the right time,
and follow proper procedures. If you don’t comply, then you could get into a
lot of legal trouble when footage is requested and you don’t have it.
Body cameras capture a lot of
footage that needs to remain secured. A hacker exposing video camera footage to
the public might be disastrous to the privacy of citizens—and you might get
held liable if you did not invest in strong security. Body camera footage works
just like any other city record and needs to be treated as such. Internally,
every city employee should not have access to the video footage or be able to
copy it onto something like a flash drive. Your city needs clear security
policies about authorized access to body camera video footage and an IT vendor
that understands how to manage that security.
Last but not least, it helps to
use modernized technology if you are going to operate body camera equipment and
software. Even if the body camera hardware and software is modern, it may not
work well (if at all) with aging servers, computers, or operating systems.
Also, if your networking equipment (such as routers or firewalls) are not up to
the task, then you could have usability or security issues. Because body camera
video footage may soon become mandatory, it helps to think about modernizing
your technology infrastructure so that you can handle the demands of storing
and accessing lots of video.
Wherever your city is located,
it’s best to start thinking about body camera technology. It’s already here and
will become a standard part of police department operations. If you already
have body cameras, then is your technology up to the task of using them? If
you’re thinking about getting body camera technology, then what other
technology do you need to make sure it works properly?
Questions about how your technology can handle the demands of body cameras? Reach out to us today.
or participate in a pickup game with friends? You play by your own set of
rules. The game might start and stop randomly. You might lose track of the score.
But if you watch a professional game right after your pickup game, you’ll
notice everything that was missing. The rules, the framework, the organization,
and the professional capabilities of the players. While there is room for spontaneity,
a professional game is sleek and efficient—run like a machine, overseen by
officials, and aligned to professional standards.
The same difference
exists between having and not having information systems management best
practices in place. You may have experienced organizations where the
information systems feel more like a pickup football game rather than a
professional football game. It’s only fun until something gets out of hand—and
it seems like something always gets out of hand.
disciplined information systems management to reduce risk, improve operations,
and even help comply with legislative audits such as those that occur in the state of
Arkansas. Here are some best practices that can get you there.
helps to understand the state of your information systems. What do you have?
How old is your hardware and applications? What’s the state of your information
security? Are you backing up your data? Use one of our risk assessments as a starting point and make sure you take a close look at your:
your risks, you can focus on your city’s biggest problems first.
It’s easy to
overlook. Cities may chug along managing their information systems without
asking some key questions about everyone’s roles and responsibilities. Who does
what? Who is responsible for information systems? Who has access to
information? Who is authorized to grant access? What outside vendors have
access to information?
At the very
least, create a list of people and vendors along with their roles and what they
do. For example, a small city may have a simple information systems org chart
that includes the city manager who makes business-related technology decisions,
a city clerk that works with the IT vendor to help them understand business
needs and requirements, and an outside IT vendor that monitors and maintains
all information systems on a day-to-day basis.
might contain some technical information that you need help drafting, your city
needs to have stakeholders create a policy and procedure manual for your
information systems. You will need to define and document important items such
As one of
the most important pieces of information systems management, your city needs a
plan for restoring data and systems in case of a server failure or a major
disaster. Some of the questions you need to address include:
training is important on many, many levels. First, empowering users with
knowledge about your city’s information systems helps with their proficiency and
productivity. If you’re investing in this technology, then training users
allows you to maximize your investment. But secondly, training users also helps
with lessening security risks. Many users may not be aware of the dangers of
malicious websites, email attachments, online quizzes, social media games, and
software that seems innocent. The more you teach users about the possibilities
of your information systems along with some of the security risks that exist,
your efforts will ripple positively across your organization.
city’s information systems like a professional football team, not a pickup game.
By following the five best practices above, you will build a great foundation
for your information systems, reduce risk, increase productivity, and comply
with important laws.
about your information systems management? Contact us today.
Obviously, your city must already
have some kind of records management in place. After all, it’s the law for
cities to keep records, respond to open records requests, and supply
information for audits and investigations. But many cities don’t have a records
management system in place beyond paper and cabinets, or they use a subpar
records management system that frustrates more than it helps.
While a city clerk might not be
able to change an existing records management system overnight, there are a
series of steps they can take to help them modernize and align their city with records
management best practices.
As a baseline, review your
state’s city clerk handbook (if it exists). If you cannot find an official
handbook, then contact your state’s city clerk’s association or municipal
league to see if any equivalent materials are available. Review any sections
related to records management to make sure that your city is—at a minimum—following
the law and any best practices that would be easy to implement. That includes:
In case of an open records
request, you need to provide any public information on demand. How easily can
you do it? Public information includes paper documents, electronic documents,
emails, and other computer-based information. Where is that information stored?
Is it in a cabinet or on a server where authorized personnel have access? Is it
only on one person’s computer? Do you even know? It’s good to make an
assessment of where all public information is located, note any unknowns, and identify
any challenges in case you need to access it.
If going through an open records
request is a time-consuming nightmare, then you need to consider a modern
document management system that helps you organize, access, and retrieve
documents in a more efficient way. Some things to consider include:
Consult with your state’s city
clerk association and municipal league to consider recommended document
management systems that shore up your weaknesses and modernize your technology.
To keep up on new laws, trends,
and best practices, consider receiving ongoing records management training. If
available, take basic courses that lead to certification. Then, take any
ongoing training classes and attend sessions at conferences. In some states,
you will be required as a city clerk to take some records management courses.
Other city clerks will have years
and even decades of experience with records management. Learn from them by
attending city clerk conferences and events. Network with city clerks and give
them a call with questions. In many cases, they will reinforce the points we’ve
made above and also help you dig into deeper detail about what works for them.
For additional information,
consider the following resources:
With software, cities feel that
they often face a dilemma. Standardized, out-of-the-box software lowers cost
but restricts customization. Customized software better meets the needs of
cities but may increase cost. What to do?
Let’s specifically look at
document management software as an example of resolving this dilemma. Luckily,
document management software has existed for a long time. That means it’s
matured over time and gives cities the best of both worlds—standardization and
customization. Sound too good to be true? Let’s look at both sides in more
Over the years, document
management system creators and practitioners have learned a lot about best
practices that apply to all organizations. These best practices get baked into
the software and you benefit from them without needing to customize. In fact,
many of these standardized benefits feature items you may not have thought to
include if you had created your own document management software
requirements—and they come right out of the box.
While standardized, document management
software also offers customized benefits that are relevant to cities.
With document management
software, you absolutely can have it both ways—customizing it for your city
while enjoying standardized benefits baked into the software. It helps to have
IT staff or a vendor work with you on the technical aspects to make sure that
you’re properly customizing your document management software in a way that
meets your needs and complies with the law.
Questions about document management software? Reach out to us today with questions.
likely have city employees who work at departmental sites that are separate
from your office building. At the very least, they check emails on their
smartphones. Are you finding it difficult to support employees who work across
separate sites? Could it be that your IT staff or vendor hasn’t kept up with
the pace of technology?
heads and staff at these remote sites grow frustrated because their technology
is essentially broken—and responses to technical issues are very slow. A modernized
helpdesk remains inexpensive and yet accommodates the needs of a remote site workforce.
If you’re evaluating whether or not your helpdesk meets these needs, then
consider the following areas where they must succeed.
time comes into play when supporting city workers. It’s not uncommon that staff
need help with their laptops, smartphones, and tablets before and after normal
workday hours. Also, servers may fail at two in the morning or a night shift
officer may need support when encountering an IT issue. An IT helpdesk can’t go
home at the end of a workday and return the next morning. They must remain
available to handle IT problems 24/7/365.
will need help with laptops, smartphones, tablets, printers, and other machines
spanning many devices and operating systems. An IT helpdesk cannot limit itself
to only a select few devices such as workstations in the office. A wide breadth
of knowledge and experience with both old and new devices, operating systems,
and applications is critical in supporting the needs of cities as technology
continues to rapidly change.
IT helpdesk helping remote employees must have security down to a science.
While serving remote sites, your helpdesk can help with making sure:
element of remote help is the use of remote helpdesk sessions. That’s when an
IT engineer will temporarily request access to your computer so that they can
help resolve a specific issue as if they were physically present. Whatever
software your helpdesk chooses with which to conduct remote helpdesk sessions
needs to be secure and non-intrusive so the user remains aware when support is
engaged. Remote sessions can even take place with smartphones and tablets.
taking a look through these four areas you realize that you’ve got some holes
in your IT helpdesk, then work with your IT staff or vendor to address these
gaps. Some of these elements may seem out of your reach or like overkill (such
as a 24/7/365 helpdesk), but they’re really not. IT helpdesks have evolved as
quickly as the technology you now hold in your hands. If you want to better
serve or enable your employees, then a modern IT helpdesk is a must.
Evaluating IT helpdesk options for your city? Reach out to us with any questions.
Many cities post minutes to their
websites. However, questions remain about how to best do it. Currently, there
are no specific laws that require cities to provide minutes on their website
(because all cities do not have websites). As a result, cities may not post minutes
to their website at all, they may post them irregularly, or they may post them
in ways that make it hard for citizens to find.
While not a legal requirement,
posting minutes to your city’s website is a helpful service to provide your
citizens. This activity hits upon many things that are important to cities and
citizens—government transparency, information sharing, and civic participation.
Plus, sharing minutes on your website gets your information out to the most
people in the quickest, most convenient fashion.
Use this checklist to see if
you’re posting your minutes properly and making them easy for citizens to find.
If you have a website, at least post
your approved minutes when they are ready. However, you also have the option to
post draft minutes before they are approved if you’d like to quickly share
information with citizens. Make sure you clearly indicate if you are posting
draft minutes versus approved minutes.
Similar to how you normally
distribute minutes, you can follow a similar process for your website. Either
post the draft minutes to your website (such as within two business days of the
meeting) or wait to post the approved minutes. Once posted, keep the minutes on
your website indefinitely—similar to how you keep them indefinitely in your
Unfortunately, it’s not uncommon
for a city to fail to keep minutes updated on their website. That can be
frustrating for citizens. Make the task of posting minutes to your website as
routine as your normal drafting and approving of your minutes as dictated by
law and ordinance.
To keep your minutes webpage
uncluttered and easy to use, consider at least showing links to:
By highlighting the current and
previous year on your minutes webpage, you make it easier for people to find
these most commonly searched for minutes. It is less likely that people will
search for old minutes, so you can create a link to an archived minutes page for
that purpose. Many cities also just put up links on their minutes webpage for each
year, which is also fine—as long as the current and previous year’s minutes are
prominent and easy to find.
Your city website likely has
navigation links at the top of each page that never change—such as Home, Government,
Departments, Business, Community. etc. Make sure that people can easily find minutes
through these links. For example, there may be a link right on the Home page
for Agendas and Minutes. Or, there may possibly be a link under Government to the
City Council page where the Agendas and Minutes link could be found. Either would
be easy to find.
On the other hand, if a person
can’t find an easy path to your minutes then you are making them hard to locate.
Grab three or four people who don’t know your website well and ask them to try
finding your minutes. If they’re all having trouble, then consider rearranging
how you get people to this information on your website.
When people look for specific
minutes, they will look for the year, month, and day. Label files with that
information so that filenames communicate what the document actually contains.
Also, minutes need to be presented in an unaltered, official, and final form. A
PDF is usually the best publishing format for this requirement. Publishing a
PDF is the best way to ensure that you are offering the official, final
version and it's also the most convenient type of file for people to download and print. A
PDF is a universal file format that works on any computer and it's usually preferred
by city clerks.
Overall, publishing minutes to
your website is one of the services you can provide your citizens who primarily
access information through the internet. When doing so, it’s best to follow
your current laws and ordinances, make it easy for people to find minutes, and
provide the files in the most convenient format. If you follow the tips above,
then you’re scoring some major service and transparency points with your
Questions about posting minutes to your website? Reach out to us today.
As we talk to cities at various
events and conferences, we sometimes hear that they don’t have a centralized
place to access shared files—such as a server or a location in the cloud. That
means cities may still store important files on individual desktop computers. Let’s take a step back and look at
three major risks in such a situation.
Storing important files on a
single computer means that if something happens to that computer then you will
lose all of your files. You may occasionally back up files on an external hard
drive or flash drive, but relying on a manual process that can be skipped or
performed incorrectly is a risk—especially because you may not regularly test those backups.
Plus, you’re also relying on a single person’s computer—and that single person
may accidentally or purposely delete files without you ever knowing they’re
gone. No matter how much you trust that person, they may act as the sole owner
of those files—not your city.
A single computer isn’t
guaranteed to make sure your files are consistently secured against threats.
Employee error (such as clicking on a malicious website link or email
attachment) is one of the most common sources of viruses and malware which
opens your city up to hackers. With that kind of security hole, a hacker may
steal your information or prevent you from accessing your files. Weak or irregularly
updated antivirus and antimalware software on a single person’s desktop computer
just isn’t enough to adequately protect important city information. No matter
how well-intentioned, a single user presents too many security risks if files are
primarily stored on their personal desktop computer.
City employees shouldn’t have to
rely on one person to give them access to important city files. What if that
person is sick or on vacation? What if they get fired or leave their job? Any
user who has been granted authorized access to important files should be able
to access them in a centralized, neutral location. A single user also has the
potential to be arbitrary, whimsical, unavailable, or difficult about giving
access to important files—which can be a hindrance to productivity, operations,
or answering open records requests.
So, what should you do instead of
storing files on a personal desktop computer?
No matter how small your city,
you still need to create a place where electronic files are centrally
maintained and secured—and where users with authorized access can find these
files. Some options (depending on your budget and technology limitations)
If you still want to store files
on a computer, then a newer computer will generally offer a lot of room. But
that’s still not wise—no matter how much space that
computer offers. What’s more important is where the files are located,
protecting the files from data loss, and securing who has access to the files.
Limiting file access to a single person’s desktop computer is just way too
risky for a city.
file storage? Reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.