Many cities—especially smaller
cities—often ask us if they need to “go digital.” By that, they’re usually
asking if they should transition their information from paper to electronic,
start centrally storing and managing electronic information in the cloud, and modernize
their technology to help with accessing that information such as upgrading
their email system, document management system, or website.
These are good questions for
smaller cities. After all, they have minimal staff who are strapped for time
and working with limited budgets. If going digital is a convenience, then
smaller cities could probably push it off to the side.
However, it’s clear that going
digital is a necessity. And not going digital leads to a variety of critical
problems. Think of it like carrying insurance. You don’t think about your
insurance a lot during your day-to-day work, but it’s there when a disaster
hits. Let’s look at some critical areas where “going digital” is a necessity.
With paper, it’s very difficult to
assure yourself that your information will survive a fire, a flood, or a
tornado. We’ve even encountered situations where paper with valuable
information has aged so much that it starts to crumble or termites have gotten
at it. All it takes is one incident like a fire and your valuable city
information is destroyed.
By scanning your paper
information and turning it into electronic information, you are able to protect
it from disaster. With offsite data backup, you can store that information in a
data center far from your city and know that you will be able to access that
information even after the worst disaster.
simply, it’s easier to find electronic information. Once you are digital, you
can find important documents and information in seconds rather than spending
lots of time sifting through paper records. Modern document management systems
help you label and organize documents so that they are easy to find. Similar to
how you search for things on Google, you can search for documents and
information in the same way. This capability helps with compliance (see below)
and also makes your time-strapped staff much happier when they can find
portability, we mean the ability to share information with others. It’s fairly
standard today for many government entities and businesses to share and receive
digital information. In fact, you may even find that electronic sharing and
retrieval of information is required by some entities. Even if it’s not
required, it’s way more convenient to citizens, businesses, and government
entities to offer electronic information. Whether you post information directly
to your website, offer it on a PDF, or have it stored electronically at your
city in a document management system, you can easily send and share information
with authorized people when it’s in electronic form.
overlooked, going digital helps with security. Sure, with paper you can lock
rooms and prohibit physical access to file cabinets. But it’s not uncommon that
access to city assets can be easily—in fact, very easily—obtained on-site. When
your information is digital, your IT staff or vendor can make sure it’s only accessible
to authorized people.
Open records laws, regulations,
and policies evolve each year so that expectations related to information
access, retrieval, and security continue to grow. With paper, you risk slowly responding
to open records requests. You may also have the opposite problem of not purging
documents on a regular schedule. As a result, you might store decades-old
documents that you’re not legally required to keep.
Going digital better equips you to
respond to open records requests in a timely fashion, set up automated
processes that ensure you’re following record retention schedules, purge
documents that you legally no longer need, and back up data in case of
Going digital strikes at the
heart of many necessities around information today—security, compliance,
backup, and ease of access. So even if you’re a smaller city, you need to
consider digitizing any information you have that currently resides on paper
along with modernizing your technology enough to be able to easily access and
share that information.
Questions about going digital? Reach out to us with any questions.
You spoke. We listened. Over the past year, cities have told us that
their requirements for data backup and video archiving grow more and more
immense. For example, the requirement for many cities to capture, record, and
store body camera video has drastically increased the amount of storage space
they need. In fact, some cities (such as in Georgia after a new law passed in 2016) must store that information or face legal
penalties. Also, cities (such as those in Arkansas) are feeling more pressure
from state legislatures about strictly adhering to laws and best practices related
Overall, there’s just too much at risk today to neglect a city’s
electronic storage capabilities and underlying information security. Here are
some new features of IT in a Box that help address these concerns:
We already provide cities with onsite data backup storage for quick
data recovery and unlimited offsite data backup storage for disaster recovery.
That now includes storing and archiving all versions of your important files,
documents, and data. Archiving is the long-term storage and indefinite
retention of your backed up data. This archived information is always
accessible in case you need it (such as for an open records request).
Cities tell us that body camera and squad car video
storage costs are a big concern for them—and storage needs for video data will
only continue to grow at an increasingly rapid pace. IT in a Box saves cities
money with our unlimited offsite video storage and retention. That means:
To best protect against cyberattacks, our IT in a Box staff will help
you adopt policies and best practices to educate staff and make sure your
technology helps you comply with state law. In addition to staff training, we
shore up any security holes by securing, documenting, regularly testing, and
proactively managing all of your technology including:
For Arkansas specifically, we help cities become compliant with the
state’s Legislative Audit.
about these new services? Reach out to us with questions.
Learn more about IT in a Box.
gave a presentation at the 2016 Arkansas Municipal League Annual Convention
about cyberthreats. As part of a three-hour training session entitled “Working
in a Social World” that featured Arkansas cities (including Gravette,
Fayetteville, and Mayflower) sharing various social media successes, I ended the session with some
caution about cyberthreats. Cyberthreats threaten the technology that underpins
many of these social media successes—and my observations were tailored to
complement the overall discussion.
Overall, I addressed how to protect cities from cyberthreats. A
cyberattack does more than just shut down a city’s IT operations. Today, we see
incidents where hackers and some “hacktivists” hold a city’s information for
ransom. These attacks can be very dangerous to cities and need fending off.
Check out my entire presentation here. In it, you’ll read in more detail about:
Based on real cities, I provide examples that accurately represent what
we often see at cities. Cyberattacks are costly, destructive, and embarrassing
When you subscribe to IT in a Box:
Questions about your ability to fend off cyberthreats? Reach out to us today.
attempted a $90,000 transaction from my machine. What do I do?
sink in. As the finance officer, city clerk, treasurer, or city manager, how
would you feel? What would you do? How did it happen? Where would you look?
person, externally or even internally, attempts to steal money or data from a
city, investigators will start looking for information to help them find the
culprit. So, what information will lead them to finding the person who
committed the crime?
your city may not have the right policies in place to not only prevent
unauthorized access to information but also to track who accesses it, what’s
accessed, and when it’s accessed. That leaves your city with security holes
that open you up to hacking, theft, and even fraud.
What can you
do as a city to make sure only authorized users have access to sensitive
information? Look carefully at the following areas.
with making sure your systems and software allow you to set different levels of
permission for different users. For example, some users may not need access to
payroll information. Modern technology systems allow for granular user
permissions within servers, websites, and applications. If you don’t set these
permissions appropriately, you risk users looking at information that they
should not access—and they may possibly misuse, change, or delete that
information. Users should only be able to access information relevant to their
overlooked, it’s important for cities to physically secure important technology
like servers. An unauthorized person should not have physical access to your
servers or be able to walk into your server room as if it’s the breakroom. All
it takes is one disgruntled employee to steal information or damage your computer
equipment and hardware (which may lead to permanent data loss). Secure rooms
with servers so that only authorized employees can access them. Require use of
a key fob or similar security checkpoint.
to physical access, wireless access is another common security hole. Cities are
at risk when they leave wireless access open and unencrypted, or if they use
weak or well-known default administrative passwords for securing wireless
devices. Hackers can easily hop onto your network through these access points
and begin sniffing around your most sensitive information right from the parking
lot. You need to keep your wireless access password protected with a strong
password, encrypted, and limited to authorized users.
employees sometimes need access to a city application through a secure remote
connection to a server. But it needs to be logged and tracked. Too many cities
don’t track and monitor who logs on and when they log on. This creates security
problems. If you don’t know the identity of someone logging in, or even that
they’re logging in at all, then how do you know that it’s an authorized user?
By tracking remote access, you make sure that only authorized users are
accessing your servers and applications.
authorization vulnerabilities that cities face are not just addressed by technology.
They begin to get addressed by setting policy. Cities need to set the right
policies and work with their technology staff and vendors to implement
training, processes, and technology to meet these policies. If your current
technology systems cannot handle these demands, you may need to modernize your
technology in order to accommodate current security requirements and best
practices for government data.
Questions about how to begin addressing these gaps? Reach out to us to further discuss these areas.
you get in one morning to work and you’re checking your billing records in a
city database. You discover that three important billing records are missing.
Gone. No one is supposed to delete those records. You have a serious situation
on your hands. Was it an accident? A data breach? You need to figure that out.
So, what do
you do next?
One of your
next steps is for your IT staff or vendor to check the logs. What are the logs?
Let’s learn a bit of Logging 101 and then look at some critical problems a city
can have by neglecting proper logging practices.
a lot of the technical aspects of logging and just focus on the important
business aspects for your city. First, logging has two primary purposes.
staff and vendor depend heavily on logging for information to diagnose
technical issues. That’s why you might hear an IT engineer say, “Let me look at
the logs” when a problem is reported. Those logs often provide clues to the
root of a problem.
logging for most systems requires some technical background. The detail level
can vary. For example, some systems log a literal play-by-play of every little
thing that goes on. It can track that John Doe opened an application, entered
his password successfully, successfully launched the application, accessed a
specific module in the application, etc. Others provide more basic information
such as that John Doe opened the application, closed the application, etc.
look at two problems related to logging that may lead to critical security problems.
back to our example in the introduction. Let’s say you call in an IT vendor to
investigate and they report to you that there have actually been 42
unauthorized billing record deletions over the past six months.
you’ve got yourself a problem. The unauthorized deletions are a data breach—whether
or not it’s an internal employee making mistakes or an outside hacker doing it
on purpose. More importantly, it’s clear that your city hasn’t had someone
overseeing the logs. You’re capturing important security information but you’re
not reviewing it.
returning to our example in the introduction, let’s imagine you don’t have
logging enabled. That means you have little to no information about who may
have deleted those billing records—and when. It’s like having a bank without
security cameras or a court proceeding without recording or transcribing it. If
something goes wrong, you can’t go back and figure out what happened.
IT staff or vendor will need to use logging for technical diagnostics, they
should also reassure you that logging is enabled to:
you simply lack important information that helps you diagnose and get to the
bottom of data breaches and other security issues.
Questions about your logging and information security? Reach out to us.
Even if it’s
not yet law to audit data backups at your city, you will sooner or later be
held more accountable. It’s inevitable. Cities increasingly store critical,
essential, and sensitive electronic information, and so expectations about the
quality of data backup will only grow. In fact, some states already require
local governments to demonstrate proof of rigorous data backup for critical
and/or specific kinds of information.
Law or not,
it’s beneficial in every way for you to make sure your data backup is
comprehensive and stands up to an audit. What do you need to keep in mind to
shore up data backup gaps? Here are five critical areas.
still don’t properly store data backup offsite. They may think that an
“offsite” location such as an employee’s house, another city building, or a
data center several blocks up the street will suffice. But full disaster
recovery means you need to account for disasters that can threaten your entire locale
such as a hurricane, tornado, or flooding. As a result, you need to consider
offsite locations far away from your city. For example, some cities store data
offsite both in East Coast and West Coast data centers.
IT staff or vendor can help with planning, a majority of your plan will rely on
city policies and needs rather than technology decisions. For example:
to these questions will influence how you approach your data backup strategy.
Why do so
many cities fail at their data backup? It’s not because they don’t have any
data backup in place. It’s because they don’t test it. Testing is an absolutely
crucial step to make sure that your data backup works. By testing at least once
per quarter, you will identify major problems (such as failures to restore data)
and minor problems (such as a backup missing certain kinds of data).
recovery addresses information essential to running your city. You need to
clearly identify the data and information that you can’t live without. That
way, after a disaster hits you can focus on the most essential operations first
to get them up and running. If you don’t identity this data, your recovery may
be slowed as information gets restored that isn’t helpful or crucial to city
want your city to remain operational through any technology incidents or
disasters. In case things go wrong, you want to think through situations
ranging from a server failing to how teams may work remotely after a disaster
hits city hall. It also helps to make sure you have IT staff or a vendor with
multiple engineers at your disposal who can recover your city’s data in case
your primary IT point of contact is incapacitated for some reason.
you want to make sure you recover your most critical data as quickly as possible
after a disaster and remain operational. Remember, your citizens will rely on
you even more heavily during a disaster. You need to make sure you’ve got the
data to help them.
Questions about your data backup? Can you recover your critical data after a disaster? Reach out to us today to chat about your data backup and disaster recovery.
In last week’s blog post, we discussed
five benefits related to VoIP. But let’s say you’re already sold on switching
over from your existing landline system. You might wonder, “What do I need to
While VoIP technology ultimately lowers
costs and increases the amount of your features and flexibility, you might face
an uphill battle depending on the current state of your technology.
To see if you’re ready for VoIP, let’s take
a look at three key areas that you may need to modernize.
The most important technology for ensuring
that VoIP works similarly to your landline is your Internet service. You need
good, reliable, high speed Internet in order to take advantage of
data-intensive VoIP services. Remember, VoIP uses an Internet connection to
transmit data—so it needs to be fast and reliable.
Here’s a quick reality check for your
city depending on what type of Internet service you have now.
You need to take a look at the age and
quality of your data network infrastructure such as your switches, firewalls,
routers, cables, and related hardware and software. Basically, these technologies
are like the highway and gatekeeper for all of your Internet data—making sure
it moves through quickly and yet keeps out any unauthorized intruders.
When we tell cities that they need to
update data network infrastructure before switching over to VoIP, it can seem
like a “gotcha” moment. However, you need the right data network infrastructure
to handle the VoIP data that will be routed to your employees’ computers, headsets,
and phones. Without new or modern data network infrastructure, you risk garbled
phone conversations and dropped calls—just as if you had a bad Internet
will reduce hardware and maintenance time. But you still need seasoned IT
professionals to help support your VoIP system. First, the switchover project
will involve a lot of complexity. Especially if you need to modernize your
Internet service and data network infrastructure, then you’ll need experienced
engineers helping you through this transition. Second, after you’re
transitioned over these IT professionals will need to handle VoIP issues and
problems just like any technology you use. If there are issues with your
Internet, data network infrastructure, or users making calls, then you need
responsive IT support to ensure that problems are dealt with quickly.
the move to a VoIP phone system is usually worthwhile (and in time will pretty
much become the norm as traditional landlines fade away), it’s still a monster
of a project. The technology upgrades, implementation of the VoIP system, and
user adjustment involves a lot of moving parts and pieces. But remember, the
benefits are powerful—and the investment definitely is worth it.
switching over to VoIP? Reach out to us today with any questions.
You may have
heard of VoIP and perhaps even already use it. It’s an abbreviation for Voice
over Internet Protocol (VoIP). That’s a fancy way of saying that you make phone
calls over a data network—usually the same connection that gives you Internet
access. So why has VoIP become the predominant technology used for business
revolution started because data networks (such as fiber) have a much higher
capacity to handle data and a greater flexibility to add phone lines and
features when compared to traditional phone infrastructure (such as copper).
should a city choose to move to a VoIP system after using a reliable traditional
landline system for so long? It’s because VoIP isn’t just a nice-to-have
anymore. Instead, this service brings clear bottom line benefits to your city.
landlines may be historically reliable, but they are becoming quite expensive.
First, just the monthly cost of a traditional landline tends to be higher than
a VoIP system. But traditional landlines also saddle you with extra costs when
adding lines, adding features, and maintaining PBX hardware. And as time
progresses, it is going to become increasingly difficult to find support and
replacement equipment for traditional phone systems as they become more
obsolete. Across the board, your VoIP costs are lower. That means lower monthly
costs and no maintenance costs if your VoIP service is hosted in the cloud—and no
long distance charges!
features are one of the biggest pains of traditional landlines. Depending on
what you want, extra features often cost way too much money or they just aren’t
available. With nearly every VoIP system, you get a plentiful variety of handy
features such as call transferring, call forwarding, conference calling,
voicemail-to-email, and softphone capability (meaning you can make phone calls
over your computer like Skype)—all included for no extra cost.
need absolute control over your phone system, there’s no reason to host your
VoIP system onsite. That means it will be hosted in the cloud. Sure, you’ll
still need to buy some handsets. Otherwise, you’re hardware free—no servers or
PBX systems onsite. No more worry about maintaining phone-related hardware.
Think of this technology like an app on your phone. It’s all just data.
One of the
biggest complaints about traditional landline phone systems is the difficulty
of adding new users or a new line. It usually requires someone from the phone
company to arrive onsite and configure your system, leading to more cost and
time wasted while you wait. With VoIP systems, adding new users and lines is as
simple as a click of a mouse. That means you can add users and new lines in
minutes or even seconds.
landlines are isolated in one spot—your handset at your desk. A VoIP phone
system (remember, it’s just data) can follow you wherever you go. For example,
you can install an app on your personal smartphone that acts as a secure
extension of your work phone. Or you can use your computer to make a call. You
can even use any handset in your office as if it’s your business phone. This
aspect of VoIP is especially convenient when you need to make and take calls
while you’re away from your desk or even away from the office.
sold on these benefits, then how do you switch over from a traditional landline
to VoIP? Is it easy or difficult? We’ll talk about moving to VoIP in next
week’s blog post and discuss what you need to have in place.
about your phone system? Contemplating making the switch? Reach out to us today.
A few months
ago, the media was abuzz with reports about Microsoft forcing people to upgrade to Windows 10. If you either read some of these articles or even
experienced Windows 10 upgrade notifications popping up more and more on your
computer, you may be confused and a little frustrated. That’s understandable,
especially when something seems forced upon you.
mean you must upgrade? What should you do? Here are a few tips for cities about
how to handle what may seem like an intrusive Windows 10 upgrade.
This may seem like an odd first tip.
However, it shouldn’t be left up to non-technical employees what to download
and install on their computers at a city. Employees are not IT experts, and it
can be hard to figure out if software updates are going to cause harm to a
computer. IT professionals need to control what software and updates get
installed so that no harm comes to any computer.
One major reason you need IT professionals to decide
whether you should upgrade or not is because of software compatibility. For example,
you don’t want to upgrade to Windows 10 and then find out your accounting
software doesn’t work properly. And when you call that software vendor, they
might not be able to help you because they aren’t supporting their products on
Windows 10 yet.
non-technical employees or inexperienced IT staff attempt an upgrade but mess
it up somehow, then you are at risk for losing data during the upgrade process.
An experienced IT professional will ensure that your data is properly backed
up—onsite and offsite—to ensure that you can make a full data recovery if
something goes wrong with a Windows 10 upgrade.
say some employees want to upgrade to Windows 10. However, anyone with very old
computers (especially over five years old) may not be able to upgrade because
they don’t have enough memory or processor speed. Dated systems (such as those
found on older computers) no longer supported by a vendor are always a risk.
Users may need a little time to
adjust to the new Windows 10 interface and settings. While many things will
look and work like past versions of Windows, some of the differences may lead
to a rough adjustment period. You may want to build in time for a short
training session to go over the key differences with employees. In addition,
anticipate that users may have questions about the new features, settings, and
look and feel.
It’s fine if
a city is interested in upgrading to Windows 10, but prepare for it first
because your software vendors may tell you it’s an upgrade at your own risk. Your
line of business applications may not yet provide support for Windows 10. Like
any major operating system upgrade, a variety of unexpected problems can occur
that cause a lot of havoc. Windows 10 is getting a better reputation the longer
it’s around, but it’s still a good idea for IT professionals to manage any
installation and make sure you’re not breaking software or losing data.
Do you have additional questions about Windows 10? Reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.