CitySmart Blog

Tuesday, October 22, 2013
Brian Ocfemia, Technical Account Manager

Mobile devices that work like computers. Software accessed from clouds. Servers disappearing because they’re no longer needed. Technology seems to have gone through another revolution in the past few years, and it’s understandable if the speed of technology has passed you by to some degree.

For many cities that are focused on budgets, operations, and citizen services, it’s easy to still think of technology as it was 5 or even 10 years ago. But while you might feel behind, you actually have a great opportunity to reevaulate your technology, save money, and improve the quality of your services without too much disruption to your city.

As we help cities modernize their technology, we often address the following areas where the old way of doing things is bloated and wasteful today.

  1. Labor. While we don’t encourage laying off IT labor arbitrarily, we do recommend taking a look at what kinds of work any IT employees, contractors, or vendors are doing for you. We find a lot of wasted time and money when IT labor is essentially in reactive or tactical maintenance mode, basically working as glorified IT repair people. Cities need to use technology to help a city achieve its vision, and that takes strategy and planning. Plus, many IT functions have become much more automated and easier to maintain with less people. If you’re not thinking “strategy” when you think technology, then you probably need to take a look at your IT labor.
  2. Contracts. In the old days, technology vendors often locked you into long-term contracts. That made sense because the hardware and software investments were significant. If cities were going to use a particular technology, then it made sense to use it for the long haul. (Vendors, of course, liked this arrangement too!) But now that hardware is needed less and less onsite, and software increasingly is accessed through the cloud (which reduces the cost of implementation), contracts have become shorter—and more like turning on a utility. Any long-term contract is fair game as a place to cut costs.
  3. Hardware. Because so many services can be accessed over the cloud through the Internet, it’s less and less sensible to purchase expensive hardware that you keep onsite. And the modern hardware that you may still need is much more robust and efficient in terms of memory, speed, and storage capability. Any city that still owns and maintains a lot of hardware may be able to reduce the number of machines and simplify their IT environment.
  4. Data centers. Data centers haven’t gone away. It’s just that data centers have gotten so good at the cloud level that it’s only for special reasons that you would need your own data center (or the use of a smaller IT vendor’s data center). An onsite or smaller IT vendor’s data center used to make sense in situations when you still operated on the model of owning and maintaining your own servers for a variety of software and services. Cloud data centers not only work on a scale that blows away the old concept of a data center, but they remove the technology from your care so that you no longer even worry about maintaining your own machines. That means no more expensive monthly hosting costs or onsite maintenance costs.
  5. Software licenses. Software used to be a giant hassle—expensive upfront costs, paying for servers to host the software, the logistics of installation, and ongoing upgrades and maintenance. That meant expensive software licenses to cover all of these costs. Now, so much software is now accessible through the cloud like a subscription. You turn it on and pay a monthly per user fee. That’s it. If you’re still paying expensive annual licenses for most of your software, then you need to reevaluate your current software as soon as possible.

Many cities that we’ve helped tend to have this kind of unintentional bloat from not realizing that technology has evolved rather quickly in just a few short years. But those same cities are happy because we find opportunity to cut the bloat, reduce costs, and increase the quality of a city’s information technology. If you haven’t taken a deep dive into your technology in a while, we encourage you to start with these five areas.

To talk more about simplifying your technology, please contact us.

Thursday, October 17, 2013
John Miller, Senior Consultant

Sometimes, organizations using consumer cloud software that stores files will think that same software is sufficient for data backup. But a recent article from Business Insider suggests otherwise. The article explains how a professor used Dropbox not only to collaborate with other people but also as a “backup solution.” One day, 200 files and 3,000 pictures were missing, along with a project where the files were only stored on Dropbox.

But what makes the story interesting to the layperson is that these files also disappeared from computers and an external hard drive where the professor thought she was backing up these files. The blame game then ensued. Were the files deleted? Hacked? Is it Dropbox’s fault?

Dropbox’s quote for the article is important for understanding how something like this can happen:

"We can say with confidence that this situation did not stem from any Dropbox issues. Dropbox users can choose to have files synced across their machines. In that case, all changes made on local machines, including deletions, are synced."
So what’s going on here? It’s actually quite simple.

Storing Files in the Cloud Does Not Mean Backing Up Files in the Cloud

The mistake that this professor—and many other users—make is equating file storage with file backup. On the surface, this situation looks like a backup issue. But when you sync files across computers, external hard drives, or mobile devices, you’re not really backing up those files. It’s just another storage and access point. If the files are synced, then deleting a file from one place will delete them in all places.

Ironically, the software worked exactly like it was supposed to work. While the professor synced files across multiple computers and devices, her crucial mistake was confusing storage and access with true data backup. To be fair, consumer cloud solution providers usually don’t go out of their way to tell people this. Such a message doesn’t help with their marketing, yet that absence of consumer information can mislead people as to the extent of how secure their files really are.

Bottom line: The sync feature becomes a gaping security hole in using consumer cloud solutions for data backup.

Now, How to Make Sure You’re Actually Backing Up Your Cloud Files

So, we’ve identified a common IT amateur flaw: using the same storage service for both data backup and collaboration. In the professor’s case, think about what can happen. You’re giving file access to your colleagues and students. One of them accidentally deletes a file. That deletion syncs to all computers and devices. And the more people who collaborate, the more the risk of accidental deletion increases.

The key is to clearly separate your collaboration space and the place where you store your backups. With collaboration, you often can handle that yourself—sharing a username and password, giving people access to documents, and providing the ability to make edits and upload files. But your data backups should be secured in an entirely different way. Only an authorized person should have the username and password to any backups. That way, if someone accidentally or maliciously deletes files, they can’t touch your backup location.

Now let’s look at how to separate data backup from collaboration.

Five Quick Tips to Avoid The Professor’s Fate

Although the professor did restore her files by a stroke of luck, you may not be so lucky. We have four important tips that will help you avoid such a situation.

  1. Use professional enterprise backup. Consumer-grade data backup or storage has severe setup and configuration limitations for businesses. With such important information that needs protecting, you don’t want to settle for the limitations of a free or low-cost consumer solution. Enterprise solutions have better management tools and options for customized backup.
  2. Have an IT professional set up your data backup. Mistakes happen, as the professor found out, if you do it yourself. There are usually technical data backup best practices that you will overlook, so let a IT professional guide you through the process of setting up your data backup.
  3. Work and collaborate in one cloud location. Use one cloud storage location to access, share, upload, download, and collaborate on files and documents. Here, users can have access and make changes without worrying about hurting anything.
  4. Back up to a different cloud location. Use another cloud storage location for data backup only. Set a backup schedule that makes sense (you can usually set it up to back up every few minutes or even a few seconds), but make sure you keep backups separate from the place where users access files. That way, if someone deletes a file, the backed up file will be untouched. Have an IT professional confirm you are truly backing up (and not simply syncing) files to this separate location.
  5. Test your backup. To know if your data backup is working, make sure it’s professionally tested at least once a quarter. This will ensure that there are no syncing issues and that your data backup will actually work in case of a disaster.

To talk more about data backup, please contact us.

Tuesday, October 15, 2013
Clint Nelms, COO

When you’re cleaning up your office or your house, you must make decisions related to the stuff you own. What do I throw out? What do I keep? How long do I keep it? Where do I store it? You might think about the rooms where you’ll store your stuff, or decide if you need the capacity of an additional storage location.

A new document management system forces you to make the same kinds of decisions. Often, cities are faced with process decisions that they’ve never made before about what they define as critically important documents, what they are required by law to keep, and when they can get rid of documents.

In this post, we discuss some of the main issues you will need to deal with concerning the storing and archiving of your documents when implementing a new document management system.

  1. Information prioritization. First, it’s good to examine your documents on a high level and ask yourself, “What is my most important information?” You’ll find that there is some information that you’re required to store and archive for compliance, open records requests, and other legal reasons. Other information will simply be critically important to the strategic operations of your city. By identifying what’s most important, you’ll also discover less important information that you can eliminate or only keep temporarily.
  2. Information format. Your documents will be in a variety of file formats, some of which will take up a lot of storage space. That’s why it’s good to know what’s important and not important. For example, a large amount of storage space is critical for police videos related to investigations, but would not be as important for hundreds of photos of a picnic event from 10 years ago. Files such as videos, audio files, and photos will require more storage space than Microsoft Word documents or PDFs. You also need to account for any paper documents that need to be scanned and placed in your new document management system.
  3. Information organization. Basically, you’ll find that your documents fall into three categories:
    • Non-electronic: These would include paper documents, photographs, VHS tapes, or other non-electronic documents that you need to have in your document management system. That means you need tools to help you convert these into electronic files such as scanners or VHS-to-DVD converters.
    • Unorganized electronic information: This would include emails, documents scattered across various people’s desktop computers, or files stored across different servers that are not organized or labeled with any information to help people find them in a centralized place.
    • Organized electronic information: This includes documents that are already organized and labeled in a centralized place where people can search for them and easily identify what they are. For example, a document might be found in a clearly labeled folder and tagged with searchable information that identifies the author, title of the document, and date published.
    By assessing how your documents are currently organized, you will get a sense of how much work is needed when you upload them into your new document management system. The more organized your documents, the easier it will be for people to find that information. (Read our post about adding metadata for a more in-depth look about adding structure to your documents.)
  4. Information location. At this point, you’re looking at the best options for storing your data. The most cost-effective and scalable solution tends to be cloud storage. We’ve constructed solutions where cities pay a low monthly fee for unlimited data storage, which can help take away the worries of running out of space. That doesn’t mean you should use that unlimited storage space as a dumping ground for all of your information. The best practices listed above are still applicable, or you won’t be able to find and use your information effectively. Another option (especially for extremely sensitive information) is to store your information on onsite servers that you or a vendor help manage and maintain. If this is the case, then you need to worry about storage space—especially when the amount of your information grows over time.
  5. Information disposal. You should not intend to keep all of your information forever. By deciding what’s trash, what’s only kept temporarily, and what information can be retired after a certain period (e.g. seven years), you can keep your storage space down to a minimum and your information as uncluttered as possible. While sometimes cities may need to be warned about deleting information too early, we usually find the opposite problem—cities keeping too much information. They are often surprised to find that even the law doesn’t require them to keep information for decades. Work to set up an archiving and disposal schedule that makes sense for each type of document.

While tackling the problem of document storage and archiving can be a difficult task at first, the efforts you take—even if they are minimal and high level at first—will be well worth it. Ultimately, you want to make sure your documents are stored in a centralized place, archived as needed, and disposed of when they are no longer needed. That way, your employees will be able to find relevant information easily and you’ll be prepared for open records requests, compliance requirements, and other situations where ready access to your documents is important.

To discuss document storage and archiving in more detail, please contact us.

Thursday, October 10, 2013
Alicia Klemola, Account Manager

In a recent article from CIO Magazine entitled “7 IT Mistakes That Will Get You Fired,” two of those mistakes (#1 “Slacking on backup” and #6 “Unmitigated disaster) have their roots in failing to test an organization’s data backup. It still saddens us to hear so many stories of data loss—even at the highest levels of government—where the IT team simply did not test their data backup.

Why do so many cities and other organizations not test their data backup? Usually, there is an assumption that “it’s technology, so it must be working.” But even the most reliable technologies can fail to work, experience data corruption, or even fail from human negligence. Not testing data backup means opening yourself up to huge amounts of risk—and usually when you realize that your data backup actually doesn’t work, it’s already too late.

We mention data backup testing throughout many of our blog posts and bring it up at many meetings with cities. Since it’s so important, we’re delving a bit deeper into the topic and outlining the most important aspects of testing your data backup.

  1. Test your data backup as soon as possible. If you haven’t ever tested your data backup, or haven’t tested it in a long time, test it as soon as you can. You want to find out immediately if you have any existing problems. Are there certain kinds of data failing to get backed up? Are there parts of a manual data backup process that haven’t been getting done? At this point, you want to uncover all issues and take a good honest look at your data backup strengths and weaknesses.
  2. Simulate a full disaster. Don’t do a limited or weak test, such as checking to see if files seem to be replicated on your data backup server or only checking your accounting files and thinking everything else must be fine. Pretend the worst disaster has happened and city hall is wiped out. Can you recover everything? Does your recovery process actually work? Remember, you’re performing data backup to recover from disaster—so you must replicate a disaster when you test.
  3. Ensure that your most important data can be recovered. Some files are more important than others. If you are concerned about payroll, accounting, financial databases, public safety data, court data, and other mission critical information, double check to make sure all departments feel confident that their most important data can be recovered in case of disaster. Sometimes, it’s easy for one IT person or vendor to look at the data and assume it’s all backed up, but it helps to check with actual city stakeholders to make sure all of their data is accounted for.
  4. Dig deep during a test. Your IT staff or vendor needs to really dig deep during a data backup test. Data backup isn’t just about files and folders. Testing should include important databases, software code, event logs, and other technical yet important data that needs to be up and running after a disaster. Often, we’ve seen limited data backup at cities fail to account for the complexities of databases, leading to significant problems when trying to restore them.
  5. Set a testing schedule. Once you perform a full disaster simulation and know you can recover your data, then you need to set up a regular testing schedule. We usually recommend testing at least once per quarter, although you may want to do it more if you have particularly sensitive data. A testing schedule should be accompanied by auditing documentation so that you can demonstrate even to non-technical decision makers that your data backups are working.

Like the CIO article suggests, you don’t want to get caught in a situation where a disaster actually strikes and you find your most important data gone forever. It happens, and the consequences are often ugly—firings, public embarrassment, critical hits to business operations, and wasted money. Testing ensures that your data backup processes (and financial investments) are actually working.

How would you feel if you drove a car for the first time if the manufacturer never tested the engine, braking system, or steering wheel before you bought it? That’s how you should feel if you don’t test your data backup.

To talk more about data backup testing, please contact us.

Monday, October 07, 2013
Dave Mims, CEO

GMA helps city launch new website, stabilize data backup & disaster recovery, and reduce annual IT costs by almost 70%.

Recently incorporated, Chattahoochee Hills has officially existed as a city since December 1, 2007. While new as a city, a cluster of tight-knit rural communities has existed and grown for over two centuries in the land that is now Chattahoochee Hills. That community spirit helped lead to the drive in the past few decades to carve off its own independent city within Fulton County, Georgia.

Challenge

As the city began establishing itself, it was hard enough to rely upon only one overburdened IT employee on staff to support the city’s operations. But recently, the city even had to eliminate this position after needing to cut costs. Since then, non-technical city staff have fended for themselves and handled any IT needs. But that’s difficult, and almost impossible, when the city had uncertainty related to the reliability of its data backup, a compromised ability to respond to e-discovery requests from using an obscure email service that was difficult to support, and aging servers and desktop computers that weren’t managed or used properly.

However, the potential high cost of upgrading the city’s technology prevented Chattahoochee Hills’s city leaders from moving forward.

Solution

Chattahoochee Hills solved these challenges by using the Georgia Municipal Association “IT in a Box” service. Powered by Sophicity, “IT in a Box” is a complete IT solution for cities and local governments. The service includes a website, data backup, offsite storage, email, document management, Microsoft Office for desktops, server and desktop management, vendor management and a seven-day a week helpdesk.

Results

“IT in a Box” helped Chattahoochee Hills:

  • Mitigate the risk of data loss through onsite and offsite backups.
  • Ensure a highly available and dependable email system.
  • Support its city staff with 7 days a week helpdesk support.
  • Reduce IT costs by eliminating Internet and telecommunications services that the city did not use or no longer needed.
  • Launch a high quality, user-friendly website.

Chattahoochee Hills also saved $54,200 (or 51%) of its annual IT costs between FY 2012 and FY 2013, with no upfront capital expense when switching over to “IT in a Box.” And from FY 2013 to FY 2014, the city saved an additional $18,505, for a total annual IT cost reduction over two years of 69%. Even with such significant cost reductions, “IT in a Box” helped Chattahoochee Hills stabilize its technology and create a predictable and affordable IT budget.

Sophicity has been a life saver for the City of Chattahoochee Hills not only financially but professionally. Sophicity’s staff has helped us analyze each of our bills related to IT and identified areas where we were spending money that wasn’t necessary for a city of our size. I would recommend their services to any City thinking of reducing costs and, at the same time, maintaining elite services. - HR/Finance Director Kyle Jones
If you're interested in learning more, contact us about IT in a Box.

Print-friendly version of the Chattahoochee Hills, Georgia IT in a Box case study.

About Sophicity

Sophicity is an IT products and services company providing technology solutions to city governments and municipal leagues. Among the services Sophicity delivers in “IT in a Box” are a website, data backup, offsite data storage, email, document management, Microsoft Office for desktops, server, desktop, and mobile management, vendor management and a seven-day a week helpdesk. Read more about IT in a Box.

Friday, October 04, 2013
Nathan Eisner, CMO

The question now is not if, but when, government will start using cloud software. A recent article in CIO magazine showcases how Microsoft and Google are competing to sell their cloud productivity software to government organizations of all types. While this article is aimed at larger government agencies and entities, some of the problems it outlines are ones you may relate to.

  1. The cost and time spent running your own email servers.
  2. Hardware you bought but don’t use, or that you underutilize.
  3. The inability for city employees to remotely access documents and email.

Why is government embracing the cloud so furiously right now? If you haven’t considered cloud software for your email and productivity software (such as word processing, spreadsheets, etc.), then consider some of the following reasons why governments are investing in the cloud.

  1. Saving money. Cloud software is often cheaper than the upfront capital expenses involved in buying hardware and software licenses. You also avoid the costs (both in money and time) of maintaining your hardware since you access cloud software through the Internet on a per user basis. Because it’s sold like a subscription, you turn it on and only pay for the specific people who are using it. Many cities that switch to the cloud often get rid of a lot of hardware that they don’t need anymore and reduce their costs compared to previous software licenses.
  2. At least 99.9% uptime. Service level agreements for cloud software usually guarantee at least 99.9% uptime, and sometimes higher. From our experience, cities are rarely able to match this level of uptime when managing their own servers and software. Cloud software vendors use data centers with extremely high levels of availability and reliability, and so the levels of uptime are higher than anything you can usually do yourself.
  3. Encrypted and secure data and communications. By using cloud-based data centers, software vendors ensure that your data and communications are protected by high standards of encryption and information security. Similar to the 99.9% uptime, cloud software vendors can often guarantee higher encryption and security standards than cities can provide themselves. And the more these cloud software vendors become entrenched in serving government, they are incentivized to maintain extremely high security standards. Let those vendors worry about those standards, not you.
  4. Data backup. Cloud software makes data backup and disaster recovery much easier. Since cloud software is accessible through any Internet connection and often saved just about every second, it’s easy to recover your data even after the worst disaster. From any location, as long as you can access the Internet, you can access your data.
  5. Easier e-discovery. For open records requests, easy e-discovery is critical. When cities manage their own servers, we’ve found that a variety of non-standardized approaches to maintenance make it hard to find documents, emails, and data when it’s requested. With cloud software, vendors make it much easier for you to store, archive, search for, and retrieve documents, files, and email when needed. This has been a major selling point for government organizations, and cloud software vendors have stepped up to make sure this need is addressed.
  6. Many email benefits. If you’ve struggled with managing your own email servers, you’ve probably hit the limits of your storage space or failed at times to keep the software up-to-date. Cloud software vendors, for a low cost, offer lots of storage space with generous mailbox sizes. In addition, tools like email, calendar items, and tasks are usually all integrated together. That means you can see and update these items all in one place instead of using separate email software, calendar tools, and project management software.
  7. Easy to use software. Since cloud software works much the same way (often identically) to software that your employees already use, it’s usually easy for employees to adjust to cloud software with little training or bumps in the road. And as software continues to evolve over the Internet, it’s in the vendors’ best interests to make the software as easy to use as possible. You benefit from that evolution.

These benefits illustrate why cloud software is becoming the gold standard for any word processing, spreadsheet, email, and other productivity tools that you’ve used in the past. If you’ve been putting off your exploration of cloud software, the time is right for you to look into it now. Not only does your city have the potential to save money, but the quality of your productivity software—from security to ease of use—will likely increase by leaps and bounds.

To talk about cloud software in more detail, please contact us.

Tuesday, October 01, 2013
Brian Ocfemia, Technical Account Manager

We’ve already tackled the home and news pages, and now we look at another critical aspect of your city’s website: the events page. Typically, most cities have a calendar of events that detail and highlight everything from city council meetings to fun community events.

While a city’s events page seems like the most basic of content, there are a few content tips that can help you make sure that what you’re providing is both useful to citizens and easy to navigate. Many city calendars are unfortunately unpopulated or hard to scroll through, and that makes it difficult for citizens to access events content.

Take the following suggestions to heart and you will make your events content easy for citizens to use and consume.

  1. Provide an easy-to-use calendar. While “easy-to-use” can be part of the design of your calendar, you should also think of your calendar as a module in which people will upload and also consume event content (usually in the form of event listings). The calendar should look nice, but also be easy to scroll through month to month (or even year by year) and get to relevant event listings. You should also be able to upload a new event or edit an existing event without much trouble.
  2. Populate the calendar with items. While you want to prioritize how you list events so that you don’t overpopulate the calendar, you definitely want to make sure you populate your calendar with a variety of event listings. Otherwise, your city looks lifeless and that you have nothing going on. More importantly, if you forget to even upload basic events such as city council meetings, citizens can get angry and think that you’re not being transparent. A populated events calendar looks like you’re a vital, active city.
  3. Link events on the calendar to a more detailed event page. On the calendar, keep it brief. The title of the event, time, and location should suffice. Don’t stuff the calendar with hard-to-read details about the event. Instead, link those event listings to a page where all of the event details reside. There, you can give a summary of the event, speakers or entertainers who will be present, and any other additional details you want to share. That way, if people are browsing through your calendar and want more information about an event, they can click on the event headline in the calendar and read about more details if they’re interested.
  4. Regularly list any city business meetings. We hinted at this tip in #2 above, but we repeat: you must regularly post any business meetings related to city council, elected officials, and public meetings. Even if you decide not to use your calendar for anything else, you need to post information about these meetings. Government at all levels, especially in the Internet age, becomes more and more transparent. Information is easy to share, and citizens grow more accustomed to expecting certain information on city websites. You need to fulfill at least the bare minimum of these calendar expectations by posting all events concerning city business.
  5. Use the calendar to promote your city’s vitality. Your calendar will be one of the most visited pages on your website. Use it not only functionally but also as a way to market your city. Post any community events that you feel best highlight your city. For example, the City of Oakwood, Georgia posted their 4th Annual Secret Santa Car Show event that will happen on October 5, 2013. The City of Tybee Island, Georgia posts American Legion meetings. Each city is different, and there are events of particular importance to citizens in your city. Use your calendar to spread the word about the positive community events happening in your city.

Ultimately, the news and events pages are your main way to both serve information to and market your city. The upkeep can be difficult, and you’ll need people staying up on keeping the calendar up-to-date. But once you get into the habit, you will find yourself thinking of new events to post that you didn’t think about before. You can also open up the calendar to citizens, where they can post events that may be of interest to citizens. You’ll definitely want an approval process before an event is posted, but that service gives citizens an opportunity to engage more with your city.

To discuss event content in more detail, please contact us.

Thursday, September 26, 2013
John Miller, Senior Consultant

As USA Today recently reported, phishing is alive and well. Phishing is the tactic by which cybercriminals steal your personal information and passwords in order to do things like access your bank accounts, use your credit cards, or hack into sensitive government and business databases. Unfortunately, these criminals know they can prey on trusting behavior when people are faced with suspicious websites or emails.

While your IT staff or vendor can help you block many spam emails and malicious websites, they cannot block them all. Cybercriminals are always finding ways to bypass filters and look legitimate.

Luckily, most attempts at phishing are easily spotted—but you have to continually question all communications you receive over the Internet. To help you and your employees better spot phishing attempts, use the following tips to question your way through a suspicious email or website.

  1. Question the context. How did you receive or get to the information? If you find yourself clicking on a website that seems unfamiliar, outside of your usual Internet browsing, or lacking a familiar brand that people use, then you should question its legitimacy more. Email works the same way. Suspicious emails will usually wind up in your spam folder, come from unknown people, or not look like typical emails that you receive. If something feels wrong and outside of normal habit, it’s good to be wary and ask further questions.
  2. Question the communication. Look at the communication clues and see if they appear strange or deviate from a normal email or website. In an email, especially look at the sender’s information. For example, the message below appeared in my spam email folder. On the surface, it looks like Google is sending me an important message. But notice:
    • It comes from “Google.” Do you really think Google would contact you without being more specific (such as “Google Voice” or “Google Play Support”)?
    • The email address does not look like it comes from a Google employee.

    Phishing Example 

    Most phishing attempts can be discovered by examining the subject and sender lines in an email. On a website, look for suspicious, vague, or missing contact information as a sign that it’s not legitimate.

  3. Question the message. Apparently, most phishing attacks do not have the benefit of professional writers! A message supposedly from a business or government entity should not have many spelling errors, grammatical mistakes, and horribly written sentences. Also, most legitimate organizations will clearly explain a process to you and usually already have a pre-existing relationship with you. Question any message from a website or email where the action they want you to take is explained in a vague or terse fashion. And especially question messages where you did not receive or seek out a communication based on something you did, such as sign up for a service.
  4. Question the action. This is the critical piece to phishing, and the most dangerous. For phishing attempts to succeed, cybercriminals must get you to submit personal information or download a file that will install a virus, spyware, or malware. Since this is the equivalent of actually placing your finger on the Internet oven burner, you must make sure that you do not click on any website link or file if you are suspicious about its origins. Legitimate organizations and professional IT departments will not, out of the blue, send you PDFs and zip files to download. Nor will they ask for personal information over the Internet unless there is a clear, understood reason. If you are the least bit suspicious about a link or file sent to you, check with your supervisor, IT department, or vendor.
  5. Question the process. Sometimes, phishing attempts can really look like the real thing. So you may find yourself on the fence over a rare phishing attempt that replicates the experience of a banking service, social media alert, or request from your boss. As human beings, we are pattern seekers, and you need to put your pattern seeking to the test. When all else fails, ask yourself if the website or email follows a normal process. For example, if you’ve been logging into a database the same way for two years, and then suddenly without explanation you must submit your social security number to “confirm your security credentials,” be suspicious. Especially if city policy says to not give away sensitive information, or if you did not receive a heads up from management or your IT department. If something deviates from normal process, be suspicious.

Cybercriminals play upon people’s gullibility and psychological weaknesses, and even the best of us can get fooled sometimes. But usually most phishing attempts can be spotted simply by looking for anything suspicious about a website or email that breaks your usual pattern of doing something. It’s always better to ask about a website or email and later find out it’s safe, rather than download a virus or submit sensitive information that leads to a lot of financial and operational harm to your city.

So, always question, be alert, and look for any red flags related to Internet and email communications. To talk about preventing phishing attacks, please contact us.

Tuesday, September 24, 2013
Clint Nelms, COO

Unlike other technologies that you don’t interact with every day, you most likely directly understand the power of the mobile revolution. Over the past few years, the phone in your hand has become almost or even more important than your desktop or laptop computer. Not only it is your phone, but it’s also your connection to email, web browsing, and a variety of important business and personal tools. You may even carry around a tablet that does many of the same things but also serves as the way you read books, record video, and give presentations.

Many cities tap into the power of mobile technology in a haphazard, individualized fashion. Certain people might be mavericks or pioneers in using their mobile devices for taking cool videos, giving a presentation at a City Council meeting, or using a mobile app for their job. But how do you get a city, as a whole, using mobile technology in a more beneficial way?

Here are a few areas where you can get more power out of the mobile devices that people are already using, whether they bring their own devices to work or you give devices to employees.

  1. Switch over to cloud software for easier mobile access. It’s tough to access traditional software with a mobile device, and you’re usually stuck needing to use a virtual private network (VPN) that involves a complicated technical setup and passwords. With the cloud, you just access your software through the Internet. Then, a person logs in with their mobile device and accesses the software from anywhere. Consider transitioning your software over to the cloud, especially since trends show that people will be using mobile devices even more than traditional desktops and laptops in the future.
  2. Get people used to taking photos and videos for business and marketing purposes. If a picture is worth a thousand words, then it’s clear from the popularity of Pinterest, Instagram, and Tumblr that visuals have become more important as the Internet evolves. For your city, sharing pictures of community events, dedications, speeches, holiday festivities, and other events gives you visual content to use on your website and social media platforms. While you still want professional photographers for important events or highly visible parts of your website (such as the home page), there is room on other pages of your website and on social media to use pictures and videos taken by citizens and employees.
  3. Make sure that forms on your website are also mobile-friendly. If you have forms such as “contact us,” report a pothole, or a business license application, make those forms easily accessible by mobile devices. It’s convenient for people to access your city services and submit information when they are on the go. Plus, those services also are more likely to be used on mobile services. Reporting a pothole is a great example, as people can report it on the spot or just after having seen it.
  4. Create or use mobile apps that solve specific problems. Maybe you have IT staff or a vendor that can develop mobile apps for you. Better yet, so many mobile apps have already been created for government (and any other area you can imagine) that there might be something already developed that fits your needs, solves an important problem, enhances customer service, or increases government responsiveness. Since there are so many mobile apps, looking through a directory on iTunes or Google Play might be overwhelming. Network with other cities to find out what mobile apps they’re using. If you have a critical need or opportunity that it seems no other city is handling, you might consider building your own mobile app to solve the problem.
  5. Use mobile devices as ways to broadcast information and market your city. Finally, the great thing about mobile devices is that they are broadcast mechanisms that people are checking pretty much any time they’re not asleep. The same can’t be said of radio, television, or even the Internet on a desktop or laptop. By taking advantage of text messaging, social media, and updated content on your (mobile-friendly) website, you can distribute important information to citizens and employees quickly. This can range from important weather and emergency alerts to news and information about community events. People can opt-in to text alerts, or they can see your information on Facebook and Twitter. Think about how much attention people pay to their mobile devices. Now make sure you’re communicating with them in mobile-friendly ways when appropriate.

Now that you’ve gotten used to some functional aspects of mobile devices, really start thinking along the lines above to more creatively leverage the power of mobile. It’s a great way to stay connected with your citizens and give them more opportunity to engage and interact with your city. Remember, while mobile technology may be new, it delivers upon a timeless principle of government. You want to connect with citizens and measure their engagement. Mobile helps you deliver upon that promise in a way that was unheard of a few years ago.

To talk more about making your technology mobile-friendly, please contact us.

Friday, September 20, 2013
Dave Mims, CEO

Working on your computer can feel very personal. Your email, documents, and data feel like private information. If you’re at home using your own equipment, that’s the ideal. No one should have access to your information other than you.

However, the rules change when you’re in a work environment—and especially a government environment. Government in particular requires a lot of transparency, and city administration often needs to respond to open records requests and other legal demands to see any records of specific city business.

That means when you work for a city, your work is essentially city property. That includes even email communications. Usually, there’s not much reason for someone to look at your computer or emails. But it’s within the scope of city administration to examine your email if need be.

Are You Doing Your Job? Monitoring for Productivity

Although sometimes the reason for the examination of your emails and files might be an open records request or investigating illegitimate employee activity, in other cases it’s for productivity reasons. If you’re hired to do a specific job and you’re not doing it, city administration has the right to produce evidence that you are not being productive.

As a result, employees should never consider their online behavior at work as private. For example, while social media is becoming more and more of a legitimate activity for marketing and public relations at cities, there’s a difference between using Facebook and Twitter as part of your job versus using it to waste time.

If the network data shows that you’re spending four hours a day on Facebook when your job doesn’t require it, that’s evidence of a problem. If you’re connected to a network at your city, there’s a good chance your social media activity is being easily tracked—and flagged.

Cities have begun to implement computer usage policies to counteract this loss of productivity from social media, These policies can either be manual, such as a policy telling employees what sites they can and can’t use. If they are allowed to use sites like Facebook or Twitter, it’s clearly defined how—and how often. Some cities even take this a step further and invest money in website blocking systems. That means employees are simply unable to access certain social media sites that may distract from their work.

Often, it’s not this cut and dry. After all, there are many other websites that distract people other than social media sites. Employers may implement systems to block personal web surfing, but employees should know that city administration is more likely to log their Internet surfing data and approach employees about any potential problems. Employees can be shocked when this happens because they often get a false sense of security when they feel they have the freedom to access any website they want at work. However, they cannot assume that because a website isn’t blocked that nobody is paying attention to their web traffic.

What About Email? Isn’t That Supposed to Be Private?

Yes, email seems like it should be more private than web surfing. Today, government transparency grows in importance, and it’s less acceptable for government to rely on free email accounts that cannot be managed. That means more enterprise-class email systems managed by IT staff or a vendor are being implemented at cities.

These kinds of email systems not only help with government transparency but also log all email traffic. If an employee tries to cover their tracks by deleting obscene, illegal, or personal emails that show an improper use of work time and resources, they should know there is still a trail that others can find and report.

While some people may cry out that this sounds a lot like Big Brother or privacy violation, the reality is that businesses and government property are just that—property. Getting hired to work and use another entity’s resources means that you are responsible for a job and specific actions enabled by your work email and software. When an employer steps forth to point out that an employee is sending out reams of emails unrelated to their job, conducting a side business through accessing a particular website all day, or spending most of their day on Facebook, then that employer has the right to use that evidence as justification for firing that employee.

More importantly, when city government gets challenged to produce data or evidence about something related to city (public) business, access to all relevant government information is required—including even a specific employee’s email and files.

Remember, your city email and files are not your property. It may feel private to you, but it’s a myth to think that no one is looking at your work email or files.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom