CitySmart Blog

Thursday, May 14, 2015
John Miller, Senior Consultant

As body camera technology becomes more talked about and implemented at cities, it’s easy to focus only on the actual body cameras. But similar to buying and implementing any shiny new toys—whether it’s new software or buying new computers—the purchase of a new technology that’s integrated with an existing poor technology infrastructure will only lead to frustration and risk.

A recent article in GovTech talks about this issue from a cloud standpoint and brings up some important points. But for small and medium cities with few staff and limited information technology resources, we feel there are some higher-level, more basic questions that need to be asked.

  1. Where will you store your body camera data? Just think about the hours and hours of video footage coming from cameras that will be recording during the entire shifts of multiple officers—24/7. If you think normally storing large videos is difficult or expensive, just imagine this data explosion. Luckily, the cost of data storage has come down significantly in the past few years, but that means you need to shop around for a more inexpensive and scalable solution if you haven’t explored your data storage needs in quite some time. If you’re storing data onsite right now, you may want to consider more economical solutions like a data center or a cloud service that others manage for you.
  2. How will you manage, retain, and dispose of the data? The answer to this question involves a full understanding of the law, regulations, and your own internal policies along with using technology to make this data management as easy as possible. Work with IT professionals who understand data and information retention policies so that you keep and dispose of video footage in a timely yet legal manner. You never want to be placed in a situation where you “lost” data or deleted it before you were legally allowed to do so.
  3. Who gets access to the data? This video footage will be some of your city’s most private, sensitive public safety information. Security and authorization will become more important than ever. You need to be clear on who can authorize specific data, and that authorization process needs to be easily manageable. Weak passwords, poorly physically secured rooms, or everyone in a department or office getting admin access is not acceptable with this kind of information. Security measures also need to counter the chances of people hacking into your servers or snatching information away on thumb drives in order to access this video footage.
  4. How will the video footage be accessed? Obviously, searching through hundreds or thousands of hours of video footage is a formidable challenge if you have shoddy ways of storing the data. A good data storage system will allow for clear labeling, user-friendly searching (like how you search for documents on your computer), and ways to search within videos to view and collect smaller clips within larger amounts of video footage. When evaluating body camera technology, make sure you understand how a police officer would search for, locate, and retrieve specific video footage—quickly.
  5. How will you back up your body camera video footage? We recently wrote a much longer article about this specific issue, but it’s worth reiterating that backing up your data is essential for information of this caliber. From a server failure to a full-on disaster like a tornado, you need to make sure none of this video footage is lost. Test your data backup and disaster recovery at least quarterly to ensure that it’s actually working. Offsite data backup storage has become relatively inexpensive, and there are many cloud solutions available that also ensure the highest security—such as encrypting your data while it’s in transit.

It’s great to get excited about body camera technology, and it’s less exciting to think about your boring, backend information technology. But without the right data storage, retention policies, security, management, and data backup plan in place, your body camera technology investment could become a gigantic waste or risk a legal disaster. Body cameras are another sign that technology is accelerating at light speed—so make sure your information technology is keeping pace.

To talk about body camera technology in more detail, please contact us.

Thursday, May 07, 2015
Brian Ocfemia, Technical Account Manager

To get the most eyeballs, the media will obviously publish headlines with the most sensational stories about cybercrime. It’s easy to read stories about the Sony hacking, the Target data breaches, or cyberterrorism worries from national governments and think that those are the most common nature of cyber-attacks. However, those kinds of events are rare. Additionally, such sophisticated hackers often go after very high profile targets’not your small- or medium-sized city.

This is an important point because you’ll feel helpless if you think these are normal security threats. You’ll feel that it’s too expensive to invest in data security when it’s impossible to prevent the best cybercriminals from stealing your information. But it’s the most common, everyday threats that actually cause the most damage to cities. And you can prevent most of these threats with relatively inexpensive information security investments.

Instead of worrying about the rare instances of governments or James Bond-level villains coming after your city, you need to be worried more about the following realistic, common security threats.

  1. Employees and anyone with internal access to your data. One of your biggest threats will always be someone with internal access to information. Those people may be disgruntled, angry about being terminated, or working on the inside to steal money or information. Obviously, you don’t want to be paranoid about everyone you work with, but you will want to make sure that your information is only available to authorized users. It’s dangerous if anyone can walk into a server room or log in to an important software program. Even authorized users should have their access monitored to help flag any suspicious activity. You may also want to consider background checks for employees and any vendors handling your sensitive data.
  2. Viruses. We’ve written many times how even the best-intentioned, most IT-savvy employees can still get a virus. Accessing city information through an employee accidentally downloading a virus is low-hanging fruit for hackers. It opens up a door to your data that allows hackers to steal it, hold it for ransom, or funnel money to their bank accounts. Enterprise-class antivirus software, monitored by your IT staff or vendor, will go a long way toward preventing common viruses from crippling your city.
  3. Weak passwords. It’s amazing how many weak passwords are still used by not only individuals but also IT administrators. Hackers are always trying to get into people’s email and social media accounts, and more sophisticated hackers try to access servers and software with sensitive information. If you’re using passwords like “123456” or “password” just so it’s easier for you to remember them, you’re opening up your city to significant security threats. Requiring complex passwords (with numbers, letters, and special characters) that must be changed every few months will help fend off this basic form of attack.
  4. Poor IT management. Managing servers, workstations, network infrastructure, software, data, and information requires highly skilled, experienced IT professionals—even for smaller cities. If your IT staff or vendor is overwhelmed, inexperienced, or incompetent, they may not identify major security threats, update software regularly with security patches, maintain antivirus and antispam software, monitor and manage authorized access for users, and enforce basic security policies across the city.
  5. Little to no encryption. Simply encrypting your data also prevents many serious security issues. If a laptop is stolen, the information will be worthless to the thief. If a hacker tries to get access to payment information as it’s exchanged on your website, the information will look like gobbledygook to that person. Learn from the example of the State of South Carolina. They could have spent chump change on encryption but instead paid tens of millions of dollars in the wake of the massive data breach—all stemming from an employee clicking on an email attachment with a virus.

Everyday security threats are what you need to be most worried about. Every scenario listed above is something that threatens you on a daily basis. And these are security threats you can absolutely protect against. Most importantly, cyber security is not just a technology issue. Experienced IT professionals must work in tandem with city administrators to set and clarify policy, and employees must be trained to detect basic security threats and only receive authorized access to information. Worry about protecting yourself against 99% of the most common security threats, instead of worrying about the rare 1%.

To talk about cybersecurity in more detail, please contact us.

Thursday, April 30, 2015
Dave Mims, CEO

How much is your city at risk for a devastating security breach or permanent data loss? Do you need a quick way to assess your current cybersecurity readiness?

In case you missed our Georgia Municipal Association (GMA) presentation and live webinar on April 24, 2015, GMA has provided the audio recording and slides. Use this information to ask yourself:

  • Are my passwords strong enough to prevent hackers from stealing city information?
  • Is my city at risk for getting a computer virus that allows hackers to steal information?
  • Will I fully recover my data in the event of a server failure or a disaster like a tornado?
  • Is outdated software and a lack of regular software maintenance leaving me open to a cybersecurity attack?
  • Is my technology physically protected from unauthorized people stealing data or equipment?
  • Is my city website secure and hosted by a reputable provider?

While you probably hear stories in the news about security breaches at large government organizations where data is stolen and often permanently lost, know that this isn’t just a big government problem—it’s a major problem for small and medium cities. In our webinar, we provide small city examples of real situations that can cripple cities like yours.

Don’t become a victim to a security breach or lose your data unnecessarily. Listen to our GMA webinar or review the presentation slides to assess if your city has cybersecurity gaps that make you vulnerable to attack.

Friday, April 24, 2015
Nathan Eisner, COO

As your city grows or you buy more IT equipment, you might run into difficulties as the entire setup starts to get a bit unwieldy. And with the plethora of now common information technology items such as high-speed Internet, mobile devices (like smartphones and tablets), and cloud computing, it becomes harder and harder to identify how everything needs to be connected. For example:

  • Employees might have trouble checking email or opening documents with their smartphones.
  • Printers don’t seem to hook up to all computers properly, and so different offices and departments buy their own.
  • Data from one software application doesn’t transfer at all to another software application.
  • You’re not sure how new technologies like body cameras for public safety might integrate with your current technology environment—or if it’s even possible.

When information technology needs to grow along with an organization, it becomes harder and harder to scale without the help of IT professionals who know how to connect all of your hardware and software together. There are a few areas that will impact your city negatively unless you have the proper IT support.

  • Mobile devices connected to your office computers. Are your employees able to check email, open files, and access office information through their mobile devices? As you’ve probably experienced, you’re often on the go—at home, on the road, or traveling—as part of your job. That means we often stay connected and communicate throughout the day with our mobile devices. Mobile devices need to be properly synced with office computers so that the experience is seamless for important business applications. Otherwise, your productivity will take a sharp downturn.
  • Printers, fax machines, and scanners connected to your office computers. One cause of high costs and inefficiency at cities is the number of printers, fax machines, and scanners that crop up when they are improperly connected to your IT network. When properly set up, these machines will serve the greatest number of office computers in the most efficient way possible. You may need to invest in newer machines if you’ve been using some for five to ten years. When you invest in new machines, you will buy fewer and connect them to more computers.
  • Software applications connecting to other software applications. You might run into issues such as financial information from one software application not connecting to another software application. To compensate, you may manually reinput data, wasting precious staff time. Analyze if your current software applications duplicate a lot of tasks or fail to transfer data easily to other software applications. With the right requirements, you might be surprised to find out what’s on the market and that some software modernization might solve a lot of these inefficiency problems.
  • Remote workers and users connecting to the office’s IT network. Similar to the mobile connection issues above, this is a different variation on the same problem. In this case, we’re including desktop computers that an employee might use at home along with vendors, consultants, or outside users who may need access to information. In this case, you need to make sure that employees using their desktop at home not only have access to the same information as if they were in the office but also receive IT support while working remotely. For outside users such as vendors. you need to especially make sure that they have appropriate permission and that only authorized users are allowed to access city data.
  • Onsite data connecting to offsite storage. Especially important for data backup, you want to make sure that any offsite storage is properly synced up with onsite data changes throughout the day. Offsite storage is especially important for disaster recovery. If there is a fire or natural disaster like a tornado, you want to make sure you back up your data offsite so that you’re still operational—even if your facilities are destroyed. By setting up an onsite backup during the day, you should be able to send any data changes offsite at the end of each day in order to accommodate most disaster recovery scenarios.

As you can see, the multiplication of devices (desktop, laptop, mobile), software applications, and remote worker needs has made information technology more and more complex over the years—even for smaller cities. A small city used to be able to get away with a few computers and some off-the-shelf software, but today a setup like that introduces too much risk if something goes wrong. To make your city operations hum along like clockwork, you need help and assistance to connect all of your IT together and make sure that it’s helping—not hindering—your productivity. And especially when new technologies like body cameras will become required and standard for your cities, you want to make sure your basic technology foundation is set up properly so that you can scale and integrate new technologies with ease.

To talk about IT connectedness in more detail, please contact us.

Friday, April 17, 2015
Alicia Klemola, Account Manager

Cities often think they’re so careful when selecting technology vendors. After all, RFPs are meant to slow the purchasing process down, ensure that you thoroughly evaluate a selection of vendors, and pick the best one. However, many technology vendors are skilled at simply making the sale. They know what to say, they know how to present a deceptively low price point that withstands legal scrutiny, and they know how to maneuver through government red tape.

We find that cities often don’t realize the hidden costs that can come from improperly evaluating, selecting, and working with technology vendors. When we offer “vendor management” as part of our services, we often examine the following areas to make sure that technology vendors are providing you the exact services you need for a fair price—without bleeding away your money.

  1. RFP requirements. While you may think your RFP description articulates what you want from a technology vendor, it helps if an IT professional clarifies what you want and addresses any communication gaps. For example, you may want accounting software with specific features but fail in your requirements to address how that software will integrate with your existing information technology. You may also be unaware of lower-cost options (such as cloud software) that will help your requirements narrow the field of vendors. Experienced IT staff or a vendor with a specialty in municipal vendor management can help you write more detailed, accurate requirements to ensure that you don’t waste money on an ill-fitting solution.
  2. Hidden “surprise” costs. Over the years, we’ve seen so many cities look at the cost of an IT solution and not realize it’s too good to be true. For example, many “24/7” IT support providers offer extremely low-cost pricing. It’s only until later that cities realize that “24/7” only means automated monitoring software that flags issues. To solve those issues? You guessed it! Suddenly, you’re billed an expensive hourly fee for problems that you thought were included in your monthly price. Another version of this problem is purchasing seemingly inexpensive software that later costs money to add features that you thought were included. Or the vendor might present you with unexpected hardware requirements and frequent software upgrades. An experienced IT professional knows how this rodeo works, and they can often uncover these kinds of hidden costs like a good detective.
  3. Support contracts. When you purchase hardware, software, a technology solution, or use a technology vendor’s services, there are contracts with specific provisions attached. We often find that cities are not aware of the fine print, do not enforce support provisions included in contracts, and even sometimes pay for support that should be included for free. It’s good to have an experienced IT professional review your contracts, highlight what is and isn’t included, and enforce those contracts. Many cities can really maximize their technology investments at no additional cost for things like hardware maintenance, software upgrades, or emergency repairs.
  4. Proper setup and installation. While many technology vendors do a decent job at setting up and installing their solutions, they are not experts in managing municipal information technology environments and they are not experts in your particular environment. They may make a best effort, but if you leave it all up to them they could mess something up that costs you money or creates ongoing problems. Experienced IT professionals familiar with your city’s IT environment need to oversee and assist with any setup and installation, ensure that the vendor fully tests the solution to make sure it’s working, and accounts for any nuances in your IT environment such as particular hardware, network equipment, or software integration issues.
  5. Ongoing monitoring, maintenance, and support. As a part of any technology solution, you will run into problems ranging from glitches to the occasional crisis or malfunction. We find that reactive support (i.e. assuming the technology solution is working without ongoing monitoring and management) along with non-technical communication with the vendor increases the risks of ongoing, long-term problems with your expensive investment. Cities often find it beneficial to have an IT professional handle most day-to-day, technical communications with technology vendors to quickly address problems. Not only is this a load off the backs of city administrators and city clerks, but it also allows you to more proactively make sure that your technology solution is carefully watched by a skilled third party.

Basically, we recommend that you make sure a watchdog of sorts oversees and interacts with your technology vendors. That watchdog can be an experienced member of your staff or a vendor experienced in municipal IT who has no financial incentive tied to the vendors you select. As a bonus tip, be careful if your technology solution vendors recommend other vendors, especially when they have financial incentives to upsell or cross-sell different products. When technology vendors don’t have your best interests in mind, there is a risk for wasting money. By more closely keeping an eye on requirements, hidden costs, contracts, setup and installation, and ongoing support communication, you’ll more likely reap the most from your technology investment.

To talk about vendor management in more detail, please contact us.

Thursday, April 16, 2015
Dave Mims, CEO

Are you cybersecure? Are you protected against data loss? Are you ready if a hacker decides to steal your information?

As cities rely more and more on technology, cybersecurity expectations and accountability becomes greater and greater. Don’t get caught off guard by a cyberattack. Our own Nathan Eisner, Chief Operations Officer at Sophicity, will talk to city staff and elected officials about the non-technical foundation required to effectively protect government data—without busting your budget.

We’ll be broadcasting live from Lavonia, Georgia. Join us online to watch the entire presentation.

Who: Nathan Eisner, Chief Operations Officer, Sophicity
What: Protecting Your City Data – The Basics of Cyber Security
Where: Webcast live from Lavonia, Georgia
When: Friday, April 24, 2015, 10:30 a.m. – noon
Why: To understand your city’s cybersecurity risks for data loss and stolen information

Register online to reserve your seat today.

Thursday, April 09, 2015
Dave Mims, CEO

You might recall the story of Homer’s Iliad where the seemingly unbeatable city of Troy was brought down by a simple trick: the famous Trojan horse. Left behind by the supposedly retreating Greek army, the Trojans took the horse as a war trophy. But Greek soldiers were hidden inside. In the dark of night, soldiers leaped out of the wooden horse, unsealed the gates for the rest of the returning Greek army, and destroyed the city. It’s not a coincidence that computer viruses today are sometimes called Trojans. It’s the same idea—one simple virus can take down your entire city.

It sounds like we’re exaggerating, but we’ve encountered quite a few instances over the last few years when a city will feel that investing in information technology is too expensive. They instead take shortcuts and feel everything is all right as long as nothing serious happens. But then...there is always an EVENT. And it’s deadly serious. A hacker steals financial information and money. Mission critical data is wiped out and there is no backup copy. The website is defamed and causes serious public embarrassment for days, weeks, and even months.

All because of a simple virus. The fact that it’s easy for even a tech-savvy person to occasionally be fooled by a virus means that you need more than a free antivirus program installed on your desktops. Here are some mission critical IT investments that you need so that it’s much less likely that a virus takes your city down.

  1. Enterprise-level antivirus software. For city operations, free or off-the-shelf antivirus software managed by employees isn’t sufficient to ensure that you are protected. Enterprise-level antivirus software is managed and updated by IT professionals such as your IT staff or a vendor. They ensure that it’s installed properly and updated regularly, and they receive alerts when any virus threats hit your city.
  2. Network equipment and security. Invest in a good firewall and set up your network security with strong rules about passwords, authorized access, and secure wireless access points. Your network security complements your antivirus software by making sure that your “city gates,” so to speak, are well guarded and no one can get to sensitive data without the right password and credentials.
  3. Encryption. Assuming the worst and a hacker gains access to your data through a virus, encryption helps ensure that your data is worthless to them. In the past few years, there have been many government stories in the news where a severe cybersecurity breach was made worse because the organization didn’t invest a small amount of money for encryption. The result? Sometimes millions of dollars in repercussions that could have been prevented by an incremental investment.
  4. Website security. We’ve heard some highly publicized cases in the news about websites exposing social security numbers and other sensitive information to public view. Many cities and government organizations often neglect the security of their websites, but many websites now offer online payments, court record data, and other gateways for hackers to steal information that they then use to commit identity theft or steal money. Lock down access to your website and make sure any sensitive information is encrypted and secure.
  5. Data backup and disaster recovery. Assume the worst happens. Like many cities that experience a bad virus, let’s say you lose mission critical data. This is when an investment in data backup and disaster recovery is invaluable. We always recommend both onsite data backup for quick recovery and also offsite data backup for disaster recovery. That also means you need to regularly test and monitor your data backups to ensure they are working properly.

Rather like insurance, investments in information technology can seem pointless, unfair, and expensive because you don’t see anything tangible in your day to day operations. But that’s the point. A sign that you’re making the right investments is when your day-to-day problems are minimized. And when a virus hits, that’s like suddenly becoming ill or needing surgery. That’s when insurance saves the day.

Similarly, for cities that invest in information technology, they know that:

  • A virus will likely be prevented from ever having an effect.
  • If a virus allows a hacker inside, they won’t gain access to any useful information.
  • If a worst case scenario occurs, their data won’t be lost.

To talk about viruses and technology investments in more detail, please contact us.

Thursday, April 02, 2015
John Miller, Senior Consultant

Whatever your politics, personal, non-government, or poorly overseen government email accounts have plagued Hillary Clinton, Sarah Palin, George W. Bush, and many government entities such as the IRS, the Environmental Protection Agency, states, and municipalities. The root cause of many of these tortuously complex scandals and investigations is simple: Using personal email accounts instead of a government email account.

Just look at what happens when someone wants to access those emails. You may like or dislike Hillary Clinton, but it’s objectively a problem when she cannot easily produce information related to her role as a government employee. Plus, the risks of using personal email go beyond transparency. If your IT staff or vendor isn’t managing your email, who is? Your free email provider? Are they providing the right level of antispam, or backing up your emails? Not a chance.

It’s clear that open records laws and the push for transparency makes it less and less excusable to use personal email accounts for city business. If you’re still using personal email accounts at your city, ask yourself the following questions.

  1. Do you want to expose you or your employees’ personal email to open records requests? As Hillary Clinton said, she definitely doesn’t want to reveal her personal emails to the world—and she said that we can all understand that. Unfortunately, that’s not something auditors understand. That’s why she is receiving pressure to hand over her personal email server to a third party auditor to decide what’s personal and what’s business. Similarly, a third party auditor would have an absolute right to look at personal emails from city employees if an open records request required it.
  2. Do you want to spend excessive time and money processing open records requests for personal emails? Because personal email is not centralized and managed by your city, the time it takes to track down city emails from personal email accounts starts to exponentially increase. You might be out thousands of dollars in time and expenses tracking down and handing over the right information. It’s much easier to find and retrieve emails from a centralized city email server that only contains information related to city business.
  3. Do you want to increase the risk of your emails being hacked or increase your exposure to a virus? Personal email accounts are usually free email accounts. That means no one is managing them or ensuring that the proper antispam, encryption, and archiving policies and precautions are in place. While antispam measures have gotten better on free email accounts over the years, they are still not at the level of business-class email services. Using a personal email account opens up too many security risks from weak passwords to users clicking on a malicious email attachment by accident.
  4. Do you want to lose your email data when you are required to keep it? Several scenarios open you up to the risk of data loss related to personal email.
    • Your personal email is not part of your city’s data backup and disaster recovery data, and thus it’s not recoverable in case of data loss.
    • If an employee leaves, it becomes almost impossible and logistically thorny to make them hand over all of their information. You don’t have access to the email account, so what do you do? Ask them to forward 5,000 city business emails to you after they have been terminated? You might be able to get the information, but it’ll be ugly and likely incomplete.
    • Deleting a personal email account is 100% in the hands of the employee, not you. It should be the other way around. Only the city should have the power to activate and deactivate business-related email accounts
  5. Do you want an easy way to lock down email while still using mobile devices? One thing Hillary Clinton complained about was having to use two devices if she was to separately use her government email account and her personal email account. Today, cloud email allows you to use business-class email for your city, lock down that email for authorized users only, and allow people to access it with any device. So, if one of your elected officials complained about the annoyance of using two devices, let them know they can use one device. On that one device, they can easily access two different email accounts that keep their business and personal email separate—without having to use two devices.

If you feel behind the technology curve on email, you’re not alone. If people at Hillary Clinton’s level are wrestling with it, then it’s understandable that many other government entities are too. But now is the time to act. Auditors, lawyers, and the public are becoming less forgiving when public officials cannot provide emails about something critical to the public interest. Business-class email allows you to easily respond to open records requests instead of losing emails in the murk of personal accounts, and it ensures that employees cannot delete or misplace critical information.

To talk in more detail about email and open records laws, please contact us.

Thursday, March 26, 2015
Brian Ocfemia, Technical Account Manager

While states vary in their cybersecurity laws, it’s clear that the stakes are rising for cities to protect their data from loss or theft. Kentucky’s HB 5 is a great example of how states are starting to push for higher cybersecurity accountability, and other states are sure to follow. And it makes sense. With taxpayer dollars funding public services, it’s important that citizens know their information is protected if they are required to hand it over for taxes, public safety and municipal court requirements, business licenses, etc.

Ensuring that you’re cybersecure starts with certain information technology essentials. Whether you’ve neglected to invest in your IT for a while or are continually improving it year after year, it’s worth taking a look to see if you’ve got the right cybersecurity foundation in place.

  1. Encrypted, secure data storage. It’s great if you’re doing data backup and disaster recovery, and if you’ve invested in a business-class email and document management solution. But if you’re not protecting your data onsite, offsite, and in transit, then you leave it open to hackers. Any sensitive data transmitted from a city server or computer to another server (either in a data center or to a cloud service)—including all backups, email, and documents—needs to be encrypted. For security, we take the extra step of ensuring that offsite data is housed in United States data centers so that we are confident they are complying with our nation’s laws and regulations.
  2. Secure, authorized access to software. Software often gives access to sensitive information about people, businesses, and city operations. You don’t want that information exposed. That means any software needs proper user identification, authentication, and data access controls for anyone using it. Sometimes, software can introduce security risks if it’s very old or poorly written, and those issues either need to be addressed with your software providers or you need to invest in more modern, secure software.
  3. Ongoing security monitoring. Your IT staff or vendor need to monitor your environment on an ongoing basis to detect and prevent any unwanted intrusions. This kind of proactive monitoring helps identify any breaches or breach attempts as soon as possible so they can be addressed immediately. Specialized intrusion detection and prevention software exists to help IT professionals with this activity on behalf of your city.
  4. Physical and information security of hardware. Just as software should give secure access to only authorized users, the same goes for hardware. No unauthorized people should be able to access a server, desktop, laptop, or other mobile device that contains sensitive information. That means physically securing rooms in which hardware is stored. Your physical security will range depending on the sensitivity of the hardware, but every device should have some level of physical security to keep away unwanted intruders. To cover your bases, it’s essential to have a data backup and disaster recovery plan where you store data offsite in order to mitigate physical security breaches.
  5. Properly destroying records that contain personal information. Often overlooked, many cybersecurity breaches occur when cities dispose of servers, computers, and mobile devices without ensuring that all personal information is wiped from the device. An untrained person might think they can delete or reformat a hard drive, but information can still lurk in seemingly “clean” used computers sold to individuals or businesses. Your IT staff or vendor needs to make sure any electronic media information is completely destroyed. For document management, you also need to make sure you are archiving and purging documents based on your state’s record retention schedule.

Having basics such as data backup, offsite data storage, business-class email, document management, and IT professionals monitoring and maintaining your hardware and software will go a long way toward meeting most of your cybersecurity needs. In rare cases, you might need more specialized security such as encrypting single computers or building a private cloud, but investing in information technology essentials means most of your cybersecurity worries go away. While IT may seem costly sometimes, ask yourself, “What’s the cost of a data breach if citizens’ personal information is stolen?”

To talk more about cybersecurity, please contact us.

Thursday, March 19, 2015
Nathan Eisner, COO

In the early days, websites worked a lot like one-way brochures or printed material. You created something for someone to read, they read it, and the “transaction” ended there. Perhaps contact information or a next step existed, but it wasn’t that important. Websites simply communicated information to people, and that was that.

Today, fancy terms like “calls to action” and “conversion” are inescapable when talking about modern websites. All this means is that websites have become ways to get your audience to interact with you. In other words, you get them to do something. If your website shows signs that no one is taking action based on the information you provide, then it’s considered a failure or a wasted investment.

That’s why it might be easier to avoid measuring this kind of engagement, but you will serve citizens better if you pay more attention to “calls to action” on your website. In fact, you’re probably already seeing citizens engage more heavily with some parts of your website than other parts.

Here are some common calls to action that you may want to add, enhance, and improve on your city’s website.

  1. Pay. One of the most common “calls to action” that many citizens expect on city websites is to pay bills, traffic tickets, taxes, etc. online. The more you can direct people to pay through automated processes, the happier you make citizens—and the happier you make city employees. Offering online payments reduces the cost of staff time spent manually processing payments and reduces the risk of error from handling manual or paper-based processes. Plus, most citizens now expect some or all payments to be available online.
  2. Sign up. You may have an email newsletter, text message alerts, or even an online way for people to sign up to speak at city council meetings. Offering useful information or the convenience of signing up for a public activity online helps you stay connected with citizens. Make it easy for people to sign up. Avoid long forms and consider only requiring that people enter essential pieces of information.
  3. Click. Encourage people to explore and go deeper inside your website. Don’t overload people with information on any one page (especially the homepage). Instead, build your pages so that people are encouraged to click as they need more detailed information. For example, a government page might describe your city council on a high level. If people want minutes related to a specific meeting, offer an easy-to-find link to your archives where people can search for past meeting minutes.
  4. Search. Similar to how people use Google, your citizens are used to searching for things on their own on a website. Make sure your search box is easily seen and useful to citizens who look for information. On the backend, you may want to work with your website designer or IT staff/vendor to make your search box even more useful by anticipating what users will search for (e.g. an autofill function when someone types in a word or phrase) or suggesting related content to users based on their search terms.
  5. Follow. As you know, citizens may not necessarily go directly to your website for information. Instead, they will be led there through Twitter, Facebook, and other social media platforms. Provide easy ways for citizens to follow you on social media. On many websites, the follow buttons are an unobtrusive but still highly visible part of every page so that users always have the option to follow you on social media at any time. Growing your social media followers and fans is now an important part of citizen engagement.

You might think of more calls to action beyond the five listed above. No matter what they are, calls to action help get your citizens to do something, to engage with you. Signs of their activity will show unmistakable proof that your website is useful to citizens. You may also find that some calls to action are less popular, or that calls to action may be too hard to find. Fixing and tweaking the way you engage with citizens will go a long way toward improving the way you communicate to the outside world through your website and make it much more useful to people.

To talk in more detail about website calls to action, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom