We put the IT in city®

CitySmart Blog

Wednesday, February 19, 2020
Nathan Eisner, COO
Nathan Eisner

As of this blog post publication, Windows 7 currently has a 32 percent market share on desktops and laptops. Yet, Microsoft stopped supporting Windows 7 on January 14, 2020. What does this end of support mean? A few things:

  • Microsoft no longer provides technical support for Windows 7 (with only some very rare or super-costly exceptions).
  • Microsoft no longer provides software and feature updates for Windows 7.
  • Microsoft no longer provides security updates for Windows 7.

Rationale for staying on Windows 7 often involves certain attitudes, myths, and assumptions that can be dangerous.

  • “They’re trying to scare me with empty threats. This is just a way for Microsoft to make money. They force upgrades on people. I’m sticking with Windows 7.”
  • “My antivirus will make sure Windows 7 stays secure.”
  • “My IT support vendor can keep Windows 7 running for me.”

These statements are misleading and inaccurate, as we will see below. And while you may not like Microsoft’s business model, reality is reality. If they are no longer supporting software released in 2009 (an eternity in IT time), then that means they are no longer supporting it.

Let’s look more closely at the dangers of staying on Windows 7.

1. Security

This is your biggest concern—by a longshot. Windows 7 will no longer receive security patches. That’s important. Software patches are an essential part of a security strategy. Vendors patch software on a regular basis as security vulnerabilities are discovered. Without patching, hackers have a way to break into your systems, deliver ransomware and malware, and steal data.

The longer Windows 7 does not get patched with any security updates, the less secure it becomes. If any of your city employees use Windows 7, then their desktop or laptop is like an unlocked door that welcomes burglars to City Hall.

What about antivirus software? No—it won’t protect Windows 7. Software patches and antivirus software are completely different tools protecting completely different security vulnerabilities.

  • Think of viruses like an unauthorized person trying to enter a restricted room in City Hall (such as the mayor’s office) through a legitimate, monitored entrance. Antivirus software would be your mechanism (city employees, security guards, sign-in processes) to prevent the unauthorized person from entering.
  • Think of software vulnerabilities (such as Windows 7 vulnerabilities) like parts of your City Hall building where people can break in (unlocked doors, windows, openings, etc.). Patching is like a lock, a security alarm, or building improvements that prevent people from entering or wandering inside through a building vulnerability.

Your antivirus software can prevent viruses and malware from infecting your computer, but a weakened Windows 7 will remain open for hackers to exploit through vulnerabilities in the software.

2. Basic computer functioning

Without patching, functionality with Windows 7 becomes a risk. Computers may freeze. Unpatched software bugs impact your employees doing work. Your IT support vendor flounders as they try to work around a dying operating system. If you are non-technical, it’s easy to think of computers like cars or appliances. Get a good mechanic and they can fiddle around with the machine until it works.

Computer operating systems do not work this way. There are no “Windows 7 mechanics” with access to the software’s source code. As Windows 7 grows more obsolete, this unsupported operating system will become less functional as it lacks regular patching and updates.

3. Incompatibility with modern applications

Why do people upgrade their smartphones so often? It’s because they want popular apps to work, videos to play without slowing or freezing, and GPS to work smoothly. That’s exactly the rationale behind transitioning from Windows 7 to a newer operating system. The obsolete, unsupported Windows 7 will not be able to support many modern applications.

Think about it. If Windows 7 was released in 2009 and mainstream support ended in 2015, that means at least five years (again, an eternity in IT) have passed since Windows 7 was considered a modern operating system. So many modern applications built or upgraded since 2015 exceed the software limitations of Windows 7 and may not work. As time goes on, you may encounter situations such as:

  • Wanting to upgrade your accounting software, but unable to do so because you have Windows 7.
  • Running into issues with cloud software that you access over the internet because Windows 7 is incompatible with certain up-to-date modern features.

4. Obsolete hardware

Where you find Windows 7, you will also likely find obsolete, aging hardware. For a more in-depth look at why you need to modernize your hardware, read our post “5 Reasons to Modernize Your Hardware.” Specific to Windows 7, it’s actually beneficial to upgrade hardware at the same time you upgrade your operating system. If you cling to Windows 7 and old hardware, your support costs will increase more and more, making that original hardware investment even more expensive as you pour money into dying technology. Instead, modern hardware is less expensive and faster than what you bought five or 10 years ago. In addition to running a modern operating system like Windows 10, modern hardware will also improve your municipality’s productivity and ability to use modern software.

5. Compliance

Municipalities must comply with laws that require them to secure and protect sensitive and confidential data. If you use Windows 7 knowing that it is no longer supported and patched, then you place your city’s information at risk. Continuing to use Windows 7 may create legal and compliance risks related to the security and protection of tax, public safety, payment, personnel, and other sensitive information.

Upgrading from Windows 7 is overdue and essential—especially now that no more patches or support will come your way. While making the investment to upgrade hardware and software may seem like a lot of money, the costs and risks are much higher if you stick with Windows 7 as it grows less secure and reliable over time. If you’re still on Windows 7, we urge you to make the move to upgrade today.

Need help upgrading from Windows 7 to a newer operating system? Don’t know where to begin? Reach out to us today.

Monday, February 10, 2020
Kevin Howarth, Marketing & Communications

We hope to see you at the following municipal events this week!

2020 Newly Elected Officials Institute
February 10-12, 2020
Tifton, Georgia

Arkansas Municipal League 2020 Winter Conference
February 12-14, 2020
Little Rock, Arkansas

Wednesday, February 5, 2020
Dave Mims, CEO
Dave Mims

Before 2019, we wrote many blog posts about municipalities and ransomware that focused on the seriousness of the problem while offering tips about what to do. In those days (just a few years ago), the topic remained technical and industry-specific—mostly talked about in trade publications and local government publications.

In 2019, municipalities and ransomware became front page news in the mainstream media. The New York Times, The Wall Street Journal, The Washington Post, CBS News, ABC News, NPR, CNN, and Forbes are only a few examples of media outlets that have recently covered stories about ransomware attacks on municipalities. Even a highly polarized Congress has passed legislation attempting to help municipalities battle ransomware.

As we head into 2020, it’s worthwhile to collect some facts, statistics, and research about ransomware’s impact on municipalities to drive home the point that cities and towns must address cybersecurity vulnerabilities that leave them open to cyberattackers.

1. Local municipalities are the most popular ransomware target.

Many cities and towns still think, “We’re below the radar screens of sophisticated cyberattackers.” Or, “Cyberattackers mostly go after businesses.” Instead, research from Armor shows that municipalities are the number one target for attackers—ahead of schools and healthcare organizations. IT security company Barracuda Networks supports this research. Reported in StateScoop, “Nearly two-thirds of all publicly known ransomware attacks in the United States in 2019 have targeted state or local governments…”

Your municipality is a target. A big target.

2. More municipalities are targeted each year—a 60 percent year-over-year increase between 2018 and 2019.

Reported in MSSP Alert, “At least 174 municipal institutions suffered ransomware attacks in 2019, according to research from antivirus software provider Kaspersky. This represents a 60 percent year-over-year increase.”

In other words, ransomware is no longer an improbable event. It’s likely that even more municipalities will be targeted in 2020.

3. 45 percent of government ransomware victims were municipalities with under 50,000 in population.

Another argument we hear about ransomware is: “Cyberattackers only attack big cities like Atlanta, New Orleans, and Baltimore. They aren’t going after the smaller cities.”

Actually, it’s quite the opposite. Reported in CSO Online, “Barracuda’s researchers conducted a deeper dive on 55 ransomware attacks on state, county and local governments that have taken place [in 2019] and found that 38 were on local governments, 14 were on county governments, and three were on state governments. Nearly half of the government victims, around 45%, were small municipalities with populations of fewer than 50,000 residents, and 24% had fewer than 15,000 residents.”

4. 48 out of 50 states have had municipalities targeted by ransomware.

Your next argument might be, “But I’m from a less populated state that should be of less interest to cyberattackers.” However, at least 48 out of 50 states have had municipalities attacked by ransomware. A municipality from any state is fair game.

5. Ransomware reporting is imperfect—so many more municipalities are probably affected.

Yes, the ransomware problem at municipalities is worse than what’s reported because you must also consider the incidents that go unreported. Look at the statistics above and realize they are probably only the tip of the iceberg.

6. Cyber criminals charge a higher ransom for public sector victims.

We often hear, “But cities don’t have any money. Why would cyberattackers try to ransom us?” Whether that’s true or not, cyberattackers assume municipalities are a good, stable source of cash. According to Coveware, “[Public] sector victims paid an average ransom of $338,700, almost 10x the global enterprise average.” For a criminal, it’s a no-brainer to target the public sector.

7. Ransomware downtime is increasing.

As ransomware matures and becomes more sophisticated, it causes more damage and leads to longer downtime. Again according to Coveware, “In Q2 of 2019 average downtime increased to 9.6 days, from 7.3 days in Q1 of 2019.” A municipality experiencing a ransomware disruption will get hit harder today than just a few years ago.

8. 35 percent of ransomware attacks work because 3-year old vulnerabilities are not patched and fixed.

Too many ransomware attacks are successful because municipalities simply don’t patch their software. Reported in Dark Reading, “A new report says that 35% of the vulnerabilities exploited in ransomware attacks are more than 3 years old…” Because cyberattackers know that municipalities are not being intentional with keeping their IT environments monitored and maintained, they go after these easy ransomware targets. (See stat #1.)

9. Lack of employee knowledge helps ransomware attacks succeed.

We’ve written many times about how employees are often the ones who click on malicious email attachments and links that download and allow ransomware access into a municipality’s systems. Reported in Security Magazine, “More than one-third of respondents consider malware and ransomware a first priority threat. Yet, 25 percent of respondents say that employees have limited to no security awareness, nor do they understand their role in prevention.” Employee training is a must.

10. Your city may already be infested with ransomware—and it’s waiting to go off.

While the following statistic pertains to small and medium-sized businesses (SMBs), municipalities are often the same size—and so it’s likely that what holds true for SMBs holds true for municipalities. Reported in TechRepublic, “22% of SMBs said their networks have encountered a ransomware attack that bypassed preventative security controls, while fileless malware attacks are also on the rise. Average attack dwell time—the time between an attack penetrating a network's defenses and being discovered—ranged from 43 to 895 days for SMBs, the report found. The average dwell time for confirmed, persistent malware was 798 days.”

This means it’s likely, if you don’t proactively maintain and monitor your IT systems, that ransomware already lurks within your municipality. And it’s waiting to go off—like a cyber bomb.

Worried about your municipality’s preparedness to defend yourself against ransomware or recover from a ransomware attack? Reach out to us today.

Monday, February 3, 2020
Kevin Howarth, Marketing & Communications

We hope to see you at the following municipal event this week!

Georgia Clerks Education Institute Conference
February 2-4, 2020
Jekyll Island, Georgia

Wednesday, January 29, 2020
Adrian McWethy, Network Infrastructure Consultant
Adrian McWethy

As ransomware daily ravages organizations, the struggle often involves working to contain the damage. It’s bad enough that ransomware encrypts files, rendering them useless unless a municipality restores its data from a backup or pays the ransom. Sadly, the damage of ransomware goes so much deeper.

For example, a common misconception is that ransomware only encrypts data. The thinking goes, “I simply pay the ransom and get my data unencrypted” or “I just restore my data through a backup, and everything is fine.”


Let’s take the recent case of Pensacola, Florida. Falling victim to the Maze ransomware virus, the City of Pensacola experienced the usual ransomware playbook: the virus encrypted files and cybercriminals demanded a $1 million ransom. Yet, another significant event happened. According to Bleeping Computer, “The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack. […] In a discussion with BleepingComputer, the Maze actors stated that they released the stolen data to prove to the media that they steal more than just a few files during a ransomware attack.”

How would your municipality react to the threat of ransomware differently if you knew that everything encrypted—all confidential, sensitive, and personally identifiable information—would end up accessible to anyone on the internet? That means all information about personnel, police investigations, and property taxes. Would this make you plan for a possible ransomware attack differently?

If so, we want to review a few more myths and misconceptions about ransomware viruses that may affect your security strategy.

1. Cybercriminals use ransomware viruses to connect to your data and systems through the internet.

A ransomware virus runs as a program and connects the cybercriminals to your systems through the internet. This isn’t just a random software program isolated on your computer that only encrypts your files. The virus is a gateway—like a virtual tunnel—that opens up your data and systems to cybercriminals.

2. As your data is held hostage, cybercriminals also have access to it.

Once someone has unauthorized access to your data, they are inside the tent and can do much more than simply encrypt your data. It’s the difference between someone locking you out of your house but never entering it versus someone locking you out of your house with the added fact that they’re inside with access to all your possessions. And even worse, in cyberspace it’s as if this person still has access to everything in your house after they let you back inside!

Yes, your data is encrypted and held hostage through ransomware. But you also don't know what cybercriminals are doing with your data. What would stop them from uploading your data and selling it on the dark web? The City of Pensacola example shows that cybercriminals can literally steal all your data and publish it in a public forum where everyone can access it.

3. If I pay the ransom, I’ll get my data back.

So, you’re trusting the kindness of criminals? Certainly, even criminals have an incentive to unencrypt your data—otherwise no one would pay ransoms. But if we look at the data, criminals do not always give back access to your data after you pay a ransom. Bottom line: Paying the ransom isn’t a sure bet. For more details, read our post “Why You Should Never Pay a Ransomware Ransom.”

4. With data backups, I’m fine.

Data backup alone will not protect you against ransomware, as various problems may arise including:

  • Ransomware encrypting the data on your backup servers, rendering your backups useless.
  • Disrupted operations as backups take weeks or months to restore data after an attack.
  • Failure to comply with laws and regulations from poor security policies—leading to legal and financial penalties.
  • Cybercriminals stealing your data—and possibly sharing it with the world.

We encourage you to read two of our posts:

5. We’ve got antivirus software, so we’re fine.

It’s true that the majority of known and/or amateurish viruses are usually caught and prevented by most best-of-breed antivirus software. However, many ransomware viruses get past antivirus software through the following means:

  • Sophisticated ransomware: The most potent forms of ransomware are built by nation states and organized cybercriminal rings—and ransomware evolves quickly with new variants. Many forms of ransomware can get by even best-of-breed antivirus software.
  • Relying on people to click links and attachments: A person clicking on a malicious link or attachment may bypass an antivirus software’s warnings—which is why so many ransomware attacks begin with a person clicking on something bad.
  • Holes in your security: At the server or network level, a cybercriminal can gain access to your network and upload ransomware, bypassing antivirus software and even the need for an employee to click something. If your servers, network, and other access points are misconfigured, secured poorly, and lack oversight, then you open yourself up to ransomware.

It’s good that more municipalities are aware of ransomware, especially after so many towns and cities have been attacked. However, it’s critical that you educate yourself about the deeper impacts of ransomware and challenge any assumptions you’ve picked up along the way about how ransomware operates. We hope this post clarifies a few myths and misconceptions, spurring you to better secure your municipality.

Uncertain about your ability to survive a ransomware attack? Reach out to us today.

Friday, January 24, 2020
Kevin Howarth, Marketing & Communications
Wednesday, January 22, 2020
Sarah Diggs, Client Services Manager
Sarah Diggs

Along with cybersecurity, many cities acknowledge data backup as the most important IT need. Obviously, cities don’t want to permanently lose data. As a result, they usually have taken some steps toward backing up data. In many cases, though, they lack a strong strategy and foundation—leaving them at risk to still lose data even when they think they are taking the right steps.

From a non-technical point of view, it’s easy to think that doing anything is doing something—that you’re taking care of the problem if you checked it off your list no matter what the solution. However, many data backup strategies are poorly thought out and/or lack critical elements.

No matter what kind of data backup strategy and solution you have, use this post to assess its current components. After thinking about the five critical components below, ask yourself whether you need to build a stronger data backup strategy to truly protect your city’s data.

1. Identifying critical versus non-critical data

Looking at all your data equally is a strategic mistake. Think about what would happen if you lost your wallet. Would you spend equal amounts of energy getting a new sandwich shop $5 gift card as you would cancelling your credit cards? Of course not. The same kind of thinking holds true for your data. That’s why part of a good data backup strategy involves identifying your most critical data and prioritizing its backup.

Some questions to ask include:

  • What is my most critical data? Identify critical records, documents, databases, payroll, accounting, financial databases, public safety data, court data, utility billing, 911, and other mission critical systems. For your city, what do you consider your most critical data?
  • Where is it? Where is this data located? On servers? Individual computers? Thumb drives? Is it accessed over the internet?
  • Who has access to it? Is it stored on centralized servers or in the cloud where authorized employees all may access it? Or is it only on someone’s individual computer or computers?

Answering these questions will give you clarity about what data you have, where it resides, and how you will prioritize certain types of data when you back it up and recover after an incident or disaster.

2. Assessing your current data backup situation

Even if your data backup strategy right now is “nothing,” that’s a strategy. It’s good to honestly assess your current data backup solution, even if you know it may not be ideal. Some important questions include:

  • How am I currently backing up my data (if at all)? What method are you using? Tape? External hard drives? Thumb drives? Servers? An online data backup solution (whether consumer- or business-grade)? The method will affect the quality, thoroughness, and certainty of your data backup.
  • How often do I back up? Continuously? Hourly? Daily? Weekly? Monthly? Irregularly? Your frequency (or lack of frequency) will affect how much data you back up and if you will be able to recover critical data after an incident or disaster.
  • How fast can you recover? It’s nice if you’re backing up data. But some solutions can take a long, long time to recover. For example, what if it takes two months to recover data from tape backups, and that data includes your payroll application? Is that acceptable?
  • What’s the recovery point? In other words, if an incident or disaster occurs, at what point can you pick up as if nothing happened? Yesterday? A week ago? Three months ago? Knowing your recovery point is very important as it can impact the amount of data you permanently lose in a disaster.

3. Making sure your onsite data backup allows you to quickly recover from an incident

After identifying your critical data and assessing your current data backup solution, it’s time to fill in any gaps with your onsite data backup. No matter what solution you currently have, you need to ask yourself if it does the following:

  • Recovers your data within minutes: If this seems miraculously fast to you, then you need to reassess your onsite data backup. For example, if you have data backup servers onsite that replicate data from your primary servers, then they should be able to take over quickly if a server fails. Conversely, more manual data backup solutions such as an external hard drive or tape may take much longer to restore.
  • Works continuously and automatically: An onsite data backup server should back up your data throughout the day without you having to do anything. Again, manual solutions such as an external hard drive often require human intervention. If someone gets busy or forgets to plug it in, then you are not prepared for an incident.
  • Does not require internet access: If you rely only on an online data backup solution, then you will not be able to access critical data if there is an internet outage. While offline, you can still restore and access data onsite such as your payroll application.

4. Making sure your offsite data backup allows you to quickly recover from a disaster

Many cities still do not have an offsite data backup component to their strategy or they leave open significant offsite data backup gaps. Some questions to ask include:

  • Do I even have an offsite data backup component? If not, you need to address this component as soon as possible. Otherwise, you don’t have a way to recover from a disaster—whether it’s a tornado or ransomware.
  • Am I defining “offsite” correctly? You can read about the correct definition of “offsite” in our blog post “What ‘Offsite’ Data Backup Actually Means.” To summarize a key point, offsite means offsite—stored far, far away geographically from your city.
  • Can I recover my data within hours? If your offsite component leaves you with uncertainty about the amount of time it will take to recover, or if the recovery time is weeks or months, then you need a new solution. With internet access, you should be able to access your data within hours after a disaster.

5. Testing your data backup solution

Finally, we come to a still often overlooked data backup component—testing. The argument is simple: If you test your data backup solution, then you know if you can recover, how fast you can recover, and if any critical data is missing when you recover. If you don’t test, you may experience a horrible “surprise” after an incident or disaster when your data recovery is incomplete or doesn’t work at all.

For more about testing, read:

By using this 5-point assessment, you can evaluate your current data backup strategy, identify gaps, and create a plan to seek out a solution that meets all your unmet needs. The cost of a poor or incomplete data backup solution is severe—risking permanent data loss, crippled city operations for weeks and months, and failure to recover after a disaster such as a tornado or ransomware.

Need help evaluating your data backup strategy? Reach out to us today.

Tuesday, January 21, 2020
Dave Mims, CEO
Dave Mims

We’re already almost one month into 2020. It’s not only a new year but a new decade—a time for envisioning. Where do you see your municipality in 2030? What new ideas and possibilities are you imagining for your community?

To accomplish what you want requires a strong operational foundation that includes information technology. Cities like Vincent, Alabama and Breda, Iowa are prepared for the 2020s after reimagining and modernizing their technology foundation. We encourage you to read our case studies about Vincent and Breda to learn how your municipality might benefit from some technology modernization.

This decade will also only increase the number and intensity of cyberattacks on municipalities. You likely see the near-daily mainstream news headlines reporting about municipalities hit with ransomware as cyberattackers relentlessly attack local governments. Are you ready for such attacks? If you want to know more about IT in a Box, start here to learn how to protect your city while giving you the right foundation for a new year and decade.

Enjoy our newsletter. As always, don't hesitate to reach out to me if you have something to share with our local government community.


Dave Mims

New Clients

Buckhead Investment Partners
Callender, Iowa
Milton, Kentucky
Tontitown, Arkansas
Tyrone, Georgia
Woodlawn Park, Kentucky

New Websites Launched

Homer, Georgia
Mansfield, Georgia
River Falls, Alabama
Walnut Grove, Georgia

Featured Case Studies

Breda, Iowa
Vincent, Alabama

Featured Cybersecurity Article

4 Spear Phishing Email Scams That Can Trick Cities

Spear phishing takes a lot more of a scammers’ time, so they work harder than usual to get it right. Scammers have also learned that specific scams work better than others. Read about a few common spear phishing email scams that, if your employees aren’t paying attention, could easily trick them.


Featured Data Backup Article

What Needs Backing Up? 4 Pieces of Critical Data That You May Overlook

It’s too common to see cities still relying on consumer-grade solutions or manual data backups—and never testing them. Whether you use an online consumer-grade data backup solution, external hard drive, or even tape backup, don’t assume that your tool is backing up everything you need. Read about four kinds of critical data that your data backup solution may not be backing up.


Featured Helpdesk Article

Three Secrets of a Great Helpdesk

How does an IT helpdesk do it right? Municipalities tend to like our helpdesk, and that is because we’ve mastered a few secrets. We cannot give away all our secrets, but we can suggest some ways for towns and cities to judge whether their own IT staff and vendors are mastering some basic best practices.


Featured Website Article

How Applying Web Accessibility Standards Leads to Mobile Accessibility

For a quick overview, we’ve covered a few important mobile accessibility best practices that relate to your city’s website that can get you started on thinking about making sure citizens can access your website no matter what device they use.


Newsletter Signup

Sign up for Sophicity's CitySmart Newsletter. Get all of the latest city government news, articles, and interviews.

We hope to see you at these upcoming events:

ACCMA 2020 Winter Conference
January 22-24, 2020
Birmingham, Alabama

Cities United Summit (formerly known as Mayors Day)
January 24-27, 2020
Atlanta, Georgia

Georgia Clerks Education Institute Conference
February 2-4, 2020
Jekyll Island, Georgia

2020 Newly Elected Officials Institute
February 10-12, 2020
Tifton, Georgia

Arkansas Municipal League 2020 Winter Conference
February 12-14, 2020
Little Rock, Arkansas

Monday, January 20, 2020
Kevin Howarth, Marketing & Communications

We hope to see you at the following city events this week!

ACCMA 2020 Winter Conference
January 22-24, 2020
Birmingham, Alabama

Cities United Summit (formerly known as Mayors Day)
January 24-27, 2020
Atlanta, Georgia

Wednesday, January 15, 2020
Dave Mims, CEO
Dave Mims

Don’t let the population of under 500 people fool you. Breda, Iowa is one of the most modernized cities in the state. Every house has access to the city’s gigabit fiber optic system, and Breda offers popular amenities such as a beautiful park, golf course, swimming pool, and fitness center. Incorporated in 1877 along the Chicago and North Western railroad line, this west-central Iowa city has a strong local economy with nearly 40 businesses based in or near its city limits.

With a small city like Breda now offering modernized services, that also means it needs the help of information technology to effectively serve citizens. However, Breda—like many small cities—also has a small staff. With no budget to hire a full-time or even a part-time IT employee, Breda still has IT needs as employees rely on computers and software to perform work. Relying on non-technical city staff to fix IT problems is too risky, and so Breda needed to look at unique IT options that met its needs.


Nancy Janssen, City Clerk of the City of Breda, said, “Many small cities have just one person in the office, and that person has too many things going on to find the time to deal with IT problems.” The City of Breda’s small staff, with sometimes just one person in the office at a given time, found itself wrestling with a few technology challenges that they did not have time to address.

  • Lack of responsive IT support: With some city staff such as the city clerk only working part-time, there were concerns that IT issues occurring or needing resolution when employees were not working would negatively impact city operations. Plus, city staff, already strapped for time, wasted hours on the phone working with various technology vendors—some of whom pointed fingers at each other instead of working to address problems.
  • Uncertainty related to cybersecurity: While the city had some security tools in place, no technical management existed to oversee this security. As a result, some uncertainty existed around the city’s firewall, antivirus, and user access.
  • Paper documents and unorganized electronic documents putting records management at risk: The city managed cabinets of paper documents that made it tedious and time-consuming to locate records. For a long time, city staff have wanted to implement a more robust records management system that allows the city to scan paper documents and store them in a centralized electronic location for easy search and access. With so many other daily priorities, the limited staff just didn’t have time to tackle this project.

Overall, this lack of IT support and uncertainty around important city business functions meant that the City of Breda needed to consider an IT helpdesk that could support the city around the clock and address important issues—while not breaking the city’s budget. The Iowa League of Cities “IT in a Box” solution offered the right fit.


IT in a Box offered the City of Breda municipal-experienced technology professionals who were ready to address these ongoing problems. Once implemented, IT in a Box’s comprehensive, multi-faceted solution included:

  • 24x7 helpdesk: Dedicated 24x7x365 helpdesk support staff now provide Breda IT support both remotely and onsite, depending on the issue. City staff now have just one place to call for all their technology needs—and there is someone to work on IT problems when city staff are not at the office. "Even if our computer is still working but there is an issue with some piece of it, we can continue to do our work while Sophicity takes care of the IT problem," said Janssen.
  • Server, desktop, and mobile management: Enterprise-class antivirus and antimalware software now actively monitors threats. Sophicity also implemented cybersecurity best practices to improve security and helped the city secure its IT infrastructure.
  • Onsite and offsite data backup and disaster recovery: Onsite and offsite data backups help ensure both quick recovery after small incidents (like a server failure) or a larger incident (such as a tornado). Quarterly testing ensures the city’s data is safe and recoverable.
  • Vendor management: Sophicity now handles any needed technical calls with hardware and software vendors, resolving issues that used to take up valuable city staff time.
  • Document management: The city has begun the process of going paperless and implementing a centralized document management system so that staff can easily apply records retention schedules.
  • New city website: Breda received a modern fresh custom-designed website with Sophicity hosting the website and managing the content. Plus, city staff can now edit and update website content themselves.


After the city switched over to IT in a Box, they experienced many positive results.

  • Responsive IT support allows city staff to focus on their work: Instead of struggling to figure out IT issues on their own, employees now receive remote or onsite IT support for issues that are often resolved in minutes or hours—lightening the burden on city staff. Now, city staff can do other work while Sophicity takes care of IT problems. “By me not having to be the one to do the support work, that just takes it off my plate,” said Janssen. “I can just call IT in a Box and say, ‘We’ve got a problem. How do we fix this?’ We now know who to call, and we can call one place knowing Sophicity will take care of whatever we need.”
  • The city is now prepared for a cyberattack: Ransomware, malware, or viruses strike when least expected. Through a combination of proactive IT support, cybersecurity best practices, ongoing training, enterprise-class antivirus software, and offsite data backup, the city has the right pieces in place to protect itself. “Security gives me peace of mind, and it’s good to know we can recover our data in 24 hours in a worst-case scenario,” said Janssen.
  • The city reduced the risk of permanent data loss: No more uncertainty exists about data backup and recovering data after a disaster such as a tornado. IT in a Box’s onsite and offsite data backup components—tested quarterly—reassures the city that it can recover its data after an incident. “If a tornado hit, it would take 24-48 hours to get me back in business as long as we could establish an internet connection,” said Janssen. “I know my backups are happening now. I have no doubt about it.”
  • Vendor management saved the city time and money: With municipal-experienced senior engineers supporting the city, all hardware and software vendor calls now get handled by Sophicity—saving valuable staff time.
  • The city’s new website addressed risks and gave the city one single point of contact: Instead of contacting multiple contractors and vendors that managed different parts of the website, Breda now contacts Sophicity. IT in a Box resolved issues with website hosting and gave Breda a fresh website redesign. Sophicity engineers also help upload content to the website if needed. “They’ve done a fabulous job for us, and we’ve been really happy with the website,” said Janssen.
  • The city is excited to address long-standing document management issues: As something the city was unable to address for a long time, document management best practices will now be implemented. The city is excited to begin the process of converting its paper documents to electronic documents along with organizing documents in a central location for easier findability.
“I’m a mentor with the Iowa League of Cities, and I mentor other city clerks who might be new in their job. Being from a small town, I work with mostly small cities the size of Breda. I find that many cities don’t see the importance of keeping equipment and software updated and working properly. They’re just slowing themselves down or shooting themselves in the foot by not keeping IT up to date and working as best as it can be.

“This is the age of computers. One thing that I haven’t seen during the last 16+ years that I’ve been a city clerk is cities using computers less. First, we need to embrace the technology. Second, we need to search out technology to maximize our efficiency because the tasks that city clerks do on a regular basis are not lessening either. In fact, the amount of our work is growing. And as the amount of work grows, our cities are not going to invest in more people. They’re going to invest in more technology. If we don’t have the technology, along with an IT helpdesk to manage and take care of that technology, then we’re going back to the Dark Ages. IT is like electricity, and to not keep your IT working as well as your electricity is silly.

“In addition to Sophicity’s technical help and expertise, I enjoy the personal relationship aspect of IT in a Box. Their IT engineers are sweet and dear to me. In the Midwest, many of our business dealings are built on a personal relationship. With Sophicity, it’s easy to develop a personal relationship with them. It’s not just about equipment and services. With a good personal relationship in place, if things do go wrong with IT, it’s so much easier to communicate about what went wrong. It’s fine when everything’s fine, but it’s when things go wrong—that’s when the personal relationship really comes into play.” - Nancy Janssen, City Clerk, City of Breda, Iowa

Contact Us Today

If you're interested in learning more, contact us about IT in a Box.

About Sophicity

Sophicity provides the highest quality IT products and services tailored to city governments. Among the features Sophicity delivers in "IT in a Box" are cybersecurity and computer maintenance, 24x7 U.S.-based helpdesk for remote and onsite support, data backup with unlimited offsite data backup storage for disaster recovery, records and document management, email, body camera and squad car camera video archiving with unlimited offsite video storage following record retention policies, information security policy and compliance, a custom designed website that is ADA-compliant and mobile-ready, and vendor management and procurement. Read more about IT in a Box.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 |