We put the IT in city®

CitySmart Blog

Thursday, March 22, 2018
Dave Mims, CEO
Dave Mims

If you’re a Georgia city, you may have heard that members of the Georgia Municipal Association’s (GMA) property and liability fund (GIRMA) are eligible to receive a grant from GMA’s Safety and Liability Management Grant Program to reimburse your city for up to 25 percent of the annual IT in a Box subscription fee.

Why has GMA taken such a step? Because a lack of proactive IT support has become a critical liability for cities—and municipal leagues are noticing.

Not long after GMA began offering this grant, two Georgia cities were hit hard with malware attacks (one of which likely happened when an employee clicked on a malicious email attachment). Systems went completely down, computers needed erasing and re-imaging to be usable again, and some data was permanently lost as the cities worked to eliminate the malware.

The result? Weeks and weeks of downtime. Lots of money lost. And a loss of trust with citizens impacted by a lack of services.

These events are not surprising. Cities are struggling with three consistent issues:

1. Cybersecurity

It’s not exaggeration to say that all cities are now targets for hackers. Ransomware, malware, and viruses lead to data breaches, data loss, and inoperable systems that are taking unprepared cities weeks or months to recover—with high financial and potential legal liability added on top of the disruption.

2. Data backup and disaster recovery

Too many cities still cannot say for sure that they can recover data after an incident.

3. Helpdesk

IT support with poor response times, poor troubleshooting, and poor problem resolution hurts cities that must rely more and more on technology to run their operations.

Last year, we wrote an article titled “The Tripod of IT: Proactivity, Training, and Disaster Recovery” as a way for cities to think about tackling their technology problems.

  • Proactivity involves the right policies, processes, technology, and tools.
  • Training involves aspects such as teaching employees how to spot email phishing attacks or avoid malicious website
  • Disaster recovery involves onsite and offsite data backup along with regular testing.

One city that has tackled many of these problems is Forrest City, Arkansas. We’ve highlighted them in a case study and as our Featured Article for this month (see below). Read more about Forrest City to see if your city could use a similar technology transformation.

In customer news, check out the Town of Trion, Georgia’s new website. Plus, we’d like to welcome Alpena, Arkansas; Bull Shoals, Arkansas; Eastman, Georgia; Fairburn, Georgia; and Dover, Arkansas to the Sophicity family.

As always, don't hesitate to reach out to me if you have something to share with our local government community.


Dave Mims

Forrest City, Arkansas No Longer Worried About Legislative Audit Compliance and Now Enjoys Responsive IT Support

Doubling in population since 1950, Forrest City, Arkansas has continued to see steady population and business growth in recent years. To support more businesses and residents, Forrest City’s staff at city hall needs reliable technology. However, some uncertainty and technology issues started to hinder the city from not only serving its citizens but also complying with the important Legislative Audit.

After the city switched over to IT in a Box, they experienced many positive results.

  • Forrest City passed Legislative Audit with the burden of the process managed for them.
  • Responsive IT support led to increased productivity and employee morale.
  • Data backup helped prevent the permanent loss of data.
  • Sophicity untangled several complex IT problems that addressed employee frustration and lack of productivity.
  • Modernized hardware for a low price.

“I recommend that cities consider using IT in a Box. They especially helped us with the Arkansas Legislative Audit. For a city with limited staff, it’s a headache for one person to sit down and get all those policies in place. Also, Sophicity is there if you need them for overall IT support. At first, we thought the service was a little costly. But after getting IT in a Box up and going, we all now realize we should have done this a long, long time ago.”

– Derene Cochran, City Clerk / Treasurer, City of Forrest City, Arkansas

Read the full case study.

Newsletter Signup

Sign up for Sophicity's CitySmart Newsletter. Get all of the latest City Government and Municipal League news, articles, and interviews.

Recent Media

Is Your City Really Prepared for a Disaster?

Ransomware Cripples City for Weeks—and What We Can Learn

Securing Your City Employees Without Annoying Them


We hope to see you at these upcoming events including:

2018 GCCMA Spring Conference 
Monday, March 26, 2018 – Wednesday, March 28, 2018 
Jekyll Island, Georgia 

GMA District Spring Listening Sessions 
March and April 2018 
Across Georgia 

KLC City Official Academy II 
Wednesday, May 23, 2018 – Friday, May 25, 2018 
Bowling Green, Kentucky 

A Taste of I.T.

Taste of IT

Recently, CIS (Citycounty Insurance Services) Oregon (located in Portland) took time out of its busy daily schedule to grill out with us for what we call a Taste of I.T. These are BBQ-heavy :) customer thank you events that we’ve been bringing to our customers. Literally each month, we bring the food and beverages and get to have lunch with your staff. Thanks to Executive Director Lynn McNamara and CIO Mark Snodgrass. We had an awesome time!

Other Solutions 

IT in a Box 
Who guarantees IT services based on your expectations? We do.

Take action against technology issues at your city.

Data Continuity 
Peace of mind about your records and data.

Tuesday, March 13, 2018
Rodney Riga, Data Center Team Lead
Rod Riga

You’ve probably called utility service providers for help when experiencing an issue—and wished afterward that the lost time could somehow be given back to you. As you replay the call in your mind, you become even more frustrated.

Maybe the customer service representative had trouble understanding your problem.
Maybe they were sticking to some sort of call script to work through the issue.
Maybe they were making your problem more complex.
Maybe they simply didn’t have the capacity to provide proper support as promised.

In the end, you just wanted the problem solved, and you saw the issue as a relatively simple one that they should have been able to fix. Right?

At your city, you need an IT helpdesk that gets the simple stuff right. With your city staff wearing multiple hats and juggling busy workloads, there is never enough time for the unexpected. Addressing what should be a simple issue is a must so that these issues do not become time vampire nightmares.

Here are five examples of simple stuff that cities struggle with before switching to a solution like IT in a Box.

Computer Support

1. Computers, printers, copiers, and other hardware not working

We know that IT support engineers often oversee complex hardware that employees never touch such as servers and network equipment. However, it’s the heavily used hardware like computers, printers, and copiers that see the most wear and tear from employees. Printers break. Copiers stop working. Computers run into problems.

In fact, cities may even have issues with a printer or a certain computer that go on for years. Why? Sometimes the IT support vendor doesn’t really understand how to fix the root cause of a problem. Other times, the IT support vendor fails to help a city clearly understand that the best step is to replace a broken piece of equipment.

Keeping basic, heavily-used equipment up and working is a primary job of IT support. Engineers should either quickly get to the root cause of an issue or urge you to replace a piece of equipment if it’s dying or dead.

2. Access issues

This includes issues accessing an employee’s computer, the internet, email, a document management system, or an application. Everyone experiences these kinds of issues from time to time—whether forgetting a password or needing setup help as a new employee. At some cities, previous vendors have done a poor job of coordinating such access—letting many days lapse before getting back to an employee or not following a strict process for enabling authorized access. Employees should be able to call into an IT helpdesk that quickly gets them secure, approved access to important applications crucial for them to do their job.

3. Missing files

In this case, we’re talking about missing files that are the result of human error and still retrievable (such as “deleted” files in the employee’s recycle bin folder on their computer). Even if an email or document seems gone forever, it may still exist. And depending on the city’s data backup and disaster recovery system, even seemingly permanently deleted files can be recovered. A good IT helpdesk will not throw up their hands but instead work with the employee to find or restore data that seems like it vanished.

4. Frozen or locked computers

It’s not uncommon for a city to tell us they have struggled with this issue for years. As a result, employees unnecessarily suffered with slow computers. A good IT support vendor will immediately address likely causes of frozen computers such as:

  • Software patches: Patches not only resolve security issues but also resolve performance issues and bugs.
  • Software updates and upgrades: As technology evolves, software must evolve with it. Updates and upgrades help software keep pace with the higher demands of modern operating systems, multimedia, sophisticated applications, and higher internet speeds.
  • Aging, obsolete hardware: On average, computers start to become a liability after five years. In many cases, a slow computer may be the result of age and it eventually becomes less costly to just replace the computer rather than support it until the machine dies.

5. Resolving issues with other software and technology vendors

We call this “vendor management.” Many cities—by themselves or through the help of a previous IT vendor—have often tried to resolve ongoing issues with internet service providers, software vendors, or hardware vendors. Sometimes, issues are extremely technical and both a city and an inexperienced IT vendor might not understand the exact root cause. For example, a city might spin its wheels about slow internet for years as an internet service provider simply tells staff to restart their modem every day and limit the use of streaming video. By contrast, an experienced IT support engineer may discover a cabling, port, device, or configuration issue. Then, that engineer would work with the ISP until the problem is resolved.

In a recent case study, a city clerk told us “…we all now realize we should have [switched to IT in a Box] a long, long time ago.” A major reason for that reflection was the city’s experience with unreliable IT support. Having the right IT support makes a huge difference to city operations on so many levels.

Are you struggling with simple IT issues that just never get resolved? Reach out to us today.

Wednesday, March 7, 2018
Nathan Hall, Network Infrastructure Consultant

Nathan Hall Just as internet access is standard at nearly all organizations, Wi-Fi access to the internet is nearly at that same level of expectation. Most organizations rely on it internally and guests expect it. So many employees use untethered devices such as laptops, smartphones, and tablets—and those devices often work best with wireless access.

Simply buying a few retail wireless routers and setting them up yourself may not meet your needs. It’s not uncommon to see cities with spotty wireless access, slow wireless internet connections, and even a risk of data breaches through unsecured wireless access points.

If you’re struggling to provide quality, consistent, and reliable wireless access for your guests and employees, then you may want to explore these four ways to improve your situation.

Wireless Icon

1. Look at your technology foundation.

The root of many wireless issues goes deeper than your wireless equipment. You may want to assess your:

  • Internet service provider: Have you reviewed your ISP options lately? Your city needs a stable and reliable solution. Look at your uptime and make sure you’re getting business-class (rather than a consumer-class) service.
  • Network equipment: Are your network systems able to handle your wireless needs? Your network includes switches, routers, and firewalls appropriate for your needs.
  • Modernized hardware: You may have great wireless equipment but lack devices that can use it properly. Aging laptops will often have trouble connecting to wireless access points.

2. Make sure you’re using scalable, business-class wireless equipment.

If you’re tempted to buy your wireless equipment at a retail store, don’t. Consumer-grade wireless equipment will likely not fit your needs—especially when you have to scale as more employees and guests use it.

As one example, many consumer-grade wireless routers only provide what’s known as “single band connectivity.” At home, you might connect to one 5 GHz or one 2.4 GHz band at a time. Now imagine if all your city employees tried to get onto that single band through your home router. Like a rush of traffic on a single lane highway, your internet will slow down. By contrast, business-class wireless equipment provides you dual band or triple band connectivity options—giving you more “lanes” so to speak. These “lanes” help you accommodate all your users’ needs—including high-bandwidth activities like accessing videos or large files.

3. Ensure proper wireless coverage appropriate for your city.

Walls, floors, and other equipment (such as electronic devices and appliances) can all affect your wireless connectivity. You might have employees in a basement or on a top floor struggling to get a good wireless connection. Part of your wireless access planning needs to involve coverage. Who needs wireless access? What equipment will provide an appropriate range? How much equipment do you need to provide multiple access points? Without proper planning, cities may have too little equipment for their needs.

4. Secure your wireless access and improve your wireless security policies.

Why is security important for wireless access and reliability? When you aren’t managing your wireless access, you don’t know who is on your network, how many users are on your network, or what they’re doing.

In a previous post about wireless access security, we recommended that you:

  • Secure and lock down all wireless devices.
  • Remove physical wireless access hardware from the public or unauthorized employees.
  • Apply patches and upgrades to wireless devices.
  • Use appropriate wireless hardware and configure it properly.
  • Monitor and maintain your wireless network for security risks.

If someone is abusing your wireless access, then you could see significant slowdowns when employees try to access the internet.

Is your wireless access unstable or unreliable? Reach out to us today.

Tuesday, February 27, 2018
Patrick Perry, Network Infrastructure Consultant
Patrick Perry

We secure our cars, but we don’t drive Batmobiles. We like to unlock our car doors with one click but it’s still possible for a criminal to smash the window and grab something inside. It’s a trade-off.

We secure our homes, but we don’t live in a fortress with a moat surrounding it. We can unlock our doors with a key and perhaps a security system with an easy-to-remember code. Yet, if someone really wants to enter your home, it’s still possible. It’s a trade-off.

Similarly, your information technology needs to allow your city staff to easily perform work while keeping them secure. Sure, you could remove all access to the internet—but then you would get very little done. Sure, you could whitelist every single website that employees visit—but that takes excessive oversight and IT support.

What’s the right balance? If you are too lax with your information security, then you make yourself an easy target for bad actors (such as hackers). If you are too strict, then employees become unproductive, frustrated, and trapped.

Here are a few best practices that can help you balance both user productivity and security.

1. Monitoring and alerting for suspicious activity

Monitoring and alerting technology, coupled with proactive IT, provides early identification of suspicious activity and anomalous incidents before they become serious. For example:

  • An employee’s email account is being accessed remotely from Kazakhstan.
  • A large download or upload of data starts occurring in the middle of the night.

By proactively noting suspicious activity, you may be able to stop a data breach or data loss before it happens.

2. Enterprise-grade antivirus

Enterprise-grade antivirus is quite good at shielding and blocking obvious risks when employees accidently do something wrong. This software will flag and stop many viruses before they are activated, and it will also help prevent employees from entering suspicious websites or clicking on malicious email attachments. It’s not perfect, but antivirus software stops a lot of obvious breaches that result from employee error.

3. Patch management, software upgrades, and browser security

In addition to antivirus software, patching and upgrading your other software helps prevent employees from exposing your city to a virus or data breach. Patches often contain fixes to security vulnerabilities, and up-to-date software is built more securely than older software. Your accounting, office productivity, operating system, web browser, and other software all need regular patching and updating.

For example, keeping modern browsers up-to-date (such as Chrome, Firefox, or Edge) ensures that each browser’s built-in virus and malware protection helps prevent users from entering risky websites. When a user clicks on a bad website, a clear warning will often appear. It is important to keep your browsers updated to the latest version and with the latest patches.

4. Access and authorization

At a policy level, you need to restrict access to your software applications and data. Each person should be assigned the least security privileges required for them to do their job. For sake of ease, many cities allow administrative access (or full access) to many employees—even if those employees should not have access to sensitive information. By restricting access, you mitigate the risk of stolen, deleted, or corrupted data.

5. Wireless network security

It’s not uncommon to encounter an easily compromised wireless access point at a city. Warning signs include:

  • No password needed to connect.
  • An unencrypted or weakly encrypted connection.
  • A default admin password identified in the original wireless access point packaging.

It’s essential that you require employees (and everyone) to log into a secure wireless network that you host. Also, make sure that wireless access points are set up by authorized IT staff or an IT vendor.

6. Physical access

Any employee shouldn’t be able to wander into a server room or have physical access to a computer. Protecting equipment through locks, encryption, and passwords is a sensible security precaution.

7. Application controls

Software that deals with important data needs controls over data input, processing, and output. Otherwise, employees could accidently (or intentionally) delete, alter without logging, corrupt, or even steal data. You also don’t want users seeing data they should not be able to see.

8. Content filtering

Content filtering can help block bad websites—and unfortunately many good websites. Whitelisting websites is very secure but it’s a pain for employees as they must submit many legitimate websites to someone within the city for approval. However, certain temp employees or employees focused on simple tasks may not need full internet browsing to do their jobs. Content filtering may work well to keep them focused.

9. Creative training

Employee error is the root cause of a high percentage of data breaches, viruses, and permanently lost data. All it takes is one employee to click on a malicious email attachment or website and you’ve got a potential data breach on your hands.

Consider training that is:

  • Ongoing: This helps reinforce cybersecurity lessons for existing employees while training new employees.
  • Test-oriented: For example, IT can periodically test city employees with mock phishing attacks to see if employees will click on malicious emails. If a user gets fooled, especially multiple times, they may need extra training.
  • Leader-oriented: City leaders such as the city manager, city clerk, and department heads need to buy into the importance of cybersecurity training. Otherwise, no one will take it seriously.

These best practices will help you balance employee productivity with security in a way that won’t overwhelm or slow employees down. If you need help finding a right balance, reach out to us today.

Wednesday, February 21, 2018
Jessica Zubizarreta, Network Infrastructure Consultant

Jessica Zubizarreta 

When we begin working with many of our city customers, we often see the need to modernize dated hardware, software, and systems. We know this is sometimes a scary prospect.

First, old habits die hard. City staff get used to familiar servers, computers, or the way their network operates. Second, the budget for new equipment often seems too expensive. As a result, it becomes tempting to stick with old equipment until it dies to “maximize the investment.”

However, there are five major reasons why modernizing your hardware is important and should take place on a regular replacement cycle (or better yet, why you should move to a cloud platform that eliminates the need for some hardware).

Computer at a desk1. Old hardware is more likely to break down.

Treating hardware like a junker car is not wise. When you use hardware until it breaks down, you don’t know when it will break down, what it will impact, and how you will stay operational. What if your hardware breaks down during a busy time of year? What if your dead server impacts payroll for weeks? How long will it take you to order new hardware, transfer all the data (if you backed it up), and get a new server up and running? Waiting for hardware to break down begs for unnecessary disruption.

2. Old hardware freezes up and slows down more often.

As hardware ages, it impacts your city’s operations more and more. Signs of disruption include:

  • Servers and computers crashing.
  • Servers constantly needing rebooting or restarting.
  • Computers and software applications slowing down to a crawl.

Like an old car that constantly breaks down, these problems can become expensive—so expensive that simply buying modern hardware will save you money in many cases. Just add up the costs of wasted employee time and billable hours for IT vendors. After a certain point, your older hardware is just bleeding money.

3. New software and applications often don’t work on old hardware.

Technology evolves quickly—so quickly that older hardware has trouble running newer software and applications. This problem only increases with time. Just think about your smartphone. Why do you think so many people upgrade every two years? The more sophisticated mobile apps become, the more they need the latest hardware to run properly and efficiently.

At your city, you need the ability to run important software for activities such as accounting, records management, or utility billing. Even basics like web browsing, email, and productivity software require modern hardware. When you modernize your hardware and move some applications into the cloud, you are able to use modern software and applications—which increases your capabilities and productivity as a city.

4. Older hardware becomes harder to support.

Your city staff or trusted IT vendor might be able to put out your hardware fires to get you by for a few more days or weeks, but that’s often a temporary solution. As hardware gets older, it’s less likely that the vendor will continue to support it. That support includes patches for security vulnerabilities and updates that fix bugs.

With cybersecurity so important today and cities constantly targeted with ransomware, viruses, and phishing attacks, it’s a major liability to use old, unsupported hardware. Keeping it around increases your risk of a data breach. Modernizing your hardware makes your information more secure.

5. Older hardware hits annoying storage and memory limits.

To function as a city, you require appropriate information storage. Yet, many cities find themselves in awkward storage “battles” with their servers and computers. Offloading information to external hard drives, deleting emails, or erasing older information before you want it deleted are all signs that your hardware cannot handle your demands.

Especially think about your records retention, body camera video, or email needs. Do you really want old, aging hardware dictating what you must keep or delete? Modern hardware also contains plenty of storage for affordable prices. By modernizing your hardware, you will likely have plenty of affordable storage for your needs as well as retention compliance.

We’ve worked with many cities where upgrading from aging hardware to modernized hardware made a night and day difference to operations. Benefits included:

  • Cloud applications that are automatically updated, supported, and accessible anywhere/anytime over the internet.
  • Servers with increased, affordable storage that accommodated modern software application performance and storage requirements.
  • The ability to use software and applications that enhanced city operations and productivity.
  • Higher security that reduced the risks of data breaches.

Ready to explore hardware modernization? Reach out to us today.


Wednesday, February 14, 2018
Dave Mims, CEO

Dave MimsAs the “Jewel of the Delta” and an important business hub in Eastern Arkansas, Forrest City rests almost exactly between Little Rock and Memphis. I-40, Arkansas Highway 1, and two railways go through Forrest City—making it an important location for both businesses and residents.

Doubling in population since 1950, the city has continued to see steady population and business growth in recent years. To support more businesses and residents, Forrest City’s staff at city hall needs reliable technology. However, some uncertainty and technology issues started to hinder the city from not only serving its citizens but also complying with the important Legislative Audit.

Forrest City City Hall


Forrest City has four primary locations that each had its own technology challenges.

  • City Hall: In many cases, challenges arose with things such as printing issues and employees needing help accessing their computers. The city’s technology support had trouble even completing such simple requests. Uncertainty with data backup and a lack of clear policies also worried the city about passing Legislative Audit.
  • Library: Because the library needs to give public access to specific computers, some security issues existed related to that access. The software and support for enabling public access also led to inefficiencies and problems with authorizing users. Online, the library’s website looked outdated and needed a refresh while making it easier for library staff to update information.
  • Public Safety: With aging, outdated technology infrastructure, public safety’s systems needed an upgrade and some modernization. Some uncertainty also existed with their data backup and disaster recovery.
  • Court: Computers often froze and locked up, and the city’s vendor support was not capable of quickly handling these issues remotely. Onsite visits were expensive and not timely—leaving employees without working computers for days. Some uncertainty with data backup and recovery existed. Issues with IP phones also lingered, and the city did not have someone on staff to engage technically with the vendor to thoroughly understand and solve these issues.

While some problems overlapped across city departments, many unique problems made it challenging for the existing vendor to serve the city. With the current vendor not up to the task and the city worried about passing the legislative audit, it was time for a change.


Needing experienced IT professionals who also had significant municipal experience, Forrest City chose the Arkansas Municipal League’s “IT in a Box” service.

Once Sophicity began to implement the IT in a Box service, Forrest City had many of its technology issues resolved fairly quickly. The services within IT in a Box included:

  • 24x7 helpdesk: Sophicity provides 24x7x365 support to city staff. Experienced senior engineers are ready to address any IT issue both remote and onsite—ASAP. Forrest City staff no longer had to wait for an unresponsive vendor to solve issues or look up different random IT vendors in the phone book that were not familiar with the city’s IT environment.
  • Server, desktop, and mobile management: Many of Forrest City’s issues resulted from a lack of proactive IT management. Sophicity now proactively keeps computers patched, protected, and healthy to both keep computers operating properly and to guard against cyberattacks.
  • Policy and compliance: Through implementing proactive IT best practices, Sophicity also went a step further by:
    • Addressing security issues related to Legislative Audit: Sophicity helped resolve Forrest City’s issues with information systems management, contract / vendor management, network security, wireless networking security, physical access security, logical access security, and disaster recovery / business continuity.
    • Drafting policies to help the city comply with Legislative Audit: Because Sophicity works with cities that must comply with Legislative Audit, policies and procedures were quickly created that met the demands of auditors.
  • Data backup and offsite data backup storage: Forrest City received unlimited offsite data backup storage and retention for disaster recovery and archiving. No longer did staff have to worry about data backup with Sophicity’s real-time monitoring and quarterly testing.
  • Vendor management: The city did not have to worry any longer about frustrating calls with vendors about software issues or hardware procurement. Sophicity deals with any technical issues related to the city’s IP phone system, the email/fax system, the library software, and other specific technology-related vendors.
  • New city websites: The library immediately received a modern fresh custom-designed website with Sophicity hosting the website and managing the content. Plus, library staff can now also edit and update website content themselves. With such a great example already in place, city staff are currently working on a new version of the city’s website.


After the city switched over to IT in a Box, they experienced many positive results.

  • Forrest City passed Legislative Audit with the burden of the process managed for them: With their systems secure and the right policies in place, Forrest City passed Legislative Audit without a problem.
  • Responsive IT support led to increased productivity and employee morale: Employees who grew frustrated with IT issues in the past that affected their productivity for days are happy to now receive remote or onsite IT support for issues that are often resolved in minutes or hours. The ability to call Sophicity 24/7/365 and receive a quick response and resolution to issues has made a big difference.
  • Data backup helped prevent the permanent loss of data: The city experienced a few incidents—including a virus outbreak—where previously the risk of permanent data loss would have been high. Instead, Sophicity used IT in a Box’s data backup solution to get the city back up and running.
  • Sophicity untangled several complex IT problems that addressed employee frustration and lack of productivity: Some complex issues related to the city’s network system setup and library software were unraveled and addressed by Sophicity—leading to long-term permanent solutions rather than the city fighting mini-crises every day.
  • Modernized hardware for a low price: Sophicity modernized the city’s aging hardware while also carefully negotiating prices that are beneficial for a local government. Aware that cities need to be good stewards of taxpayer dollars, Sophicity also made sure that the city had the hardware needed to improve productivity and citizen services.
“I recommend that cities consider using IT in a Box. They especially helped us with the Arkansas Legislative Audit. For a city with limited staff, it’s a headache for one person to sit down and get all those policies in place. Also, Sophicity is there if you need them for overall IT support. At first, we thought the service was a little costly. But after getting IT in a Box up and going, we all now realize we should have done this a long, long time ago.” – Derene Cochran, City Clerk / Treasurer, City of Forrest City, Arkansas

Contact Us Today

If you're interested in learning more, contact us about IT in a Box.

Print-friendly version of the Forrest City, Arkansas IT in a Box case study.

About Sophicity

Sophicity provides the highest quality IT products and services tailored to city governments. Among the features Sophicity delivers in "IT in a Box" are a new city website, data backup and offsite data backup storage, records and document management, email, video archiving, information security policy and compliance, server and desktop management, vendor management, and a 24x7 U.S.-based helpdesk for remote and onsite support. Read more about IT in a Box.

Wednesday, February 7, 2018
Dave Mims, CEO

Dave Mims

If you are a member of the Georgia Municipal Association’s (GMA) property and liability fund (GIRMA), then you are eligible to receive a grant from GMA’s Safety and Liability Management Grant Program to reimburse your city for up to 25% of the annual IT in a Box subscription fee.

GMA’s Safety Grant program exists to provide a financial incentive for members to improve their employee safety and general public liability loss control efforts through the purchase of training, equipment, or services. Information technology and cybersecurity remain major sources of liability for many cities. By not addressing cybersecurity threats, data backup uncertainty, and lack of cyber hygiene (such as software patching, antivirus, proactive monitoring and alerting of IT systems, etc.), cities increase the risk of a major incident such as a data breach, ransomware attack, or permanent data loss.

Save money by contacting us today. We will complete the grant application for you and work through the submission requirements on your behalf, making the whole process easy.

Your participation in GIRMA and IT in a Box makes such a grant possible. Thank you!



Tuesday, January 30, 2018
Cale Collins, Network Infrastructure Consultant

Cale CollinsOn December 17, 2017, the Hartsfield–Jackson Atlanta International Airport experienced a power outage that lasted for about 11 hours. The outage was disastrous on all levels because:

  • An electrical fire destroyed both the main power system and the backup system that were located right next to each other.
  • The outage lasted far longer than airport security experts said should happen.
  • Passengers had very little idea what was going on most of the time.
  • Airlines lost millions of dollars in revenue (with Delta alone losing up to $50 million).
  • As the world’s busiest airport, flights were massively disrupted around the world.

The shocker? Hartsfield–Jackson Atlanta International Airport did not have a clear plan for a power outage that took out the entire airport.

Your city may not be the world’s busiest airport but you can learn some important lessons about your disaster recovery plan from this actual disaster.

1. Create a true disaster recovery plan that accounts for a complete disaster.

You’re not building a “mild inconvenience recovery plan.” Disaster recovery needs to mean what it says. What happens when a real disaster hits like a massive power outage, a tornado, a flood, or a fire? Then, work backward from there. For example:

  • Who’s here?
  • What are the priorities?
  • How will you get your technology up and running after a disaster?
  • What data will you restore, and in what order?
  • What contingency plans will you create while specific data and information is not accessible?

2. Ensure that you have an offsite data backup component as a part of your disaster recovery plan.

If a disaster strikes, then your backups cannot exist in the same physical location as the information you’re backing up—even if they are right next door. You will need a distant offsite component as a part of your disaster recovery plan to ensure that your information is protected. Ideally, that offsite backup is stored in a geographical location far from your city. During a disaster, your data is safe—and you’re even able to access it while you wait for new equipment to arrive. By having an offsite data backup component, you also make sure you don’t have a single point of failure.

3. Test your disaster recovery plan.

The City of Atlanta and the Hartsfield–Jackson Atlanta International Airport admitted later that they had plans for partial outages but not a plan for a full outage because it was a “one in a million chance.” However, that’s the entire point of a disaster recovery plan. Be prepared for the worst that can happen. If you can handle the absolute worst-case scenario, then you can handle less serious scenarios.

The only way to know that you will be able to handle that worst-case scenario is to test your plan. And yes, test your plan regularly. Is your critical data actually getting backed up? Are you able to recover your data and use it in an operable fashion if a disaster hits? It’s not uncommon to find cities that never test data backups and find out too late that they do not work. By testing on a regular basis, you ensure that your disaster recovery solution works. You are not hoping that it does—you know that it does.

4. Include communication as part of your plan.

While not a technical component, communication is essential and should form part of your disaster recovery plan—both communicating to citizens and communicating internally to your staff. The Hartsfield–Jackson Atlanta International Airport communicated poorly to people and the media—leading to a lot of uncertainty, fear, and conjecture.

In case of a disaster, who will communicate to the public? Who will communicate to city staff? What happens if someone is unable to fulfill their duties? Who takes over? Communicating basic information such as the nature of the problem, how long it will take to get resolved, and what contingency plans are activated in the meantime will help you manage uncertainty. Otherwise, people panicking and barraging you with questions just adds more problems to your plate.

Learning from the Hartsfield–Jackson Atlanta International Airport’s power outage can save you some unnecessary trouble in case a disaster hits your city. Citizens depend upon you to safeguard important information and keep city operations running no matter what happens. They will depend upon 911, public safety, and city hall after a flood, tornado, or other catastrophe. If you plan and test for the worst, then you have the confidence of knowing you will be able to handle any disaster.

Need help with your disaster recovery plan? Reach out to us today.

Wednesday, January 24, 2018
Jeff Durden, Senior Engineer and Team Lead

Jeff DurdenThe city of Spring Hill, Tennessee experienced a ransomware attack in early November that shut down many city operations for weeks. According to SC Media on November 16, 2017:

“The attack has essentially stopped the city from being able to conduct many of its usual functions as its IT department attempts to rebuild the database from backed up files. The attack has locked city workers out of their email accounts, and residents are unable to make online payments, use payment cards to pay utility bills and court fines, or conduct any other business transaction.”

An update on November 30, 2017 from the Columbia Daily Herald said, “The city’s financial software remains offline…” Almost a month after the attack, a major piece of software was still inoperable. While this and other articles do not give many details about what exactly happened, why, and what steps the city took to recover, we can deduce some problem areas in this situation that cities may be able to avoid. There are ways to more quickly recover from ransomware rather than letting it affect you for weeks or even months as in the case of Spring Hill.

1. Build a highly available data backup and disaster recovery solution.

A recent study shows that “Almost all (99 percent) of the professionals surveyed admitted to conducting at least one potentially dangerous action, from sharing and storing login credentials to sending work documents to personal email accounts.” Your employees pose the biggest risk for allowing ransomware into your organization—so you need to first prepare for the worst.

Modern data backup and disaster recovery solutions allow you to create “snapshots” of your data and systems at a given point in time. If the ransomware began to affect your organization at 2:30 p.m. on a Tuesday, you can restore all your data to a point in time before the infection hit that moment on Tuesday.

While Spring Hill lost two days of data, it’s also significant that it took them weeks to rebuild and, in some cases, more than a month for their financial systems software. That raises the question of whether the right data backup system was in place. Can you afford to be down that long? Most organizations cannot…and survive.

2. Monitor systems to proactively detect issues and contain damage.

It’s unknown how the ransomware entered the city’s systems and how long it festered. However, we can note that it affected a large variety of systems: email, online payments, 911, public safety, etc. That’s very widespread.

The earlier you catch ransomware, the likelier you can contain damage to a single computer, server, or area. Ways to prevent such widespread damage include:

  • Proactive monitoring and alerting of systems. When IT professionals—with the help of 24/7/365 automated software—monitor your systems and get alerts when something is wrong, then you are more likely to detect a virus or ransomware. Suspicious activity usually sends up a red flag if you’re proactively monitoring systems—and you can catch an incident much sooner.
  • Enterprise-grade antivirus: Relying on free or consumer-grade antivirus is not enough to fully protect you from dangerous ransomware. With enterprise-grade antivirus, IT professionals can manage the platform to receive alerts in real-time, more effectively block attacks, and analyze better where ransomware has specifically infected your systems.

3. Modernize and maintain software.

Older software has more likelihood of containing security vulnerabilities and crumbling under a security issue. We don’t know the age of the software at Spring Hill, but many cities often have older versions of software that lack vendor support or security features to protect against new forms of viruses like ransomware.

In addition, many software platforms are often not regularly patched and updated by cities. Altogether, this leads to situations where software becomes extremely vulnerable to ransomware when it spreads. In the case of Spring Hill, ransomware affected software across a surprisingly variety of functions—email, online payments, 911, and public safety.

4. Separate critical systems from less critical systems.

It’s interesting that 911 and public safety were affected along with city email and online payments. If departments share servers or systems and they go down, everyone goes down with the ship. When possible, segment and separate critical systems. This way, ransomware may have limited impact on fewer systems.

While Spring Hill survived their ransomware attack, it sounded quite rough according to the news reports. Be best prepared by following the tips outlined above, along with other recommendations we have shared in earlier posts, so that you don’t become the latest ransomware victim on the front page news.

Worried about how you may recover from a ransomware attack? Reach out to us today.

Wednesday, January 17, 2018
Dave Mims, CEO

Dave MimsIn the fall, a Georgia city “learned” of a data breach—meaning it was unclear when the data breach actually occurred. 12 days later after learning of the incident, the city determined that someone gained unauthorized access to personal information on a server. After alerting citizens by letter, the city experienced a backlash that was even reported in the media.

Why? Citizens grew concerned over the lack of information about the incident and the ways the city offered to mitigate the risk. Providing only free credit monitoring for a year and some tips to help citizens protect themselves, the city angered citizens who complained that the response didn’t reassure them that the city was taking proactive steps to protect their personal information.

If your city hasn’t yet experienced a major data breach, it may just be a matter of time. Learning from this incident, your city can implement some best practices that will lessen the risk of exposing your citizens’ personal information to hackers or unauthorized individuals.

1. Practice proper cyber hygiene.

You shower and brush your teeth every day. You change the oil in your car every few months. You clean your house regularly. Similarly, information technology systems require “cyber hygiene”—a series of ongoing tasks and processes that mitigate the risk of a data breach. Three major cyber hygiene tasks include:

  • Antivirus: Enterprise-class antivirus overseen and managed by IT professionals is necessary to block dangerous viruses that employees may download by accident when browsing the internet or checking their email.
  • Software patching and updates: Even massive ransomware attacks like WannaCry mostly hurt organizations that did not apply basic, regular software patches. If organizations had simply patched their software, they would not have been vulnerable to WannaCry or many other threats. Applying software patches and updates is one of the most important cyber hygiene tasks that help prevent data breaches.
  • Data backup and disaster recovery: Unfortunately, even your best defenses may get breached. For example, a user may open an attachment or click on a link that unleashes a virus—mistakenly letting a hacker right in the door. In addition to stolen and exposed data, your data may also get deleted, corrupted, or held for ransom by an attacker. To alleviate the risk of permanently lost data, you need a data backup and disaster recovery plan that ensures you can recover your data in a worst-case scenario.

2. Implement strict policies to help you comply with the law.

How is your city specifically protecting citizens’ personal information? Policies around vendor contracts and management, network security, wireless security, physical access security, logical access security, disaster recovery, and application controls (such as data input, processing, and output) are needed to prevent unauthorized users from accessing sensitive information.

It’s not uncommon to encounter cities that don’t have clear policies about authorized access. The result? Situations where too many people have administrative access, passwords are weak, and information is not properly encrypted and secured.

3. Increasing your ability to identify a breach.

The longer it takes to discover a breach, the more scrutiny you will receive when it’s revealed to the public. A data breach can go undetected when an organization does not have a proactive IT mindset that includes:

  • Ongoing monitoring and alerting of systems: A blend of automated software and the oversight of your systems by IT engineers is needed to detect issues such as suspicious activity.
  • Proactive management of applications and systems, vendor access, network access, wireless access, physical access, and user access to ensure that only authorized users are accessing your systems.

4. Transparently notifying your citizens after a data breach.

Many state data breach notification laws require that you contact anyone affected. Laws vary by state but usually you will need to let victims know what happened, what information was breached, and what you are doing to remedy the situation. The Georgia city from our introduction sent out a letter to citizens that described the incident, tips on how to protect themselves, and free credit monitoring.

However, some citizens felt dissatisfied by the city’s response and the media reported as such. For legal, law enforcement, or security reasons, you may not be able to provide all the details people want but you should try to provide as much information as possible.

Especially after the Equifax data breach, people are more wary and distrustful of organizations that seem slack in protecting their sensitive data. Cities are stewards of sensitive citizen information. Many data breaches can be prevented by basic cyber hygiene that follow the steps above along with providing regular ongoing training for your staff. And remember, it’s also essential to have a data backup and disaster recovery plan in case hackers delete or destroy data as part of a breach.

Are you vulnerable to a data breach? Reach out to us today.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |