Recently, I gave a cyber liability presentation for the Kentucky League of Cities. I addressed a group of city clerks who increasingly have to worry about this technical and legal issue. As online business and online transactions become an ingrained part of our day-to-day lives, expectations for protecting data and securing online transactions increase significantly.
But the area covered by “cyber liability” is broad and sometimes confusing. What is “cyber liability”?
InsureNewMedia, which provides specialized insurance to technology and Internet companies, defines cyber liability as: “…the first- and third-party risks associated with e-business, the Internet, networks and informational assets. Cyber Liability Insurance coverage offers cutting edge protection for exposures arising out of Internet communications.”
Huh? This definition was not much help for my audience that day. Let’s talk about cyber liability in plain English.
Cyber liability encompasses a number of potential Internet and information technology-related liabilities that can negatively impact a city. That can include:
These liability issues not only cause disruptions to finance, operations, and productivity, but they can also create a liability for the city—which means lawsuits, fines, and negative public relations. While cities often delay taking preventative measures, possibly because the solution seems to involve overly complicated (and expensive) technology solutions, ignoring these issues unfortunately leads to severe real-world non-technical consequences.
In this three part series, we’ll cover data loss, website hacking, and viruses, which we see as the three most common areas of cyber liability. For each cyber liability issue, we’ll provide easy-to-follow steps that will help you prevent similar issues. Today, we’ll focus on the cyber liability of data loss.
In 2010, the City of New Orleans lost 20 months of real estate records due to serious data backup failure. On the surface, it appeared the city was doing the right things. The city’s IT staff utilized a system from a nationwide data backup vendor. However, while implementing the backup system, the city’s IT staff failed to test and monitor the backups. The city did not confirm that the data was actually backing up.
When the city’s computer systems failed, the city’s backup system failed to recover the data. Once word leaked out that the real estate data was permanently lost, the general public was outraged that the city had not taken proper measures to protect this data. The media’s coverage put pressure on the city to explain how this situation happened, leading to negative public relations.
Media attention began to focus on the city’s leaders. City council was pressured to research the issue and find out what happened. The IT director was questioned, and his responses were not deemed satisfactory. He explained that a more comprehensive disaster recovery project was a “to do” item on his list. Concerned citizens and affected business owners publicly voiced their frustration with the city’s lack of disaster preparedness.
The result? Not only did the City of New Orleans lose 20 months of real estate records, but the data loss negatively affected the buying and selling of homes. Several local real estate brokers closed their businesses because they could not buy and sell homes as a result of the lost data. In short, the city’s lack of disaster recovery readiness led to...a disaster.
A city’s data loss affects many citizens and businesses in the community. In times of crisis, citizens look to cities for help and assistance. If cities are not prepared for a disaster, then who do citizens rely upon when disaster strikes?
Data loss is also an extremely common scenario. There are so many ways to lose data—server failures, computer failures, theft, fire, flooding, power loss, hurricanes, tornadoes, and the list goes on. There is no excuse not to have a full disaster recovery plan in place that includes contingencies for data loss. And not having a plan in place makes the city liable.
Here’s what any city needs to do—immediately—to protect themselves:
In Part II, we’ll discuss website hacking and ways to prevent it. If you’d like to talk more about data backup and disaster recovery issues, contact us.
A recent study from Citrix shows that most Americans are confused by the cloud. The ongoing problem with the term "cloud computing" is that it often complicates an explanation rather than clarifies. Most people use cloud computing every day, but they don't know that they are using it.
To help clarify matters, we wanted to give you a layperson's definition of cloud computing. If you ever need to explain it to someone else, use this as a guideline. We'll use Gmail as an example throughout, since it is a well-known cloud service.
If you answered "yes" to all of these questions, you're probably using cloud services. If you did not answer "yes," you might want to reconsider your existing hardware and software investments. They are depreciating and rapidly becoming dated. Instead of your earlier confusion about "should we get into cloud computing?" you can instead evaluate your current hardware and software with the following questions. If you find yourself answering "no" to many of these questions, you may want to consider cloud options to reduce cost and increase efficiency.
If you'd like to discuss cloud options in more detail, feel free to contact us.
A recent study by the 2012 National Study of Employers from the Families and Work Institute and the Society for Human Resource Management (reported in Business Management Daily) noted some recent trends in teleworking. The most important insight: teleworking is the new normal.
As Business Management Daily says:
If your organization's execs still insist on eight consecutive hours of face time each day from every employee, you're probably already losing young hires, new moms and mature employees. They're going to competitors offering more flexibility. Make flex central to your recruiting and retaining effort.
In addition, evolving and widespread technologies make teleworking easier and easier:
If your city provides limited or no teleworking options, consider these benefits when making your case for teleworking:
To meet the new normal, you need flexibility. Teleworking not only benefits and accommodates your staff, it also benefits the city on many levels. For more information about what technology you need to enable teleworking at your city, contact us for more information.
While password policies seem like just a small part of IT management, a perfect storm is brewing that places password vulnerability at an all-time high. Fox Business recently reported (from a Janrain study) that people are experiencing password fatigue. By contrast, Ars Technica recently reported "the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker."
If people are weary of coming up with new passwords, that means they will use (and reuse) weak passwords. That makes it a feasting ground for hackers, and a source of anxiety for IT.
Thankfully, a strong IT department or vendor exists to enforce some basic password best practices that don't agonize users while also securing this often user-generated Achilles heel.
To assess if you've mastered your Password 101 basics, use the following as a quick checklist.
If a business fails at customer experience, it soon loses business (or goes out of business). But cities operate differently. While cities cannot go out of business, they serve as a backbone to an entire community. Customer service failures may not bankrupt the city, but they end up affecting the lives of every citizen. And because their taxpayer dollars help fund the city, citizens grow frustrated when cities fail to measure up to basic customer experience standards.
Thankfully, cities have continually improved their customer experience over time, but even the most well-meaning cities often struggle with their website. And online customer experience expectations increase each year. Several trends are pressuring cities to increase their website customer experience, despite size or location.
Increasing broadband access. While speeds often vary from area to area, broadband penetration is currently at 80% of the United States. That percentage will only get higher.
Mobile access. Over half of people with mobile phones have smartphones. That means an increasing segment of the United States population expects to access online information with their smartphones like a computer.
Higher customer experience expectations for websites. Amazon, Google, major online retail stores, and other businesses make online experiences easy. As online payments and billing become mainstream and the preferred way of conducting transactions, then the expectations for something as important as city services rise higher and higher. For example, people lose patience if they cannot easily pay a simple bill or fee online.
Of course, we understand that local government budgets remain tight. As long as your website gets you by, it might seem unreasonable to splurge for a new website. You might also believe that building or redesigning your website will cost thousands of dollars.
However, cost-effective options exist for modernizing your website. Below, we share some tips about improving your city's online customer experience without breaking your bank.
By focusing on these basic issues, you will solve many of your customer experience woes. Contact us if you want to discuss some options that will help you alleviate these pain points.
Information technology is already hard enough to manage, and its cost and complexity make it one of the most important investments for a city to manage. Unfortunately, managing multiple IT vendors turns this already difficult situation into a nightmare.
City managers and clerks often tell us about the difficulty of calling in for software support. When calling the vendor, they often encounter customer support representatives who talk over their heads, rush them too fast through an issue, or just plain fail to understand the problem because of language barriers. Too many vendors unfortunately do not seem able to communicate effectively with non-technical customers, and they often make the non-technical customer feel at fault.
This situation is even more frustrating because cities are strapped for time and often lack the technical expertise to know exactly how they should interact with their IT vendors. In addition, vendors are often trying to sell unnecessary products and add-ons to cities as part of their "service," so that makes city staff wary about how best to filter a vendor's recommendations.
Here are three tips that may help you and your city manage IT vendors.
Recently, I was talking with a city manager who wanted to learn more about our services. We chatted about how they would have email handled through Microsoft's cloud platform. During the conversation, he mentioned some other cities where the elected officials received email to their personal accounts and used those personal email accounts to conduct city business.
I mentioned that those accounts could be subject to open records requests, and he just nodded forebodingly. He had just gone through an open records request and noted how time consuming and expensive it was. He could not imagine what the process would be like if personal email accounts were involved.
Through our experience and conversations with cities, seeing email addresses such as firstname.lastname@example.org is not uncommon. Georgia includes emails in its open records laws, and those emails need to be as retrievable and accessible as possible. This issue is real, and this year alone showcases many stark examples.
Thankfully, while handling an open records request is never easy, it's a great deal easier with some simple email software and organization. Here is a quick assessment you can take:
If yes, then your personal email is at risk for an open records request. Going forward, you need to eliminate this issue and keep all city business emails stored and archived in a city email account. If you do not have your own city domain name (e.g. email@example.com), then you need to acquire one. All city business email should then be conducted through city email addresses.
Even if you already have a city business email account, your email might not be stored, archived, and accessed in ways that reflect best practices. For example, email cloud solutions exist that can be managed by IT staff or a vendor. That means if you get an open records request, your IT staff can easily enable you to access and collect the exact emails you need, quickly. Some vendors can even handle that for you for no additional fees.
For more about email solutions that may help this situation, read more about our solution and contact us if you have additional questions.
A recent CIO Magazine article discussed how businesses are empowering the mobile worker by allowing them to use their personal devices for work. If cities want to follow this trend, they must be more cautious than a typical business. Local government faces regulations and audits, handles sensitive information, submits to open records requests, and operates with high transparency expectations.
That means the blurring of personal and government information is especially frowned upon in local government. We've all heard the horror stories about government business conducted with personal email addresses and the consequences that result—both financially and from a public relations standpoint.
Yet, you don't want to halt progress and you want to accommodate people who use their own mobile devices and tablets. Personal devices are not going away, and yet you don't often have the money to buy all city employees business-only tablets and smartphones. What do you do?
Many employees want access to city email, documents, and content from their smartphones, tablets, laptops, and home personal computers. We caution city management about making this access too easy for two reasons:
It's tempting to have employees bring their own device to cut costs. After all, isn't it great that you don't have to purchase an extra computer, tablet, or smartphone? But while device costs go down (reducing the city's upfront capital expenses), hidden costs associated with loss of control and potential for e-discovery skyrocket. You don't want a lawsuit or fine to result from the misuse of a personal device or an unintentional breach of city data security or privacy.
Here are some tips and recommendations that will help you decide how to handle personal devices in your local government environment:
If you would like to discuss these issues further, please contact us.
A recent IDC Government Insights report revealed an alarming glimpse into the mindset of local government about cloud computing. GovTech's summary of the IDC report said, "Local government participants were the least optimistic about the cloud with 14.7 percent saying the cloud wasn't important." Overall, the report showed a need for more education about the benefits of cloud computing in terms of not only technology infrastructure but also budgeting.
This report is consistent with what we have traditionally seen with how fast local government moves versus the pace of technology and businesses.
We have written a good deal about the essence of cloud computing, so we will focus on traditional local government obstacles of adopting change due to funding and IT architecture concerns.
A common myth about the cloud is that it's an additional technology to purchase. Partly, that's the fault of the abstract, technological term "cloud computing." The term does not effectively reflect the financial and productive sides of its benefits.
Instead, cloud computing is an alternative, modern version of many existing technologies. That means you can audit and assess your current hardware and software investments and seek out areas to cut costs through cloud alternatives. If you've invested heavily in hardware and software, cloud computing solutions often significantly cut costs.
If you haven't invested in much hardware and software, then cloud computing offers you low-cost options to acquire enterprise-level tools and technologies (website, data backup, document management, etc.) that may have seemed out of reach just a few years ago. Typically, we find that local government underspends on important areas such as data backup, security, and business productivity because of the cost of traditional technologies. Cloud computing options give local government an unprecedented chance to address any chronic lack of investment in these essential areas.
To get a better handle on your potential cloud investments, first know what you're already spending for hardware, software, licenses, labor, and annual maintenance fees. We've written about this at length in the past, but it's good to currently analyze how much you're paying for:
If cloud computing options help bring these costs down, then you can not only approximate funding but also return on investment. If you're not currently investing much in these areas and need to justify funding, then you need to make your case from a different point of view.
It's not uncommon for local government to feel the pains of aging technology through hardware failures, data loss, and slowed productivity. Cloud options give you the chance to seriously look at modernizing your technology environment with enterprise grade solutions while keeping capital investments and overall costs at a minimum.
While most cities do not have large IT infrastructure environments, we sometimes hear concerns about how a switch to cloud computing will affect the management and maintenance of servers, workstations, and software. Three main concerns usually come up:
These infrastructure issues are really just aspects of technology change. Cloud solutions are where technology is headed, like it or not. These technologies are a significant improvement over managing and maintaining your own IT infrastructure. Any new change can create anxiety, especially if your staff is used to doing something a certain way for many years. For those cities without IT staff or a close relationship with a technology vendor, this anxiety is lessened but the justification for funding becomes more important.
This is why the local government concerns of the IDC report are legitimate and relevant. But do not fear. The switch to cloud computing is a significant revolution in technology, and it only benefits you - both from a cost perspective and an infrastructure management perspective.
For more about the cost and infrastructure sides of cloud computing, read more about our solutions or contact us to have a discussion.
A recent article in "The Tennessean" (and shared in the Public Technology Institute's July 25, 2012 email newsletter) reveals how inundated cities feel by technology pressures. It just doesn't end—new technologies related to websites, servers, desktops, tablets, mobile phones, broadband, and GIS barrage cities every year. All of these investments require money that cities unfortunately lack in this rough economy.
The article highlights a few common themes that we've also seen while talking to cities.
Mayors, council members, city managers, and city finance officers feel caught between a rock and a hard place. If cities tried to do everything at once, they might have money for anything else. So where to start?
Cities do not have to attack every problem immediately. We usually see information technology investments as needing to occur in two phases.
Here are a few key areas to solidify first.
Once you have planned to address the basic fundamentals, you can start to look at more complicated aspects of information technology. Many of these areas can only succeed if you have taken care of broken or failing IT infrastructure, data backup, website, and support.
Cities often jump to advanced information technology needs before they have dealt with the fundamentals. Mastering the fundamentals first will ensure that your long-term budgeting and advanced technology projects will be more likely to succeed.
If you're interested in learning more, contact us.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2014 Sophicity, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Sophicity.