When we sit down to talk with cities about vendor relationships, many of the war stories center around how vendors waste a city’s time. An important part of any vendor relationship boils down to two things: expertise and communication. Can the vendor do the job, and can they communicate about issues and problems effectively?
To this day, we are still amazed at some of the stories we hear. You would think that vendors would learn from the best in the business or listen to the feedback that municipalities regularly share at events and conferences. Many vendors unfortunately prey on cities, secure the deal, and then take a hands off approach to the engagement.
Cities need to understand that wasted time equals wasted money. Here are some warning signs to look out for.
The shame about these issues is that problems often do not emerge until you start working with a vendor. If you are researching IT vendors, make sure you have a senior experienced IT person at the table. Have them ask tough questions about the vendor’s experience, processes, and problem resolution. Talk to customers who work with that vendor. And if you’re seeing too many of these negative signs with your current IT vendor, then it’s time to start looking for a new IT vendor.
If you want to discuss these vendor management problems in more detail, please contact us.
While very large cities and other large organizations find website design an expensive but necessary proposition, expensive website design is something small- to medium-sized cities should avoid. It’s tempting to read the press about what the latest government websites should offer, but the press usually reports on very large government entities that use cutting-edge social media, big data and open data applications, and extensive mapping software.
From our experience, budget-conscious small and medium cities need essential website functionality and a professional appearance, but they often lose money when website vendors oversell them on supposedly “must have” features and custom design. Here’s a quick list of what small and medium sized-cities need and don’t need in their website design.
These tips give you a quick idea about what you need and don’t need in website design. As you can see, in most cases website vendors are good at upselling design aspects that small or medium cities just don’t need. Sure, some of these aspects do create great-looking websites. There are some great custom website designers out there, and some slick features and apps that can really enhance a website. But those features really only start to make sense once thousands and thousands of people start to visit a website, usually at large cities over 100,000 people.
To discuss website design in more detail, please contact us.
One of the most common yet overlooked tasks of anyone taking care of servers and workstations is basic hardware maintenance. That includes monitoring hardware, applying patches, and upgrading software. Like a car, basic maintenance ensures that your investments run smoothly from purchase to decommission.
However, in our many network assessments over the years, we’ve found that lack of server and workstation maintenance often crops up as a critical problem at many cities. The city’s IT staff might be inexperienced or strapped for time, or the city’s IT vendor might not be maintaining equipment at a professional level. The result? Slow servers, poor computer performance, unhappy employees, and city operations interrupted.
While hardware maintenance involves many complex technical aspects, we are providing a high level overview of five basic activities that your IT staff or vendor must perform to keep your hardware optimally running.
When you buy a car, you can decide to worry about maintenance only when it breaks down. But you know that your car performs better when you have your oil changed every three months, tires rotated every six months, and a full inspection at least every year. Server and workstation maintenance works similarly, although much more frequently. With 24x7 monitoring and maintenance by experienced IT professionals, a data backup and disaster recovery plan, and a hardware lifecycle replacement strategy in place, your hardware investment will be maximized and run in the most optimal fashion.
To talk more about hardware monitoring and maintenance, please contact us.
Even at smaller cities, it’s easy for your IT assets to get out of hand. Servers and workstations accrue, software lingers after being purchased many years ago, and data backup media piles up. A good question to always ask about your IT assets is, “Am I using them?”
Taking a look through your existing assets can be enlightening, and sometimes shocking. Often, valuable real estate, power, and IT staff time is consumed maintaining assets you don’t need. Here, we take a look at some common IT infrastructure assets and offer ways to eliminate or trim them down.
IT infrastructure is expensive, so you want to make sure you are using all of your assets wisely. Even hardware and equipment that you bought three to five years ago can potentially be reduced or eliminated by newer cloud services. And any organization, unless you’re rigorously auditing your IT assets on a regular basis, can find itself with too many servers, workstations, printers, and other equipment that is excessive or lies unused. Cities can’t waste a penny, and so it might be time for your city to do some IT spring cleaning.
To talk more about reducing your IT infrastructure clutter, please contact us.
As cities transition to an online payment system or reevaluate their online payment vendor, it’s good to look at the basics of what makes a city’s online payment information safe and secure. In this multi-part series, we will cover the basic Payment Card Industry Data Security Standard (PCI DSS) requirements one by one, teaching you about what a city and its online payment vendor needs to be compliant.
The basics of secure online payments starts at the network level, and the PCI DSS requirements begin by examining firewall and password policies. These best practices also correspond to many other IT-related services and provide good questions for other aspects of your city business.
Both you and your online payment vendor need at least an enterprise-level firewall to handle sensitive payment data. Coupled with enterprise-level antivirus, this essential network configuration creates strict access for outside sources wishing to communicate with you.
As you may know, firewalls work rather like a border crossing or airport security. Only specific approved information is allowed inside your network. When you’re dealing with sensitive online payment data, it’s imperative that any information requests are authentic—both inbound and outbound. Hackers are always trying to access valuable data, and payment data is worth more to them than many other kinds of data. Not only must your online payment vendor have sufficient firewalls, but you should also make sure your firewalls match their high standards if possible—especially since it’s likely that online payment data will cross in and out of your environment (e.g. in your accounting software, on your website, etc.). Hackers look for gaps to exploit, and it would be unfortunate if your network was their way into your online payment data.
You may have had the experience of accessing online payment websites and...suddenly the experience changes. There are different passwords. Maybe a passkey, or another kind of user authentication. The URL on your browser switches to a higher level of security and encryption. That’s because the level of authentication needs to be higher when sensitive online payment data is involved. That means password best practices that include:
If your online payment vendor cannot confirm the rigor and security of these two items to your IT staff or vendor, then that lack of information should raise a red flag. But know that even if your online payment vendor can handle these requirements, you should also close the loop by providing your city with at least an enterprise-level firewall and a strong password policy. These two items form the basic foundation of securing a network from most common hacking and unauthorized access to data.
Having a strong firewall and password policy is like having locks on your doors and windows, along with personal security to make sure that only authorized people enter your house.
In our next online payments post, we will discuss encryption and other ways to protect data. If you want to talk about online payment security in more detail, please contact us.
The rise of cyber liability insurance matches a growing trend in which targets with valuable information (e.g. financial institutions), combined with weak IT security, create rich opportunities for hackers. Since municipalities store sensitive information such as social security numbers and tax information for businesses, then they become obvious targets.
Not only are municipal data breaches embarrassing, but they are also expensive. Computerworld recently reported:
The costs of simply investigating and responding to these losses—not to mention the resulting lawsuits and regulatory fines—can be staggering. For instance, the Ponemon Institute estimates that response costs can be as high as $200 per compromised record. It is not difficult to understand how total costs for a wide breach can quickly escalate well into the millions of dollars.
A great article last year from Dark Reading outlined the top 10 security breaches of 2012, and it’s sad for us to see how many of these breaches were caused by preventable IT best practices. Many municipalities still lack basic IT infrastructure, policies, and training to prevent even amateur hacking attempts.
Last year, we produced a series of articles addressing data loss, website hacking, and virus attacks, but we want to address some other common issues that impact cyber liability. These best practices can help lower your risk, which then lowers your cyber liability insurance premiums.
Cyber liability is understandably a hot topic for cities, since the stakes have never been higher. Hackers have become more sophisticated and aggressive, and small to medium-sized cities become juicy targets—precisely because they often lack basic IT security measures. While the above cyber security tips sound simple—and almost obvious—they are exactly what lead to most data breaches.
In future posts, we will look more closely at some non-technical policies and procedures (such as working from home and employee background checks) that provide a strong foundation for your technical cyber liability. To talk about cyber liability in more detail, contact us.
Just when you thought you may have figured out data backup and disaster recovery for your city’s servers and workstations, along comes mobile. A January 2013 article from Computerworld UK (which also surveyed United States companies) showed that there are deep concerns about backing up mobile data.
Partly, that’s because mobile is still so relatively new and blurs the boundaries between business and personal data. But also, the lack of mobile data backup reflects the continuing failure to follow general data backup and disaster recovery best practices.
If you’re using smartphones, tablets, and other mobile devices at your city, here are some tips on backing up data for those devices.
While we’re still adjusting to the mobile revolution, with new and more sophisticated devices coming out every day, the principles of data backup remain the same. We recommend taking your existing data backup and disaster recovery policy and extending those policies to mobile. If you have not developed an overall data backup and disaster recovery policy, then you can use mobile devices as a good excuse to create a plan today.
To discuss mobile data backup in more detail, please contact us.
This year is the 20th anniversary of the initial release of the Portable Document Format, commonly known as the PDF. Along with Microsoft Word and Excel files, the PDF is probably one of the most commonly used file formats at cities and most other organizations. It caught on as a file format because it retained a consistent look and feel independent of whatever software someone used. That’s made the PDF handy for sharing and storing standardized documents.
When managing your documents, the use of PDFs can raise many questions. We’ve worked with cities that became “PDF happy” and turned anything and everything into PDFs, while others went in the opposite direction by clinging to Microsoft Word and PowerPoint documents without bothering much with PDFs.
To help find a good middle ground, here are some benefits and situations that suggest when PDFs can best help your document management.
While PDFs have been around for 20 years, it’s sometimes still confusing when and how to use them. Considering our tips above, it’s good to consider that PDFs most often follow the traditional rules of paper-based documents, both in a legal sense and also in an accessibility sense. We see many document management systems where everything has been turned into a PDF, or websites where too much vital information is buried in PDFs. A mix of concise, public-facing information backed up by substantial details and official documents in PDFs is a balance you should strive for.
If you’d like to discuss PDFs and document management in more detail, please contact us.
The state of Texas recently made a major shift by transitioning more than 100,000 workers to Microsoft’s cloud services. While this shift is occurring at the state level on a massive scale, many of the reasons why Texas chose to transition to the cloud applies to cities. Texas is not alone in realizing the benefits of the cloud.
As we’ve reported in past blog posts, the cloud is slowly becoming law and more mainstream by the steady adoption from federal, state, and local government. So why should smaller cities embrace the cloud? Mostly, it’s because of the merging between improved technology and higher-speed Internet connections. Together, these innovations have made the cloud a compelling option.
Here are five key reasons why the cloud may have a positive impact on your city.
When it comes to finally considering cloud options and making a decision, it can still seem like a leap to see your data go...elsewhere. There is still something psychologically reassuring about seeing your servers and knowing your data rests inside those machines. But the reality is that your data is often safer, more secure, and better backed up in the cloud. And most importantly, you must consider the cloud when both quality increases and cost of investment goes down. After all, that’s the ideal business case.
To discuss the cloud in more detail, please contact us.
Nearly all businesses must eventually use your city’s website to answer a question about taxes, licenses, or other information. Is that experience a positive one for businesses? Or a negative one?
Many cities believe they provide the right information to businesses by featuring bare bones yet useful information—forms, documents, and links. But that alone might not accommodate the basic needs of businesses.
If you really want to offer both essential and also reassuring information to build positive relationships with the businesses in your community, consider building up the following areas of your website with plenty of user-friendly content.
If you lack content or presence in any of these areas, know that it does take some concerted effort to plan out what you want to say. Often, the exercise of deciding how you want to position your city to a business audience will force you to think about your city’s strengths, weaknesses, and areas to best highlight. There are often many positive business stories happening in your community. But if your website does not talk about them, for many businesses it’s like that good news doesn’t even exist.
Interested in talking more about business-friendly websites? Contact us.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2015 Sophicity, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Sophicity.