We put the IT in city®

CitySmart Blog

Thursday, March 31, 2016
Anthony Fantino, Network Infrastructure Consultant

Anthony FantinoDo you think about hackers in an outdated way? For example, you might imagine lesser hackers as extremely intelligent yet rebellious teenagers in their basement trying to hack into someone’s servers or computers. And you might imagine more experienced hackers as part of international organizations that make concerted attacks on high-profile targets such as the United States government.

In reality, hacking has evolved like most information technology. It might surprise you to know that modern hacking is largely automated. That means hackers are using software to probe thousands and thousands of computers in order to look for weak spots. And once they find a weak spot, they attempt to break in.

That’s why your city is a target. You might think, “Why would some hacker target my small city?” They’re not. They’re scanning thousands of targets. Eventually, that scanning will find you—detecting your weak spot and exploiting it. Many incidents on the news discussing the aftermath of hackers attacking smaller, lesser known cities show that’s the case.

So, how do you avoid becoming a target? Here are five key areas where you may be leaving yourself open to hackers.

1. Human Error

We have to begin here because even the best security can’t prevent a human being accidentally giving a hacker access to a city’s information. How does that happen? Many people still get fooled by malicious email attachments, websites, and online software. Even “fun” things like online games and social media quizzes can contain viruses, malware, and spyware. You need to train employees about malicious online content and regularly review tips and advice with them. The easiest way for a hacker to get in is when someone lets them in the door.

2. Weak Passwords

SplashData got a lot of press recently when they published the most common weak passwords in 2015. Many, many people still use horrible passwords such as “123456” and “password,” and then wonder why they got hacked. Remember, hackers are using automated software to look for holes. That automated software includes easy tools to guess common and weak passwords that are easy to crack. You need long, strong passwords with a mix of letters, numbers, and special characters to help secure yourself.

3. Unsecured Wireless Access Points

You ever go to a coffee shop or public place and look for wireless access on your laptop? You probably notice some of the connections are secured and you need a password to access them. But some are “open” and you can hop on without a password. While open access points make it easy to get Internet access, they are incredibly dangerous if they’re set up that way at your city. Make sure every one of your wireless access points is secured—meaning the data is encrypted and access requires a password. Otherwise, you’ve left open another door for hackers.

4. A Firewall with Holes

Think of a firewall like you’re going into a secure government building like the White House. Guards at the gates will rigorously check each and every person who enters and who leaves to make sure that no threatening or suspicious people cause any harm to the President and his staff. We shudder to think what would happen if the White House lacked that security. Now, think of your firewall like White House security. If your firewall is improperly configured (or even non-existent), that means any hacker can enter in through a “gate.” Your IT staff or vendor can make sure your firewall is set up so that it’s inspecting all suspicious cyber-intruders and preventing them from entering.

5. Gaps in Your Operating System and Internet Browsers

An operating system such as Windows often delivers up a series of updates and patches every week or two. Similarly, Internet browsers such as Internet Explorer regularly update the software that allows you to access the Internet. If these updates and patches are not installed, you increase the risk of hackers exploiting known security gaps that companies work so hard to find and protect you from. Make sure your IT staff or vendor regularly applies updates and patches to your operating systems, Internet browsers, and any other software.

Your goal? Preventing hackers from attacking your city is similar to physical security. Make sure you don’t let suspicious users inside, and make sure you monitor and inspect the information going in and out. While there is always a chance of a hacker finding a way in, shoring up the security behind these five items will go a long way toward helping you fend off hackers.

Need to discuss cybersecurity in more detail? Reach out to us with any questions.

Thursday, March 24, 2016
Dave Mims, CEO

Dave MimsOver the past few years as cities have adopted IT in a Box, we’ve learned more about common questions that people have about it. Recently, we produced a brochure that encapsulates exactly what makes our services unique, relevant, and impactful for your city.

Typically, we write blog posts about common city-related IT issues or opportunities for technology to help you excel at citizen service. Here, we’re taking a rare blog post to talk a little about us. But it’s really about you. By expanding upon our brochure, we’ll help explain some of the answers to the common questions we get that center around the question, “What can I expect with IT in a Box?”


Municipal leagues often vet vendors that provide important services and products for cities. Once a product or service is approved by a municipal league, a city can rest assured that the product or service has had a positive impact on cities. IT in a Box is the preferred technology solution for the Georgia Municipal Association, Kentucky League of Cities, and Arkansas Municipal League. That’s a loud statement of trust in Georgia, Kentucky, and Arkansas.


Many technology vendors provide generic solutions applied to a wide variety of industries. Even if IT vendors do specialize, it’s rare to find a city-tailored technology solution. Sophicity is a rare IT vendor that has customized the entirety of its services—from websites to data backup—for cities.


Cost is usually a major issue for cities when considering technology solutions. As a result, we’ve worked extremely hard over the past few years to include a comprehensive set of technology services for municipalities at the lowest overall price point to give cities the biggest bang for their buck. We make sure that cities from smallest to largest receive the same services at the right scale for them. Plus, the price is flat and predictable each month, making budgeting simple.

Onboarding: How We Get You Started

Many cities ask us how we get IT in a Box rolled out at their city. We’ve got this onboarding process down to a science.

  • It starts with a plan and a roadmap. There are a lot of components to IT in a Box that include hardware, software, licenses, and services. Our step-by-step plan takes a city from their current situation to modernization with IT in a Box. We discuss, adjust, and schedule this plan with you in a kickoff meeting.
  • We will ask you about your priorities and adjust our plan around them. We will conveniently resolve any technology issues and address as many needs as quickly as possible. Maybe your printers are a major problem. Or your website keeps crashing. We build our plan around your most pressing issues and address those immediately rather than guide you through a cookie-cutter process.
  • We will clearly communicate with you upon arriving and upon leaving each day. We will not rush but instead take our time to answer your questions and address your needs. Communication is essential for onboarding a new technology service, and so we will tell you what to expect each day and what we accomplished each day. And during the day, we will answer any of your questions as we work to address your needs.

Day-to-Day Service: How We Take Care of You

Our day-to-day service receives a lot of praise from cities for its unique level of care that’s tailored to cities. Our secret? Just doing the basics well.

  • We will respond promptly to you. When you call, you will get an answer and talk to a human being.
  • We will ask for your priorities and set clear expectations with you. Just like with onboarding, we build our work around your priorities. You’ll know our plan, the expected end results, and when we will resolve problems.
  • We will regularly check in with you. Even if you don’t have any immediate issues, we check in and see how things are going on a regular basis. We don’t disappear.
  • We will communicate with you in non-technical language. Too many technology vendors still confuse their customers with overly technical language. We talk to you in non-technical language, one human being to another.
  • We will resolve your issues—and that means no ongoing or recurring issues. In other words, we don’t briefly put out fires just for them to rise up again. We look at the root cause of a problem and fix the root cause.

If you’d like to talk to us in more detail about our trusted, tailored, and affordable IT in a Box solution, reach out to us.

Thursday, March 17, 2016
Brian Ocfemia, Technical Account Manager

Brian OcfemiaYou might think that hiring IT support only when you absolutely need it might save you a lot of money. Especially if you’re a smaller city with only a few servers, computers, and users, it may seem easier to handle most of your technology issues yourself and only call an expert if something goes really wrong or becomes too technical for you to fix.

Unfortunately, a reactive IT approach hurts your bottom line indirectly and impacts you on many other dangerous levels despite the short-term immediate savings you glean. Even small businesses of one or two people are finding it more and more essential to use some form of proactive technology services and support for their business. With money and their business’s credibility on the line, they can’t afford to mess around.

Neither can you. As a city, you handle incredibly important information, serve citizens every day, and rely on technology to both stabilize operations and complete important projects. Here are five ways that a reactive technology approach hurts your city.

1. You never know your monthly IT costs, leading to an unpredictable budget.

You never know when your next crisis, fire, or repair will happen, and so you won’t know how much your technology services will cost each month or year. And when you deal with a crisis, you have little choice about spending that money. Unpredictable budget line items are bad for cities, and having a reactive IT strategy gives you a consistently unpredictable monthly technology cost.

2. Constant IT crises, fires, and repairs are signs of neglect.

It’s difficult to sound nice here, but we must be blunt. Just imagine a house or an office which often catches on fire, loses electricity, or gets flooded. Would you just fix the immediate problem and not look at the root cause? Many cities put up with technology environments that are the equivalent of these disastrous homes or offices by only dealing with immediate crises, putting Band-Aids on them, and not addressing their root causes. In the long-term, that kind of approach is not only negligent but also expensive because you never really solve the problem.

3. You may have a great deal of uncertainty related to data backup and disaster recovery.

If you’re only reacting to technology fires, then what happens in case of a server failure, a failed backup, or a virus that ravages a computer (or computers) holding sensitive information? Do you know for certain that your data can be recovered? Cities that rely on manual data backups performed by non-technical staff introduce a lot of risk into the process. We find that manual data backups are often not regularly tested—and they fail when most needed. Uncertainty grows even worse in case of a major disaster like a tornado, fire, or flooding.

4. You may leave yourself open to cyberattack from gaping security holes.

Only a proactive IT strategy with continual monitoring, management, and maintenance (by both human beings and automated software) ensures that you are not leaving yourself wide open for cybersecurity liability. As time goes on, more and more laws are passed that hold government agencies (including cities) more accountable for cybersecurity. That includes having adequate protection from hackers, viruses, and spyware along with training employees about not clicking on malicious websites and email attachments.

5. Employee morale and citizen service suffers.

So let’s say you limp along during those times when you’re in between crises and fires, with the hope of saving money. We will bet that several things tend to constantly happen that affect both employees and citizens such as:

  • Incredibly slow servers and computers that slow work down to a crawl.
  • An incredibly slow website that might often crash, preventing citizens from finding information and paying online.
  • Slow or limited Internet access that prevents work and efficient information gathering.
  • Long wait times until technical issues get resolved.

When you let these problems linger, employees grow frustrated, citizens get angry, and productivity gets stuck in the mud. And that leads to further problems like employee turnover, angry citizens at city council meetings, and stalled projects if they are never addressed.

These major problems grow unsustainable over time and may only remain acceptable if it’s your status quo. Sure, it looks like you’re saving money on the surface but the unpredictable costs, fires, uncertainty, and poor operational delivery all lead to lost money and productivity—not to mention a series of embarrassing situations that you have to constantly explain to employees and citizens.

A proactive approach will take care of these issues and save you money over the long run. If you find yourself in a reactive technology situation, reach out to us to hear more about the benefits of proactive IT services.

Thursday, March 10, 2016
Nathan Eisner, COO

Nathan EisnerWant to ruin a city clerk’s day? Say the words, “Open records request for an email.” These kinds of information requests are a giant hassle and we’ve written about their excessive cost. In many cases, cities are at an extreme disadvantage because they use obsolete, outdated email systems or consumer grade email systems that not only make email records hard to find but also may place the city at legal risk.

A modern email system with enterprise-class features will eliminate many of the worries that cities go through when fearing an email open records request. While we’ve talked more about the cost reductions of a modern email system in the past, here we discuss four specific ways that a modern email system will help with open records requests.



  1. Centralized and managed emails. If you have an older email system, you might have limited storage on your email server. That means employees will often store emails on their own computers in local archives. When that happens, it’s difficult to retrieve emails and keep them secure. You also risk losing emails because you’re relying on non-technical employees to archive this information as well as hoping their workstation doesn’t experience a failure. And if you happen to use a consumer-grade, cheap email solution, then you risk issues not only with reliability but also compliance. A modern email system will allow your IT staff or vendor to host the system in a secure compliant location, centralize emails, and manage security, permissions, and archiving.
  2. Ability to retain emails. Modern email systems can be configured to store emails for however long your city deems appropriate—and even retain them indefinitely if you’d like. For example, you can set up your email system to automatically retain emails for a specific length of time, notify you when that period expires, and purge the emails for you.
  3. Advanced email search ability. One problem with many inferior email systems is search and retrieval. When you search emails, you often need to find specific words, phrases, conversations, attachments, and other granular information. For example, modern email software would help you with queries like finding all emails that mention “123 Main Street,” all emails sent between John Doe and Jane Doe, or all emails with Form X attached.
  4. Ability to prevent email deletion. Without a properly managed email system, it’s easier for employees to delete emails accidentally or maliciously. That makes the city liable if someone requests to see those emails as open records. A modern email system offers ways for emails to be retained and searchable even if an individual employee decides to delete them on his or her computer. For example, you might consider putting a “legal hold” on emails so that they cannot be purged or altered accidentally.

Ideally, you should not only modernize your email system to make open records management easier but also rely on IT staff or a vendor with extensive experience in retrieving those kinds of emails. With a modern email system and the right expertise supporting your city, you will be able to significantly cut down on the time and cost in processing an open records request.

Reach out to us if you have additional questions about emails and open records requests.

Thursday, March 3, 2016
Dave Mims, CEO

Dave MimsOne of the biggest technology service demands we see at cities is a need for ongoing vendor management. What does that mean? In many cases, it includes things like getting on the phone with a software vendor to resolve technical issues or helping cities purchase computers that specifically meet their needs and budget. But other than immediate issues that need instant resolution, there are quite a few other long-term reasons why ongoing vendor management helps a city’s operations and positively affects its bottom line.

1. Making sure vendors focus on a city’s specific issues and priorities.

Without IT vendor management, it’s easy to get distracted by a vendor’s upselling and irrelevant product features that sidestep your issues and priorities. Vendors need to understand your city’s business priorities and ongoing operational needs in order to focus on your problems. To keep vendors focused, we often work to include them in your city’s planning and seek to understand how they can best help you.

2. Understanding that cheapest is not the best.

It’s understandable to save as much money as possible. But IT vendors usually don’t sell easy-to-evaluate commodities. The cheapest solution may not meet your business needs and the lower quality result may hurt you financially more than the savings you gained. An IT vendor manager can help you evaluate solutions in terms of value rather than strictly on price. Plus, if you know you’re getting the right value for the cost, then you’re also less likely to regularly switch vendors because you’re always looking for the lowest price.

3. Reevaluating contracts and browsing for vendor alternatives.

At the same time, you also don’t want to stay with IT vendors that aren’t meeting your needs or overcharging you. When we first start working with a city, we often take a look at existing contracts to ask:

  • What services is the vendor supposed to provide—and are they providing those services?
  • How do those services compare in breadth and cost to other similar services on the market?
  • Is the service modern compared with current services on the market? Or is it lagging behind the times?
  • Is the city receiving the full support that’s included in the contract?

Once those questions are answered, an IT vendor manager can then formulate a plan that better maximizes what a city gets out of existing vendors or prompts the city to shop for new vendors that better meet business needs.

4. Relying on experienced IT professionals to communicate with vendors.

We mentioned in the introduction that the most common vendor communications tend to be important but reactive—such as a software issue or need to purchase a computer. Beyond these communications, it helps for experienced IT professionals to set the tone of a vendor relationship and build it up positively. If vendors know that an experienced IT professional is overseeing their work, it will be easier for them to engage with your city and do exactly what they promise. With a good relationship established, you’ll also find that vendors respond more quickly and efficiently to both short- and long-term issues.

5. Holding your vendors accountable.

Ultimately, IT vendors need to deliver what they promised. We find a lot of cases when it’s unclear what a vendor is doing and what results they are producing. When selecting a vendor, requirements documents help define exactly what the vendor provides. After selecting the vendor, it helps to get reports that show relevant metrics or results (depending on the service provided). This reporting doesn’t have to be that fancy—but it should basically show that your city receives the results they expect.

Typically, building vendor relationships can be difficult for non-technical city staff (and even the limited number of IT staff onsite) because of the time and technical expertise it takes. Having municipal-experienced IT professionals manage these important vendor relationships ensures that you extract the most value for your investment. And because technology investments are often quite expensive, this kind of professional oversight is more essential than ever.

Have questions about your vendor management process? Reach out to us today.

Thursday, February 25, 2016
John Miller, Senior Consultant

John MillerAs investigators combed for information about the San Bernardino shootings, they relied on electronic information that the killers thought was destroyed. The killers assumed that by damaging their electronic devices (including throwing some of them in water) that all of their information would be destroyed.

However, it takes a lot more than smashing an electronic device to confirm that all data is successfully destroyed. That’s why the FBI could possibly still find information on the killers’ damaged electronic equipment.

From an IT point of view, we can learn from this incident and show why professionals need to decommission your hardware when you no longer need it. You might think you can do it yourself, but here are some issues you will encounter and mistakes you may likely make.

  1. Thinking that deleting or erasing data counts as decommissioning. Even if your computer offers you the option of “permanently” deleting files, it’s still not a sure bet that the data is fully gone. That’s because computers often don’t actually delete the data. Instead, a computer simply understands that new data can overwrite the old data if needed—and until it’s overwritten, it’s still there. Imagine having a bookshelf full of books that you want to throw out, but instead you only throw out a few old books at a time to create space for new books. If someone gets a hold of an unencrypted computer that you’ve tossed out or resold, then sensitive data may still be accessible because it’s actually still there.
  2. Failing to destroy the correct parts of a computer. An amateur might smash up their computer and toss it out, thinking they’ve destroyed the data. But there is usually a specific part that needs to be destroyed. For example, most of the information on a hard drive is often stored in a metal platter hidden behind layers of plastic, metal, and screws. You may smash your hard drive but fail to destroy or damage the metal platter. If someone gets a hold of that metal platter, they still may be able to retrieve information from it.
  3. Introducing the risk of safety issues. Many online tutorials talk about “surefire” ways to destroy a hard drive. But they often create serious safety hazards with flying parts, glass bits, and incredibly strong magnets. Smashing the hard drive with a hammer, burning it in a fire, or baking it in a microwave may sound fun and adventurous—but it’s also dangerous. Especially if you do it wrong.
  4. Negatively affecting the environment. Even if you do manage to crush and destroy a hard drive, it’s not good for the environment to throw electronic equipment into a normal garbage dumpster. There’s a reason that electronics recycling has become such a big industry. Electronics equipment is generally not good for landfills and there can be hazardous materials that expose city staff to health and safety issues. An IT professional will properly decommission your hardware and also recycle it in a way that benefits the environment.
  5. Failing to encrypt the information. You should always plan for a worst case scenario despite taking proper precautions. Even if an IT professional decommissions your computers, it’s still a great best practice to encrypt the information. That way, even if the slight chance exists that someone gets access to a piece of damaged yet still readable data, it becomes close to impossible that someone could even read the information.

Depending on how you want to decommission your hardware, IT professionals will safely and securely make sure that no information can be retrieved by a third party. Wiping a computer so that it can be reused means professionals using complicated software and a complex set of technical steps to ensure that the hard drive is completely erased. And hardware decommissioning and disposal is similarly left in the hands of trained IT professionals.

Need help decommissioning hardware? Reach out to us with any questions.

Thursday, February 18, 2016
Alicia Klemola, Account Manager

Alicia KlemolaIn the old days (and yes, in IT that does not necessarily mean that many years ago), it was common for a single IT person or even a non-IT person to handle many of the ongoing technology-related issues at cities. For cities that could afford it, some hired an IT person who served more like a repairperson. When problems arose, the “repairperson” would arrive onsite, put out the fire, and leave.

As technology evolves and becomes not only more complicated but also more critical to the functioning of cities, the IT staff or repairperson model reveals significant limitations. But many cities often think of a 24/7 helpdesk as too expensive or a “nice to have” that may be overkill.

Here are five important ways your city can benefit from a 24/7 helpdesk—and why they are not just “nice to have” anymore.

  1. Always available. We don’t live in a 9 to 5 world anymore. People check email before and after work—and on weekends. Your community expects to engage with your city services 24x7 such as paying a bill online, visiting your city website, learning about what happened at council meetings, contacting your police department, and more. Each of those operations and services rely upon technology that must be up and available 24/7. For technology issues and disruptions that can happen at all hours of the day, you need a helpdesk that is always available.
  2. “We’re on it.” That’s what any city employee wants to hear when they encounter a technology issue. Today, you may be in a situation where you may not even get an issue addressed for days. In the meantime, the issue halts your work or lessens your productivity. A 24/7 helpdesk responds to your problem and puts someone “on it” quickly.
  3. Accountability for all reported issues. Each reported issue gets assigned a ticket number and someone is held accountable for that issue until it’s resolved. Plus, you can always check the status and current estimated resolution time to see the progress that’s been made. It’s often frustrating when you report a problem and you don’t know if it’s even close to completion. A 24/7 helpdesk builds in accountability from the ground up.
  4. Proper problem escalation and troubleshooting. As you might know from projects around your house, every problem doesn’t require a hammer. Different problems require different resources and solutions. A 24/7 helpdesk can quickly figure out if you’re having a basic, common issue that can be resolved in minutes remotely or if it’s a severe enough issue for someone to address onsite. Historically, reactive IT services often use any small issue as an excuse for an onsite visit. A 24/7 helpdesk works as efficiently as possible and will often remotely resolve many issues quickly—negating the need for an onsite visit.
  5. A deeper well of diversified knowledge. A good 24/7 helpdesk will be staffed with a variety of skilled engineers. Depending on your problem, any person answering the helpdesk will have a wealth of knowledge and specialized engineers at their fingertips. While a single IT staff person or point of contact at a small IT vendor may know a lot, he or she can’t know everything. A 24/7 helpdesk distributes a lot of knowledge and specialization in an efficient way so that your problems are more correctly diagnosed, escalated to the appropriate potentially specialized resources, and resolved more quickly.

If there’s a theme with these benefits, it’s that you get a lot of bang for a very small buck. 24/7 helpdesks evolved out of a need for efficiency and responsiveness—requiring quick problem resolution with the most knowledge on hand. As time has gone on, 24/7 helpdesks have become more cost-effective and affordable for smaller cities.

Exploring a modernized IT services solution in which your IT needs are taken care of 24/7? Contact us to chat further.

Thursday, February 11, 2016
Brian Ocfemia, Technical Account Manager

Brian OcfemiaWhile not the first time cyberattacks have been used as part of a war, the fact that two non-nation organizations are battling each other in the cyberworld during a very real international conflict is significant. It’s a sign that cyberattacks are continually becoming more sophisticated and prevalent. As a result, are you starting to worry more about the potential for a cyberattack?

Just because you may see yourself as a small or medium size city doesn’t mean you are less of a target for extremely sophisticated hackers. Without the proper precautions, cities are vulnerable to data breaches and stolen information.

Because hackers aren’t messing around when they attack, cities cannot treat cybersecurity lightly. If you’re worried about cyberattacks, then you need to ask yourself the following questions about your city.

Do we have strong physical security and employee awareness about cyber threats?

The most obvious prevention is often the most overlooked. Make sure you secure your server rooms so that only authorized people can access them. Require that employees lock their computers so that unauthorized people can’t hop on and access information. In addition, one of the biggest sources of cyberattacks is employee accident. Hackers usually gain access by getting employees to click on malicious email attachments and website links. Once they give up sensitive information like passwords, hackers have what they need to steal and exploit your data. Train employees on an ongoing basis about cyberattacks and how to watch out for malicious emails and websites.

Do we keep our software modernized, upgraded, and patched?

Another way to make cyberattacks easy is to rarely modernize or upgrade your software. Older software usually cannot keep up with the evolution of information security, and its aging code will offer more ways for hackers to break into that software to steal information. An extreme example is how many businesses and organizations continue to use Windows XP despite Microsoft no longer supporting it. If you use old software, consider modernizing it to lessen the risk. And especially keep up on any software upgrades, updates, and patches to plug up any security holes.

Do we use strong passwords and change them on a regular basis?

Weak passwords or sloppy password management (such as writing passwords on sticky notes for everyone to see) are another common way to open up your city to cyberattacks. Use strong passwords with uppercase and lowercase letters, numbers, and symbols, and force people to change them on a regular basis. This applies to your IT staff too. We have sometimes found instances where cities had extremely weak passwords to access servers and other important databases. Again, prevent cyberattacks by starting with the obvious entry points.

Do we use enterprise-class antivirus software that is managed and maintained by IT professionals?

Free or consumer-grade antivirus software managed by employees doesn’t cut it. Your city needs enterprise-class antivirus software that’s installed by IT professionals, regularly kept up-to-date, and managed. That way, your IT staff or vendor help prevent viruses from ever entering your city and they’re alerted in case of a virus attack.

Do we protect our Wi-Fi access points?

Wireless access points continue to be another overlooked entry point for cyberattacks. Amateur hackers have become quite good at sniffing around for open wireless access points, accessing sensitive information, and stealing data. Keep public and private networks separate, shore up any weak points by giving your wireless access points strong passwords, and encrypt your wireless data.

Do we know that our website is secure and hosted by a reputable provider?

You can take care of every other issue mentioned above and still have a gaping hole in your website. Hackers often like to exploit poor website security by replacing your public-facing website with another website that seeks to embarrass you, pose as your website to collect sensitive information from citizens, or generate malware and spyware that pops up on a person’s browser. Basically, your website vendor needs to be reputable and allow a third party to audit your website for security risks.

By going through each of these questions, you’ll better know if you’re prepared or if you’re opening yourself up for a cyberattack. If you answered “no” to a lot of the questions above, then take action. The minute you start solving these problems, the sooner you can begin addressing risks that can cause a lot of damage to your city.

Need help assessing your ability to fight off a cyberattack? Reach out to us.

Thursday, February 4, 2016
Nathan Eisner, COO

Nathan EisnerCities may already know that document management systems will help them with storing and accessing documents in a central location. But there are a lot of lesser-known advantages within a modern document management system that will help a city save time, increase productivity, and just plain old make your job easier.

Because these document management systems often contain a dizzying array of features, we’ve sifted through them and highlighted a few that you might not know about. And we think you’ll agree that these features will help any city clerk or staff who deals with documents every day.

1. Collaborate on documents with others while tracking edits.

When you’re working on documents with multiple people, it can be difficult to create a draft that incorporates everyone’s feedback. Document management systems allow you to work on documents together (sometimes even in real-time) with all edits tracked. That way, you know you’re looking at the current work in progress. This feature makes document collaboration much easier and less confusing.

2. Keep all versions of documents as they get created and revised.

One of the biggest pains for many people at cities is trying to figure out what document is the latest version. You struggle to figure out who has the latest version and sometimes you may work on a version not knowing that another person created the latest, greatest draft. With document versioning, you can see the latest document version in seconds so that you know you’re working with the right one.

3. Restrict document editing, sharing, and access.

On a practical level, restricting document editing helps “lock” documents when someone is editing them. That way, you’ll know that no one is making changes to the latest version as you’re editing it. More importantly, restricting access to documents helps with security and records management. You can make sure only authorized users access and share specific documents.

4. Set up automated archiving and workflow processes.

Manual document archiving introduces the risk of making mistakes or overlooking documents. By setting up automated archiving features built around your records retention policies, you can make sure that documents are managed based on clear rules. This mitigates the risk of problems with open records requests.

5. Tag documents so that they are easy to find.

Modern document management systems offer a lot of ways for you to tag documents to make them easier to find. Tagging helps you find documents without necessarily having to dig through chaotic folders that various people have created over time. For example, you might tag documents by department, project, author, event, year, etc. Then when you use the normal search or advanced search function, documents will come up that match your search terms. It may take some upfront planning and time investment to tag documents, but it’s worth it.

The most important point about the five benefits above is that your document management system won’t magically solve all of your problems. Instead, you’ll rely on your document management system to help you carry out important business processes such as creating, revising, finalizing, approving, storing, archiving, labeling, securing, and decommissioning documents. The good news? What used to be difficult to enforce and carry out becomes much easier in a document management system.

Questions about how a document management system can improve your city? Reach out to us to talk about your particular situation.

Thursday, January 28, 2016
Dave Mims, CEO

Dave MimsMany cities have some form of data backup. But it troubles us to find a lot of uncertainty about actually recovering that data if a disaster hits. In a FierceITSecurity article from late last year, the online magazine reported:

“Data loss has increased 400 percent since 2012, while 71 percent of enterprises are not fully confident in their ability to recover after a disruption, according to a survey of 3,300 IT decision makers by Vanson Bourne on behalf of EMC.”

While it’s likely that you’re doing something to back up your data, those efforts may not be enough to recover your data.

Wondering if you can recover after backing up your data? Ask yourself the following five questions.

1. Do you regularly test your data backup?

This is the most critical aspect of making sure you can recover your data. It’s essential to perform a full disaster recovery simulation at least once every quarter to make sure you can actually recover your data. Don’t find out you can’t recover your data after a disaster occurs. By then, it’s too late. During a test, assess your data backup and disaster recovery effectiveness, identify issues, and solve those issues as soon as possible.

2. Do you back up your data to a completely separate place?

You’re not backing up if you’re just replicating data in the cloud or on a server. Erasing replicated data in one place will erase it in all places. Backing up also doesn’t mean using business class servers such as RAID servers (that duplicate data within the same server) or other virtualization technologies that allow multiple servers to be hosted within one server. Sure, using those technologies reduces risks and increases efficiencies, but what if something happens to that entire server? Backed up data needs to be stored both in a completely separate location onsite and in a distant data center (preferably a cloud data center) offsite.

3. Do you use business-class data backup software?

We’ve written about this subject in the past as we’ve reported on the downfalls of relying on consumer-grade data backup. The biggest risk of cheap, do-it-yourself consumer-grade data backup is that you may not be backing up all of your critical files. Only managed, business-grade data backup and disaster recovery ensures that you are backing up all of your critical data and that it can be recovered. A business-grade data backup solution also makes sure you answer “yes” to questions 1 and 2 above.

4. Do you have modern technology?

Just because you’re backing up your data doesn’t mean it will easily reload in a timely fashion onto any possibly existing dated servers or even procured new servers. Time-to-recovery advantages that modern technology offers creates the benefit of being able to have your data and systems back up and running much faster. In addition, the quality of your networking equipment (such as your data transfer speed) may also affect your ability to recover quickly. Make sure your technology is modern enough to handle full data recovery.

5. Are you prepared for full disaster recovery?

You might answer “yes” to the four questions above...for onsite data backup. But if you’re not backing up offsite, you’re still at risk of not recovering after a disaster. A fire, flooding, or a tornado can jeopardize your best onsite data backup efforts. And don’t think that “offsite” means a building next door or down the block. The same disaster that hits your building can also hit the building nearby. Offsite means geographically dispersed, preferably in data centers in different parts of the country.

With data backup, your goal is not just to back up the data. Your goal is to recover it. Work at addressing your data backup gaps until you can answer “yes” to the five questions above. Until then, your city has some important work to do!

Have questions about your ability to recover your data? Reach out to us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 |