We put the IT in city®

CitySmart Blog

Thursday, March 19, 2015
Nathan Eisner, COO

In the early days, websites worked a lot like one-way brochures or printed material. You created something for someone to read, they read it, and the “transaction” ended there. Perhaps contact information or a next step existed, but it wasn’t that important. Websites simply communicated information to people, and that was that.

Today, fancy terms like “calls to action” and “conversion” are inescapable when talking about modern websites. All this means is that websites have become ways to get your audience to interact with you. In other words, you get them to do something. If your website shows signs that no one is taking action based on the information you provide, then it’s considered a failure or a wasted investment.

That’s why it might be easier to avoid measuring this kind of engagement, but you will serve citizens better if you pay more attention to “calls to action” on your website. In fact, you’re probably already seeing citizens engage more heavily with some parts of your website than other parts.

Here are some common calls to action that you may want to add, enhance, and improve on your city’s website.

  1. Pay. One of the most common “calls to action” that many citizens expect on city websites is to pay bills, traffic tickets, taxes, etc. online. The more you can direct people to pay through automated processes, the happier you make citizens—and the happier you make city employees. Offering online payments reduces the cost of staff time spent manually processing payments and reduces the risk of error from handling manual or paper-based processes. Plus, most citizens now expect some or all payments to be available online.
  2. Sign up. You may have an email newsletter, text message alerts, or even an online way for people to sign up to speak at city council meetings. Offering useful information or the convenience of signing up for a public activity online helps you stay connected with citizens. Make it easy for people to sign up. Avoid long forms and consider only requiring that people enter essential pieces of information.
  3. Click. Encourage people to explore and go deeper inside your website. Don’t overload people with information on any one page (especially the homepage). Instead, build your pages so that people are encouraged to click as they need more detailed information. For example, a government page might describe your city council on a high level. If people want minutes related to a specific meeting, offer an easy-to-find link to your archives where people can search for past meeting minutes.
  4. Search. Similar to how people use Google, your citizens are used to searching for things on their own on a website. Make sure your search box is easily seen and useful to citizens who look for information. On the backend, you may want to work with your website designer or IT staff/vendor to make your search box even more useful by anticipating what users will search for (e.g. an autofill function when someone types in a word or phrase) or suggesting related content to users based on their search terms.
  5. Follow. As you know, citizens may not necessarily go directly to your website for information. Instead, they will be led there through Twitter, Facebook, and other social media platforms. Provide easy ways for citizens to follow you on social media. On many websites, the follow buttons are an unobtrusive but still highly visible part of every page so that users always have the option to follow you on social media at any time. Growing your social media followers and fans is now an important part of citizen engagement.

You might think of more calls to action beyond the five listed above. No matter what they are, calls to action help get your citizens to do something, to engage with you. Signs of their activity will show unmistakable proof that your website is useful to citizens. You may also find that some calls to action are less popular, or that calls to action may be too hard to find. Fixing and tweaking the way you engage with citizens will go a long way toward improving the way you communicate to the outside world through your website and make it much more useful to people.

To talk in more detail about website calls to action, please contact us.

Thursday, March 12, 2015
Alicia Klemola, Account Manager

One of a city clerk’s most important duties is handling documents to follow state or local record retention policies. Because these policies usually follow from a law, it’s important that city clerks meticulously maintain their records. However, this job grows more challenging, especially as the volume of information increases so rapidly today. Paper documents, electronic documents, PDFs, emails, etc. all require retention according to strict rules.

To handle this kind of policy precision with such a high volume of documents requires that city clerks rely more and more on technology. If a city has not considered a modern document management solution, they may be surprised at the records retention benefits gained.

First, it’s useful to know two key things that happen with a document management system that will help your record retention activities.

  1. You, your staff, your document management vendor, and possibly (especially for large cities) content or information architecture consultants will help identify and organize your documents so that they are searchable and findable in your system. That may include organizing by department or categories such as accounting, budgeting, legal, personnel, etc.
  2. Your document management vendor will then help you apply your specific records retention schedule to your documents. That means classifying documents and setting times for them to be staged, reviewed, and purged. The technology will help you automate as much of this process as possible so as to eliminate any manual aspects.

If you still think that your current processes are fine and that document management might be overkill, consider the following benefits that will impact your work as a city clerk.

  1. Save time. Lots of time. Manually searching for electronic documents or rifling through paper documents is a long, time-consuming process. You’ve got a lot on your plate, and you don’t need to be endlessly searching for information. By automating specific aspects of the records retention process, you’ll be able to find and keep or purge documents much more quickly.
  2. If the document has been legally purged, then you don’t have it. Records retention laws are there for a reason. If you’re legally obligated to keep a document for five years, then it’s gone if you purge it after five years. By delaying or neglecting full adherence to the time limits, you risk introducing confusion and unnecessary work if someone requests a document that you still have even though you were legally allowed to purge it.
  3. Ensure full data backup and disaster recovery. On the flip side, you don’t want to be caught in a situation where you are supposed to have the document but you don’t have it because of data loss from flooding or a tornado. Modern document management systems often store data in the cloud so that files are accessible anytime/anywhere. This ensures both quick onsite recovery and full offsite recovery in case of disaster.
  4. Going paperless frees up physical space and helps the environment. Transitioning from paper to electronic documents can take an upfront investment of time as you scan all of your paper files. But the benefits are endless once this happens. No more threat of physical theft, lost paper documents, fire, water damage, etc. Plus, you free up valuable file cabinet and floor space while also “going green” to help the environment.
  5. Search and retrieve documents much more quickly. When all of your paper files are scanned and your electronic documents are organized to match records retention policies, then it’s much easier to search and retrieve files. That makes handling open records requests much easier and allows access to those documents 24/7 from any authorized person using their desktop, laptop, tablet, or mobile device.

As you can see, the benefits of applying record retention policies to a modern document management system has the potential to save you money, time, and hassle. Once implemented, you will find that the benefits ripple out much further than just affecting your role as city clerk. Other departments will enjoy the ease of finding documents more quickly, elected officials will like the quick responses to open records requests, and citizens will like the transparency. Many embarrassing city situations often arise when they cannot find information due to outdated document management methods. You’ll be ahead of the curve by applying best practices to your role as a city clerk through leveraging technology to help you do your job.

To talk about records retention in more detail, please contact us.

Wednesday, March 4, 2015
Georgia Municipal Association

Television shows such as The Walking Dead have placed the city of Senoia squarely in the spotlight. That means more tourists, more attention, and more demands on city services. Plus, stricter expectations of government entities about records retention, data backup, and cybersecurity led the city of Senoia to consider ways of quickly modernizing its information technology.

After looking at some costly options that would have addressed each technology area, Senoia took a look at the Georgia Municipal Association’s IT in a Box service. Not only did it fit the city’s budget, but the service also modernized many technology areas in one fell swoop including data backup, disaster recovery, and hardware.

Senoia City Clerk Debby Volk spoke to GMA about how IT in a Box—powered by Sophicity—helped modernize the city’s information technology, how it improved their response to open records requests, and why cities need to modernize critical aspects of their information technology before an emergency happens.

What made you decide to take a fresh look at the city’s information technology?

As a growing city, we needed to modernize our information technology on a few levels. First and foremost, we identified a need to more effectively archive our email. We also lagged behind in many technology areas such as data backup, disaster recovery, document management, hardware, and networking equipment. Other productivity issues, such as everyone having different versions of Microsoft Office, also made it hard to share documents and files with each other.

We did attempt to look at these problems in a piecemeal fashion, but the solutions were costly and required high cost IT consultants. Plus, we needed more responsive IT support without it breaking our budget. Sometimes it could take up to three days for someone to help us out with an IT issue, and that was becoming too long a wait.

How did you make the case to prioritize modernizing the city's IT?

First, it’s important that email archiving is modernized and as up-to-date as possible. The expectations attached to open records requests increase each year, and we wanted to make sure we could respond quickly without consuming many days of staff time. All cities are eventually going to need to modernize email archiving, and Sophicity provided a strong platform while also offering the ability to conduct the email searches. The mayor, city manager, and city attorney all saw that aspect as important.

Second, our city manager made some calls about IT in a Box after hearing that it was offered through the Georgia Municipal Association. He was very pleased about what he heard. Because Sophicity provided so many essential aspects of IT bundled together under a low price, it was really a no brainer—especially because we knew many other Georgia cities used it.

What results did you see from IT in a Box?

Our emails are now archived and they can be easily retrieved. When we receive an open records request now, Sophicity handles the difficult work of finding the emails. We sit back and let them handle it. Because it’s an enterprise class email system, we don’t have to worry about a host of problems that plagued us before. For example, even if a user deletes an email, it’s still archived and findable if it’s needed as part of an open records request.

Also, Sophicity modernized our information technology across so many areas. They helped us replace servers and network equipment, upgraded our software, and established 7 day a week helpdesk support. Our technology is now faster and more stable, and we’re able to do so much more than previously. If there’s a problem, we call Sophicity. If there’s a problem with a hardware or software vendor, Sophicity handles all communications. They work with those vendors to resolve issues and keep all software continually upgraded. Sophicity even came down onsite on a weekend in order to handle an important issue with our public safety’s technology.

This modernization has saved us a lot of time and allows for a predictable IT budget instead of reactive, unpredictable hourly charges. All of our Microsoft software is up-to-date and consistent, so we can all share files with each other easily. And probably most importantly, we’re prepared in case of a disaster. If a server crashes or even if a major disaster destroys our buildings, our data is recoverable and accessible in hours. Our data is stored both onsite and offsite, and Sophicity tests our backups on a regular schedule.

For other cities in similar situations, what advice would you give them about addressing their information technology issues?

Cities need to find an information technology solution that covers important needs from email archiving to data backup. Like insurance, it’s not a matter of if but when an emergency will happen. Cities need to find a solution to their IT needs before an emergency occurs. Luckily, we haven’t had an emergency but we now feel secure knowing that Sophicity handles such important needs with our data and technology. Things like email archiving and data backup are not nice-to-haves anymore. They are necessities. It’s good to know that GMA and Sophicity are taking care of us, and it’s one less worry for us here in the office.

Originally published on the Georgia Municipal Association website. 

Wednesday, March 4, 2015
Dave Mims, CEO

Our very own Nathan Eisner, COO of Sophicity, delivered training to cities on Cyber Security on Tuesday, March 3 in Waycross, Georgia and today in Moultrie, Georgia. Accompanied by Pam Helton from the Georgia Municipal Association, the training sessions focused on preparing city staff and elected officials with a non-technical foundation to ensure their cities are properly protecting their data.

For more information, take a look at the GMA flyer.

Thursday, February 26, 2015
John Miller, Senior Consultant

Body cameras for police officers have quickly gone from an expensive novelty to something that cities need to seriously consider. Even the President is now placing pressure on cities and pushing for financial incentives to help pay for body cameras. A recent article from The Arizona Republic points out that body cameras will actually become the norm within 10 years. Like it or not, these technology-intensive cameras will eventually become part of your public safety budget—if they aren’t being considered already.

While many articles focus on the cameras, the logistics, and the politics of body cameras, many gloss over the underlying technology. If you’re using, actively planning for, or discussing the use of body cameras for your police officers, then we want to offer up a few questions you need to consider that are easy to overlook.

  1. Are you able to back up your data and recover it in case of a disaster? You should be backing up your data anyway, but it becomes even more important to recover from a disaster with all body camera footage data intact. This means a form of onsite backup that provides at least hourly snapshots of your data for quick recovery (in case of a server failure) and offsite backup that ensures you can recover your data in case a fire, flooding, tornado, or other disaster hits your city. Explore cloud solutions that offer unlimited offsite data backup storage under a set monthly cost. Otherwise, your costs could skyrocket out of control if you pay by the gigabyte or have caps to your current data backup storage.
  2. Is your data encrypted and secure? You absolutely don’t want people hacking into police footage from body cameras. This is a good time to review your security. Your body camera data needs to be encrypted onsite, offsite, and while in transit between machines (such as uploading or downloading information). That way, the information will be useless to hackers if they happen to access it. Then, you need to make sure that your network security or cloud provider security follows best practices and is monitored and maintained by experienced IT professionals.
  3. Do you have clear data retention policies that are easy to follow? A modernized storage system can help you store, archive, and find data easily. It helps when your storage repository can help you automate some of the more tedious aspects of retaining and deleting data according to the law. Body camera footage will be requested and demanded by people when a sensitive case arises, and you don’t want to be caught without data that you should actually have on hand. At the same time, you want to clear away as much data as possible if you’re not legally required to keep or store it.
  4. Do you test your ability to retrieve and successfully back up your data? Even given the precautions above, you cannot assume that everything is working properly. You absolutely must test your data backup and security to make sure that you eliminate any severe risk of a data breach or data loss. We recommend testing your data backup and security at least quarterly to make sure that all of your body camera footage is recoverable in case of a disaster and meets information security best practices. It’s becoming less and less excusable (and more embarrassing from a legal and public relations standpoint) when cities claim that data is missing or unrecoverable.

While cities might fear the costs of having to invest in body cameras, the situation gives cities an opportunity to examine the state of their current technology. Many of the questions above don’t just apply to body camera data. Data backup, disaster recovery, record retention, data storage, encryption, security, and testing come into play with all city data and information. Luckily, many of the investments needed are more cost-effective than ever.

To talk about storage, security, and data backup needs for body camera data, please contact us.

Thursday, February 19, 2015
Brian Ocfemia, Technical Account Manager

We’ve all heard overblown technology claims, such as “Apple computers never get viruses.” But they do, and when they do there is outrage and possible backlash against what’s still a pretty good product. Similarly, we still hear claims such as the cloud being 100% reliable and that upgrades and maintenance don’t interfere at all with users. Then, when there is an outage or some downtime related to maintenance, the critics point fingers and claim that the cloud did not deliver what was promised. Often, they will also use that frustration as an argument that they want to go back to hosting their own servers and bring back their software onsite.

What’s happening here is common in the world of technology (and with many other things in life). A new technology legitimately improves upon a previous technology, but the expectations are set too high. So even if expectations reach 99.9%, critics will rip apart the 0.1% that caused it to not reach 100%. But if we’re accustomed to lower expectations from old technology, then something we expect to work 85% of the time will delight us if it hits 90%, even if that means higher costs and more risk than with modern technology.

A recent article on LinkedIn lays out some common points that people bring up to shoot down the cloud based on real but skewed data. The author points out three representative points that often cause a lot of doubt, but let’s look closer at these oft-heard claims.

“Azure experienced 92 outages totaling 39.77 hours for the year. As stated by Microsoft's own Chief Reliability Strategist David Bills, cloud service failure is, "inevitable".”

Reality: By focusing only on the total amount of downtime during the year, it’s easy to miss the high percentage of total uptime. If cloud services run 24/7/365, that means Azure’s uptime during 2014 was 99.5%. And Azure was actually the anomaly by a long shot. Other common cloud services such as Rackspace, Google Cloud Platform, Joyent, and Amazon Web Services all had higher than 99.9% uptime. From our experience, these performance results easily beat out most onsite servers and match or exceed most data centers. Cloud service providers invest in plenty of redundant power lines, generators, and Internet connections that ensure such high uptime for a variety of customers. Their resources far outpace most onsite setups and smaller data centers.

“A recent Verizon 40 hour cloud shutdown proved that cloud DC maintenance is not seamless in all cases.”

Reality: First, it’s important to note that this situation with Verizon is another anomaly. The article from which the author quotes clearly says, “For an industry that generally measures downtime in minutes or several hours, this was a long shutdown.” But who ever said maintenance was seamless? It may be less intrusive than traditional ways of conducting maintenance, but an occasional interruption or pause is not unheard of. Compare these brief interruptions with the amount of downtime, staff time, and IT maintenance costs of making updates to your current onsite servers. With cloud providers, you don’t even have to think about maintenance. You may experience an occasional few minutes of downtime, and a rare anomaly might lead to an outage for hours. But the way that cloud providers conduct maintenance is much faster, less interruptive, and less costly than traditional server maintenance—by a long shot.

“Cloud providers (CPs) have a commercial interest to hype to their potential and existing customers how easy it is to migrate workloads to the cloud.”

Reality: Sure, you will hear vendors do what they always do: sell and make everything sound easy. But the author mentions another important point: “One study conducted by BT found that 32% of enterprises don’t have the skills internally to manage cloud migrations.” While a cloud provider can help with the migration, you need a strong IT staff or vendor that has done these kinds of migrations many many times. The right IT professionals will help you:

  • Investigate your situation and review your business needs.
  • Create a plan for migrating your data, settings, and programs to the cloud servers.
  • Execute the migration by means of a rigorous process, including testing and participation with business stakeholders to ensure that all is well on the go-live date.

“Many enterprises assume that once they have signed a contract with the CP that their responsibilities end.”

Reality: Obviously, that’s an incorrect assumption for any hardware or software you would use. Even when traditionally buying software from a vendor that installs a server onsite, you still have to find space for that server, connect it to your network, and maintain that server. That’s why you would have your IT staff or vendor help with patching, updates, and upgrades. With cloud service providers, you still need IT professionals monitoring your cloud data and applications, alerting you to any issues, ensuring security (such as antivirus, antispam, content filtering, etc.), updating and patching the software, and tracking your cloud assets for reporting purposes. Your IT staff or vendor will also help you with any data migration needs or day-to-day technical help.

Overreacting to abnormal data about the cloud prevents you from making a good business decision. Overblown points will scare the less technically-minded away and encourage them to stick with less secure, more risky traditional technology solutions. The two most important points to remember are:

  • The uptime and reliability you will experience in the cloud far outpaces most traditional setups.
  • You will need experienced IT staff or a vendor to guide you through the technical aspects of a cloud migration and ongoing maintenance.

To talk about migrating to the cloud in more detail, please contact us.

Thursday, February 12, 2015
Nathan Eisner, COO

A recent article from Sarasota’s Herald-Tribune reported on a sensitive political situation concerning who manages the IT department within the city. While we’re not obviously speculating or commenting on the politics involved, it was striking to see the mayor quoted as saying, “We went through all these things that nobody, but nobody, understands. We have no way of knowing what goes on in the cyberspace games we're playing.” That lack of knowledge about IT from key city officials can have devastating consequences. Follow-up articles noted that onsite data storage was at high risk for a disaster and that the city faced dangerous security risks.

In many cases, we often see conversations about IT in which important stakeholders such as elected officials and even city management don’t fully understand IT enough to understand critical risks and make good judgments about technology investments. IT often doesn’t help by remaining obscure, technical, and tactical when explaining its activities to city officials and managers. While that strategy may buy IT time, eventually it risks political explosions like those seen at Sarasota.

Key stakeholders don’t need to be technical to understand IT. Instead, it’s important that they ask the right questions of IT in order to get a good non-technical, business understanding of IT’s accomplishments and any red flags. Even if you’re a technology novice, here are some questions that are important to clarify in order for IT information presented to city officials or managers to have the most impact.

  1. Each IT service needs to be explained in terms of business impact. No IT service should be so technical that you cannot understand why it is important and what it essentially does from a non-technical perspective. Some examples include:
    • Website management and maintenance: You invest in it to ensure that your website doesn’t crash or go down, and that users (both city employees and citizens) have technical support if something is needed related to the website.
    • Data backup and disaster recovery: You invest in it to ensure that no data is lost if a server fails or a disaster (like a tornado) hits the city.
    • Server, desktop, and mobile management and maintenance: You invest in it to ensure that technology problems are detected as early as possible, and that security patches and software updates are installed in a timely fashion to keep machines safe, secure, and up-to-date.
  2. Technical, tactical tasks need to be explained at a higher level. Many IT professionals either through obfuscation or inexperience often talk about what they do in terms of technical, tactical tasks. Rather than throw up your hands because you don’t understand the jargon, you need to ask questions that raise the discussion to a higher level. For example, if your IT staff starts talking about the technical aspects of server load balancing, simply ask them to stop, remind them that they are talking to a business audience, and to explain at a higher level that focuses on how the technology is impacting business performance. Is something about server load balancing causing downtime or crashes as a result of aging hardware? Or is the server load balancing just fine, meaning all systems are running normally? If the IT representative is unable to report at this higher level, you need to communicate with a more experienced person who can talk to business stakeholders.
  3. Understand the non-technical basics of alternative technology services. All IT services are not the same, and yet many non-technical decision makers think IT services are created alike. Again, it’s fine to not understand the technical details of various services, but some examples of what any city administrator or clerk overseeing IT should know is:
    • Understanding the difference between reactive, hourly IT service (only putting out fires) versus proactive, ongoing IT service.
    • Understanding the differences between servers providing you your software applications onsite, in a data center, or in the cloud.
    • Understanding the differences between manual data backup (such as tape or hard drives) versus automated onsite and offsite data backup accomplished through servers.
  4. Understand what happens when you underinvest in a service or fail to invest in it at all. We often see decision makers get so frustrated with the cost of IT and so, without understanding much about the service, it gets heavily cut, shortcutted by a cheaper vendor, or removed because it’s considered a “nice to have.” Ideally, you will want to understand things like:
    • Reactive, hourly service that only puts out fires will lead to high, unpredictable annual expenses, constantly crashing machines, and low employee productivity and morale.
    • Managing your own onsite servers introduces higher security risks, maintenance costs, and expensive hardware upgrades every few years.
    • Failing to automate and test your data backup leads to a high risk of data loss in the event of a disaster.
  5. Review IT reporting that focuses on non-technical, business critical information. If the reporting you receive from IT is full of technical data and reams of gobbledygook, ask for a version that gives an executive summary, high-level insights, and red flags related to business issues. For example, it’s helpful for you to know that the website uptime is 99.9%, that all data backup tests occurred and there are no issues, and that a server needs replacing because it is over five years old. You don’t need to know every single website metric, information about the daily backup logs, or server load balancing data. If your IT staff or vendor cannot provide clearer, non-technical reporting, then someone with more experience needs to report to you.

While the situation in Sarasota is extreme, it shows what can happen when ignorance about what IT does adds fuel to existing political fires. As a mayor or city manager, it may be tough to introduce the topic of IT to councilmembers who don’t have day-to-day operational knowledge. Yet, it is part of your responsibility to demand and receive information that makes sense, even if you have to go back to IT a few times to demand the right kind of information you need. More importantly, a lack of understandable, business-focused answers reflects a problem. Bad IT staff or vendors often hide behind technical jargon to cover up problems or inexperience. By asking the right questions, you expose these problems to light much quicker and allow all stakeholders to understand exactly what IT is doing.

To talk about IT communication in more detail, please contact us.

Thursday, February 5, 2015
Alicia Klemola, Account Manager

Like an old car, it’s tempting to use your desktop and laptop computers until the blue screen of death beckons them into technology heaven. After all, you invested a lot of money in those computers and you want your full bang for the buck. And while you might hear that best practices indicate that you replace all hardware every 3-5 years (and more like 2-3 years for laptops), you may think of that rule applying to the more important servers rather than the “less important” everyday computers that your employees use.

However, there are critical business reasons to replace your desktop and laptop computers that affect your bottom line both directly and indirectly. Here are five things to consider when taking a look at your aging desktop and laptop computers at your organization. 

1. The cost of new computers are often cheaper than maintaining old computers.

Old computers used beyond their typical lifespans become ongoing problems. It becomes expensive for your IT staff or vendor to constantly take care of problems related to the blue screen of death, lack of memory, slow or freezing performance, and security issues. Your staff time or hourly vendor bills can easily go beyond the $500 to $1000 it might cost to buy a new computer that will have much fewer issues.

2. Newer monitors are more power-efficient.

Your older computers may include clunky, huge cathode ray tube monitors that produce a lot of heat and consume a lot of energy. Add up this energy consumption across dozens or hundreds of computers and you’re talking about a lot of power costs. Newer LCD flat screens often cut that energy consumption per monitor by more than 50%, adding up to real cost savings.

3. Older computers mean using obsolete (and even unsupported) operating systems.

We’ve seen critical issues cropping up with organizations still using Windows XP on very old computers. While Windows XP is an extreme example, similar issues are on the horizon for Windows Vista (of which mainstream support from Microsoft ended on April 10, 2012) and even the current dominant Windows 7 (of which mainstream support ended a few weeks ago on January 13, 2015). The more you cling to older operating systems, the less useful and secure they will be for employees—and the harder for your IT staff or vendor to manage.

4. Newer computers are more secure.

As the information technology industry learns more about security and what works best for computer users, more security features are baked into newer computers that keep the user’s experience as safe as possible. Newer computers have operating systems that build in security features from the ground up and any additional security (such as antivirus) is much more easily managed by your IT staff or vendor. That means more built-in virus or malware prevention than older, less secure computers. The newer your computer, the less your cybersecurity risks.

5. Newer computers can handle modern software and Internet applications.

Even if your older computers are maintained well like an old classic car, you’ll still see employees having problems using modern software or Internet applications. Perhaps a new kind of software won’t work, or works slow. Or your employees can’t watch videos or load information from important websites. Older computers simply can’t keep up with modern software (similar to how an old smartphone can’t handle modern versions of GPS software). You’re crippling your employee productivity by having them use older computers.

These considerations should help you better make the business case to switch from older to newer computers. Many cities use these and additional reasons to help them replace computers, save money, and go green. Especially consider the cyber liability issues related to older computers. If you’re unable to follow current law because your older computers cannot handle basic security needs, then you open up the door to a lot of unnecessary legal risk. Saving money is important, but keeping your organization as secure as possible is even more important.

To talk more about desktop and laptop replacement, please contact us.

Thursday, January 29, 2015
Dave Mims, CEO

Heard about denial of service attacks? That’s where hackers will pummel an organization’s website servers with tons of bogus traffic so that the website becomes impossible for people to access. A recent story from the Columbia Daily Tribune reported that the city of Columbia, Missouri experienced a denial of service attack that led to a three-day website outage. That meant citizens could not access city services and information while valuable city staff time was tied up helping deal with the emergency.

The bad news? Denial of service attacks are hard to prevent. If a relatively sophisticated hacker wants to go after you, they will likely be able to have a negative effect on your website. However, it helps when your city can respond within hours rather than days to eliminate the negative effects of a denial of service attack.

Here are some tips and best practices that you can implement to best handle a denial of service attack and recover as quickly as possible—without overtaxing your budget.

  1. Host your website in the cloud. It’s getting more and more difficult to effectively host your own website servers onsite or even in smaller data centers. By hosting your website in the cloud, you benefit from the largest, most advanced, and most secure hosting providers on the planet. Cloud data centers are usually much more capable of handling denial of service attacks than your onsite setup.
  2. Consider investing in a content delivery network. A new buzzword related to the cloud that you may occasionally hear is “content delivery network.” It’s a very technical concept, but all you need to know is that it’s a way for your website content to be copied to multiple cloud data centers across the country. Then, let’s say someone in Oregon wants to access a Georgia city’s website content. Your website content may be copied to 10 servers around the country and so a server at the closest cloud data center in Portland, Oregon ends up delivering the content to the person. By having your website content and data more geographically distributed across so many servers, it makes it harder for a denial of service attack to be as effective than if only one location is delivering up content.
  3. Make sure you back up your data. While denial of service attacks don’t usually lead to data loss, it’s still possible that you won’t be able to access critical data for a long time. It helps to have your website (and all critical) data backed up both for quick onsite recovery and offsite disaster recovery. That way, if you’re unable to access certain data or information for days, you’ll at least have a copy that’s backed up separately from your temporarily inaccessible website servers.
  4. Proactively monitor your network and set up alerts. If you’re not continuously monitoring your network and instead only reacting when something like a denial of service attack happens, then you waste valuable time in handling the problem. Investing in experienced IT professionals who monitor your network means they will detect problems related to denial of service attacks very early. They’ll address the problem almost as soon as it happens. Otherwise, you may take hours to even realize that a denial of service attack is happening and more hours calling in staff and IT consultants to start addressing it. It’s like firefighters arriving at a fire several hours late.
  5. Rely on experienced IT professionals to manage all vendor communication. If non-technical city staff need to get on the phone and try to explain what’s happening, you risk wasting valuable time and possibly handling the problem in the wrong way. Experienced IT professionals can coordinate communication with multiple vendors such as Internet service providers, cloud data centers, website hosting providers, and any other relevant vendors. There are often many technical components to recovering from a denial of service attack, and you want to make sure you have the right people helping you in that recovery.

For cities on a tight budget, simply moving your website hosting to the cloud and engaging the ongoing monitoring services of experienced IT professionals will help you more likely respond and recover from denial of service attacks in hours rather than days. Plus, these kinds of technology investments also help you with important areas such as: 

  • Cybersecurity and cyber liability
  • Website reliability and uptime
  • Data backup and disaster recovery

To talk more about mitigating the risk from denial of service attacks, please contact us.

Thursday, January 22, 2015
John Miller, Senior Consultant

One of our colleagues (let’s call him “Joe”) is particularly tech-savvy. While not an IT professional, he has been involved in the information technology field for over 10 years. He’s immersed in that world and can easily talk to us about the many nuances of data backup, website content management systems, and software. That’s why it surprised us when he called us up a few weeks ago and told us about how he eliminated a particularly nasty computer virus.

Luckily, the computer he used was brand new, so he was able to erase all his data and reset the computer to the original factory settings. However, it was a stark reminder that even the most tech-savvy people can click on the wrong attachment and download a computer virus.

We’re sharing this lesson as a case study (with “Joe’s” permission but keeping the person’s identity anonymous) in order to highlight to you the importance of making sure your information is protected. Because even well-intentioned people can accidentally upload a computer virus in a matter of seconds, we want to make sure that a virus doesn’t knock out your network or cause you to lose important information.

Here’s how it happened. 

1. Joe purchased a new computer and wanted to download the Google Chrome Browser.

Joe set up his computer and made it through the preliminary setup. He was ready to get onto the Internet. Joe prefers the Google Chrome Browser, so in order to download it he had to open up the computer’s default Internet browser and find the right webpage.

2. On a search engine, he searched for “Chrome browser download” and clicked on the first search result.

He used the computer’s default Internet browser and search engine to search for “Chrome browser download.” A list of search results displayed and Joe clicked on what he thought was the first legitimate search result.

At this point, we should note that the search engine’s ads did not look terribly different from an organic search result. Unbeknownst to Joe, he clicked on an ad, not a search result. In hindsight, he realized that the ad led to a website that was not Google’s. 

3. He landed on a seemingly legitimate Google Chrome browser download page and clicked on a button to download the browser.

Malicious sites are often good at replicating the look and feel of legitimate sites. Joe was in a hurry. Because he already thought he had clicked on the top search result (which he logically thought must be Google’s page), he assumed this page was legitimate and he clicked “Download.”

4. While going through the downloading process, he noticed many more agreements and “bundleware” than usual.

It was while he clicked “I Accept” for many pages of agreements and noticed a great deal of “bundleware” (additional software options that he could download in addition to the Chrome browser) that red flags started to go off in his head. However, he went through the entire process because many kinds of software often feature similar processes (such as Java downloads from Oracle).

5. Finally, he realized something was wrong when the Chrome browser opened and asked him for his Google username and password in an unusual way.

While the page looked somewhat like the typical Google sign-in page, there were clear differences that he was savvy enough to notice. He came within a few seconds of sharing his important Google username and password with hackers, but unfortunately he had already downloaded malware to his computer.

At this point, the antivirus program that came with his computer started alerting him that it detected malware on his computer. However, the malware was so cleverly written and installed (and remember, installed voluntarily by Joe) that it could not be removed manually. The malware kept reinstalling itself every time the antivirus program quarantined or removed it.

More dangerously, the malware hijacked his Internet browsers with fake search engine and login pages. His computer also began to take actions on his behalf that he was not agreeing to. The “bundleware” software that originally looked like innocent, helpful programs began to open up on his computer and fill his screen with pop-ups.

Luckily, the story has a positive ending, but it required some brutal tactics. Thank goodness that Joe literally only had bought the computer several hours ago and had yet to store any important data on it. He followed the steps below to combat the computer virus. 

1. Joe shut off Internet access to his computer.

Joe severed all wireless and wired Internet connections to his computer. At that point, the antivirus alerts stopped. The malware hackers needed Internet access to access Joe’s computer, so cutting off Internet access cut off the hackers’ communication channel.

2. Joe assessed if any important damage had occurred, and if any data or software programs were salvageable.

Luckily, no important data resided on the computer and Joe had not entered any login information into a browser. However, because the malware kept reinstalling itself, there was no manual way to remove the virus and maintain the integrity of his computer.

3. Joe reset his computer to the original factory settings.

This is the step that eliminated the virus, but did so at the cost of any important data on the computer. The reset took several hours, but it wiped out any extraneous programs that appeared on the computer other than the original factory installed programs.

4. Joe discovered one computer virus remnant lingering in the default Internet browser and reset the browser to its default settings.

When Joe opened up the default Internet browser, he was stunned to see a remnant of the virus lingering after even a factory reset. The browser’s home page was set to a malicious search engine page that sort of looks like Google but is clearly not Google. He restored the browser to its default settings.

5. He ran a spyware scanner to scan for any viruses still left.

A scan of Joe’s computer detected nothing. At that point, Joe was able to use his computer normally although he obviously kept an eye out for unusually slow performance, strange popups, and any interruptions or odd computer behavior when doing online banking or payments.

We’re sharing this case study to warn you that it isn’t just the non-tech savvy people who get viruses by accident. With Joe, all it took was some haste and distractions, and he went down a dark path that led to vicious malware voluntarily installed on his computer. To head off any disruptions related to events like this, we recommend that you: 

  • Back up your data, both onsite and offsite.
  • Train employees about phishing and malicious links, emails, and attachments.
  • Build strong network security.
  • Use enterprise antivirus software with IT professionals managing it.
  • Encrypt your data.

Accidents happen, so you want to make sure you’re covered in even the worst computer virus situation. That way, you mitigate the risk of losing data, losing money, and losing time spent recovering from the virus.

To talk more about antivirus protection, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 |