We put the IT in city®

CitySmart Blog

Thursday, May 21, 2015
Dave Mims, CEO

Dave MimsFacebook recently started offering verified page badges for state and local governments. Verified page badges were originally created back in 2013 for celebrities and well-known brands to reduce confusion, fraud, and duplicate content for Facebook users while better protecting the reputation and credibility of celebrities and brands.

As people rely more and more on social media as an important source of information, it becomes clear that state and local governments are subject to the same problems as celebrities and brands. This recent GovTech article provides a good summary of the release of Facebook’s new verified page feature for state and local governments and how to verify your profile.

Savannah Verified Profile

But why should you care? Here are some reasons why you need to establish and verify your Facebook profile as soon as possible.

  1. Your city’s credibility matters. If other cities start to verify profiles and you don’t, your city profile page will not look credible. Plus, if there are fan-created city profiles, parody city profiles, or city profiles attacking you, then people may go to those Facebook pages rather than yours. Even if a Facebook profile page is run by a dedicated “fan” who is trying to be helpful, they could still be posting inaccurate information in your city’s name that your citizens may believe to be true. The “Verified Page” badge will establish that your city’s Facebook page is the official, credible source of information coming from your city.
  2. Verified pages show that more and more people are using social media to get information. The increasing need for verified pages shows that social media increasingly becomes more and more of a serious source of content for people. Social media platforms like Facebook continue to evolve, mature, and serve as a central collection of information for millions of people. Facebook users connect with friends, news outlets, businesses, entertainment, and, yes, government organizations for real-time information on the go. You need your city’s information on Facebook to serve the needs of people there.
  3. Facebook’s focus on state and local governments for verified pages means you need a social media plan. If anything is a wake-up call for your city to create a social media plan, it should be Facebook’s intentional creation of verified page badges for state and local government organizations. It’s a sign that Facebook is meeting an important demand for people, or they wouldn’t waste time with this offering. That means it’s time for you to create or reexamine your social media plan, which includes how you’re using Facebook. Are you providing essential, important, relevant information to your Facebook followers?
  4. You now have more authority to shut down damaging or slanderous Facebook pages. If someone operates a Facebook page that pretends they are your city or if they are misleading people about your city, then it’s easier as the owner of the official, verified version of your city’s page to work with Facebook to shut down misleading unofficial sites. Until you receive your verified page badge, you may have to work harder to prove to Facebook that another site is unofficial and shouldn’t be representing your city.
  5. A verified page comes up first in Facebook search results. Without a verified page, your city may come up in search results with a bunch of other unofficial or irrelevant Facebook pages that make it hard for people to get to your page. But with a verified page, it’s much more likely that your city will be the first or second result that a person sees when typing in the name of your city. That makes it easier for people to search for and access your city’s Facebook page.

From our perspective, the verified Facebook pages for state and local government are an overdue, necessary feature that helps citizens find important information and connect better with the information your city broadcasts. But this also means you need to step up your Facebook game as a city. Think about getting your verified page badge, more regularly sharing important information on Facebook, and engaging more with people on social media. That way, your city becomes even more of a part of your citizens’ lives every day.

Questions about how this whole verification thing works? Send us a note and we’ll do our best to answer.

Friday, May 15, 2015
Georgia Municipal Association

With technology so fast-paced today, cities are pressured more and more to modernize their information technology. But investments in IT infrastructure, websites, document management, and ongoing support all typically add up to a lot of cost. However, the City of Jonesboro knew that it needed a better website to engage citizens, securely stored documents following state records retention schedules that were also accessible anytime/anywhere, and proactive IT maintenance and support that lessened problems instead of just reacting to fires.

In one fell swoop, the City of Jonesboro’s investment in IT in a Box—which GMA constructed as one package to keep the costs of essential city technology as low as possible—gave the city a new, more service-friendly website, removed any worry as to the security and integrity of documents needing to follow state records retention laws, and provided experienced IT professionals that support the city without the costs of hiring additional staff.

Ricky Clark, City Clerk at the City of Jonesboro, took the time to discuss the importance of a website that engages citizens, documents stored in the cloud, and even a “Taste of IT” that shows the human side of GMA’s technology service.

Websites are often the first thing many people see when they research a city. How has your new website improved the way the City of Jonesboro interacts with citizens and web visitors?

It’s more welcoming and inviting, showing we are a friendly, homelike city that’s deeply involved with our residents. The biggest theme that I focused on with the website was transparency. When I arrived at the city, we received a lot of phone calls about things that people should have been able to easily to look up on the website. But the information just wasn’t available. For a small municipality, the key to a tight knit government is having a hands on approach with our residents. With that in mind, I tried to think of any questions that citizens would ask or information that citizens would need. We also included useful features like email notifications. Overall, we helped make useful and important information more transparent and accessible 24/7/365. Having this kind of website also helps with economic development because there are businesses that may want to relocate to your city.

How did your new website also help your staff internally?

Before our new website, we had to send all of our content to our website hosting provider and they posted it for us. That caused a significant delay. With our current website, we upload our own content. No more delays or waiting periods. If we have an emergency or special event that we want to communicate immediately, we can post the information right away.

Talk about how Sophicity supports the city of Jonesboro through its staff and helpdesk, and why that kind of support is important for cities.

If we have an issue, we simply submit a ticket detailing that issue just as if we had IT staff in house. The ticket is put into a queue and then Sophicity’s engineers remedy or fix the problem. What’s neat is that they can fix many issues remotely without traveling to our city. Plus, I like how Sophicity provides us a single point of contact for all of our issues. That makes it easy to communicate with them. We also have tracking capabilities and can escalate an issue if it’s urgent.

Sophicity also knows which software vendors have state contracts, and so they help us get hardware and software much cheaper than if we were to purchase it from a retail store. Just recently, Sophicity helped us get two printers for the cost of one. Plus, my staff doesn’t have time to call different vendors to source any necessary hardware, software, equipment, and parts. Sophicity does all of that for us.

City clerks obviously deal with many documents on a day-to-day basis. Why is modernized document management important, and how does Sophicity help you with that?

We have a document repository stored in the cloud. That’s where all of our information that used to be stored on our onsite mainframe systems now resides. With the different document retention policies that I have to follow as a city clerk, it’s important for me to know that our documents are protected and have some form of integrity all of the time. Sophicity gave us an offsite document repository to store all of our information, so we don’t have to worry about losing documents if our building burned down.

It’s also much easier—and cheaper—to find and access documents. For example, if someone asks me a question about minutes from a 1993 meeting, it’s simple for me to just go onto the document repository online from anywhere and retrieve those documents. No more looking through the paper minute books at the office. Once a city digitizes its files and stores them in the cloud, the sky is the limit as far as searching capability, access, and time savings.

For cities that are hesitant about moving forward to modernize their information technology, what advice would you give them?

Look at it from an analytical standpoint. Total up the amount you are paying for IT infrastructure, document repositories, cloud services, etc. and compare that cost to the cost you would pay per license with IT in a Box. Think of someone’s salary and benefits, and then compare that cost with IT in a Box where you don’t have to worry about additional personnel costs.

Before you knock it, give it a try. At least get a demonstration and see how things work. For example, the cost of a simple website alone will be around $15,000-$20,000 or more depending on how complex you want it. By contrast, IT in a Box provides cities a website and a lot of other great software under one package. And those aspects of the IT in a Box package are going to be the way governments are headed with their IT infrastructure anyway.

As cities know, it’s not possible to have 100% operational uptime, so I feel the best way to handle that situation is to have someone actually maintaining and monitoring your IT 24/7/365. With IT in a Box, you only pay for licenses that you use under your specific plan—and you don’t pay the full cost of salaries for the engineers that help you out.

We heard a rumor about something called “A Taste of IT.” What is that?

To show their support for the day-to-day operations staff at the city of Jonesboro, Sophicity drove down, brought hamburgers, hot dogs, and plenty of other food, and cooked it up for us. It was not only a Taste of IT, but it gave us the face of IT. We saw the faces of the people who were behind making our systems operate from day to day. Our employees and elected officials enjoyed it. Many times in city government, we work with companies but never see them. We simply cut them checks. A Taste of IT proved that Sophicity goes above and beyond to show that they’re thankful for our business. In my book, that goes a long way.

Thursday, May 14, 2015
John Miller, Senior Consultant

As body camera technology becomes more talked about and implemented at cities, it’s easy to focus only on the actual body cameras. But similar to buying and implementing any shiny new toys—whether it’s new software or buying new computers—the purchase of a new technology that’s integrated with an existing poor technology infrastructure will only lead to frustration and risk.

A recent article in GovTech talks about this issue from a cloud standpoint and brings up some important points. But for small and medium cities with few staff and limited information technology resources, we feel there are some higher-level, more basic questions that need to be asked.

  1. Where will you store your body camera data? Just think about the hours and hours of video footage coming from cameras that will be recording during the entire shifts of multiple officers—24/7. If you think normally storing large videos is difficult or expensive, just imagine this data explosion. Luckily, the cost of data storage has come down significantly in the past few years, but that means you need to shop around for a more inexpensive and scalable solution if you haven’t explored your data storage needs in quite some time. If you’re storing data onsite right now, you may want to consider more economical solutions like a data center or a cloud service that others manage for you.
  2. How will you manage, retain, and dispose of the data? The answer to this question involves a full understanding of the law, regulations, and your own internal policies along with using technology to make this data management as easy as possible. Work with IT professionals who understand data and information retention policies so that you keep and dispose of video footage in a timely yet legal manner. You never want to be placed in a situation where you “lost” data or deleted it before you were legally allowed to do so.
  3. Who gets access to the data? This video footage will be some of your city’s most private, sensitive public safety information. Security and authorization will become more important than ever. You need to be clear on who can authorize specific data, and that authorization process needs to be easily manageable. Weak passwords, poorly physically secured rooms, or everyone in a department or office getting admin access is not acceptable with this kind of information. Security measures also need to counter the chances of people hacking into your servers or snatching information away on thumb drives in order to access this video footage.
  4. How will the video footage be accessed? Obviously, searching through hundreds or thousands of hours of video footage is a formidable challenge if you have shoddy ways of storing the data. A good data storage system will allow for clear labeling, user-friendly searching (like how you search for documents on your computer), and ways to search within videos to view and collect smaller clips within larger amounts of video footage. When evaluating body camera technology, make sure you understand how a police officer would search for, locate, and retrieve specific video footage—quickly.
  5. How will you back up your body camera video footage? We recently wrote a much longer article about this specific issue, but it’s worth reiterating that backing up your data is essential for information of this caliber. From a server failure to a full-on disaster like a tornado, you need to make sure none of this video footage is lost. Test your data backup and disaster recovery at least quarterly to ensure that it’s actually working. Offsite data backup storage has become relatively inexpensive, and there are many cloud solutions available that also ensure the highest security—such as encrypting your data while it’s in transit.

It’s great to get excited about body camera technology, and it’s less exciting to think about your boring, backend information technology. But without the right data storage, retention policies, security, management, and data backup plan in place, your body camera technology investment could become a gigantic waste or risk a legal disaster. Body cameras are another sign that technology is accelerating at light speed—so make sure your information technology is keeping pace.

To talk about body camera technology in more detail, please contact us.

Thursday, May 7, 2015
Brian Ocfemia, Technical Account Manager

To get the most eyeballs, the media will obviously publish headlines with the most sensational stories about cybercrime. It’s easy to read stories about the Sony hacking, the Target data breaches, or cyberterrorism worries from national governments and think that those are the most common nature of cyber-attacks. However, those kinds of events are rare. Additionally, such sophisticated hackers often go after very high profile targets’not your small- or medium-sized city.

This is an important point because you’ll feel helpless if you think these are normal security threats. You’ll feel that it’s too expensive to invest in data security when it’s impossible to prevent the best cybercriminals from stealing your information. But it’s the most common, everyday threats that actually cause the most damage to cities. And you can prevent most of these threats with relatively inexpensive information security investments.

Instead of worrying about the rare instances of governments or James Bond-level villains coming after your city, you need to be worried more about the following realistic, common security threats.

  1. Employees and anyone with internal access to your data. One of your biggest threats will always be someone with internal access to information. Those people may be disgruntled, angry about being terminated, or working on the inside to steal money or information. Obviously, you don’t want to be paranoid about everyone you work with, but you will want to make sure that your information is only available to authorized users. It’s dangerous if anyone can walk into a server room or log in to an important software program. Even authorized users should have their access monitored to help flag any suspicious activity. You may also want to consider background checks for employees and any vendors handling your sensitive data.
  2. Viruses. We’ve written many times how even the best-intentioned, most IT-savvy employees can still get a virus. Accessing city information through an employee accidentally downloading a virus is low-hanging fruit for hackers. It opens up a door to your data that allows hackers to steal it, hold it for ransom, or funnel money to their bank accounts. Enterprise-class antivirus software, monitored by your IT staff or vendor, will go a long way toward preventing common viruses from crippling your city.
  3. Weak passwords. It’s amazing how many weak passwords are still used by not only individuals but also IT administrators. Hackers are always trying to get into people’s email and social media accounts, and more sophisticated hackers try to access servers and software with sensitive information. If you’re using passwords like “123456” or “password” just so it’s easier for you to remember them, you’re opening up your city to significant security threats. Requiring complex passwords (with numbers, letters, and special characters) that must be changed every few months will help fend off this basic form of attack.
  4. Poor IT management. Managing servers, workstations, network infrastructure, software, data, and information requires highly skilled, experienced IT professionals—even for smaller cities. If your IT staff or vendor is overwhelmed, inexperienced, or incompetent, they may not identify major security threats, update software regularly with security patches, maintain antivirus and antispam software, monitor and manage authorized access for users, and enforce basic security policies across the city.
  5. Little to no encryption. Simply encrypting your data also prevents many serious security issues. If a laptop is stolen, the information will be worthless to the thief. If a hacker tries to get access to payment information as it’s exchanged on your website, the information will look like gobbledygook to that person. Learn from the example of the State of South Carolina. They could have spent chump change on encryption but instead paid tens of millions of dollars in the wake of the massive data breach—all stemming from an employee clicking on an email attachment with a virus.

Everyday security threats are what you need to be most worried about. Every scenario listed above is something that threatens you on a daily basis. And these are security threats you can absolutely protect against. Most importantly, cyber security is not just a technology issue. Experienced IT professionals must work in tandem with city administrators to set and clarify policy, and employees must be trained to detect basic security threats and only receive authorized access to information. Worry about protecting yourself against 99% of the most common security threats, instead of worrying about the rare 1%.

To talk about cybersecurity in more detail, please contact us.

Thursday, April 30, 2015
Dave Mims, CEO

How much is your city at risk for a devastating security breach or permanent data loss? Do you need a quick way to assess your current cybersecurity readiness?

In case you missed our Georgia Municipal Association (GMA) presentation and live webinar on April 24, 2015, GMA has provided the audio recording and slides. Use this information to ask yourself:

  • Are my passwords strong enough to prevent hackers from stealing city information?
  • Is my city at risk for getting a computer virus that allows hackers to steal information?
  • Will I fully recover my data in the event of a server failure or a disaster like a tornado?
  • Is outdated software and a lack of regular software maintenance leaving me open to a cybersecurity attack?
  • Is my technology physically protected from unauthorized people stealing data or equipment?
  • Is my city website secure and hosted by a reputable provider?

While you probably hear stories in the news about security breaches at large government organizations where data is stolen and often permanently lost, know that this isn’t just a big government problem—it’s a major problem for small and medium cities. In our webinar, we provide small city examples of real situations that can cripple cities like yours.

Don’t become a victim to a security breach or lose your data unnecessarily. Listen to our GMA webinar or review the presentation slides to assess if your city has cybersecurity gaps that make you vulnerable to attack.

Friday, April 24, 2015
Nathan Eisner, COO

As your city grows or you buy more IT equipment, you might run into difficulties as the entire setup starts to get a bit unwieldy. And with the plethora of now common information technology items such as high-speed Internet, mobile devices (like smartphones and tablets), and cloud computing, it becomes harder and harder to identify how everything needs to be connected. For example:

  • Employees might have trouble checking email or opening documents with their smartphones.
  • Printers don’t seem to hook up to all computers properly, and so different offices and departments buy their own.
  • Data from one software application doesn’t transfer at all to another software application.
  • You’re not sure how new technologies like body cameras for public safety might integrate with your current technology environment—or if it’s even possible.

When information technology needs to grow along with an organization, it becomes harder and harder to scale without the help of IT professionals who know how to connect all of your hardware and software together. There are a few areas that will impact your city negatively unless you have the proper IT support.

  • Mobile devices connected to your office computers. Are your employees able to check email, open files, and access office information through their mobile devices? As you’ve probably experienced, you’re often on the go—at home, on the road, or traveling—as part of your job. That means we often stay connected and communicate throughout the day with our mobile devices. Mobile devices need to be properly synced with office computers so that the experience is seamless for important business applications. Otherwise, your productivity will take a sharp downturn.
  • Printers, fax machines, and scanners connected to your office computers. One cause of high costs and inefficiency at cities is the number of printers, fax machines, and scanners that crop up when they are improperly connected to your IT network. When properly set up, these machines will serve the greatest number of office computers in the most efficient way possible. You may need to invest in newer machines if you’ve been using some for five to ten years. When you invest in new machines, you will buy fewer and connect them to more computers.
  • Software applications connecting to other software applications. You might run into issues such as financial information from one software application not connecting to another software application. To compensate, you may manually reinput data, wasting precious staff time. Analyze if your current software applications duplicate a lot of tasks or fail to transfer data easily to other software applications. With the right requirements, you might be surprised to find out what’s on the market and that some software modernization might solve a lot of these inefficiency problems.
  • Remote workers and users connecting to the office’s IT network. Similar to the mobile connection issues above, this is a different variation on the same problem. In this case, we’re including desktop computers that an employee might use at home along with vendors, consultants, or outside users who may need access to information. In this case, you need to make sure that employees using their desktop at home not only have access to the same information as if they were in the office but also receive IT support while working remotely. For outside users such as vendors. you need to especially make sure that they have appropriate permission and that only authorized users are allowed to access city data.
  • Onsite data connecting to offsite storage. Especially important for data backup, you want to make sure that any offsite storage is properly synced up with onsite data changes throughout the day. Offsite storage is especially important for disaster recovery. If there is a fire or natural disaster like a tornado, you want to make sure you back up your data offsite so that you’re still operational—even if your facilities are destroyed. By setting up an onsite backup during the day, you should be able to send any data changes offsite at the end of each day in order to accommodate most disaster recovery scenarios.

As you can see, the multiplication of devices (desktop, laptop, mobile), software applications, and remote worker needs has made information technology more and more complex over the years—even for smaller cities. A small city used to be able to get away with a few computers and some off-the-shelf software, but today a setup like that introduces too much risk if something goes wrong. To make your city operations hum along like clockwork, you need help and assistance to connect all of your IT together and make sure that it’s helping—not hindering—your productivity. And especially when new technologies like body cameras will become required and standard for your cities, you want to make sure your basic technology foundation is set up properly so that you can scale and integrate new technologies with ease.

To talk about IT connectedness in more detail, please contact us.

Friday, April 17, 2015
Alicia Klemola, Account Manager

Cities often think they’re so careful when selecting technology vendors. After all, RFPs are meant to slow the purchasing process down, ensure that you thoroughly evaluate a selection of vendors, and pick the best one. However, many technology vendors are skilled at simply making the sale. They know what to say, they know how to present a deceptively low price point that withstands legal scrutiny, and they know how to maneuver through government red tape.

We find that cities often don’t realize the hidden costs that can come from improperly evaluating, selecting, and working with technology vendors. When we offer “vendor management” as part of our services, we often examine the following areas to make sure that technology vendors are providing you the exact services you need for a fair price—without bleeding away your money.

  1. RFP requirements. While you may think your RFP description articulates what you want from a technology vendor, it helps if an IT professional clarifies what you want and addresses any communication gaps. For example, you may want accounting software with specific features but fail in your requirements to address how that software will integrate with your existing information technology. You may also be unaware of lower-cost options (such as cloud software) that will help your requirements narrow the field of vendors. Experienced IT staff or a vendor with a specialty in municipal vendor management can help you write more detailed, accurate requirements to ensure that you don’t waste money on an ill-fitting solution.
  2. Hidden “surprise” costs. Over the years, we’ve seen so many cities look at the cost of an IT solution and not realize it’s too good to be true. For example, many “24/7” IT support providers offer extremely low-cost pricing. It’s only until later that cities realize that “24/7” only means automated monitoring software that flags issues. To solve those issues? You guessed it! Suddenly, you’re billed an expensive hourly fee for problems that you thought were included in your monthly price. Another version of this problem is purchasing seemingly inexpensive software that later costs money to add features that you thought were included. Or the vendor might present you with unexpected hardware requirements and frequent software upgrades. An experienced IT professional knows how this rodeo works, and they can often uncover these kinds of hidden costs like a good detective.
  3. Support contracts. When you purchase hardware, software, a technology solution, or use a technology vendor’s services, there are contracts with specific provisions attached. We often find that cities are not aware of the fine print, do not enforce support provisions included in contracts, and even sometimes pay for support that should be included for free. It’s good to have an experienced IT professional review your contracts, highlight what is and isn’t included, and enforce those contracts. Many cities can really maximize their technology investments at no additional cost for things like hardware maintenance, software upgrades, or emergency repairs.
  4. Proper setup and installation. While many technology vendors do a decent job at setting up and installing their solutions, they are not experts in managing municipal information technology environments and they are not experts in your particular environment. They may make a best effort, but if you leave it all up to them they could mess something up that costs you money or creates ongoing problems. Experienced IT professionals familiar with your city’s IT environment need to oversee and assist with any setup and installation, ensure that the vendor fully tests the solution to make sure it’s working, and accounts for any nuances in your IT environment such as particular hardware, network equipment, or software integration issues.
  5. Ongoing monitoring, maintenance, and support. As a part of any technology solution, you will run into problems ranging from glitches to the occasional crisis or malfunction. We find that reactive support (i.e. assuming the technology solution is working without ongoing monitoring and management) along with non-technical communication with the vendor increases the risks of ongoing, long-term problems with your expensive investment. Cities often find it beneficial to have an IT professional handle most day-to-day, technical communications with technology vendors to quickly address problems. Not only is this a load off the backs of city administrators and city clerks, but it also allows you to more proactively make sure that your technology solution is carefully watched by a skilled third party.

Basically, we recommend that you make sure a watchdog of sorts oversees and interacts with your technology vendors. That watchdog can be an experienced member of your staff or a vendor experienced in municipal IT who has no financial incentive tied to the vendors you select. As a bonus tip, be careful if your technology solution vendors recommend other vendors, especially when they have financial incentives to upsell or cross-sell different products. When technology vendors don’t have your best interests in mind, there is a risk for wasting money. By more closely keeping an eye on requirements, hidden costs, contracts, setup and installation, and ongoing support communication, you’ll more likely reap the most from your technology investment.

To talk about vendor management in more detail, please contact us.

Thursday, April 16, 2015
Dave Mims, CEO

Are you cybersecure? Are you protected against data loss? Are you ready if a hacker decides to steal your information?

As cities rely more and more on technology, cybersecurity expectations and accountability becomes greater and greater. Don’t get caught off guard by a cyberattack. Our own Nathan Eisner, Chief Operations Officer at Sophicity, will talk to city staff and elected officials about the non-technical foundation required to effectively protect government data—without busting your budget.

We’ll be broadcasting live from Lavonia, Georgia. Join us online to watch the entire presentation.

Who: Nathan Eisner, Chief Operations Officer, Sophicity
What: Protecting Your City Data – The Basics of Cyber Security
Where: Webcast live from Lavonia, Georgia
When: Friday, April 24, 2015, 10:30 a.m. – noon
Why: To understand your city’s cybersecurity risks for data loss and stolen information

Register online to reserve your seat today.

Thursday, April 9, 2015
Dave Mims, CEO

You might recall the story of Homer’s Iliad where the seemingly unbeatable city of Troy was brought down by a simple trick: the famous Trojan horse. Left behind by the supposedly retreating Greek army, the Trojans took the horse as a war trophy. But Greek soldiers were hidden inside. In the dark of night, soldiers leaped out of the wooden horse, unsealed the gates for the rest of the returning Greek army, and destroyed the city. It’s not a coincidence that computer viruses today are sometimes called Trojans. It’s the same idea—one simple virus can take down your entire city.

It sounds like we’re exaggerating, but we’ve encountered quite a few instances over the last few years when a city will feel that investing in information technology is too expensive. They instead take shortcuts and feel everything is all right as long as nothing serious happens. But then...there is always an EVENT. And it’s deadly serious. A hacker steals financial information and money. Mission critical data is wiped out and there is no backup copy. The website is defamed and causes serious public embarrassment for days, weeks, and even months.

All because of a simple virus. The fact that it’s easy for even a tech-savvy person to occasionally be fooled by a virus means that you need more than a free antivirus program installed on your desktops. Here are some mission critical IT investments that you need so that it’s much less likely that a virus takes your city down.

  1. Enterprise-level antivirus software. For city operations, free or off-the-shelf antivirus software managed by employees isn’t sufficient to ensure that you are protected. Enterprise-level antivirus software is managed and updated by IT professionals such as your IT staff or a vendor. They ensure that it’s installed properly and updated regularly, and they receive alerts when any virus threats hit your city.
  2. Network equipment and security. Invest in a good firewall and set up your network security with strong rules about passwords, authorized access, and secure wireless access points. Your network security complements your antivirus software by making sure that your “city gates,” so to speak, are well guarded and no one can get to sensitive data without the right password and credentials.
  3. Encryption. Assuming the worst and a hacker gains access to your data through a virus, encryption helps ensure that your data is worthless to them. In the past few years, there have been many government stories in the news where a severe cybersecurity breach was made worse because the organization didn’t invest a small amount of money for encryption. The result? Sometimes millions of dollars in repercussions that could have been prevented by an incremental investment.
  4. Website security. We’ve heard some highly publicized cases in the news about websites exposing social security numbers and other sensitive information to public view. Many cities and government organizations often neglect the security of their websites, but many websites now offer online payments, court record data, and other gateways for hackers to steal information that they then use to commit identity theft or steal money. Lock down access to your website and make sure any sensitive information is encrypted and secure.
  5. Data backup and disaster recovery. Assume the worst happens. Like many cities that experience a bad virus, let’s say you lose mission critical data. This is when an investment in data backup and disaster recovery is invaluable. We always recommend both onsite data backup for quick recovery and also offsite data backup for disaster recovery. That also means you need to regularly test and monitor your data backups to ensure they are working properly.

Rather like insurance, investments in information technology can seem pointless, unfair, and expensive because you don’t see anything tangible in your day to day operations. But that’s the point. A sign that you’re making the right investments is when your day-to-day problems are minimized. And when a virus hits, that’s like suddenly becoming ill or needing surgery. That’s when insurance saves the day.

Similarly, for cities that invest in information technology, they know that:

  • A virus will likely be prevented from ever having an effect.
  • If a virus allows a hacker inside, they won’t gain access to any useful information.
  • If a worst case scenario occurs, their data won’t be lost.

To talk about viruses and technology investments in more detail, please contact us.

Thursday, April 2, 2015
John Miller, Senior Consultant

Whatever your politics, personal, non-government, or poorly overseen government email accounts have plagued Hillary Clinton, Sarah Palin, George W. Bush, and many government entities such as the IRS, the Environmental Protection Agency, states, and municipalities. The root cause of many of these tortuously complex scandals and investigations is simple: Using personal email accounts instead of a government email account.

Just look at what happens when someone wants to access those emails. You may like or dislike Hillary Clinton, but it’s objectively a problem when she cannot easily produce information related to her role as a government employee. Plus, the risks of using personal email go beyond transparency. If your IT staff or vendor isn’t managing your email, who is? Your free email provider? Are they providing the right level of antispam, or backing up your emails? Not a chance.

It’s clear that open records laws and the push for transparency makes it less and less excusable to use personal email accounts for city business. If you’re still using personal email accounts at your city, ask yourself the following questions.

  1. Do you want to expose you or your employees’ personal email to open records requests? As Hillary Clinton said, she definitely doesn’t want to reveal her personal emails to the world—and she said that we can all understand that. Unfortunately, that’s not something auditors understand. That’s why she is receiving pressure to hand over her personal email server to a third party auditor to decide what’s personal and what’s business. Similarly, a third party auditor would have an absolute right to look at personal emails from city employees if an open records request required it.
  2. Do you want to spend excessive time and money processing open records requests for personal emails? Because personal email is not centralized and managed by your city, the time it takes to track down city emails from personal email accounts starts to exponentially increase. You might be out thousands of dollars in time and expenses tracking down and handing over the right information. It’s much easier to find and retrieve emails from a centralized city email server that only contains information related to city business.
  3. Do you want to increase the risk of your emails being hacked or increase your exposure to a virus? Personal email accounts are usually free email accounts. That means no one is managing them or ensuring that the proper antispam, encryption, and archiving policies and precautions are in place. While antispam measures have gotten better on free email accounts over the years, they are still not at the level of business-class email services. Using a personal email account opens up too many security risks from weak passwords to users clicking on a malicious email attachment by accident.
  4. Do you want to lose your email data when you are required to keep it? Several scenarios open you up to the risk of data loss related to personal email.
    • Your personal email is not part of your city’s data backup and disaster recovery data, and thus it’s not recoverable in case of data loss.
    • If an employee leaves, it becomes almost impossible and logistically thorny to make them hand over all of their information. You don’t have access to the email account, so what do you do? Ask them to forward 5,000 city business emails to you after they have been terminated? You might be able to get the information, but it’ll be ugly and likely incomplete.
    • Deleting a personal email account is 100% in the hands of the employee, not you. It should be the other way around. Only the city should have the power to activate and deactivate business-related email accounts
  5. Do you want an easy way to lock down email while still using mobile devices? One thing Hillary Clinton complained about was having to use two devices if she was to separately use her government email account and her personal email account. Today, cloud email allows you to use business-class email for your city, lock down that email for authorized users only, and allow people to access it with any device. So, if one of your elected officials complained about the annoyance of using two devices, let them know they can use one device. On that one device, they can easily access two different email accounts that keep their business and personal email separate—without having to use two devices.

If you feel behind the technology curve on email, you’re not alone. If people at Hillary Clinton’s level are wrestling with it, then it’s understandable that many other government entities are too. But now is the time to act. Auditors, lawyers, and the public are becoming less forgiving when public officials cannot provide emails about something critical to the public interest. Business-class email allows you to easily respond to open records requests instead of losing emails in the murk of personal accounts, and it ensures that employees cannot delete or misplace critical information.

To talk in more detail about email and open records laws, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 |