We put the IT in city®

CitySmart Blog

Thursday, December 12, 2013
John Miller, Senior Consultant

A recent study from Stanford University quoted in a PCWorld article pointed out that teleworking is actually more productive than working in an office. While there are still logistical, social, and operational reasons why people need to show up at the office, the myth that teleworking is less productive than working in an office has been debunked yet again.

Cities may still balk at letting employees telework, not so much from trust but more about concerns with technology. If the technology isn’t there to support teleworking, then people will have to come into the office whether they like it or not.

When you boil down the elements of a day at the office, it’s really the ability to meet, call, work, access information, and store information. If you can do those things from home or a remote location, you can telework. Here, we provide a technology checklist of these essential work functions to see if you’re equipped to telework.

  1. Meet. Obviously, the key element of work that’s missed from home is meeting face-to-face. But collaboration and meeting software has improved so dramatically over the past few years that it’s easy to hold many meetings from home. You may want to still hold important strategic meetings face-to-face, but many less important meetings can be held through conference call software and video chat meeting tools. Your city should agree upon one or two primary collaboration software tools so that people can meet remotely.
  2. Call. Your teleworking employees should have a smartphone to not only take phone calls but also check email and access documents on the go. While we may not like work to follow us around, the reality is that most businesses and government entities expect employees to regularly check emails and stay in touch by phone during the day, even when they’re away from the office. Your teleworkers need a smartphone that works as an adjunct to their desktop or laptop computer.
  3. Work. Obviously, the classic teleworker needed a computer with Internet access. But even these tools prohibited a lot of telework in the past due to slow Internet speeds and software that was only accessible onsite at a city. Today, desktops and laptops can connect to high-speed Internet access and your IT staff or vendor can monitor and maintain computers remotely. It’s best to give your teleworkers a city-owned laptop so that there is little crossover between personal and professional data on their computer. Antivirus, antispam, software updates, and patches can all be handled remotely and keep your teleworker’s computer safe and secure.
  4. Access. Cloud software is really the modern day key to teleworking. In the past, it was difficult to access specialized software from home. Even creating word processing documents and spreadsheets meant saving to a disk or USB drive and bringing that data into the office. Now, cloud software covers nearly everything from word processing to accounting software. If your city hasn’t considered more cost-effective and accessible cloud software options as alternatives to onsite hosted software, then you’re preventing a lot of teleworking productivity. With cloud software, your employees just need an Internet connection to access it.
  5. Storage. Another problem that made teleworking difficult in the past was storage. While employees could do some work at home, most of their files and documents would have to be stored on servers and computers at the city. Now, storage has become so cheap and accessible (again, through the cloud) that teleworkers can store their files in your city’s document management system or other storage software without worrying about filling up a hard drive. Plus, this kind of cloud storage helps teleworkers back up files remotely so that they don’t have to worry about losing data.

Really, after taking care of these technology needs, the only issue left for teleworking is one of personal responsibility. While certain types of jobs might still be good to keep onsite (such as customer service or highly interactive work such as a city clerk), there are quite a few jobs where the work can be done remotely. As long as you’ve hired someone who has proven their personal responsibility, teleworking can not only help raise morale (giving flexibility to employees who may have special family or personal needs) but also reduce the amount of space used in your buildings.

To talk about teleworking in more detail, please contact us.

Tuesday, December 10, 2013
Brian Ocfemia, Technical Account Manager

31% of desktops still use Windows XP, so chances are you may be one of those organizations with people still using it. While it’s understandable to stick with a familiar operating system out of habit, it’s important to understand how much your already high security and cyber liability risks will increase after Microsoft stops supporting Windows XP on April 8, 2014.

At Sophicity, we want to make sure that cities are not exposing sensitive data and critical information to hackers and data thieves. By staying on Windows XP, it’s like you’re leaving the front door open for criminals to steal your data.

Here are some important security points about the dangers of keeping Windows XP.

  1. Microsoft XP support ends on April 8, 2014. That means:
    • You no longer receive patches and security updates from Microsoft.
    • You no longer receive important hardware and driver updates to maintain the overall reliability and stability of Windows XP.
  2. The current Windows XP malware and virus infection rate is already bad. Microsoft conducted research on a variety of computers that use Windows XP, Windows Vista, Windows 7, and Windows 8. While all of the computers encountered roughly the same number of viruses and malware, the infection rate of Windows XP computers was 9.1% (compared with 1.6% for Windows 8 computers).
  3. The Windows XP malware and virus infection rate will drastically increase after April 8, 2014. Microsoft has also conducted research on how infection rates rise with unsupported operating systems. It’s not good. For example, computers using an unsupported version of Windows XP with service pack 2 saw malware and virus infection rates as high as 25% in Q4-2011.
  4. Continuing to use Windows XP increases your risk of cyber liability and opens you up to viruses and hacking attempts. It’s understandable when a city keeps using hardware a bit too long or suffers with an old database on a server that keeps on trucking. But knowingly using unsupported operating system software when it’s well-known that support is ending borders on negligence, especially considering the known cyber liability risks.
If cities are using Windows XP, we advise them to immediately make plans to switch from Windows XP to a newer operating system. Here are some common questions we receive when talking to cities about switching from Windows XP to a newer operating system.

Windows XP Questions, Answers, and What To Do Next

Windows XP was an expensive investment. Why are there such security risks in software from such a well-known vendor like Microsoft?

Windows XP came out in 2001. If you bought a new car in 2001, you might still be using it today. But no matter how good it was, today it’s outdated and lacks important modern safety features that have evolved over the last 12 years. Software works the same way but becomes even more obsolete, quicker, because of the fast pace of technology. So many security threats and responses to those threats have occurred since 2001. The way Windows XP was fundamentally built means that it lacks critical security features that are now built into modern operating systems. Such an old piece of software cannot be “fixed” by Microsoft. That’s why they just build new operating systems every few years.

What are the specific security risks?

When support ends on April 8, 2014, Windows Updates will stop. As you may know from using your individual computer, Windows Updates often include important security patches and malicious software removal tools to preventatively address security threats. When those updates stop coming, Windows XP simply cannot respond to the plethora of modern security attacks and to criminals exposing holes in this old software. As a result, you will be more vulnerable to attacks.

Why can’t I just use antivirus software?

Antivirus software alone does not protect any computer, including Windows XP computers. A computer needs a combination of well-built modern software with security protection built in, updates and patches from the software vendor (such as Windows Updates), and antivirus software all working together to provide a strong security foundation. Only relying on antivirus software for an unsupported Windows XP is like installing an alarm system in a building with no locks and that no one ever visits in person.

If you want to take next steps to decommission Windows XP, we recommend that you:

  1. Assess what operating system you need. This may be Windows 7 or 8, but you should look at the requirements of your city software to assess the most suitable version you need.
  2. Budget for an upgrade. Look at operating expense options in the cloud instead of expensive capital expense models to help you reduce costs and create a predictable budget.
  3. Use a city-experienced IT vendor to help you through the transition. Cities have particular needs that differ from businesses. It helps to have a vendor that has guided cities through the operating system upgrading process while not disrupting day-to-day operations. An experienced vendor will also be sensitive to the interoperability of a new operating system with existing city software (such as public safety, court, accounting, etc.).
If your city is facing cyber liability risks from continuing to use Windows XP after April 8, 2014, please contact us. We will be more than happy to answer any questions you may have.

Friday, December 6, 2013
Clint Nelms, COO

If you’ve seen the TV show Parks and Recreation, you know that even through the satire the show’s writers still communicate an understanding that a city’s parks and recreation department is important for a community. Parks and recreational activities bring citizens, civic groups, and tourists together to partake in a city’s quality of life. It’s a critical way for a city to market itself to both citizens and possible future residents.

That means your parks and recreation page must accommodate a variety of needs and questions that people have when exploring your city’s website. To help you analyze if you have the right information on your parks and recreation page, check to see if you provide the following content to your website visitors.

  1. A list of all parks, public buildings, and recreational services. This might seem obvious, but many cities don’t have an easy-to-access list of parks, community centers, trails, etc. as a reference for people. Provide essential information such as the name, address, hours of operation, and services for each location. People will use this page to look up such information. If you want people using your parks and recreational services, you need to list them.
  2. Events taking place at your parks and recreational areas. Events are a great way to market your city’s recreational resources. Provide a calendar of events such as holiday festivities, celebrations, sporting events, or other uses of your city facilities. Consider not only providing information about city-sponsored events but also citizen-submitted events that may be of interest to the community.
  3. Rules and regulations. Rules and regulations about your parks and recreational services should be easy to find but not intruding upon the page. Some cities provide minimal information about their parks and instead dump a dry list of legal-sounding rules on the page. Use most of the space on the page for marketing your parks and recreational services. Place rules and regulations near the bottom of the page, or provide a separate link or PDF to the information. It’s important to those who need it, but it’s not the information you should feature the most on the page.
  4. Quick access to information about permits, reservations, and applications. People should not have to hunt for and scratch their heads about where to find information about things like permits. Provide links or forms upfront on the page so that people can find and submit their information quickly. This is a detail, but it’s a way to show people that your city is easy to do business with. Even better—add some information that tells people how easy it is to apply for a permit, reservation, or application. That makes your parks and recreation department look good.
  5. Contact information of key department contacts for groups. Obviously, every person using your parks and recreational services is important. But cities should be sensitive to important and influential business and civic groups that have more complex needs in terms of number of people and reasons for meeting. Provide the phone number and email address of key department heads with a cue that groups should call your department for special needs. This will expedite the process of accommodating large groups and lessen frustration when these groups try to work with your city.

Once you have the foundations of this page’s information down, you can enhance the page by adding visuals. Showcasing pictures of your parks, trails, community centers, natural beauty, and past events will reinforce the quality of life of your city and the vitality of your parks and recreational facilities. Overall, with just some basic information you can create a useful, functional page that works for citizens, groups, and tourists alike.

To talk about your website content in more detail, please contact us.

Tuesday, December 3, 2013
Brian Ocfemia, Technical Account Manager

Information security is not something you should assume or feel in your gut. Yet, a study shows that many organizations think that way. Referenced in a recent PC World article, a joint study between Office Depot and McAfee revealed a few startling statistics about small and medium business owners:

  • “80 percent of the respondents to Office Depot's survey admitted to not using data protection.”
  • “...almost all of them—91 percent—said they don't use endpoint or mobile device security.”
  • “...14 percent of SMB owners [...] said they haven't implemented security measures of any kind in their environment.”
Yet, the study also showed that 66% of SMBs think that their security is just fine. That’s quite a disconnect—and quite a problem.

Since we always notice many parallels between SMBs and cities, it’s safe to say from our observations that many cities feel a similar false sense of security. But are you really secure? To check, ask yourself the following questions:

  1. Is my data backed up onsite and offsite, and tested regularly? First, your data is not secure if it’s not backed up. All it takes it one server failure, one hacker stealing your information, or one theft of a laptop to put your data in jeopardy. Make sure you have your data backed up onsite for common data loss events (like a server failure) and offsite for disasters (such as a tornado or flooding). And test your data backup. We still see too many cities that think they’re backing up data, but their data cannot be restored when they need it.
  2. Is my email software protected with antispam, encryption, and IT management controls? Using a free email service like Gmail or Yahoo leaves you open to too many threats. Many security threats still enter cities through malicious emails with virus-ridden attachments and links. An employee clicks on a link or attachment, and suddenly the city has a virus or data theft on its hands. Your email software should be protected with enterprise-level antispam, contain standard encryption (especially when cities deal with extremely sensitive information), and have good IT management features so that it’s easy to activate and deactivate employee email accounts.
  3. Is my Internet browsing protected and secured? The Internet is another ripe source of viruses and malware if you’re not sufficiently protected. Your city needs enterprise-level antivirus software that can be managed, monitored, and updated by an IT professional. In addition, you may also want to consider additional features such as content filtering (that prevents people from accessing certain websites) and training city staff about how to avoid malicious websites when browsing.
  4. Am I taking care of my mobile security? Despite cities using mobile devices more and more, mobile security is still often neglected. If a mobile device is stolen, can someone access sensitive city email or documents? A combination of city policy combined with the right IT best practices can help make your mobile information more secure. City policy needs to outline how and if outside devices can use or access city information. From there, your IT staff or vendor needs to work with the city to outline how city staff will access email, documents, and databases from a mobile device, along with activation and deactivation procedures in case a device is compromised.
  5. Do I have IT professionals helping monitor and maintain my data? Even smaller cities need IT assistance with monitoring and maintaining data. Perhaps very small businesses can get away with less IT help because they have less to lose. But citizens and businesses depend upon even the smallest cities for critical data. We’ve seen too many non-technical staff at cities try to handle IT responsibilities. Usually those situations end up with gaping security holes from lack of professional maintenance. Invest in an appropriate amount of IT expertise to help you make sure your data is secure.

While the PC World article states that there is no one size fits all situation to help solve an organization’s data security, we do feel that there are some common areas that can be addressed. Yes, each city might approach data backup or mobile security differently. But the point is that these areas need to be addressed, whatever the details. Your city’s data is too important to be so unprotected.

To talk about data security in more detail, please contact us.

Tuesday, November 26, 2013
Dave Mims, CEO

In many of our posts, we mention the cloud. You probably hear that term a lot and get the general idea of it (accessing software, data, and files through the Internet that you would normally access through your own servers). But what exactly makes something hosted “in the cloud”?

Since the cloud has become so important to cities as a way to reduce costs and increase the quality of technology services, it helps to have a non-technical understanding of something very technical. In this post, we’ll take you through what makes something “the cloud” versus normal hardware and information technology services.

Let’s Start with Servers 101

The cloud is built upon servers, so it will help to review what a server is—and does. A server is a specialized computer that hosts important software, data, and files such as your website, your email system, your document management system, your accounting software, etc. Unlike your desktop computer, a server connects to multiple computers so that it can deliver specific information to those computers. For example, if you have an email server, it delivers email to individual computers at your city. Each computer needs to connect to the email server in order to access email.

Traditionally, a city would buy a server for a particular function (such as email) and all city computers would connect to that server to access the information. But sometimes a city is unable to manage its own servers due to complexity, lack of time, or lack of onsite IT resources. That’s when a city might consider a data center.

Data Centers: Your Servers, Hosted Remotely

A traditional data center simply hosts your servers for you. Sure, the server management may be more complex. You might own or lease servers that are dedicated—which means they are solely for your use. Those dedicated servers may be used for one specific piece of software (e.g. accounting software). To reduce costs, your servers may also be shared servers, which means that other customers may share space on the same server if you’re not using all of the space. Shared or dedicated, you access your servers remotely through the Internet. The technology then works exactly as described above.

Data centers might reduce your costs, especially if a data center can host many servers much more efficiently than you can. However, it’s still just placing the burden of your server management onto another company. You still own or lease a machine, and you can even visit the data center to look at your machines if you’d like.

The cloud takes the idea of the data center a step further by eliminating the idea of owning or leasing specific machines.

The Cloud: Servers Become...Virtual

With traditional data centers, machines are still isolated and discrete. Even if you share a server, you can still say that, for example, five customers have websites hosted on one server.

Cloud data centers scale up to such a high degree that they eliminate the idea of discrete servers. To make it easy to visualize, think of a traditional data center with only 100 servers. Those servers are each owned or partially owned by specific customers. That means those machines need to stay separate and discrete. Even if a few servers are not using all of the space available, it doesn’t matter. If your city owns or leases one of those servers, you’re paying for the space—used or not.

A cloud data center instead coalesces the space from all 100 servers into a gigantic pool. From that pool, the cloud data center carves out “virtual servers.” That means instead of a server tied to a physical machine, a virtual server is just a chunk of that overall space from the 100 servers. That means one physical server could be any number of virtual servers, or a virtual server could be distributed across many physical servers. It’s fluid.

In other words, the idea of server space associated with a specific physical server has disappeared. That’s part of the reason why it’s called the “cloud.” At this level, server hosting works almost like magic. All you need is an Internet connection—and you don’t need to worry about hosting your own servers anymore.

Why Cloud Hosting Benefits You

So why is this technology good for you?

First, by pooling together server resources so efficiently, cloud software providers significantly cut costs. Hardware maintenance and software license costs decrease from this gained efficiency.

Second, cloud data centers are usually run by the best, most reliable IT vendors around such as Microsoft, Google, and Amazon. That means they have resources that smaller data centers lack such as 24/7 monitoring, management, and high levels of physical and information security.

Third, cloud data centers are now too big to fail since so many large businesses and government entities rely on them for mission critical data. For example, Google cannot go out of business. That same technology benefits you. Cloud software originates from servers with multiple Internet connections, a great deal of redundant backup power, and data spread across different geographies. Short of an Internet outage local to your own area, cloud software rarely fails. And even then, once the power comes back on, you can access your data again.

As you can see, servers have grown up quite a bit and, in a way, have “ascended” into the cloud.

To talk about the cloud in more detail, please contact us.

Thursday, November 21, 2013
Alicia Klemola, Account Manager

Back in June, we wrote about Windows 8 and offered an analysis about whether cities should upgrade. On October 17, 2013, Microsoft released Windows 8.1 and offered a variety of improvements that attempted to remove many of the reasons that dissuaded organizations from wanting to adopt Windows 8.

Our analysis of Windows 8 pointed out two key problems: a lack of business urgency in upgrading, and a confusing user experience. We know that cities need software that is functional and easy-to-use, so switching to something that is perceived as unessential and confusing might prevent an upgrade.

We dug through many Windows 8.1 reviews and conducted our own analysis to highlight the key improvements. Let’s see how Windows 8.1 compares to the original Windows 8.

  1. Windows 8.1 looks more like the Windows you’re used to. Windows 8 featured tiles that are more intuitive to interact with on a tablet but ended up frustrating people who used a traditional keyboard and mouse on their computers. With Windows 8.1, you now have a familiar Start button that makes better sense of all the tiles. Plus, there is a “boot to desktop” option (although you have to dig deep into Settings to find it) that lets you change the look of Windows 8.1 into the traditional desktop view that you’re used to. All of these new enhancements give users some options to make Windows 8.1 look and feel more like past Windows operating systems.
  2. You can now search everything on your desktop, in the cloud, and on the Internet in one fell swoop. One annoying aspect of Windows 8 was that when you searched for something, it limited that search to specific areas of your desktop. If you were searching for something and having trouble, you might have to jump around to different areas of your computer. With Windows 8.1, search works more like Google (or should I say Bing!). It pulls up everything for a particular query no matter where it is: your desktop, the cloud, or the Internet. Having Internet results come up in search results along with your own files can be especially handy for doing research.
  3. You have much more flexibility in arranging your desktop the way you like. The original Windows 8 seemed so obsessed with its own particular design that it prevented you from changing the way things looked or worked. With Windows 8.1, you can arrange groups of apps on your screen, set which apps are default (e.g. setting a different default web browser other than Internet Explorer), use up to four apps at once on your screen (instead of two with Windows 8), and better personalize the look of your desktop.
  4. Cloud integration is much better. Windows 8 placed a big burden on your computer by still requiring you to store files on your hard drive if you wanted complete access to them. That means filling up your hard drive with large files that eat up space and slow your computer down. Windows 8.1 has improved upon this limitation through a better integration with Microsoft’s cloud storage (SkyDrive). That means you essentially have links to your files that you only download and pull up when you’re working on them. Otherwise, they are stored and backed up in the cloud—not on your computer.
  5. More security features are embedded within Windows 8.1. Some helpful security features have been added that make your computer much safer. We found that encryption and anti-malware is much better in Windows 8.1 than in Windows 8. When these kinds of security features are more embedded into an operating system, it makes it safer for people to use and easier for IT professionals to support. In addition, there are many new innovative security features too numerous to list here. Two quick examples are “Windows to Go,” which can incorporate an entire work desktop onto a USB drive and be used securely on someone else’s computer without mingling business and personal files; and “Applocker,” which can prevent people from using or accessing specific files and applications.

Given these improved features and user experience, cities may want to consider upgrading to Windows 8.1 if it makes sense for their particular situation. Even though Windows 8.1 is easier to use than Windows 8, there is still going to be a learning curve for city employees—just like any major operating system or software upgrade. You also want to make sure that your applications and software can run on Windows 8.1. Some older versions of accounting, court, or other key operational software might not work on Windows 8.1, so you’ll want to do a full application compatibility analysis.

As of the date of this blog post, Windows 7 is still used by about 46% of all computers while Windows 8 and 8.1 are only used by about 9%. Many are still sticking with Windows 7 for now, but Windows 8 and 8.1 will increase in adoption over time. Depending on your situation, there will be a right time to switch. Just make sure you don’t make the leap before looking.

If you want to discuss Windows 8.1 or your current operating system in more detail, please contact us.

Tuesday, November 19, 2013
Nathan Eisner, CMO

If you’re used to sending and distributing documents through email or dumping them onto a shared drive in a crazy variety of folders, you’re probably glad to know that a document management system will eliminate those chaotic problems. But how? Once your document management system is implemented, you might wonder how you’ll distribute or receive documents if you’re no longer using email or shared folders.

Early on, your city should establish clear business processes for documents that establish and smooth out how documents will be distributed. In this post, we discuss five key setup areas that help take the mystery out of document distribution and make it much easier for city staff.

  1. Set up a clear workflow. This step is probably the hardest but most well worth your time before you start using your document management system. Take the time to establish the workflow for creating specific documents that you collaborate upon and share on an ongoing basis. Figure out:
    • Who kicks off and oversees the document workflow?
    • Who creates the document?
    • Who reviews the document?
    • Who approves the document?
    • Who receives the final document?
    Since the people involved in creating a document might change over time, define roles like “creator,” “reviewer,” or “approver” that can be filled in by specific people. This way, you can make sure that there is someone filling each role and receiving documents when it’s that person’s turn to step into the process.
  2. Set up notifications (usually email). Once you set up workflow roles and tasks, you need to set up notifications for the people assigned to each task. This is how you ensure that people are alerted to knowing if it’s their turn to handle a document. An email notification provides a just-in-time notification with a link to the document in the document management system. Notifications are an automated, user-friendly way to let people know about documents ready for editing and review, instead of having to manually send people reminders through email.
  3. Set up access and permissions. Obviously, people can go in and access documents whether they are notified or not. To ensure that people can’t go in and disrupt an ongoing review or access unauthorized documents, it’s essential to set up clear permissions for people. This also means giving people access only at certain points in a process, and prohibiting even people who participated in creating or editing the document from altering it after it’s approved. This avoids the document distribution issue of accidentally sending someone the wrong document or people altering documents before or ahead of schedule.
  4. Set up document versioning and locking. You want to make sure that people are only working on the latest version of a document, so setting up versioning and locking capabilities helps ensure the quality of the workflow. A common document distribution problem is having multiple versions of the same document sent to different people so that no one knows if they’re working on the current version. In a document management system, a reviewer should know that a) she is working on the latest version of the document and b) no one can edit it until she is done and passes the document along to the next person in the workflow.
  5. Set up archiving. Once a document is finalized and approved, it’s time to archive and store it. That means letting any interested parties know that the document is final and available for read-only access. The document cannot be altered or edited after this point unless sanctioned by an authority within the city (where it will have to go through a document update workflow). Some common problems with document distribution include knowing where to find approved documents, asking certain people to send them to you who have these files stored on their individual computers, and wondering if the document you have is really final or not. With a document management system, it’s clear where to find approved documents, how to notify people when they are approved, and that documents are stored in a centralized location.

As you can see, document management systems can potentially solve a lot of chaotic document distribution problems. But a city needs to spend non-technical time defining workflows. Once that happens, your IT staff or vendor can help you set up notifications, permissions, versioning, and archiving that help enact your workflows. Then, you’ll see that the problems of asking yourself “Where’s that document?” will go away. No more searching through your emails or shared drives. Instead, you’ll know exactly where to access your documents.

To talk more about distributing documents within a document management system, please contact us.

Friday, November 15, 2013
John Miller, Senior Consultant

While many cities agree that they need to store and back up their data offsite, we often get into a lot of complicated discussions about what “offsite” actually means. Isn’t “offsite” literally someplace that is not onsite at the building where you’re storing your information? Why doesn’t a particular “offsite” building count as offsite?

To help clarify what constitutes as “offsite,” let’s run through some imaginary but representative scenarios that we often hear when talking to cities. In these scenarios, we’ll assume the onsite data is stored at City Hall.

Scenario 1: We store our data backups “offsite” at the fire station down the street.

Why it’s not “offsite”: While you are storing your data in a completely different building, it’s too geographically close to City Hall. If a tornado, thunderstorm, or other weather disaster were to affect several blocks of the city, both City Hall and the fire station would be at risk of losing all data. Disaster recovery needs to account for a catastrophic disaster, so having your data stored “offsite” down the street is just not far enough away to constitute as true offsite data backup.

Scenario 2: We store our data backups “offsite” on a flash drive at the mayor’s house.

Why it’s not “offsite”: Even if your mayor is the most trustworthy person in the world, this is a bad solution from all perspectives. First, the mayor likely lives nearby, so the same proximity flaws from Scenario 1 apply. But you are also introducing other risks. What if the flash drive is lost or stolen? Where is the mayor storing the flash drive? On a kitchen table? In a vault? Near water or coffee or something magnetized? How do you know that the mayor isn’t storing the data somewhere else? What happens if the mayor is not reelected? Does the new mayor have to keep the city’s data at his or her house? Having a single person handling a portable piece of media like a flash drive and carrying it back and forth from home to City Hall, even if they’re diligently doing it every day, is way too risky.

Scenario 3: Our IT provider stores our backups at his house.

Why it’s not “offsite”: Not only is this completely unprofessional for an IT provider, but it’s like a worse version of Scenario 2. At least the mayor is someone elected to look out for the best interests of the city. An IT provider’s job is to get paid to implement data backup best practices that mitigate risk for the city. You may even know the IT provider, but in no way should you ever trust your data to reside at anyone’s house. The liability is enormous. What if you decide to sever relations with this IT provider? What if the IT provider gets angry and holds your data hostage? What is the IT provider doing with your data at home? How is your IT provider able to test and audit your data professionally? Any backups stored at someone’s house is a bad, bad, bad strategy.

Scenario 4: Our data backups are stored at a building about six miles away from City Hall.

This scenario is not as bad as the others, and it’s tempting to allow for such distance to constitute as offsite data backup. Another temptation connected to keeping data within driving distance is a sort of irrational feeling of security—if the data is close and you can drive to see it, it feels safer. But again, think of natural disasters. Earthquake. Tornado. Hurricane. Flooding. It’s not uncommon for such disasters to tear across wide swathes of a city. For true 100% disaster recovery, you need to make sure your data is stored much further away—quite geographically remote from your city.

So, if the above scenarios are not offsite, what does constitute offsite? As a general rule, offsite backup should meet the following criteria:

  • Data should be backed up in a secure facility. A secure facility means a professionally operated data center with full security and best practices applied. People’s houses are not a secure facility.
  • Data should be backed up in a geographically remote location far from where the actual data is stored. In other words, if there is a natural disaster such as a flood or tornado, the offsite backup should not be threatened as well. Six miles away is too much of a risk, so we recommend cloud data backup or at least having the data backed up in a completely different part of the country.
  • Data backups should be encrypted. While most cities pay attention to onsite data encryption, they often ignore offsite data encryption. Your offsite data backup needs just as much care as your onsite data backup. If it’s stolen, that data should be useless to the thief or hacker.
  • Data backups should be automated. That means no human involvement at all. Somebody from a city should not have to physically move backup media (such a flash drive) to an “offsite” location.

And today, you have a great opportunity to do offsite data backup right. With such cheap unlimited cloud data storage available, there are plenty of good and easy-to-setup options for offsite data backup. The costs have lowered so much and the quality of offsite data backup has risen so much that even smaller cities can affordably implement automated, encrypted, secure data backup.

To talk about offsite data backup in more detail, please contact us.

Wednesday, November 13, 2013
Clint Nelms, COO

Just like greeting and orienting someone when they walk into City Hall, a city’s website must do the same thing with its City Hall website page. Your City Hall page might also be called City Services or serve as the City Clerk’s page. However you organize your information, you need a page that introduces citizens to city administrators and directs them to your most important services.

While the content on this page should be basic and functional, you want to make sure you provide a good balance of relevant and thorough information. We see too many City Hall pages as only dry lists of names or lacking essential information. In this post, we provide some tips about what content you need for a successful City Hall page.

  1. Cover the basics. First, make sure you have all essential information about City Hall outlined. People will sometimes need to come to City Hall to pay bills, attend meetings, or talk to the city clerk. Provide the address, directions, and hours in an upfront place where they are easy to find. Many websites even use a simple Google Maps widget that allows people to see where City Hall is located and plug in their address to get directions.
  2. Create a brief welcome message. It doesn’t have to be long, but create at least a paragraph of text or a short video that welcomes people to the City Hall page. A welcome message brightens up the page, personalizes the information, and allows you to highlight any important points. Don’t write too long of a welcome message. People won’t read it, and it may force people to scroll down the page to get to the information they actually came to find.
  3. Offer quick links to popular services. If citizens commonly tend to ask about certain services, departments, or people, then provide quick links at the top of the page to help people get to that information faster. You might look at your website traffic or simply use your knowledge of what people ask about on the phone or in person to create a list of your top services. To be even more helpful, use language that people would use (e.g. “I need a business license…” instead of “Business Services”).
  4. Provide a directory to all services. Large or small, cities need to provide a list of people, departments, and services that citizens would contact or access at City Hall. Include phone numbers, extensions, and email addresses (or another way to electronically contact a person). To protect email addresses from getting picked up by spammers, you can spell it differently (e.g. sales AT sophicity DOT com) or use a form instead. Depending on your website design and programming capabilities, you can offer up your directory in many ways—but make sure that it’s easy to access and browse the information.
  5. Identify key leadership contacts above all other contacts. A citizen shouldn’t have to dig through a directory to find key City Hall contacts like the city manager or city clerk. Highlight these contacts above all others and include a headshot if possible. Not only is it helpful for citizens but you also create a better impression when you highlight your City Hall leadership. People feel more comfortable about a city when they feel they know their city manager and city clerk by name and face.

While function really takes precedence on this page, you want a few flourishes that show you’re a good host—like City Hall itself. Your City Hall is about business, steering citizens to where they need to go. But you also welcome them, smile, and engage them in some small talk before moving them on their way. Your City Hall web page works in the same way. Greet citizens, be helpful, and use the information you present and prioritize on your City Hall web page to send them on their way.

To talk about website content in more detail, please contact us.

Thursday, November 7, 2013
Brian Ocfemia, Technical Account Manager

A very nasty computer virus called Cryptolocker is circulating around businesses, government entities, and many other organizations. We’ve already seen one city infected with this virus and have heard of several other victimized cities. This is not something you want infecting your city’s computers.

To help protect you against the Cryptolocker virus, we’ll answer some common questions and offer some proactive tips—especially if you feel unprotected against viruses.

Cryptolocker Questions & Answers

What is ransomware?

Ransomware is one of the scariest viruses out there. We’ve become so dependent on our electronic data, either on our computers or in the cloud, that losing access to that data would be devastating. And hackers know that. So, they prohibit access to your data in exchange for a ransom. It’s the digital equivalent of taking your most valuable possessions hostage.

What does the Cryptolocker virus do?

It encrypts the hard drive of your infected computer, meaning you cannot access or read your data. A popup window will appear and you’ll read a ransom demand for money in exchange for what’s called a “private key” so that you can decrypt your hard drive. It’s like a hacker has a padlock on your data, and the hacker has both keys. Supposedly, if you pay the hacker it’s like they give you one key and you both open the padlock at the same time.

Should I pay the ransom to get my files back?

We typically do not recommend paying the ransom. The hackers will tell you that if the money is not paid within a certain amount of time (usually about 24 hours) then the private key is destroyed and the contents of your computer are lost forever. But these are criminals. Once they have your credit card information, what will stop the hackers from using your credit card information again (or even stealing your identity)?

So how do I get rid of the virus?

In the short term, an enterprise-level antivirus solution can easily detect and eliminate the virus. However, if you already saw the popup window demanding a ransom, then it’s already too late to unencrypt your files. You’ll lose your data, but the virus will be eliminated by the antivirus software.

In the long term, or even if you haven’t been infected by the virus, you want to take proactive steps to protect yourself from Cryptolocker and other viruses.

  1. Use an enterprise-level antivirus solution. Avoid free antivirus software or relying on city staff to manage antivirus software on their own computers. You need a more professional solution that is managed by IT professionals and updated regularly. Enterprise-level antivirus software also has better monitoring capabilities, often preventing viruses from ever affecting you. In the case of Cryptolocker, enterprise-level antivirus software would likely have stopped the virus before it started encrypting your files.
  2. Use antispam software. Since Cryptolocker can spread through malicious files in emails, you need ways to better block email before it gets to users. Many cloud-based email solutions have excellent antispam and antimalware software built in, or you can purchase enterprise-level software if you host your own email.
  3. Implement a regularly tested data backup and disaster recovery solution. In case the worst happens, having a data backup and disaster recovery solution in place—both onsite and offsite—will ensure that you have a backup of your files in another location that the hackers cannot reach. Do not simply use a free file storage service where files are synced—rather than backed up—across different storage locations. Access your files in one place, and back them up in another place. And test your backups at least once a quarter.
  4. Train city staff about basic online safety best practices. On a basic level, your city staff should be able to identify obviously suspicious email messages, avoid clearly malicious websites, and never give out their username and password to an untrustworthy source. Your city administration and IT vendor should be clear about how sensitive information is shared so that it’s easier for people to detect fraud when that process is violated.

If you feel unprotected against a virus of this caliber, please contact us. We will be more than happy to answer any questions you may have.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |