We put the IT in city®

CitySmart Blog

Friday, April 19, 2013
Clint Nelms, COO

While more and more government organizations are moving their email to the cloud, backed up by significant examples that it is one of the safest places for your email, we still see many cities clinging to old or obsolete email hosting methods. Unfortunately, hosting your email improperly or through a method that is no longer a best practice can put your city at risk.

Those risks can involve security, compliance, retention, and responsiveness to open records requests. Poor email hosting jeopardizes the safety of your emails and opens your city up to legal troubles—especially if people need to find and retrieve specific emails in response to an official request.

Here are five things to look out for with bad email hosting. If any of these situations applies to you, it is imperative that you begin to consider enterprise cloud email hosting.

  1. You’re using free email hosting. You get what you pay for. While free email may seem cost-effective and easy to use, it comes with a host of problems for government organizations. When you have a technical problem, who do you call? Free means little to no support built in to your email services. Free email hosting providers will also not be concerned with strong antispam, giving your city much email storage space, or making sure users can focus on their work without having to see constant advertisements.
  2. You don’t know where your email is hosted. We often encounter cities that cannot tell us where their email servers are located. In many cases, especially with cheap email hosting, email servers are located offshore—where compliance and security might be more lax. The IT staff overseeing your data center may not have criminal background checks and yet have access to sensitive city information. And how are your email servers maintained by this IT staff? How rigorously? If you don’t know where your email is hosted, that implies other potential problems.
  3. You host your own email servers. While you might be competently hosting your own email servers, you are also paying for the cost of those servers, the software running on those servers, the software licenses, and the staff or vendor that must support those servers. With cities needing to cut costs, you cannot ignore cloud email business models that improve your quality of service while cutting costs. Shop around and explore if you can save money.
  4. You’re in danger of permanently losing email if an email server goes down. Especially with laws that dictate retention policies for email, you will be in legal trouble if you lose email because of a server failure. In addition, your staff relies on email as the lifeblood of their work at your city. Losing email is a productivity and operations killer, and if you don’t have a data backup and disaster recovery plan for your email, then you are placing your city at great risk.
  5. Your email hosting does not meet security and compliance standards. Email often contains sensitive city information about personnel, legal disputes, public safety, citizens, etc. We’ve found that cities with free email hosting, unknown hosting, or onsite hosting often have major security issues and gaps from poorly configured servers, bad maintenance, or lack of effective setup and support. Cities are held to a much higher standard than most private sector businesses. Taxpayers will find it inexcusable if a city, in trying to cut corners, allowed social security numbers to be exposed through a breach in a free email hosting account. Legal repercussions can also be devastating.

Cloud email hosting from experienced, widely used vendors (e.g. Microsoft) eliminates these problems by offering enterprise level service and support, documented security and compliance policies and procedures, and data backup. And with a lean, scalable model (usually per user) that does not require expensive onsite hardware, software, and licenses, that means you can pay (like a utility) for exactly how much email hosting you need.

Especially on the cyber liability side, considering cloud email hosting becomes less of a “nice to have” service and more of a required service. If you cannot guarantee that you are following essential security and compliance related to your email hosting, then you need to leave it up to experts that regularly host email for many government institutions.

To talk more about email hosting, please contact us.

Tuesday, April 16, 2013
Dave Mims, CEO

“Metadata” is an intimidating word, often sounding very technical and from the complex world of search engines. Quite simply, metadata is data about data. Let’s say books are data. How would you describe and order groups of books? Probably by genre, by author (A to Z), and maybe even by “most popular” or “bestsellers.” Those categories of genre, author, and “most popular” are metadata, and that metadata helps you navigate through a bookstore—instead of just sifting through a giant pile of books.

In a document management system, you probably know the feeling of sifting through information when it is poorly labeled and organized. You search over and over for something, you get too many search results in return, and it seems like keyword searches just don’t work right. Those kinds of document management systems often have poor metadata.

So where you do start if you’re a metadata novice? While we recommend also talking to someone technically conversant with your document management system (and if you’re a large city, you might want to have an information architecture expert in the mix), we focus here on some metadata basics that we notice when we help cities with their document management systems.

  1. Look for pain points with your city staff. The first place to start is with the existing experience city staff has when they search for documents. How do they search? What do they search for? What results come up? For example, do users get frustrated looking for accounting documents when they can’t separate out accounting from all other city documents? City staff will often tell you through their actions how they need the information to be labeled and organized, and what terms they think of when they search for documents.
  2. Involve different groups when deciding what metadata you need. When you sit down to discuss how you want to describe and categorize your documents, make sure you involve multiple groups to assess their needs. Your finance department may have stricter metadata needs than parks and recreation, for example. At the same time, you don’t want to make your categorization so complex that basic users can’t easily upload and label documents. By discussing your needs together, you will arrive at a good categorization system that works for everyone.
  3. Create custom views for different departments. One of the biggest pain points with document management metadata is separating out views at the highest level, such as finance, public safety, information technology, or parks and recreation. When users have to sift through documents across all city departments for every search, it prevents them from easily finding what they need. But when metadata clearly indicates different departments, projects, or organizations, then users can go to the area that exactly meets their needs.
  4. Make users enter basic metadata. When users upload documents, work with your document management vendor and IT department to make users enter basic metadata. There should be minimum requirements for what users need to fill in such as a title, author, department, description, keywords, etc. If you’re not enforcing metadata capture, then your document management categorization and search capabilities go to waste. After a while (and some grumbling), filling out metadata will become habit for users and your document management categorization will become much more rich and thorough.
  5. Manage and audit your metadata. If no one is overseeing your document management system’s data, which includes your metadata, then it’s easy for people to lose the habit and go astray. Also, over time your data needs might change, or your data might become unruly and chaotic. If your needs grow more complex, such as with new financial requirements or a piece of legislation, you can push down new metadata requirements to users. If you find that users are not helped by either simplistic metadata (such as too many documents with the same category) or overly complex metadata, you can balance it out by adjusting top-level requirements for users based on feedback.

Our advice in this article focuses primarily on the business side of metadata, and less on the technical side. For most cities we work with, they just need to be using metadata on a basic level so that users can more easily find documents. With larger cities, document management and metadata grow much more complex, and we recommend bringing in more technical expertise at that level. Otherwise, as long as you can get your users labeling and categorizing documents consistently, and in a way that makes them easy to find, then you’re on the right track.

To discuss document management and metadata in more detail, please contact us.

Wednesday, April 10, 2013
John Miller, Network Infrastructure Manager

When we sit down to talk with cities about vendor relationships, many of the war stories center around how vendors waste a city’s time. An important part of any vendor relationship boils down to two things: expertise and communication. Can the vendor do the job, and can they communicate about issues and problems effectively?

To this day, we are still amazed at some of the stories we hear. You would think that vendors would learn from the best in the business or listen to the feedback that municipalities regularly share at events and conferences. Many vendors unfortunately prey on cities, secure the deal, and then take a hands off approach to the engagement.

Cities need to understand that wasted time equals wasted money. Here are some warning signs to look out for.

  1. Calling the helpdesk is always confusing. There may be different support numbers for different problems. Or perhaps you dial in and you have to navigate several levels deep into a menu of “press 1”s and “press 4”s. When you speak to someone, they might be confused about your request and route you to several other people. Calling the helpdesk should be easy – you either talk to someone knowledgeable immediately or you receive a call back within a short amount of time.
  2. Bills for onsite visits pile up. Reputable IT vendors will often include the cost of site visits within a reasonable, predictable monthly bill. But some IT vendors use site visits as ways to log many billable hours that you did not budget for. We’ve seen quite a few cases where an IT vendor will arrange a deal with a city that appears like a low monthly fee on the surface, but they end up making most of their money through “unpredictable” issues that require billable site visits. Look for escalating, unexpected, and unpredictable support bills as a red flag.
  3. You’re often told, “That’s not included.” This timewaster is probably our biggest pet peeve. Many cities agree to “24/7 IT support” and the assurance that nearly every area of their IT environment is covered. However, the fine print says otherwise. A problem is identified, and the vendor tells you, “That will cost extra.” Lots of problems start to occur, and most of those problems are “not included.” That means approving discretionary budget and delaying problem resolution because you are signing additional statements of work.

The shame about these issues is that problems often do not emerge until you start working with a vendor. If you are researching IT vendors, make sure you have a senior experienced IT person at the table. Have them ask tough questions about the vendor’s experience, processes, and problem resolution. Talk to customers who work with that vendor. And if you’re seeing too many of these negative signs with your current IT vendor, then it’s time to start looking for a new IT vendor.

If you want to discuss these vendor management problems in more detail, please contact us.

Friday, April 5, 2013
Clint Nelms, COO

While very large cities and other large organizations find website design an expensive but necessary proposition, expensive website design is something small- to medium-sized cities should avoid. It’s tempting to read the press about what the latest government websites should offer, but the press usually reports on very large government entities that use cutting-edge social media, big data and open data applications, and extensive mapping software.

From our experience, budget-conscious small and medium cities need essential website functionality and a professional appearance, but they often lose money when website vendors oversell them on supposedly “must have” features and custom design. Here’s a quick list of what small and medium sized-cities need and don’t need in their website design.

What You Need in Your Website Design

  • Professional Look and Feel: As long as your website looks clean and professional, without any chaotic or amateurish design elements, it will hold up to positive public scrutiny. Many template websites are available that have been designed by high-end professional designers and have been used by many smaller cities. A professional look and feel should also incorporate a consistent city logo through the website.
  • Online Payment Processing Capability: Since citizens often want to pay utilities, taxes, and fines online, it’s best to have payment processing built in as part of a website design. Years ago, this would be an expensive addition. Today, many template or low-cost websites can easily accommodate this feature.
  • Calendars, Department Pages, and Other Common City Content: There are a few areas that all cities tend to have on their websites such as community calendars, pages for departments (City Hall, Public Safety, Parks and Recreation, etc.), city council agendas and minutes, and news updates - to name just a few. Most basic websites can accommodate such content without expensive design.
  • Ability to Add Pages and Modules: If a city wants to add additional common pages or modules, it should not require another redesign or expensive fees. It’s to be expected that a city will grow and expand over time, and a website design should plan for that growth without a website vendor billing you for each addition.
  • Ability to Put Content Onto the Website: Cities should not have to rely on a third party to put content onto their website. Instead, the website should be designed with a content management system on the back end so that city staff can update webpages without having to code or understand anything technical.

What You Don’t Need in Your Website Design

  • Expensive Multimedia: Too many cities are wooed with the ability to showcase expensive Flash imagery, videos, and photos. Often, this multimedia is not very functional and wastes money. If a city needs to use videos or photos, they need to be functional and reasonably budgeted.
  • 100% Custom Design: Building a website from scratch is risky in terms of time and outcome. Even if it’s done well, it will cost a great deal of money and tends to be overkill for a small or medium city. Stick with templates that are minimally customized.
  • Bells and Whistles: We’ve seen so many cities pay for expensive website design that included sophisticated social media apps, forums, and RSS feeds that often go unused. A city should not be tempted by nice-to-haves. Instead, each aspect of a website needs to be justified and its functionality proven by a business need.
  • Expensive GIS Mapping Tools: Geographic information systems (GIS) continue to be popular at municipalities, and the rich mapping data can greatly enhance websites – especially for certain departmental pages and citizen-friendly website applications. However, many GIS website tools and applications are overkill for all but the largest cities. Integrating live GIS data onto a website is extremely costly. For smaller cities, it’s often better to use a static map, such as having the city’s GIS data manager export a graphic representing the data and have the person managing the website content post the static map to the webpage.
  • Rebranding: We’re not against rebranding. However, website vendors sometimes lure cities into using a website design as a way to also do a complete rebrand of the city’s look-and-feel. If you’re at this stage independently of a website design, fine. But if you’re rebranding just because your website vendor is urging you to develop new logos, taglines, imagery, and colors for the city’s visual appearance, then you’re potentially being ripped off.
  • Amateur Work: On the other end of the spectrum, we still see many cities hand over a website redesign to a single design intern or to a friend of a city employee who has “designed a few websites.” While this may have been acceptable back in the late 1990s when websites were still novelties, it’s unacceptable today. While cheap, the end result will usually be a poor design, hard-to-manage functionality, and a website that breaks down too much. As one example, we see something as simple as fonts crash city websites, especially when amateur designers try to get fancy or make too many words blink. Leave website work to professionals.

These tips give you a quick idea about what you need and don’t need in website design. As you can see, in most cases website vendors are good at upselling design aspects that small or medium cities just don’t need. Sure, some of these aspects do create great-looking websites. There are some great custom website designers out there, and some slick features and apps that can really enhance a website. But those features really only start to make sense once thousands and thousands of people start to visit a website, usually at large cities over 100,000 people.

To discuss website design in more detail, please contact us.

Wednesday, April 3, 2013
Dave Mims, CEO

One of the most common yet overlooked tasks of anyone taking care of servers and workstations is basic hardware maintenance. That includes monitoring hardware, applying patches, and upgrading software. Like a car, basic maintenance ensures that your investments run smoothly from purchase to decommission.

However, in our many network assessments over the years, we’ve found that lack of server and workstation maintenance often crops up as a critical problem at many cities. The city’s IT staff might be inexperienced or strapped for time, or the city’s IT vendor might not be maintaining equipment at a professional level. The result? Slow servers, poor computer performance, unhappy employees, and city operations interrupted.

While hardware maintenance involves many complex technical aspects, we are providing a high level overview of five basic activities that your IT staff or vendor must perform to keep your hardware optimally running.

  1. Proactively monitor health and performance. Too many cities simply react when a server fails or a workstation breaks down. We recommend having an experienced IT professional proactively monitoring the health and performance of your hardware. Many 24x7 monitoring and alerting tools exist that raise red flags when issues arise. However, those tools alone will not make a difference unless you have an expert analyzing the results and knowing how to identify, escalate, and deal with performance issues.
  2. Patch, upgrade, and leverage support. While it seems simple that patches and upgrades that solve security and performance problems should be applied to servers and workstations, we’ve analyzed many environments where this is just not happening. You are paying for expensive software, so why not apply patches and upgrades delivered as part of the vendor software support? Leverage any included support related to your hardware, especially when you are unable to solve a problem yourself.
  3. Replace aging hardware. Natural wear and tear, storage and memory limits, and evolving technology all eventually make hardware obsolete. Don’t wear out hardware for too many years and only replace it when it dies. You need a plan to replace your hardware, usually every 3-5 years. Your IT staff or vendor needs to be on top of your hardware asset management and track the purchase, deployment, depreciation, and decommissioning of all hardware.
  4. Apply strict security. Especially at a city, you need to make sure your servers and workstations are protected as much as possible from hacking, phishing, and other unauthorized attempts at access. Apply an enterprise firewall, properly configured to close off all gaping security holes. Enterprise antivirus should be applied across all servers and workstations, and strong antispam and content filtering help protect city staff from clicking on phishing emails or dangerous websites that can open up a security hole in your network. Do not compromise in any way on hardware security.
  5. Back up all data on your hardware. Despite your best proactive maintenance, servers will fail and computers will be lost or stolen. A data backup plan that provides daily backups and full disaster recovery is essential for covering all unexpected situations. At cities, it’s usually a good idea to use onsite data backup that takes hourly snapshots of your information. That means if a server fails, you should be up and running within an hour or two. For disasters, you should be up and running within 24 to 48 hours by using offsite data backup.

When you buy a car, you can decide to worry about maintenance only when it breaks down. But you know that your car performs better when you have your oil changed every three months, tires rotated every six months, and a full inspection at least every year. Server and workstation maintenance works similarly, although much more frequently. With 24x7 monitoring and maintenance by experienced IT professionals, a data backup and disaster recovery plan, and a hardware lifecycle replacement strategy in place, your hardware investment will be maximized and run in the most optimal fashion.

To talk more about hardware monitoring and maintenance, please contact us.

Friday, March 29, 2013
Nathan Eisner, Network Manager

Even at smaller cities, it’s easy for your IT assets to get out of hand. Servers and workstations accrue, software lingers after being purchased many years ago, and data backup media piles up. A good question to always ask about your IT assets is, “Am I using them?”

Taking a look through your existing assets can be enlightening, and sometimes shocking. Often, valuable real estate, power, and IT staff time is consumed maintaining assets you don’t need. Here, we take a look at some common IT infrastructure assets and offer ways to eliminate or trim them down.

  1. Data backup. We often see a lot of waste here, especially from manual data backup processes. Tape, external hard drives, or other transportable media not only adds manual risk to the process of data backup but also wastes physical space. Manual media is usually not tested or audited, and so you are often storing backup media that won’t work when you need it. Modern data backup systems can mostly back up remotely, freeing up space and eliminating your need for portable media.
  2. Servers. With advances in cloud computing, many servers are simply taking up space at cities. Dedicated servers for email or specialized software can often be eliminated and replaced with cloud services that require no onsite servers. In addition, completing an assessment of your current servers can help analyze if they are really worth the maintenance or software license costs. Do you have expensive software on a server used by very few employees? Do you have an email server that is hard to maintain? Be brutal and have your IT staff or vendor help you figure out if you absolutely need each server.
  3. Workstations. Typically, a lot of waste pops up with workstations. Over time, if employees needed workstations, they were bought on the fly with discretionary budget, without much thought as to what city staff actually needed to perform their work. Are there computers not being used by anyone? Are those computers still being maintained? Similar to a server audit, it’s good to look at your workstations (including laptops). Are the machines a fit for how they are actually being used? If not, you might consider decommissioning, selling, or stripping down the features and services attached to each machine.
  4. Printers. Printers are often overlooked as a major IT asset, but they are networked machines that tend to proliferate too much within an organization. For example, people tend to buy printers for themselves rather than maximizing the use of a printer for an entire department. With an assessment, you’ll often find too many printers, unused printers, and potential to trim down your annual maintenance costs.
  5. Telecom, Internet, and Wireless. Traditional phone systems and unruly wireless systems can also be a waste. You might have expensive phone equipment that could be eliminated and replaced with a more streamlined VoIP phone system that relies on an Internet connection. Also, organizations tend to accrue wireless devices that people buy on impulse to solve a temporary need, and then sit unused. Your city might benefit from an inventory of telecom, Internet, and wireless equipment to see if you can reduce some hardware and maximize the usage of fewer devices.

IT infrastructure is expensive, so you want to make sure you are using all of your assets wisely. Even hardware and equipment that you bought three to five years ago can potentially be reduced or eliminated by newer cloud services. And any organization, unless you’re rigorously auditing your IT assets on a regular basis, can find itself with too many servers, workstations, printers, and other equipment that is excessive or lies unused. Cities can’t waste a penny, and so it might be time for your city to do some IT spring cleaning.

To talk more about reducing your IT infrastructure clutter, please contact us.

Tuesday, March 26, 2013
John Miller, Network Infrastructure Manager

As cities transition to an online payment system or reevaluate their online payment vendor, it’s good to look at the basics of what makes a city’s online payment information safe and secure. In this multi-part series, we will cover the basic Payment Card Industry Data Security Standard (PCI DSS) requirements one by one, teaching you about what a city and its online payment vendor needs to be compliant.

The basics of secure online payments starts at the network level, and the PCI DSS requirements begin by examining firewall and password policies. These best practices also correspond to many other IT-related services and provide good questions for other aspects of your city business.

Use enterprise-level firewalls for your network.

Both you and your online payment vendor need at least an enterprise-level firewall to handle sensitive payment data. Coupled with enterprise-level antivirus, this essential network configuration creates strict access for outside sources wishing to communicate with you.

As you may know, firewalls work rather like a border crossing or airport security. Only specific approved information is allowed inside your network. When you’re dealing with sensitive online payment data, it’s imperative that any information requests are authentic—both inbound and outbound. Hackers are always trying to access valuable data, and payment data is worth more to them than many other kinds of data. Not only must your online payment vendor have sufficient firewalls, but you should also make sure your firewalls match their high standards if possible—especially since it’s likely that online payment data will cross in and out of your environment (e.g. in your accounting software, on your website, etc.). Hackers look for gaps to exploit, and it would be unfortunate if your network was their way into your online payment data.

Use strong passwords and user authentication.

You may have had the experience of accessing online payment websites and...suddenly the experience changes. There are different passwords. Maybe a passkey, or another kind of user authentication. The URL on your browser switches to a higher level of security and encryption. That’s because the level of authentication needs to be higher when sensitive online payment data is involved. That means password best practices that include:

  • Strong passwords. That means long passwords with numbers, letters, and a mix of characters that are irregular and unusual—and difficult to hack.
  • Training and guidance about phishing. It should be clear to users when an online payment site is authentic, and when it is not. This may involve a secure URL, a passkey, or some other kind of unique identifier that—if lacking—should alert a user that they may be on the wrong website.
  • Considering 2 factor authentication. An extra level of password security is not a bad idea. That means authorizing a person’s computer by, for example, getting an authorization code send to their mobile device.

If your online payment vendor cannot confirm the rigor and security of these two items to your IT staff or vendor, then that lack of information should raise a red flag. But know that even if your online payment vendor can handle these requirements, you should also close the loop by providing your city with at least an enterprise-level firewall and a strong password policy. These two items form the basic foundation of securing a network from most common hacking and unauthorized access to data.

Having a strong firewall and password policy is like having locks on your doors and windows, along with personal security to make sure that only authorized people enter your house.

In our next online payments post, we will discuss encryption and other ways to protect data. If you want to talk about online payment security in more detail, please contact us.

Thursday, March 21, 2013
Clint Nelms, COO

The rise of cyber liability insurance matches a growing trend in which targets with valuable information (e.g. financial institutions), combined with weak IT security, create rich opportunities for hackers. Since municipalities store sensitive information such as social security numbers and tax information for businesses, then they become obvious targets.

Not only are municipal data breaches embarrassing, but they are also expensive. Computerworld recently reported:

The costs of simply investigating and responding to these losses—not to mention the resulting lawsuits and regulatory fines—can be staggering. For instance, the Ponemon Institute estimates that response costs can be as high as $200 per compromised record. It is not difficult to understand how total costs for a wide breach can quickly escalate well into the millions of dollars.

A great article last year from Dark Reading outlined the top 10 security breaches of 2012, and it’s sad for us to see how many of these breaches were caused by preventable IT best practices. Many municipalities still lack basic IT infrastructure, policies, and training to prevent even amateur hacking attempts.

Last year, we produced a series of articles addressing data loss, website hacking, and virus attacks, but we want to address some other common issues that impact cyber liability. These best practices can help lower your risk, which then lowers your cyber liability insurance premiums.

  1. Educate and train employees about phishing. This may seem very non-technological and simple, but phishing led to 3.8 million Social Security numbers and 3.3 million bank account numbers stolen from the South Carolina Department of Revenue last year. Employees need to understand that clicking on links from suspicious emails opens up a city to high risk. Better yet, couple training with good antispam software to ensure that most phishing emails never even reach a person’s inbox.
  2. Eliminate as much physical storage and manual processes as possible. Risk increases when you need to physically handle data. Even the combined clout of IBM and Iron Mountain could not prevent a massive data breach last year when those vendors were transporting data backup tapes. If you know us well, you know that we sound like a broken record when we tell cities to stop using tape backup. Day-to-day manual handling of tapes introduces too much risk at every step (theft, loss, forgetting to back up data, etc.). And in this case, yes – you can get fired using IBM.
  3. Create a strong password policy, everywhere. Hackers most often exploit weak passwords, either through bad server configurations or poorly maintained web applications. Many hacking outfits will use something called a SQL injection to break through, like a burglar kicking down a door with a weak lock. That means you need to force users to have strong passwords, train users to never give out their passwords over the phone or through a suspicious web link, and to have everyone—IT staff and non-IT staff—change passwords often. (Read about password best practices in more detail.)
  4. Encrypt laptops and mobile devices. Too many major data breaches arise because of stolen laptops or other mobile devices. Encryption (which the South Carolina Department of Revenue is still putting in place to prevent another data breach) means that users must enter a password to access any information on the laptop. This is different than simply logging in to Windows or your routine desktop applications. Encryption is an extra layer that means if someone doesn’t know the password, the data is useless. If a person steals a laptop, for example, they could not even hack into the hard drive without the encryption password.

Cyber liability is understandably a hot topic for cities, since the stakes have never been higher. Hackers have become more sophisticated and aggressive, and small to medium-sized cities become juicy targets—precisely because they often lack basic IT security measures. While the above cyber security tips sound simple—and almost obvious—they are exactly what lead to most data breaches.

In future posts, we will look more closely at some non-technical policies and procedures (such as working from home and employee background checks) that provide a strong foundation for your technical cyber liability. To talk about cyber liability in more detail, contact us.

Tuesday, March 19, 2013
Nathan Eisner, Network Manager

Just when you thought you may have figured out data backup and disaster recovery for your city’s servers and workstations, along comes mobile. A January 2013 article from Computerworld UK (which also surveyed United States companies) showed that there are deep concerns about backing up mobile data.

Partly, that’s because mobile is still so relatively new and blurs the boundaries between business and personal data. But also, the lack of mobile data backup reflects the continuing failure to follow general data backup and disaster recovery best practices.

If you’re using smartphones, tablets, and other mobile devices at your city, here are some tips on backing up data for those devices.

  1. Put as much of your data in the cloud as possible. With cloud data, you minimize worries about backing up mobile—or any—data. If your email, documents, and even VoIP phone system is cloud-based, then the mobile device is just accessing that data over the Internet. If the phone is lost or destroyed, all of your data is still in the cloud. As long as your cloud data has appropriate security, then accessing the data with a mobile device follows standard protocol. With the cloud, there are no worries about having to store mobile-specific data.
  2. Back up city-issued mobile devices. The safest way to ensure the strictest and most efficient mobile data backup is to back up only city-issued mobile devices. While we have written about the “bring your own device” (BYOD) trends in organizations, we always recommend issuing city-specific mobile devices to employees. That means you can lock down these devices however you’d like. By contrast, you do not have complete access to an employee’s personal mobile device and you risk losing city data that you cannot back up.
  3. Tell employees about business and personal data boundaries. Even if you issue a city-owned device to employees, it’s tempting for them to use those devices for personal calls, emails, and media (such as photos or videos). But when you are backing up data on those devices, that means contact information, email, calendar information, and even text messages. If an employee does not want personal information exposed to public view or an open records request, then it’s best to keep that personal information on their personal (not city-owned) devices.

While we’re still adjusting to the mobile revolution, with new and more sophisticated devices coming out every day, the principles of data backup remain the same. We recommend taking your existing data backup and disaster recovery policy and extending those policies to mobile. If you have not developed an overall data backup and disaster recovery policy, then you can use mobile devices as a good excuse to create a plan today.

To discuss mobile data backup in more detail, please contact us.

Friday, March 15, 2013
John Miller, Network Infrastructure Manager

This year is the 20th anniversary of the initial release of the Portable Document Format, commonly known as the PDF. Along with Microsoft Word and Excel files, the PDF is probably one of the most commonly used file formats at cities and most other organizations. It caught on as a file format because it retained a consistent look and feel independent of whatever software someone used. That’s made the PDF handy for sharing and storing standardized documents.

When managing your documents, the use of PDFs can raise many questions. We’ve worked with cities that became “PDF happy” and turned anything and everything into PDFs, while others went in the opposite direction by clinging to Microsoft Word and PowerPoint documents without bothering much with PDFs.

To help find a good middle ground, here are some benefits and situations that suggest when PDFs can best help your document management.

  1. Use PDFs when you want an exact, official copy of an original document. Whether you scan the original document or simply want a locked down, official version that you don’t want edited any further, then publish it as a PDF. With a good scanner, it should become part of your routine to take official paper documents and scan them into your document management system as PDFs. Other editable documents (such as Microsoft Word files) should become PDFs after they are finalized.
  2. Use PDFs when you need a print-friendly document. PDFs follow the rules and formats of paper documents to a high degree. They are designed to parallel the high quality of a paper document. If internal employees need to print high quality documents or visitors to your website need printer-friendly forms and documents, then PDFs are the way to go. PDFs also work well for printed forms, which people can often fill out on their computer screen and then print out.
  3. Use PDFs when you want to easily secure your documents. The PDF has some of the best and easiest security features for any document format. You can password protect a PDF, electronically sign a final version of a document, and prevent people from printing, saving, or editing it. Just like a signed and notarized document represents its final, official version, PDFs provide plenty of security features to ensure that people cannot alter, edit, or manipulate an official document in your document management system.
  4. Use PDFs when you want to cut down on storage space. PDFs are very economical files, taking what were once large files and reducing their size considerably. You can merge multiple files into single PDF files to maximize your use of document management storage space. Opening large files (especially with slower Internet connections) can be a hassle for people, so converting and merging large files into PDFs can be helpful for both you and your users.
  5. Use PDFs when you want to store “more information” or “further details.” When people create content either for a website or an internal document management system, it’s tempting to share excessive details instead of sticking to a focused point. Use PDFs for when people need “more information,” such as citizens wanting to read full details about city policy or internal users wanting technical details behind an audit or analysis. That way, you don’t have to clutter up your content with every single detail imaginable. Store those “further details” in easy-to-create PDFs.

While PDFs have been around for 20 years, it’s sometimes still confusing when and how to use them. Considering our tips above, it’s good to consider that PDFs most often follow the traditional rules of paper-based documents, both in a legal sense and also in an accessibility sense. We see many document management systems where everything has been turned into a PDF, or websites where too much vital information is buried in PDFs. A mix of concise, public-facing information backed up by substantial details and official documents in PDFs is a balance you should strive for.

If you’d like to discuss PDFs and document management in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 |