We put the IT in city®

CitySmart Blog

Tuesday, March 26, 2013
John Miller, Network Infrastructure Manager

As cities transition to an online payment system or reevaluate their online payment vendor, it’s good to look at the basics of what makes a city’s online payment information safe and secure. In this multi-part series, we will cover the basic Payment Card Industry Data Security Standard (PCI DSS) requirements one by one, teaching you about what a city and its online payment vendor needs to be compliant.

The basics of secure online payments starts at the network level, and the PCI DSS requirements begin by examining firewall and password policies. These best practices also correspond to many other IT-related services and provide good questions for other aspects of your city business.

Use enterprise-level firewalls for your network.

Both you and your online payment vendor need at least an enterprise-level firewall to handle sensitive payment data. Coupled with enterprise-level antivirus, this essential network configuration creates strict access for outside sources wishing to communicate with you.

As you may know, firewalls work rather like a border crossing or airport security. Only specific approved information is allowed inside your network. When you’re dealing with sensitive online payment data, it’s imperative that any information requests are authentic—both inbound and outbound. Hackers are always trying to access valuable data, and payment data is worth more to them than many other kinds of data. Not only must your online payment vendor have sufficient firewalls, but you should also make sure your firewalls match their high standards if possible—especially since it’s likely that online payment data will cross in and out of your environment (e.g. in your accounting software, on your website, etc.). Hackers look for gaps to exploit, and it would be unfortunate if your network was their way into your online payment data.

Use strong passwords and user authentication.

You may have had the experience of accessing online payment websites and...suddenly the experience changes. There are different passwords. Maybe a passkey, or another kind of user authentication. The URL on your browser switches to a higher level of security and encryption. That’s because the level of authentication needs to be higher when sensitive online payment data is involved. That means password best practices that include:

  • Strong passwords. That means long passwords with numbers, letters, and a mix of characters that are irregular and unusual—and difficult to hack.
  • Training and guidance about phishing. It should be clear to users when an online payment site is authentic, and when it is not. This may involve a secure URL, a passkey, or some other kind of unique identifier that—if lacking—should alert a user that they may be on the wrong website.
  • Considering 2 factor authentication. An extra level of password security is not a bad idea. That means authorizing a person’s computer by, for example, getting an authorization code send to their mobile device.

If your online payment vendor cannot confirm the rigor and security of these two items to your IT staff or vendor, then that lack of information should raise a red flag. But know that even if your online payment vendor can handle these requirements, you should also close the loop by providing your city with at least an enterprise-level firewall and a strong password policy. These two items form the basic foundation of securing a network from most common hacking and unauthorized access to data.

Having a strong firewall and password policy is like having locks on your doors and windows, along with personal security to make sure that only authorized people enter your house.

In our next online payments post, we will discuss encryption and other ways to protect data. If you want to talk about online payment security in more detail, please contact us.

Thursday, March 21, 2013
Clint Nelms, COO

The rise of cyber liability insurance matches a growing trend in which targets with valuable information (e.g. financial institutions), combined with weak IT security, create rich opportunities for hackers. Since municipalities store sensitive information such as social security numbers and tax information for businesses, then they become obvious targets.

Not only are municipal data breaches embarrassing, but they are also expensive. Computerworld recently reported:

The costs of simply investigating and responding to these losses—not to mention the resulting lawsuits and regulatory fines—can be staggering. For instance, the Ponemon Institute estimates that response costs can be as high as $200 per compromised record. It is not difficult to understand how total costs for a wide breach can quickly escalate well into the millions of dollars.

A great article last year from Dark Reading outlined the top 10 security breaches of 2012, and it’s sad for us to see how many of these breaches were caused by preventable IT best practices. Many municipalities still lack basic IT infrastructure, policies, and training to prevent even amateur hacking attempts.

Last year, we produced a series of articles addressing data loss, website hacking, and virus attacks, but we want to address some other common issues that impact cyber liability. These best practices can help lower your risk, which then lowers your cyber liability insurance premiums.

  1. Educate and train employees about phishing. This may seem very non-technological and simple, but phishing led to 3.8 million Social Security numbers and 3.3 million bank account numbers stolen from the South Carolina Department of Revenue last year. Employees need to understand that clicking on links from suspicious emails opens up a city to high risk. Better yet, couple training with good antispam software to ensure that most phishing emails never even reach a person’s inbox.
  2. Eliminate as much physical storage and manual processes as possible. Risk increases when you need to physically handle data. Even the combined clout of IBM and Iron Mountain could not prevent a massive data breach last year when those vendors were transporting data backup tapes. If you know us well, you know that we sound like a broken record when we tell cities to stop using tape backup. Day-to-day manual handling of tapes introduces too much risk at every step (theft, loss, forgetting to back up data, etc.). And in this case, yes – you can get fired using IBM.
  3. Create a strong password policy, everywhere. Hackers most often exploit weak passwords, either through bad server configurations or poorly maintained web applications. Many hacking outfits will use something called a SQL injection to break through, like a burglar kicking down a door with a weak lock. That means you need to force users to have strong passwords, train users to never give out their passwords over the phone or through a suspicious web link, and to have everyone—IT staff and non-IT staff—change passwords often. (Read about password best practices in more detail.)
  4. Encrypt laptops and mobile devices. Too many major data breaches arise because of stolen laptops or other mobile devices. Encryption (which the South Carolina Department of Revenue is still putting in place to prevent another data breach) means that users must enter a password to access any information on the laptop. This is different than simply logging in to Windows or your routine desktop applications. Encryption is an extra layer that means if someone doesn’t know the password, the data is useless. If a person steals a laptop, for example, they could not even hack into the hard drive without the encryption password.

Cyber liability is understandably a hot topic for cities, since the stakes have never been higher. Hackers have become more sophisticated and aggressive, and small to medium-sized cities become juicy targets—precisely because they often lack basic IT security measures. While the above cyber security tips sound simple—and almost obvious—they are exactly what lead to most data breaches.

In future posts, we will look more closely at some non-technical policies and procedures (such as working from home and employee background checks) that provide a strong foundation for your technical cyber liability. To talk about cyber liability in more detail, contact us.

Tuesday, March 19, 2013
Nathan Eisner, Network Manager

Just when you thought you may have figured out data backup and disaster recovery for your city’s servers and workstations, along comes mobile. A January 2013 article from Computerworld UK (which also surveyed United States companies) showed that there are deep concerns about backing up mobile data.

Partly, that’s because mobile is still so relatively new and blurs the boundaries between business and personal data. But also, the lack of mobile data backup reflects the continuing failure to follow general data backup and disaster recovery best practices.

If you’re using smartphones, tablets, and other mobile devices at your city, here are some tips on backing up data for those devices.

  1. Put as much of your data in the cloud as possible. With cloud data, you minimize worries about backing up mobile—or any—data. If your email, documents, and even VoIP phone system is cloud-based, then the mobile device is just accessing that data over the Internet. If the phone is lost or destroyed, all of your data is still in the cloud. As long as your cloud data has appropriate security, then accessing the data with a mobile device follows standard protocol. With the cloud, there are no worries about having to store mobile-specific data.
  2. Back up city-issued mobile devices. The safest way to ensure the strictest and most efficient mobile data backup is to back up only city-issued mobile devices. While we have written about the “bring your own device” (BYOD) trends in organizations, we always recommend issuing city-specific mobile devices to employees. That means you can lock down these devices however you’d like. By contrast, you do not have complete access to an employee’s personal mobile device and you risk losing city data that you cannot back up.
  3. Tell employees about business and personal data boundaries. Even if you issue a city-owned device to employees, it’s tempting for them to use those devices for personal calls, emails, and media (such as photos or videos). But when you are backing up data on those devices, that means contact information, email, calendar information, and even text messages. If an employee does not want personal information exposed to public view or an open records request, then it’s best to keep that personal information on their personal (not city-owned) devices.

While we’re still adjusting to the mobile revolution, with new and more sophisticated devices coming out every day, the principles of data backup remain the same. We recommend taking your existing data backup and disaster recovery policy and extending those policies to mobile. If you have not developed an overall data backup and disaster recovery policy, then you can use mobile devices as a good excuse to create a plan today.

To discuss mobile data backup in more detail, please contact us.

Friday, March 15, 2013
John Miller, Network Infrastructure Manager

This year is the 20th anniversary of the initial release of the Portable Document Format, commonly known as the PDF. Along with Microsoft Word and Excel files, the PDF is probably one of the most commonly used file formats at cities and most other organizations. It caught on as a file format because it retained a consistent look and feel independent of whatever software someone used. That’s made the PDF handy for sharing and storing standardized documents.

When managing your documents, the use of PDFs can raise many questions. We’ve worked with cities that became “PDF happy” and turned anything and everything into PDFs, while others went in the opposite direction by clinging to Microsoft Word and PowerPoint documents without bothering much with PDFs.

To help find a good middle ground, here are some benefits and situations that suggest when PDFs can best help your document management.

  1. Use PDFs when you want an exact, official copy of an original document. Whether you scan the original document or simply want a locked down, official version that you don’t want edited any further, then publish it as a PDF. With a good scanner, it should become part of your routine to take official paper documents and scan them into your document management system as PDFs. Other editable documents (such as Microsoft Word files) should become PDFs after they are finalized.
  2. Use PDFs when you need a print-friendly document. PDFs follow the rules and formats of paper documents to a high degree. They are designed to parallel the high quality of a paper document. If internal employees need to print high quality documents or visitors to your website need printer-friendly forms and documents, then PDFs are the way to go. PDFs also work well for printed forms, which people can often fill out on their computer screen and then print out.
  3. Use PDFs when you want to easily secure your documents. The PDF has some of the best and easiest security features for any document format. You can password protect a PDF, electronically sign a final version of a document, and prevent people from printing, saving, or editing it. Just like a signed and notarized document represents its final, official version, PDFs provide plenty of security features to ensure that people cannot alter, edit, or manipulate an official document in your document management system.
  4. Use PDFs when you want to cut down on storage space. PDFs are very economical files, taking what were once large files and reducing their size considerably. You can merge multiple files into single PDF files to maximize your use of document management storage space. Opening large files (especially with slower Internet connections) can be a hassle for people, so converting and merging large files into PDFs can be helpful for both you and your users.
  5. Use PDFs when you want to store “more information” or “further details.” When people create content either for a website or an internal document management system, it’s tempting to share excessive details instead of sticking to a focused point. Use PDFs for when people need “more information,” such as citizens wanting to read full details about city policy or internal users wanting technical details behind an audit or analysis. That way, you don’t have to clutter up your content with every single detail imaginable. Store those “further details” in easy-to-create PDFs.

While PDFs have been around for 20 years, it’s sometimes still confusing when and how to use them. Considering our tips above, it’s good to consider that PDFs most often follow the traditional rules of paper-based documents, both in a legal sense and also in an accessibility sense. We see many document management systems where everything has been turned into a PDF, or websites where too much vital information is buried in PDFs. A mix of concise, public-facing information backed up by substantial details and official documents in PDFs is a balance you should strive for.

If you’d like to discuss PDFs and document management in more detail, please contact us.

Wednesday, March 13, 2013
Clint Nelms, COO

The state of Texas recently made a major shift by transitioning more than 100,000 workers to Microsoft’s cloud services. While this shift is occurring at the state level on a massive scale, many of the reasons why Texas chose to transition to the cloud applies to cities. Texas is not alone in realizing the benefits of the cloud.

As we’ve reported in past blog posts, the cloud is slowly becoming law and more mainstream by the steady adoption from federal, state, and local government. So why should smaller cities embrace the cloud? Mostly, it’s because of the merging between improved technology and higher-speed Internet connections. Together, these innovations have made the cloud a compelling option.

Here are five key reasons why the cloud may have a positive impact on your city.

  1. You will save money. The biggest impact is financial. If you’re not using cloud services, then you’re paying for servers, software licenses, and maintenance costs for all of that investment. The burden is on you to purchase hardware and software licenses with heavy upfront investment, and those investments are recurring and often inefficient. With cloud computing, you eliminate the servers and only pay (like a subscription model or utility) for what you need. All maintenance takes place remotely on the cloud vendor’s dime.
  2. You will have less hardware to manage. As mentioned above, you will save money managing less hardware. But those benefits extend even further to freeing up your IT staff to work on more important projects, freeing up building space when you don’t have to manage your own servers, and worrying about buying expensive new hardware every 3-5 years—or having to cling on to old, obsolete hardware when you haven’t budgeted the extra money to replace it. With the cloud, it’s like you’re using the most up-to-date hardware—but all unseen and remote.
  3. You will use only what you need. With the cloud, the scalability is powerful. If you have new users, you can add them with the click of a button. If you’ve dropped users, then those cloud subscriptions are eliminated—saving you money. Normally, you would buy hardware and expensive software licenses for a set amount of users. You pay for those licenses, even if users are not using the software or if you lost users due to staff retiring or finding employment elsewhere. The cloud allows you to use only what you need, making your investment extremely efficient.
  4. Your data is backed up remotely by the best cloud vendors. When you are responsible for your own data backup and disaster recovery, significant risk comes into play. Many cities still back up data manually, which happens irregularly and without much rigorous process. If cities do back up data remotely, they often don’t test and audit their backups. Cloud vendors at the level of Microsoft, Amazon, and Google apply the best data backup and disaster recovery standards to their services. If you lose data or a disaster occurs, all you need is an Internet connection and you’ve got your data backed up in the cloud.
  5. Your data is secured by the best cloud vendors. To stay in business, cloud providers must provide the highest level of security to meet compliance standards and a variety of regulatory requirements across industries. To stay competitive, cloud providers also exceed those security standards. Security was the leading reason why the State of Texas decided to choose Microsoft’s cloud services. Everything from the technology standards to preventative measures against hacking to hiring standards for IT employees tends to reach a higher bar than most cities can do on their own.

When it comes to finally considering cloud options and making a decision, it can still seem like a leap to see your data go...elsewhere. There is still something psychologically reassuring about seeing your servers and knowing your data rests inside those machines. But the reality is that your data is often safer, more secure, and better backed up in the cloud. And most importantly, you must consider the cloud when both quality increases and cost of investment goes down. After all, that’s the ideal business case.

To discuss the cloud in more detail, please contact us.

Friday, March 8, 2013
Dave Mims, CEO

Nearly all businesses must eventually use your city’s website to answer a question about taxes, licenses, or other information. Is that experience a positive one for businesses? Or a negative one?

Many cities believe they provide the right information to businesses by featuring bare bones yet useful information—forms, documents, and links. But that alone might not accommodate the basic needs of businesses.

If you really want to offer both essential and also reassuring information to build positive relationships with the businesses in your community, consider building up the following areas of your website with plenty of user-friendly content.

  1. Welcome businesses with guides and information. A friendly welcome is strangely overlooked by many cities. Don’t bury it on your site. Within one click, a business should be able to see a welcome from the mayor, elected officials, or city manager. Thank the business for being a part of your community and share the excitement you feel for your city. Offer quick links to guides, how-to’s, and policies that businesses should be aware of.
  2. Provide easy-to-find information about taxes and licenses. To be realistic, this will be the primary reason a business will visit your website. So make the experience smooth and seamless. Provide easy ways for businesses to log on, find any necessary taxes or licenses, and pay online. Don’t make taxes and licenses a hassle. Otherwise, word will spread that your city is business-unfriendly, and businesses may be less likely to locate there.
  3. Offer online access to forms, documents, and resources. You don’t want businesses calling City Hall asking where to find important forms and documents. Make information about permits, utilities, zoning, public safety, and local chambers of commerce readily available on the website. Be helpful by offering links to county, state, and federal resources if businesses frequently ask for this information.
  4. Share impactful city news and events. This may seem obvious, but many cities often don’t share stories that may have an impact on businesses. Instead, businesses will find out about city news through the filter of local media or word-of-mouth, which can make the city look defensive and reactive. Share any important news—positive or negative—through press releases and news announcements. If local or national media write up positive stories about businesses in your area, share those too.
  5. Have a strong economic development section of your website. Show that your city is vital and business-friendly by highlighting local stories, relationships, and pro-business city council activity. Applaud long-lasting businesses in your community, celebrate significant anniversaries and milestones with them, and go into detail about long-term projects and investments that will have a positive impact on businesses. Businesses are extremely sensitive to this kind of data. Cities that actively trumpet their economic development attract more businesses.

If you lack content or presence in any of these areas, know that it does take some concerted effort to plan out what you want to say. Often, the exercise of deciding how you want to position your city to a business audience will force you to think about your city’s strengths, weaknesses, and areas to best highlight. There are often many positive business stories happening in your community. But if your website does not talk about them, for many businesses it’s like that good news doesn’t even exist.

Interested in talking more about business-friendly websites? Contact us.

Wednesday, March 6, 2013
Nathan Eisner, Network Manager

One of the areas where cities often challenge our recommendations is hardware replacement. Over the years, we’ve seen many cities keep servers and workstations long past the time those machines should be replaced. Understandably, servers and computers are viewed as such expensive investments that many city managers and finance officers want to see them used up for all they’re worth.

However, rather than maximizing your investment, aging hardware is actually negatively impacting your bottom line. That’s why we urge cities to follow a hardware replacement lifecycle and plan for the replacement of servers, desktops, laptops, and other IT hardware. But we’re still often asked, “Why do you need to replace a computer after only 3-5 years?”

Here’s why.

  1. Natural wear and tear. Servers and computers take a beating. Unlike even cars or air conditioning units, IT hardware usually runs non-stop, all of the time. And just consider your own desktop or laptop. How much work do you perform on it? How much software do you download onto it? How many videos do you watch? How many web conferencing meetings do you attend? The list goes on. Plus, think about the wear and tear from carrying around a laptop constantly, banging on the keyboard every day, or letting it sit around in a typical volatile work environment. From this natural wear and tear, your hardware weakens over a period of years, slowing down and then ultimately failing.
  2. Intensified software and program demands. Even if you take pristine care of a server, workstation, or mobile device, it will still eventually slow down and become unbearable to use in only a few years. Why? It’s not the machine. It’s new software, more sophisticated websites, and higher end videos and graphics. These technology evolutions are gradual, and once a new norm is established 3-5 years after you bought your hardware, you’ll notice your machines seem to become slow, creaky, and useless. Times change, and your hardware can’t (and won’t) change fast enough.
  3. Support and warranties disappear. If you use Microsoft XP, mainstream support ended almost four years ago. Microsoft Vista’s mainstream support ended last year. Microsoft operating systems are just one example of how disappearing support is a clear sign of aging hardware. If your current servers and workstations cannot handle modern operating systems, new accounting systems, or even current Internet browsing, you are losing productivity and lowering employee morale. If you have more sophisticated hardware, you’ll begin to notice after many years that warranties expire and replacement parts are no longer made by the manufacturer.
  4. Storage and memory limits. For both servers and workstations, another sign of aging hardware is reaching limits to your storage or memory. Buying additional storage or external hard drives as a stopgap is just putting your hardware on life support. You need more modern, robust hardware that accommodates your current storage and memory needs. Otherwise, your hardware begins to slow, your work is constantly interrupted by “creative” uses of storage and memory swapping, and your machine eventually is unable to handle your workload.
  5. Basic graphics don’t work properly. Photo albums, videos, interactive maps, GIS software, and other graphic-heavy uses of your hardware become more and more difficult on aging hardware. Similar to the evolution of software and the Internet, the norm for graphics keeps improving over time. Instead of low-definition four-minute videos, we now have high-definition 1 hour videos. Instead of early map applications like Mapquest, there is now the sophistication of a Google Maps. City software—especially for public safety, GIS applications, and citizen services like City Council live videos—requires that modern graphics work, and work well. Aging hardware cripples your use of videos, Internet applications, and graphic-heavy software.

If your hardware is showing some or all of these signs, it’s time to think about replacing it. But re-envision how you justify the cost. You’re not just buying really expensive hardware and hoping to get as much life out of it as possible. Instead, you’re investing in a 3-5 year asset, and you need to plan and budget for replacing this hardware.

If you’d like to talk about hardware in more detail, please contact us.

Thursday, February 28, 2013
John Miller, Network Infrastructure Manager

A traditional phone system might seem as tried and true as, well, a city. However, you might also have noticed people have become less attached to landline phone systems, especially when you consider the mobile and smartphone revolution. Part of the phone technology revolution includes VoIP—or Voice over Internet protocol.

VoIP works just like your traditional phone system, but through the Internet. In the early 2000s, VoIP was considered an interesting yet second class citizen compared to the traditional phone system. But now that high-speed Internet access has become more prevalent and VoIP technology has improved, VoIP is often a better choice now than a landline phone system.

Not convinced? In our work with cities, we’ve often surprised them when a landline to VoIP transition introduces higher quality calls, service, and features. Here’s what we tell cities when they are considering the switch.

  1. You may still need landline systems for particular departments. First, understand that VoIP is not a fit for every single phone line into your city. You may want to keep providing traditional landline phone systems for sensitive departments such as public safety or 911—either as a primary system or as a redundant backup. For example, in a bad thunderstorm the city may lose power, which causes your VoIP phone system to go offline. In that situation, it helps if calls coming into the city are routed through a traditional landline phone system that stays up even with a loss of power.
  2. Your costs immediately go down. Quite simply, VoIP is cheaper than traditional phone systems. The old telecom companies have invested a lot of money in phone system infrastructure. That equipment’s sole purpose is to provide phone services, and it’s expensive. Instead, VoIP rides upon existing high-speed Internet connections, so the infrastructure overhead is not as high. Cities that want to slash their budget often experience a significant savings when switching to VoIP.
  3. You are no longer tied to a monopoly. Do you like dealing with the one giant company that provides landline phone services in your city? Do you like being helpless when they decide to raise rates or charge more for services? In contrast, there are lots of VoIP providers all competing for your business. That provides you more options and also helps lower costs. Unlike monopolistic phone companies, VoIP providers are also not geographically tied to your area.
  4. Access your phone service like you access your Internet—everywhere. Just like a phone provider is tied to your geographical area, your landline is tied to a specific physical location. When you switch to VoIP, you can access your phone system from anywhere, just like you would access any Internet applications remotely. Your VoIP or IT vendor can often help you set up easy-to-use remote access via your mobile phone, using an app that allows you to use your office phone line remotely.
  5. Utilize included features, not paid features. While traditional phone lines certainly have a lot of features, you have to pay for them. In fact, that’s how phone companies make a lot of their money. The way VoIP developed, those kinds of services are not a big deal and are very easy to build into an Internet-based phone system. Long distance becomes meaningless. Voicemail, caller ID, 3-way calling, call waiting, and any other standard phone features are a given. And with VoIP, you even get extra features such as voicemails that can be played as sound files in your email inbox, conferencing features that usually would require conferencing software, and even video chatting features. All included.

While the traditional phone line might still seem to have some advantages (and in some cases remains necessary when certain departments need to be accessible when power goes out), those advantages do not add up as a business case in light of the momentous benefits of VoIP. With cities looking for any place to cut their budget, considering VoIP for the bulk of your phone lines is a great way to both cut costs and also increase the quality and service of your phone system. Cities that have switched to VoIP rarely go back to a traditional phone line.

If you want to discuss in more detail, give us a call. We’ll be using our VoIP system!

Tuesday, February 26, 2013
Dave Mims, CEO

When setting up your city’s online payment system, your payment processing needs to meet certain standards. All online payment vendors are not created equal, and you don’t want to be caught with a major security flaw or the inability to accept payments from your citizens. Whether you know it or not, your online payment system will be judged against the experiences your citizens have every day with services ranging from Amazon to Netflix.

If you fear that equaling the standard payment processing features of such companies is expensive and out of reach, you can breathe a sigh of relief. Most basic yet essential online payment processing features are available in widely used, cost-effective vendors. While many features exist in modern online payment services, we’ve distilled the five most important aspects you need to look for when considering the processing piece of online payments.

  1. Accept payments from electronic checks and major credit cards. For major credit cards, Visa and Mastercard are the bare minimum. Including American Express and Discover will pretty much cover everyone. In addition, there needs to be an easy, secure way for people to pay with electronic checks. A good online payment vendor not only provides this level of payment coverage but also serves as both the merchant account (accepting payments on your behalf) and the payment gateway (sending payments to banks or credit card companies).
  2. Set up ongoing, recurring payments. For convenience, citizens should be able to set up ongoing, recurring payments. For example, most people have the expectation of paying bills monthly. Setting up automatic monthly payments makes it convenient for citizens and great for cities. People are less likely to forget paying when it happens automatically, and that means more money, paid on time, for cities. Good online payment vendors should include this feature, and the setup should not be overly complicated or cumbersome.
  3. Secure sensitive payment information. That means your online payment vendor needs to demonstrate how they are securing, encrypting, and protecting your payment data when citizens submit it online. Security involves everything from how the network is set up and configured to business policies like which members of your city staff have access to payment data. Be especially aware of the Payment Card Industry Data Security Standard, known better by its abbreviation PCI DSS. If you are accepting online payments, you need to be PCI DSS compliant. If you have the right vendor, they will be compliant and pass this test annually.
  4. Protect yourself against fraudulent transactions. Notice we said “yourself.” When someone commits a fraudulent transaction at your city, the citizen will not be liable, the credit card company will not be liable, and the bank will not be liable. You will. Having weak user authentication, weak credit card payment data requirements, or weak website security will open you up to the risk of being penalized for fraud. Simple things such as making sure your website contains identify verification and encryption to asking for a credit card’s Card Security Code can help protect you and your citizens against fraud.
  5. Tie reporting into your accounting system. Online payment processing data is important for your financial records, and you need to have a vendor that can integrate the online payment data with your accounting system. This helps you keep track of revenue coming in, revenue yet to be collected, and delinquent payments. Integrating helps you create better reports, since you’re not having to manage two different systems and try to reconcile one set of data with another. A good online payment vendor should be able to provide this service to you.

With these five online payment processing basics secured, you will have no problem providing these services to citizens. Leverage your online payment vendor for some of the most important industry standards such as providing merchant account and payment gateway services or making sure you’re PCI DSS compliant. Online payments grow more complex as time goes on, and you don’t want to risk a major security lapse or lawsuit by trying to do it all yourself.

To talk more about online payments, please contact us.

Friday, February 22, 2013
Clint Nelms, COO

Through our work with cities over the years, we’ve often encountered accounting systems and have had to help support them, interface with them, and grow accustomed to them. These experiences have also offered us opportunities to compare systems between different cities, understand which ones work better than others, and what successful ingredients are needed to make an accounting system work on a technical level.

While we do not sell accounting systems, this subject does get brought up enough times that it affects the way we approach our technology implementations and services. City accounting systems, like any technology, usually suffer from aging hardware and software, poor setup, or just being a wrong fit. Here are some things to watch for from a technical point of view when you’re evaluating your current accounting system or looking at new options.

  1. How long does your reporting take? If it takes many days or even weeks to produce a report, you may have an inadequate accounting system. Old accounting systems and software tend to not process information rapidly or well. With accounting demands always growing more complex, you may not want to be in a position to spend an eternity creating a report when more modern systems can produce your required data in minutes or seconds.
  2. How much manual work do you need to do? Do you have to create Excel spreadsheets and import data into your system? Do you punch in too much data manually, and repetitively? If data entry is eating up loads and loads of city staff time, you are most likely using an inefficient accounting system or software. Modern accounting systems help automate a lot of data entry, and all data should be easily tracked and managed inside the system without having to use Excel or manually import data.
  3. Is your data high quality and usable? Data trapped in old accounting systems tends to be poorly entered and maintained, which means when you need it, it’s not there. Largely, this can also be a business process issue. The way you collect, update, and maintain your data is your responsibility. But that responsibility is not helped when you have a poor accounting system that does not give you great capabilities to update and store your financial data.
  4. Does your data connect well with other systems? It’s not unusual when your accounting system needs to connect with other software or databases within your city. Over time, bad accounting systems tend to be siloed or (worse) jerry-rigged to connect with various databases, leading to a huge mess if you need to pull a report or get audited. Modern accounting systems usually offer flexibility in integrating with common city systems (such as online payment systems).
  5. Is your accounting data backed up? This aspect is often overlooked, for example, if you use a very old accounting system that sits on its own server separate from your network. If your accounting system server fails, how long will it take until you are back up and running? If a disaster hits, what is your recovery plan? Even more so than other software, your accounting system contains some of the city’s most important data. You need a robust data backup plan in place that’s tested and audited in order to ensure that your accounting system runs continually despite any technology failures or disasters.
  6. How effective is your support agreement? If you’re currently using an accounting software vendor, are you knowledgeable about what your support agreement covers? Keeping up with the details of your accounting software support agreement is essential for making sure that your vendor is addressing any technical issues in a timely fashion.
  7. Are you running the latest version of the accounting software? We are surprised to find cities often using outdated versions of accounting software when there are current upgrades available. Many times, cities have their hands tied because the cost to upgrade is too expensive. If accounting software vendors release new versions frequently, that can be a bigger problem. Some vendors even require cities to buy new hardware with software upgrades. Modern accounting software should provide cloud or hosted versions to keep upgrade costs low and prevent the need to constantly buy new hardware.

While these concerns only scratch the surface of the technical depth behind accounting systems, hopefully these questions start you thinking about the state of your accounting system. Since accounting systems are such an important part of an overall IT environment, it’s always helpful for us to urge cities to consider upgrading their system if their current one seems to be inhibiting the way a city reports and collects financial data.

To talk about city accounting systems in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |