We put the IT in city®

CitySmart Blog

Tuesday, January 14, 2014
Dave Mims, CEO

When most people want to avoid computer viruses, the common wisdom says to focus on your antivirus software. Of course, that’s a sensible strategy since the purpose of antivirus software is to stop viruses from ever infecting your computer. This report from KUTV in Salt Lake City, Utah is typical of the kind of advice that’s usually dispensed in lieu of a particularly nasty virus attack.

Only at the tail end of this report, buried underneath advice about antivirus software and even paying a ransom to criminals in order to get a businessperson’s data back, do we hear about data backup. Even more than antivirus software, data backup is actually your best antivirus protection.

Even Microsoft said in a recent post that “the most important tool for dealing with ransomware is to make sure computers are backed up.” Why? Let’s look at the reasons.

  1. Even the best antivirus software doesn’t catch every virus. New viruses are created by people every day, and it’s difficult for even the best antivirus software to keep up with every single one. If you only depend on antivirus software, some viruses may slip through if they are very new (which are usually the most damaging when they break out) or written by professional criminals to bypass the software. No antivirus software will protect you 100%.
  2. Employee error is still the source of many virus outbreaks. No matter how good your antivirus software, you may still get a virus if an employee clicks on a malicious website or email attachment. While sometimes your antivirus software might step in to prevent a virus from activating, it’s much harder to prevent a virus if an employee takes a completely voluntary action (such as opening a file). This is why phishing is such a popular scam because it tries to get a person to take an action that bypasses antivirus software.
  3. A virus can encrypt, corrupt, or destroy your data. Once a virus is activated, any number of things that happen to your data. A recent ransomware virus encrypts your files and threatens you to pay a ransom. Other viruses corrupt, damage, and even destroy your data. An antivirus program might be able to get rid of a virus once it infects your computer, but it won’t be able to get your data back.
  4. Your entire computer might need to be wiped clean or decommissioned. In more serious cases, we’ve occasionally had to completely wipe a computer clean of data or decommission it in order to ensure that a particularly nasty virus is gone. When that happens, your data is gone forever if it’s not backed up. Ask yourself if you’re prepared to recover your data in case of this scenario, just as in a worst-case disaster recovery situation.
  5. Online storage often just syncs, rather than backs up, data. If you’re relying on cloud-based storage software, be careful if it syncs your data across a variety of different access points. For example, if a ransomware virus encrypts your files in one place, it will encrypt them in every place if you sync your files. You need a separate data backup solution in place to make sure that you are backing up files in a completely different location than how you normally access your files. That way, if a ransomware virus encrypts your files, you can rest assured that your files are okay in another location.

Data backup is a more fundamental and important way to prevent the effects of a virus outbreak than even antivirus software. We recommend making sure you have a data backup and disaster recovery solution in place, combined with an enterprise antivirus solution that is managed by IT professionals.

And even though the businessperson in the TV clip paid the criminals that held his data hostage, we recommend to never pay a ransom! These are criminals. It is not guaranteed that you will get your data back, and they may also use your credit card information to commit identity theft. With data backup in place, you won’t even be tempted to pay a criminal for your information.

To talk about data backup and antivirus software in more detail, please contact us.

Thursday, January 9, 2014
John Miller, Senior Consultant

We get a lot of questions about the possibility of switching to free or low-cost productivity software. The argument usually goes like this: We don’t use all of the features in our current productivity software and the licenses are expensive. Therefore, can we use the free software that most of us use at home?

On the surface, free or low-cost productivity software seems to do the same things that your more expensive software does. Plus, compatibility usually isn’t too much of an issue since it’s easier than ever to convert document types.

But like any business decision, there are a lot of factors to weigh about considering what productivity software you use. It may seem like all tools do the same thing, but you’ll hit walls or levels of frustration that affect your employees if you take a cost-cutting shortcut without proper analysis. Here are some questions to ask if you’re considering reevaluating your current productivity software suite.

  1. What productivity tools do you use most on a daily basis? Different cities may have different needs depending on complexity, departmental demands, and levels of presentation needed. How in-depth do you use word processing? When you give presentations, do you need standardized or complex features? When assembling spreadsheets, how complex do your formulas and data analyses need to be? Smaller cities may have less complex needs while cities with more departments or data-heavy demands may need more complex software.
  2. Do you need desktop versions of the software? Cloud-based productivity software is sometimes only accessible through the Internet. If that scenario does not work at your city, you’ll need to look at options that include offline access to documents and files. It’s a fair request that you might want employees to access and work on files and documents if there isn’t access to the Internet, either due to an Internet outage or lack of Internet access in public places.
  3. What is a reasonable cost per user? As you assess how specific features and benefits map to your city’s needs, weigh those features and benefits against the cost per user. Some productivity software suites are one-size-fits-all, which may be less or more than you need. Other suites seem to offer almost too many options but show flexibility and scalability. For example, you don’t want a 300 user plan if you have 25 users, so look for a plan that matches your size and needs. And also consider what else you get with the suite that may justify the price (such as email, video conferencing, instant messaging, etc.).
  4. Does the software’s privacy policies meet the requirements of your city? Free or low-cost productivity software may also be accompanied with minimal privacy policies such as the vendor sharing user information to third parties or using algorithms based on your email content to generate ads. When looking at productivity software options, make sure you understand what the vendor does with your data. Is their privacy policy vague? Do they appear to have policies built around the needs of businesses and government?
  5. How much storage do you get? While 15 GB might seem like a lot of storage space for an individual user, it won’t be enough for a city. Each city’s storage needs will be different for cloud productivity software. How many files do you currently have? How many files do you plan to generate each month, quarter, or year? Depending on your storage needs, you can plan ahead and take this information into account when looking at options. And definitely compare different options. Storage is cheap today, but that doesn’t mean some vendors might be more stingy with storage space than others or charge you too much for excessive storage space.

By asking the questions above, you’ll be well on your way to understanding your productivity software needs. If you’re lucky and do your due diligence, you might find some substantial cost savings in going from expensive capital expenses and software licenses to an operational expense cloud subscription model with cheaper storage space. But before you simply switch, tempted by cost reductions, make sure you have the right productivity software suite for you.

To talk about productivity software in more detail, please contact us.

Tuesday, January 7, 2014
Brian Ocfemia, Technical Account Manager

In no way do we dismiss the fact that cloud software has security risks, despite the significant advances made in this area. It’s well known that vendors have been able to reassure major local and state government entities that security is robust enough to take care of high-level needs. The state of Texas is a popular example, but a recent article by BWWGeeksWorld shows plenty of examples of state and local government entities using the cloud for sensitive departments such as public safety.

But when research, surveys, and our own industry experience and observations look deeper into concerns about cloud security, the root problems are often much deeper than questions about cloud software encryption or how a vendor stores data in the cloud. As competition and IT maturity improve the security behind most cloud software, we find that alleviating those worries doesn’t even compare with the threat of existing security problems at cities.

Let’s take a closer look at what we should really worry about.

  1. Despite concern, IT leaders underinvest in IT security. It’s easy to pick on a new technology and ask harsh security questions. Find one little flaw, and you’re ready to discard the whole thing. But discard it for what? In a recent article for Readwrite, author Matt Asay refers to a 2013 Society of Information Management IT trends study when he says, “IT security ranks as the second-highest priority for IT leaders, yet is the 14th largest IT investment.” Chances are, if IT leaders at large companies are underinvesting in their IT security, you are too. What we find is that it’s easier to show concern and worry about imaginary security problems from new software rather than directly addressing current security problems. Worry about security needs to be matched with dollars and action.
  2. Lack of underlying IT management creates permissions and access problems. Many security problems stem from poor IT management. That includes processes and monitoring of who has permission to access specific data, information, documents, and files. You can have the best built-in security features in a piece of software, but if the wrong people are allowed to access it or the access points are weak (such as from weak or no passwords), then that extra security won’t do a bit of good. In a blog post for Information Security Magazine, author T.K. Keanini says, “Security teams need to know what applications, data and workloads are moving into cloud environments, where that data resides at any particular time, who is accessing that data and from where.”
  3. Cities often don’t create a non-technical security policy. Many technology-related security failures stem from non-technical human errors. While every human-related security breach cannot be prevented, cities can help establish a good foundation by outlining an acceptable use policy, providing training on how to deal with common security breaches (such as falling for spam or phishing attacks), clarifying internal procedures (so that people aren’t tricked into giving away passwords to a third party), and describing how your security policies will be enforced.
  4. Cities already take huge security risks in the name of cost and expediency. We see many cities use free email service providers, employees downloading random productivity software onto individual computers, and unmanaged software sitting on computers across the organization. And there are other risks. In an article for PandoDaily, author Rick Spickelmier says, “Of the 404 breaches and 9.1 million records lost so far in 2013, 272 or roughly two thirds involved lost, stolen or discarded devices (computers) and paper records, insiders, payment fraud and unintended disclosures.” Cloud security risks are extremely minimal compared to security breaches stemming from poor hardware and software asset management or an overreliance on paper documents. Spickelmier goes on to say, “If employees stored more information in the cloud and less on computers, laptops and vulnerable company servers, many of these leaks would not have been possible.”
  5. Clinging to legacy systems increases security risks. As a reaction against the cloud, we sometimes see cities worried about security yet sticking to their aging legacy hardware and software. However, aging legacy software is unfortunately full of security holes. It’s often not officially supported anymore, meaning a lack of security patches and upgrades. Few people have the technical expertise to maintain it, and even if it’s well-maintained, it will lack modern security features. (Remember, hackers always grow more sophisticated, and software has to keep pace.)

Again, these observations aren’t meant to ignore or obfuscate any concerns about cloud software security. Our point is that cloud software security has matured so that many older concerns are lessened by how vendors build in essential aspects such as encryption, run the software at rigorously maintained data centers, and comply with many stringent requirements that accommodate everything from the federal government to healthcare. Stacking that progress up against some of the security gaps often found at cities, we argue that any cloud security conversations need to be reframed. How does cloud software security compare with your current security investments, policies, and procedures? Answer that question, and you’re on your way to understanding how cloud software can improve upon your current security.

To talk more about cloud security, please contact us.

Friday, January 3, 2014
Clint Nelms, COO

If it seems like we’ve been writing about the benefits of cloud software and technology a lot, it’s because this technology has a far-reaching effect into so many important areas that impact cities. And no area could be more important than keeping city operations running in case of a disaster.

In a recent article from InformationWeek Government, the author talks about how the General Services Administration (GSA) experienced disaster in the form of Hurricane Sandy. A few years ago, lost power and flooding would have meant destroyed email servers. But with its email in the cloud, GSA employees worked remotely from home and coffee shops until they could return to their offices.

More importantly, services kept running despite near total disaster at GSA offices. While it’s fun to talk about how the cloud reduces costs and gives your workforce more remote access to city information, its true power shines in a disaster. Here are a few ways that happens.

  1. No information is lost. With offsite data backup stored in the cloud, your data is protected even during the worst disasters. For example, Hurricane Sandy threatened an entire section of the Eastern United States across several states. “Offsite” data backup in a building a few blocks from a city or even in the same state may not be good enough in such a disaster. With the cloud, your data is stored in geographically dispersed data centers across the country (and sometimes across the world). No matter the disaster, your data is safe.
  2. You can access your information with power and Internet access. In the case of GSA, while there may have been loss of power at its offices, power and Internet access was not gone everywhere. If employees could go to an area where there was power and Internet access, they could access information such as email. Cloud software potentially covers more than just email, so that access may also include your desktop, documents, and critical software (e.g. accounting). If you can access your information, you are able to keep operations going.
  3. Any device can access the information. While similar to the second point above, it’s worth mentioning that cloud software specifically makes it easy for any device to access the software. Just a few short years ago, remote access may have entailed inferior access to information, complicated VPN connections, and limitations based on servers and software. With cloud software, any device becomes an access point. If employees’ work desktops or laptops are damaged, they can use personal workstations and mobile devices to access city information.
  4. The city can stay connected to citizens. Let’s assume your website is hosted in the cloud (rather than threatened by disaster from only being hosted onsite or in a nearby data center). That means your website never goes down. If citizens are able to access your website (or even social media such as Twitter), then you can communicate the latest emergency updates and information. Cities can either shine or fail spectacularly in a disaster, and it’s a time when citizens will most need you. Keeping communication channels open through cloud hosted websites and using social media can help you stay connected.
  5. If you can work, then you can provide services. As long as city employees can communicate with each other, plan, strategize, and act, then the city is not shut down. Sure, you may face physical challenges such as destroyed equipment, blocked roads, or limited access to critical facilities. But a city is truly down when the people are out of operation. Cloud software helps city leaders, managers, and employees provide as many services as possible, keeping city operations running, and helping citizens with specific needs. The faster city employees can regroup and collaborate, the faster the city is operating at full capacity again.

When you think about your disaster recovery and business continuity plans, be sure to consider cloud software if you haven’t invested in it already. As you can see, the benefits in a disaster are invaluable—from making sure your data isn’t lost to being able to serve citizens despite significant damage to buildings and resources.

To talk about disaster recovery in more detail, please contact us.

Thursday, January 2, 2014
Alicia Klemola, Account Manager

In our many blog posts about the cloud, we usually cover core essential software such as operating systems, data backup, and email. But the cloud applies to many other often unexpected areas of operations and business productivity.

A great article on the American Express Open Forum blog explains nine unique ways to use the cloud, including even areas such as language translation. However, we’d like to elaborate upon two of the items that this article mentions: phone systems and remote support. Since these two areas impact cities heavily, we want to share our thoughts on why you should consider the cloud even for these services.

Cloud Phone

If you dislike the complicated phrase “Voice over Internet protocol” (or “VoIP”), you can now think of it as “cloud phone.” With voice data transmitted over the Internet, cloud software can now manage the software that takes care of your phone needs. The combination of high-speed Internet and the ability to host telephony software in the cloud creates an opportunity for Internet phone service to match (and sometimes even exceed) the quality of landline phone systems.

While landline phone systems are still a sturdy service, a recent blog post from National Public Radio points out that less and less people are using them. (It’s currently 71% for a service that used to be almost 100%). Plus, the infrastructure is aging and decaying, with less and less people available with the knowledge to repair it. You may still need landline phone systems for particular departments or as redundancy for important services like 911, but considering cloud phone is a good bet considering the bleak future of landline phone infrastructure.

The good news that we’ve seen when helping cities shift to VoIP is that:

  • Cities lower their costs. Since traditional phone companies often have monopolies in specific areas and need money to maintain expensive infrastructure, they pass those costs on to you. Cloud phone systems are not regionally specific, offer more competition, and bundle more services with an overall lower cost. Plus, the infrastructure is simply the Internet and some software.
  • Employees can access the city’s phone system from anywhere. Just like how an employee would access email or documents remotely, it’s easy to use the city’s phone system at home. You can even install an app on mobile phones that allows employees to make calls using the city’s VoIP system.

While there are still a few disadvantages to cloud phone software, those disadvantages are mostly related to lack of high-speed Internet access, the quality of a city’s network infrastructure, and the level of IT support you have on hand. As long as you have high-speed Internet access and quality IT support, then you should seriously consider hosting your phone system in the cloud.

Cloud IT Support

One of the great things about core cloud software such as operating systems, email, and document management is that these systems can be supported remotely, no matter where your employees are or what device they use. With older software, the back end was not built for easy-to-use remote support, if at all. You may use some older software that can only be supported onsite or through a difficult VPN connection where your employee has to allow access to their computer.

New software is built for the cloud and unshackles itself from adhering to a specific device. For example, let’s say your employee logs in through the cloud to their desktop at work. That means their entire work platform is just a piece of software accessed through the Internet. If there is a problem, your IT support would have access to that particular piece of cloud software without having to touch or enter that employee’s desktop, laptop, or mobile device. The same logic applies to IT support problems with email, document management systems, or other cloud-based software.

So, if your employee is at work, at home, on the road, or simply accessing their software through a tablet or smartphone, IT support will be able to solve most issues remotely. By making support management easier for your IT staff or vendor, cloud software allows your employees to benefit from getting problems resolved without having to go into the office or giving an IT person access to their entire personal device.

And the Ideas Keep Coming

These are just two ideas that the American Express post offered up. After reading the rest of the article, we would think that cities could also ask questions such as:

  • Is it time to really explore video, since the bandwidth and hosting can be done cheaply through the cloud?
  • Are there ways to use cloud software to create a better process for announcing, submitting, and managing RFPs?
  • Are there ways for remote employees (like public safety or public works employees) to use cloud software to submit reports while in the field through mobile devices?

The cloud introduces new opportunities and possibilities for all kinds of operational and productivity improvements. To talk more about these possibilities, please contact us.

Thursday, December 19, 2013
Nathan Eisner, CMO

It’s tempting to think that the cost of hardware is simply the purchase of a machine. Maybe you also include the cost of the software on the server or workstation. But the full cost of hardware includes many aspects that cities and other organizations often fail to track—leading to inaccurate perceptions about how much the hardware actually costs.

Since cloud software often eliminates a lot of hardware, it’s helpful to reveal in more detail how much onsite hardware actually costs. Let’s look at how we break down hardware costs when looking at what’s called Total Cost of Ownership. We’ll assume we’ve already accounted for the actual purchase price of the hardware and software.

  1. Research time. Shopping for hardware isn’t like shopping for office equipment or supplies. Servers, workstations, and network hardware are complicated and specialized. You need the right machine that fits the needs of your city. Your IT staff or vendor will take time to interview city staff about their needs, narrow down a list of machines that fit those specifications, and shop for the machine that is the best cost and highest quality. That takes time. Even if you skip the research phase, you’ll pay for it later with machines that are either too expensive or that don’t meet your needs.
  2. Installation costs. With hardware, you’ll need IT staff or a vendor to help you set it up, install any needed software or components, and get it up and running. Setup for computers usually can be done relatively quickly, but servers and more complicated workstations will require longer installation setup times. With servers, an IT professional may also need to integrate the new hardware with existing data and software applications.
  3. Licenses and warranties. Purchasing software to run on hardware is expensive, especially when you own and maintain the hardware yourself. You will likely also pay for warranties that—like insurance—will cover support and other costs if problems arise. And if you don’t have an IT professional keeping an eye on licenses and warranties, then you could be letting your hardware costs get out of control.
  4. Data migration. Even when a person gets a computer, there is time spent making sure that data is migrated correctly from their old computer to the new computer. That takes time, both out of a user’s day and for your IT staff or vendor. For servers, the process is much longer and more complicated. If not done correctly, there is a risk of data loss and wasted time, so this is an area that certainly requires time and money to do it right.
  5. Risk mitigation (or lack thereof). As part of monitoring and maintaining hardware, you need to invest time and money mitigating any risks associated with that hardware. That means 24/7 monitoring software, IT professionals working to help monitor and maintain the hardware, antivirus and antispam software, ongoing support (both through your IT support staff and the hardware vendor), software updates, patch management, information security, and asset management. Not doing these things introduces hidden costs by risking your hardware to attacks from cybercriminals or exposing your hardware to failure through negligence.

It’s usually by neglecting one or more of these areas that unexpectedly leads to a surge in high IT costs when cities experience hardware issues or failure. The total cost of ownership for hardware covers a lot of areas. Some of those areas can be lessened in cost from eliminating as much hardware as you can and moving to cloud software. But if you still need hardware onsite, then looking at the costs as more than just purchasing the hardware will be helpful for your budgeting and purchasing processes.

If you want to talk about hardware in more detail, please contact us.

Thursday, December 12, 2013
John Miller, Senior Consultant

A recent study from Stanford University quoted in a PCWorld article pointed out that teleworking is actually more productive than working in an office. While there are still logistical, social, and operational reasons why people need to show up at the office, the myth that teleworking is less productive than working in an office has been debunked yet again.

Cities may still balk at letting employees telework, not so much from trust but more about concerns with technology. If the technology isn’t there to support teleworking, then people will have to come into the office whether they like it or not.

When you boil down the elements of a day at the office, it’s really the ability to meet, call, work, access information, and store information. If you can do those things from home or a remote location, you can telework. Here, we provide a technology checklist of these essential work functions to see if you’re equipped to telework.

  1. Meet. Obviously, the key element of work that’s missed from home is meeting face-to-face. But collaboration and meeting software has improved so dramatically over the past few years that it’s easy to hold many meetings from home. You may want to still hold important strategic meetings face-to-face, but many less important meetings can be held through conference call software and video chat meeting tools. Your city should agree upon one or two primary collaboration software tools so that people can meet remotely.
  2. Call. Your teleworking employees should have a smartphone to not only take phone calls but also check email and access documents on the go. While we may not like work to follow us around, the reality is that most businesses and government entities expect employees to regularly check emails and stay in touch by phone during the day, even when they’re away from the office. Your teleworkers need a smartphone that works as an adjunct to their desktop or laptop computer.
  3. Work. Obviously, the classic teleworker needed a computer with Internet access. But even these tools prohibited a lot of telework in the past due to slow Internet speeds and software that was only accessible onsite at a city. Today, desktops and laptops can connect to high-speed Internet access and your IT staff or vendor can monitor and maintain computers remotely. It’s best to give your teleworkers a city-owned laptop so that there is little crossover between personal and professional data on their computer. Antivirus, antispam, software updates, and patches can all be handled remotely and keep your teleworker’s computer safe and secure.
  4. Access. Cloud software is really the modern day key to teleworking. In the past, it was difficult to access specialized software from home. Even creating word processing documents and spreadsheets meant saving to a disk or USB drive and bringing that data into the office. Now, cloud software covers nearly everything from word processing to accounting software. If your city hasn’t considered more cost-effective and accessible cloud software options as alternatives to onsite hosted software, then you’re preventing a lot of teleworking productivity. With cloud software, your employees just need an Internet connection to access it.
  5. Storage. Another problem that made teleworking difficult in the past was storage. While employees could do some work at home, most of their files and documents would have to be stored on servers and computers at the city. Now, storage has become so cheap and accessible (again, through the cloud) that teleworkers can store their files in your city’s document management system or other storage software without worrying about filling up a hard drive. Plus, this kind of cloud storage helps teleworkers back up files remotely so that they don’t have to worry about losing data.

Really, after taking care of these technology needs, the only issue left for teleworking is one of personal responsibility. While certain types of jobs might still be good to keep onsite (such as customer service or highly interactive work such as a city clerk), there are quite a few jobs where the work can be done remotely. As long as you’ve hired someone who has proven their personal responsibility, teleworking can not only help raise morale (giving flexibility to employees who may have special family or personal needs) but also reduce the amount of space used in your buildings.

To talk about teleworking in more detail, please contact us.

Tuesday, December 10, 2013
Brian Ocfemia, Technical Account Manager

31% of desktops still use Windows XP, so chances are you may be one of those organizations with people still using it. While it’s understandable to stick with a familiar operating system out of habit, it’s important to understand how much your already high security and cyber liability risks will increase after Microsoft stops supporting Windows XP on April 8, 2014.

At Sophicity, we want to make sure that cities are not exposing sensitive data and critical information to hackers and data thieves. By staying on Windows XP, it’s like you’re leaving the front door open for criminals to steal your data.

Here are some important security points about the dangers of keeping Windows XP.

  1. Microsoft XP support ends on April 8, 2014. That means:
    • You no longer receive patches and security updates from Microsoft.
    • You no longer receive important hardware and driver updates to maintain the overall reliability and stability of Windows XP.
  2. The current Windows XP malware and virus infection rate is already bad. Microsoft conducted research on a variety of computers that use Windows XP, Windows Vista, Windows 7, and Windows 8. While all of the computers encountered roughly the same number of viruses and malware, the infection rate of Windows XP computers was 9.1% (compared with 1.6% for Windows 8 computers).
  3. The Windows XP malware and virus infection rate will drastically increase after April 8, 2014. Microsoft has also conducted research on how infection rates rise with unsupported operating systems. It’s not good. For example, computers using an unsupported version of Windows XP with service pack 2 saw malware and virus infection rates as high as 25% in Q4-2011.
  4. Continuing to use Windows XP increases your risk of cyber liability and opens you up to viruses and hacking attempts. It’s understandable when a city keeps using hardware a bit too long or suffers with an old database on a server that keeps on trucking. But knowingly using unsupported operating system software when it’s well-known that support is ending borders on negligence, especially considering the known cyber liability risks.
If cities are using Windows XP, we advise them to immediately make plans to switch from Windows XP to a newer operating system. Here are some common questions we receive when talking to cities about switching from Windows XP to a newer operating system.

Windows XP Questions, Answers, and What To Do Next

Windows XP was an expensive investment. Why are there such security risks in software from such a well-known vendor like Microsoft?

Windows XP came out in 2001. If you bought a new car in 2001, you might still be using it today. But no matter how good it was, today it’s outdated and lacks important modern safety features that have evolved over the last 12 years. Software works the same way but becomes even more obsolete, quicker, because of the fast pace of technology. So many security threats and responses to those threats have occurred since 2001. The way Windows XP was fundamentally built means that it lacks critical security features that are now built into modern operating systems. Such an old piece of software cannot be “fixed” by Microsoft. That’s why they just build new operating systems every few years.

What are the specific security risks?

When support ends on April 8, 2014, Windows Updates will stop. As you may know from using your individual computer, Windows Updates often include important security patches and malicious software removal tools to preventatively address security threats. When those updates stop coming, Windows XP simply cannot respond to the plethora of modern security attacks and to criminals exposing holes in this old software. As a result, you will be more vulnerable to attacks.

Why can’t I just use antivirus software?

Antivirus software alone does not protect any computer, including Windows XP computers. A computer needs a combination of well-built modern software with security protection built in, updates and patches from the software vendor (such as Windows Updates), and antivirus software all working together to provide a strong security foundation. Only relying on antivirus software for an unsupported Windows XP is like installing an alarm system in a building with no locks and that no one ever visits in person.

If you want to take next steps to decommission Windows XP, we recommend that you:

  1. Assess what operating system you need. This may be Windows 7 or 8, but you should look at the requirements of your city software to assess the most suitable version you need.
  2. Budget for an upgrade. Look at operating expense options in the cloud instead of expensive capital expense models to help you reduce costs and create a predictable budget.
  3. Use a city-experienced IT vendor to help you through the transition. Cities have particular needs that differ from businesses. It helps to have a vendor that has guided cities through the operating system upgrading process while not disrupting day-to-day operations. An experienced vendor will also be sensitive to the interoperability of a new operating system with existing city software (such as public safety, court, accounting, etc.).
If your city is facing cyber liability risks from continuing to use Windows XP after April 8, 2014, please contact us. We will be more than happy to answer any questions you may have.

Friday, December 6, 2013
Clint Nelms, COO

If you’ve seen the TV show Parks and Recreation, you know that even through the satire the show’s writers still communicate an understanding that a city’s parks and recreation department is important for a community. Parks and recreational activities bring citizens, civic groups, and tourists together to partake in a city’s quality of life. It’s a critical way for a city to market itself to both citizens and possible future residents.

That means your parks and recreation page must accommodate a variety of needs and questions that people have when exploring your city’s website. To help you analyze if you have the right information on your parks and recreation page, check to see if you provide the following content to your website visitors.

  1. A list of all parks, public buildings, and recreational services. This might seem obvious, but many cities don’t have an easy-to-access list of parks, community centers, trails, etc. as a reference for people. Provide essential information such as the name, address, hours of operation, and services for each location. People will use this page to look up such information. If you want people using your parks and recreational services, you need to list them.
  2. Events taking place at your parks and recreational areas. Events are a great way to market your city’s recreational resources. Provide a calendar of events such as holiday festivities, celebrations, sporting events, or other uses of your city facilities. Consider not only providing information about city-sponsored events but also citizen-submitted events that may be of interest to the community.
  3. Rules and regulations. Rules and regulations about your parks and recreational services should be easy to find but not intruding upon the page. Some cities provide minimal information about their parks and instead dump a dry list of legal-sounding rules on the page. Use most of the space on the page for marketing your parks and recreational services. Place rules and regulations near the bottom of the page, or provide a separate link or PDF to the information. It’s important to those who need it, but it’s not the information you should feature the most on the page.
  4. Quick access to information about permits, reservations, and applications. People should not have to hunt for and scratch their heads about where to find information about things like permits. Provide links or forms upfront on the page so that people can find and submit their information quickly. This is a detail, but it’s a way to show people that your city is easy to do business with. Even better—add some information that tells people how easy it is to apply for a permit, reservation, or application. That makes your parks and recreation department look good.
  5. Contact information of key department contacts for groups. Obviously, every person using your parks and recreational services is important. But cities should be sensitive to important and influential business and civic groups that have more complex needs in terms of number of people and reasons for meeting. Provide the phone number and email address of key department heads with a cue that groups should call your department for special needs. This will expedite the process of accommodating large groups and lessen frustration when these groups try to work with your city.

Once you have the foundations of this page’s information down, you can enhance the page by adding visuals. Showcasing pictures of your parks, trails, community centers, natural beauty, and past events will reinforce the quality of life of your city and the vitality of your parks and recreational facilities. Overall, with just some basic information you can create a useful, functional page that works for citizens, groups, and tourists alike.

To talk about your website content in more detail, please contact us.

Tuesday, December 3, 2013
Brian Ocfemia, Technical Account Manager

Information security is not something you should assume or feel in your gut. Yet, a study shows that many organizations think that way. Referenced in a recent PC World article, a joint study between Office Depot and McAfee revealed a few startling statistics about small and medium business owners:

  • “80 percent of the respondents to Office Depot's survey admitted to not using data protection.”
  • “...almost all of them—91 percent—said they don't use endpoint or mobile device security.”
  • “...14 percent of SMB owners [...] said they haven't implemented security measures of any kind in their environment.”
Yet, the study also showed that 66% of SMBs think that their security is just fine. That’s quite a disconnect—and quite a problem.

Since we always notice many parallels between SMBs and cities, it’s safe to say from our observations that many cities feel a similar false sense of security. But are you really secure? To check, ask yourself the following questions:

  1. Is my data backed up onsite and offsite, and tested regularly? First, your data is not secure if it’s not backed up. All it takes it one server failure, one hacker stealing your information, or one theft of a laptop to put your data in jeopardy. Make sure you have your data backed up onsite for common data loss events (like a server failure) and offsite for disasters (such as a tornado or flooding). And test your data backup. We still see too many cities that think they’re backing up data, but their data cannot be restored when they need it.
  2. Is my email software protected with antispam, encryption, and IT management controls? Using a free email service like Gmail or Yahoo leaves you open to too many threats. Many security threats still enter cities through malicious emails with virus-ridden attachments and links. An employee clicks on a link or attachment, and suddenly the city has a virus or data theft on its hands. Your email software should be protected with enterprise-level antispam, contain standard encryption (especially when cities deal with extremely sensitive information), and have good IT management features so that it’s easy to activate and deactivate employee email accounts.
  3. Is my Internet browsing protected and secured? The Internet is another ripe source of viruses and malware if you’re not sufficiently protected. Your city needs enterprise-level antivirus software that can be managed, monitored, and updated by an IT professional. In addition, you may also want to consider additional features such as content filtering (that prevents people from accessing certain websites) and training city staff about how to avoid malicious websites when browsing.
  4. Am I taking care of my mobile security? Despite cities using mobile devices more and more, mobile security is still often neglected. If a mobile device is stolen, can someone access sensitive city email or documents? A combination of city policy combined with the right IT best practices can help make your mobile information more secure. City policy needs to outline how and if outside devices can use or access city information. From there, your IT staff or vendor needs to work with the city to outline how city staff will access email, documents, and databases from a mobile device, along with activation and deactivation procedures in case a device is compromised.
  5. Do I have IT professionals helping monitor and maintain my data? Even smaller cities need IT assistance with monitoring and maintaining data. Perhaps very small businesses can get away with less IT help because they have less to lose. But citizens and businesses depend upon even the smallest cities for critical data. We’ve seen too many non-technical staff at cities try to handle IT responsibilities. Usually those situations end up with gaping security holes from lack of professional maintenance. Invest in an appropriate amount of IT expertise to help you make sure your data is secure.

While the PC World article states that there is no one size fits all situation to help solve an organization’s data security, we do feel that there are some common areas that can be addressed. Yes, each city might approach data backup or mobile security differently. But the point is that these areas need to be addressed, whatever the details. Your city’s data is too important to be so unprotected.

To talk about data security in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 |