We put the IT in city®

CitySmart Blog

Thursday, October 11, 2012
Clint Nelms, Network Infrastructure Practice Manager

It’s easy for non-technical people to zone out those who work in information technology. IT changes all of the time, involves decades of in-depth knowledge, and uses an “in the know” speak that is hard for non-technical people to crack. In the business of local government, that knowledge and language divide can be harmful if each side does not understand each other.

Without great communication with your IT staff or vendor, all of your technology investments do not mean a thing. That may sound like an extreme statement, but plenty of articles show that communication-related breakdowns lead to failed technology progress.

Communication, of course, is a two-way street. Based on our many years of experience working with cities, we offer up some communications tips that you can use to test your current IT vendors and staff. Then, assuming you have a top-notch staff or vendor, we’ll share some advice about what kind of communication makes them happy.

Testing Your IT Staff or Vendor’s Communication Skills

Information technology staff or vendors can often seem intimidating and unapproachable because of their level of knowledge. They throw around complicated terms and are technical masters of some of your core business systems. But that doesn’t mean there should be a communication barrier between you and them.

  • All information technology projects, initiatives, and maintenance should be explained in business terms. No matter how complicated the technology, it’s supporting a business function. Every technical person doesn’t necessarily understand the highest level business function, but you should be in communication with someone who can clearly explain the business rationale for any technology - in language you can understand.
  • Helpdesk support calls should be pleasant, understandable experiences. No matter who is staffed on helpdesk, communication is the most important ingredient. If an engineer cannot talk to a non-technical user in plain language—which shows that the engineer understands the problem and how it will be resolved—then they won’t be able to effectively help end users.
  • Reports and metrics should be available, and written in business-friendly language. You should be able to read about things like website traffic, hardware issues, data backup success, and costs without wading through jargon and complicated spreadsheets. All reports should clearly show the end results of your technology investments in clear, measurable metrics.

Ultimately, your IT staff or vendor should be able to tell you why they’re doing something, help you when problems arise, and report to you in understandable language.

How You Can Communicate Better With Your IT Staff and Vendors

On the flip side, you might wonder if there are things you can do to improve your communication with IT staff and vendors. Based on our experiences working with some great customers (including many superb cities), here are some tips you can apply when communicating with your IT gurus.

  • Take recommendations seriously. You are correct to be wary around bad vendors and to be skeptical even with good ones, but if you are working with good IT vendors or trusted IT staff, take their recommendations seriously. We understand that you sometimes cannot act upon all recommendations immediately, but it’s the job of good IT people to point out red flags, danger areas, and things you need to do so that the city keeps operating. Ignoring valid, important recommendations breaks down communication quickly.
  • Meet to discuss ongoing progress and future planning. We often see key stakeholders skip quarterly reviews and planning sessions. However, it’s these meetings that contain the most communications gold. That’s when you get to ask in-depth questions, clarify expectations, learn more about the technology you’re investing in, and continually improve the end results of your investment.
  • Don’t get angry, hasty, or panicky. Again, sometimes bad vendors may drive you toward these emotions, but when something goes wrong it’s easy to hop on the phone and tell your great IT staff or vendor to “SOLVE MY PROBLEM NOW!” Instead, it’s best to relate the problem objectively, listen to how the IT person is assessing the issue, and allow them sufficient time to research, assess, and address the problem. That objectivity helps keep communication smooth, even when a high-pressure problem arises.

Like any relationship, communications are not perfect all of the time. But when we notice both parties apply the above advice, most communications issues are averted. That’s why it’s important to find a vendor or IT staff with business acumen, mid- to senior-level helpdesk experience, and full transparency about results. If you have that foundation, then all you need to do is engage your trusted staff or vendor fully by listening to recommendations and being part of their ongoing service.

To put our communications to the test, feel free to contact us.


Tuesday, October 9, 2012
Dave Mims, President

Back in August 2012, Government Technology and the Center for Digital Government held the 2012 Best of the Web Awards. The first place city website winner was Louisville, Kentucky. For a city of about 750,000 people (and a metro area of about 1.4 million people), it may seem like Louisville’s magnitude has little in common with the website needs of smaller cities.

However, a recent interview with Beth Niblock, CIO of the City of Louisville, suggests that there are some ideas that can transfer over to smaller city websites—and still fit your budget.

In her GovTech video interview, Niblock discusses three important city website features:

  • Search — A city website needs an easy-to-use search capability. Louisville’s website contains a highly visible search box in the upper righthand corner of nearly every page. In addition, under each tab on top of the homepage you will find a variety of “megamenus” that expand when you hover over each tab. With the search box and megamenus reinforcing each other, Louisville makes it easy for people to find information.
  • Mapping and Geospatial Awareness — The city uses mapping and GIS when appropriate for specific services. Check out their use of crime maps, a construction permits map, and an online property search. These website features help with data visualization and also provide a value-added service to citizens.
  • Social Media — The city’s website allows people to share any page via nearly any social media channel you can think of. There is also a social media center that clearly outlines the various services, organizations, and people who have social media presence on a variety of platforms (Facebook, Twitter, YouTube, Flickr, etc.).

All of these features are important no matter what your city’s size. We work with even the smallest cities to make sure they have search and social media capabilities on their websites. The City of Oakwood, Georgia is an excellent example of a smaller city providing both a convenient website search option along with an easy way to connect on Facebook.

To add to Niblock’s excellent city website takeaways, we want to note some other great features of Louisville’s website that even the smallest cities need to have.

  • Pages for Each City Service Under the Residents tab, Louisville generously provides pages for all key city services: city hall, public safety, vehicles and transportation, utilities, etc. It should be easy to find the most common city departments on a city’s website, and citizens should not get lost on your website looking for that information.
  • Online Payments Louisville provides online payments for parking tickets, utility bills, permits, licenses, and other fees. People have come to expect online payments for most services, and your city needs to meet those expectations.
  • Sharing Government Information That means city council agendas, meeting minutes, videos of city business, and other important documents are made available to the public. Louisville posts up-to-date PDFs of City Council agendas and minutes along with video and audio files from a variety of city meetings. This kind of information sharing is useful for citizens and promotes transparency in government.

If you want to learn more about how these essential website features are within reach of your budget, please contact us.

Friday, October 5, 2012
Dave Mims, President

Last month, we wrote about the benefits of document management for city clerks. But one benefit that often gets lost in the discussion is security.

People often think of more pressing pain points when it comes to considering a document management solution—finding and accessing files, getting rid of paper-based systems, and better preparing for audits and open records requests. But security matters especially when you have documents that people want to steal. City documents fall squarely into this camp.

A recent article on Business Insider noted security as one of the five reasons for considering a document management system. We agree, and this Business Insider article inspired us to elaborate on the security component of document management.

Security Benefits of Document Management

If you are thinking about switching to a document management system, these additional areas related to security will help you make the case.

  • Setting Permissions Unlike a paper-based, unstructured (Google Docs or Microsoft Office documents), or consumer-based document management system (like Dropbox), a more robust document management system will allow you to more rigorously set and manage permissions for who can access what documents. This feature prevents unauthorized people from gaining access to sensitive documents.
  • Receiving Security Notifications In a document management system, administrators receive notifications when people add, edit, or delete documents. These notifications serve as red flags for any suspicious activity.
  • Benefiting From Full Data Center Security Document management systems are typically stored and managed in the cloud or—at the very least—in high-end data centers. These data centers provide physical security, employee background checks, and the best security for your servers. (Read our recent article on how to assess a data center as it relates to website hosting.)
  • Ensuring Full Data Backup and Disaster Recovery Frequent snapshots of your data along with a full disaster recovery plan helps ensure that you won’t lose your documents if a tornado, fire, or theft occurs.
  • Encrypting Your Documents State of the art document management systems encrypt your documents so that if people somehow get hold of the information, that information is useless. If someone steals a laptop or gains access to a mobile device, the information will be inaccessible and worthless.

However, while these are security benefits of a document management system, all vendors are not created equal. Ask the following questions as you assess the security component of your document management vendor.

  1. How much do I know about their data center best practices?
  2. Is the document management system well known? Is it used by many other cities?
  3. Does the vendor audit their document management security? Are they willing to submit to a third party audit?
  4. What is the data backup and disaster recovery plan for your documents?
  5. How are permissions set? How does administrative access work?
  6. What do I know about the vendor’s employees who will have administrative access to my sensitive documents? Do the vendor’s employees submit to criminal background checks?
  7. What happens when a laptop or mobile device is stolen? How will my documents be protected?

Finally, also consider your own security policies. No vendor or IT staff can account for every security breach—especially breaches related to how you create and share information from a business process standpoint. Employees must be careful about where and how they access documents, giving out or sharing passwords, and understanding the nature of scams and phishing attacks.

For more about securing your document management system, contact us.

Tuesday, October 2, 2012
Clint Nelms, Network Infrastructure Practice Manager

When you see highly publicized attacks by hacking groups such as Anonymous on some of the biggest targets in the world, it can be easy to think there isn’t much one can do about website hacking. But while some of the world’s best hackers may seem hard to defeat if they decide to come after you, the reality is much more mundane—and preventable.

Groups like Anonymous are rare and few, but website hacking is common and prolific. Mediocre and below average hackers all over the world take advantage of poorly secured websites. The mistakes that organizations make in protecting their websites open them up to cyber liability.

Local government must especially be vigilant. Here is a scary but all too real story about the City of Haines City, Florida.

Cyber Liability for Website Hacking: The City of Haines City, Florida

In 2012, citizens trying to reach the City’s website were redirected to a Turkish gaming site. This was the second time in a year that had happened. The results?

  • Citizens could not make online payments.
  • Citizens attempting to make online payments could have been defrauded by the hackers.
  • Citizens’ computers could have had spyware and malware installed on them.

Unfortunately, we have seen similar hacking situations happen quite a number of times with cities. They usually fall into two common scenarios.

Cities outsource the hosting and management of their website to a cheap vendor. With technology constantly changing, it is often difficult to know what criteria should be used to evaluate a website hosting company. As a result, many decisions about website hosting vendors are based solely on price. Low-cost website vendors often host websites on servers located in other countries. The cheap vendors are cheap because they cut corners. Thus, the city’s website is not properly managed or secured.

Cities host their websites in-house with insufficient management and maintenance. Sometimes, city IT staff wear so many hats that it is difficult for them to keep up with the website server with regularity and efficiency. It’s easy with an overloaded schedule (or if IT staff are junior-level and inexperienced) to not secure a website properly, update security patches, and keep up with server maintenance.

Whether a city is cutting corners by hiring a cheap vendor or if they are overburdening their IT staff, the end results are expensive. When citizens cannot reliably access a city’s website:

  • Trust erodes between citizens and government.
  • Online services go unused, which creates additional cost (from people having to call or come into city hall) and lost revenue.
  • A city’s website centralizes important business services for a community. If it’s not reliable or professional, new businesses that are considering your community will set up shop elsewhere.
  • Ultimately, think about how devastating this situation is to a city’s reputation. If the city’s website is used as a host for fraudulent activity, this creates not only a liability but also a public relations nightmare.

Preventing Website Hackers From Hacking Your Website

There are some simple tips you can use to prevent most of the world’s website hackers from turning your city website into a fraudulent Turkish gaming site (or any other type of fraudulent site).

  1. Know where your city’s website is hosted. Your vendor or IT staff should be able to give you a clear picture about where and how the city’s website is hosted. Plenty of details about the data center—how it operates, what type of staff maintain it, and how security and data backup is handled—should be information you know. It should be a place that is identifiable, legitimate, and even a place you could visit if you wanted. Remember, you are dealing with local government data. It is very sensitive information, so you absolutely must know about the data center’s operations. And ask for a copy of the data center’s last SAS 70 audit.
  2. Have your website audited for potential risks by a third party. If you are unable to have your website hosting provider submit to a third party audit, be suspicious! An audit is a good thing to do, regardless of how well your website is maintained. (At Sophicity, we do this for ourselves and our customers!) If your website hosting provider won’t submit to an audit or prevents and delays it from happening, that’s a major red flag.
  3. Regularly rotate passwords used to administer your website, and use strong passwords. We recently wrote an article about password best practices. Rotate passwords and make sure they are strong—especially for administrative passwords. Hackers have become excellent at figuring out weak passwords.

Remember, city websites are an important link to the citizens in your community and the businesses that generate a majority of your tax base. Plus, city websites often process financial transactions which allow citizens to make payments online using sensitive information. City websites have to be secure. The hackers might be good, but you need to be a step ahead.

Contact us if you’d like to discuss these issues. And stayed tuned for Part III of this series, which will cover virus liability and antivirus precautions.

Thursday, September 27, 2012
Dave Mims, President

The National League of Cities recently reported that cities continue to lose revenue, forcing them to cut staff, delay or cancel projects, and slash services. In these times, every dollar saved counts—which is why many cities continue to shift toward online payments.

Cities as diverse as Farmington, Michigan; Blaine, Washington; and Portage, Indiana have joined hundreds of cities around the country that have switched to online payments. (Blaine’s switch to online payments saved them $20,000 a year in credit card fees.) In case your city wants to make the switch or upgrade from an aging online payments system, here are some reasons why online payments will positively affect your city’s bottom line.

  • Less customers at city hall. You don’t need customers coming to city hall to conduct simple transactions. Online payments reduce foot traffic so that city staff focus more on higher quality, hands-on service.
  • Less processing time. Accepting and processing payments can take up a lot of staff time. It is tedious, mundane work that can be automated and tracked in an online payment system.
  • Increased processing volume. Once you gain some initial efficiencies, you’ll find that you can process payments faster and in higher volume. That means collecting revenue quicker and serving customers better.
  • 24/7 payment options. The city can collect revenue 24/7 instead of waiting for people to come in between 9am and 5pm. Many people often delay paying the city because it’s inconvenient to come in during the week. 24/7 payment options make it easier for people to pay on time, on their time.
  • Reducing error. Online payment systems collect and store information electronically, reduce a large amount of human error, and track data more effectively. By reducing error, you collect more revenue.
  • Ability for customers to set up recurring payments. With recurring payment options, customers submit their credit card information and set the day of the month they will pay. The city then collects their payments like clockwork. Fewer late payments and less time chasing down people to pay their bills means collecting more revenue.
  • Less paper and postage. With online payments, you eliminate massive amounts of paper and postage—which means more money back into the city’s budget.

Not only do you gain these immediate benefits, but you also increase your reputation as a modern, business-friendly city. Online payments are part of the minimum requirements that businesses and residents expect when dealing with modern municipalities. Providing something as simple as online payments signifies that you make services easy for people who may form part of your future tax base.

If you’d like to discuss online payments in more detail, please contact us.

Wednesday, September 26, 2012
Clint Nelms, Network Infrastructure Practice Manager

Recently, I gave a cyber liability presentation for the Kentucky League of Cities. I addressed a group of city clerks who increasingly have to worry about this technical and legal issue. As online business and online transactions become an ingrained part of our day-to-day lives, expectations for protecting data and securing online transactions increase significantly.

But the area covered by “cyber liability” is broad and sometimes confusing. What is “cyber liability”?

InsureNewMedia, which provides specialized insurance to technology and Internet companies, defines cyber liability as: “…the first- and third-party risks associated with e-business, the Internet, networks and informational assets. Cyber Liability Insurance coverage offers cutting edge protection for exposures arising out of Internet communications.”

Huh? This definition was not much help for my audience that day. Let’s talk about cyber liability in plain English.

So What Is Cyber Liability...Really?

Cyber liability encompasses a number of potential Internet and information technology-related liabilities that can negatively impact a city. That can include:

  • The loss of electronic data.
  • A lack of security measures to prevent website hacking.
  • A lack of antivirus measures to prevent an electronic virus.

These liability issues not only cause disruptions to finance, operations, and productivity, but they can also create a liability for the city—which means lawsuits, fines, and negative public relations. While cities often delay taking preventative measures, possibly because the solution seems to involve overly complicated (and expensive) technology solutions, ignoring these issues unfortunately leads to severe real-world non-technical consequences.

In this three part series, we’ll cover data loss, website hacking, and viruses, which we see as the three most common areas of cyber liability. For each cyber liability issue, we’ll provide easy-to-follow steps that will help you prevent similar issues. Today, we’ll focus on the cyber liability of data loss.

Cyber Liability for Data Loss: The City of New Orleans, Louisiana

In 2010, the City of New Orleans lost 20 months of real estate records due to serious data backup failure. On the surface, it appeared the city was doing the right things. The city’s IT staff utilized a system from a nationwide data backup vendor. However, while implementing the backup system, the city’s IT staff failed to test and monitor the backups. The city did not confirm that the data was actually backing up.

When the city’s computer systems failed, the city’s backup system failed to recover the data. Once word leaked out that the real estate data was permanently lost, the general public was outraged that the city had not taken proper measures to protect this data. The media’s coverage put pressure on the city to explain how this situation happened, leading to negative public relations.

Media attention began to focus on the city’s leaders. City council was pressured to research the issue and find out what happened. The IT director was questioned, and his responses were not deemed satisfactory. He explained that a more comprehensive disaster recovery project was a “to do” item on his list. Concerned citizens and affected business owners publicly voiced their frustration with the city’s lack of disaster preparedness.

The result? Not only did the City of New Orleans lose 20 months of real estate records, but the data loss negatively affected the buying and selling of homes. Several local real estate brokers closed their businesses because they could not buy and sell homes as a result of the lost data. In short, the city’s lack of disaster recovery readiness led to...a disaster.

Tips on Preventing Data Loss Liability

A city’s data loss affects many citizens and businesses in the community. In times of crisis, citizens look to cities for help and assistance. If cities are not prepared for a disaster, then who do citizens rely upon when disaster strikes?

Data loss is also an extremely common scenario. There are so many ways to lose data—server failures, computer failures, theft, fire, flooding, power loss, hurricanes, tornadoes, and the list goes on. There is no excuse not to have a full disaster recovery plan in place that includes contingencies for data loss. And not having a plan in place makes the city liable.

Here’s what any city needs to do—immediately—to protect themselves:

  • Perform a regular audit of your data backup and disaster recovery processes. Over the years, we’ve performed network assessments and audits for cities. Unfortunately, cities rarely pass the data backup and disaster recovery portion of our audit. For example, cities often rotate tapes and hard drives, but the accountability for this activity is often lacking. Many times, we’ve seen cities backing up to tape (or rotating tape), but never checking the tape to see if it’s blank. Thinking you have backups when you actually do not is almost worse than not having them at all. Without auditing your data backup and disaster recovery efforts, you just don’t know.
  • Regularly test your data backup and disaster recovery. This is the only way to ensure that data can be recovered in case of an emergency. We recommend testing at least once a month (if not more frequently) to make sure that your data backup process is reliable. This activity is essential for picking up on common problems (like file corruption or hardware issues) and waving a red flag, sooner rather than later, about any potential data backup issues.
  • Make sure your data backup and disaster recovery plan has an onsite and offsite component. A major disaster can affect a wide geographical area. An onsite-only solution (even when your “offsite” backup is only a few miles away in another building or bank vault) is not good enough. Many offsite solutions are available that store duplicate data in data centers around the country or (better yet) in the cloud. The best disaster recovery solutions mean that if City Hall (and the surrounding area) blows up, you still have all of your data.

In Part II, we’ll discuss website hacking and ways to prevent it. If you’d like to talk more about data backup and disaster recovery issues, contact us.

Wednesday, September 19, 2012
Dave Mims, President

A recent study from Citrix shows that most Americans are confused by the cloud. The ongoing problem with the term "cloud computing" is that it often complicates an explanation rather than clarifies. Most people use cloud computing every day, but they don't know that they are using it.

To help clarify matters, we wanted to give you a layperson's definition of cloud computing. If you ever need to explain it to someone else, use this as a guideline. We'll use Gmail as an example throughout, since it is a well-known cloud service.

  • Are you accessing services over the Internet? For example, if you are using Gmail, you are accessing that service over the Internet. You don't have to have an email server on your network. Instead, you are accessing this service through the...cloud.
  • Are these services accessible anywhere/anytime by a variety of devices? Cloud services are accessible anywhere/anytime through servers, workstations, laptops, tablets, and mobile devices. For example, Gmail can be accessed from any device. You don't have to be at home or at work to access Gmail.
  • Are you able to access these services without buying and installing hardware or software? While you might still purchase access to an application like Gmail over the Internet, you are not buying a Gmail server or purchasing Gmail software that someone has to install on your network and then on everyone's computer.
  • Are you able to access these services without use of a data center? It's not the cloud if you simply locate your dedicated servers in a data center. That simply takes the hardware that you bought and places it in another location. You access cloud services without any data center arrangements, and you don't own the hardware.
  • Does all data reside on the cloud vendor's servers? In other words, your Gmail data is stored in Google servers—the "cloud." Your Gmail data does not reside on your company servers or on your personal devices (desktops, laptops, tablets, or mobile devices).
  • Does the service work like a subscription model? Can you turn the service on and off, like a utility? Cloud services work like this—whether it's software, virtual servers, storage, data backup, security monitoring, etc. Again, instead of buying hardware and purchasing software licenses, you simply subscribe to the service. The vendor makes the hardware and software investment. Once you subscribe, you have access to the application (or service) through the Internet. If you don't want the service anymore, you "unsubscribe" and it turns off.
  • Does the service scale up and down effortlessly? You might have to pay more for scaling up, but you can simply buy more of the service with ease. Need another server? More storage space? More users added to your email? No problem, and you don't have to buy any additional hardware or software. If you don't have cloud services, chances are you're restricted by your hardware limitations or software license agreement before you can consider scaling up and down.

If you answered "yes" to all of these questions, you're probably using cloud services. If you did not answer "yes," you might want to reconsider your existing hardware and software investments. They are depreciating and rapidly becoming dated. Instead of your earlier confusion about "should we get into cloud computing?" you can instead evaluate your current hardware and software with the following questions. If you find yourself answering "no" to many of these questions, you may want to consider cloud options to reduce cost and increase efficiency.

  • Can I access this service over the Internet?
  • Can I access this service from any device?
  • Can I access this service without buying dedicated hardware (either located onsite or in a data center)?
  • Can I access this service without buying packaged software to install?
  • Does all of the data related to the service reside on a vendor's servers? (In other words, you do not purchase servers nor are responsible for their upkeep and maintenance, either onsite or in a data center.)
  • Can I scale this service up and down with ease?
  • Is the cost related to my scale? (e.g. number of GB, number of users, etc.)

If you'd like to discuss cloud options in more detail, feel free to contact us.

Thursday, September 13, 2012
Clint Nelms, Network Infrastructure Practice Manager

A recent study by the 2012 National Study of Employers from the Families and Work Institute and the Society for Human Resource Management (reported in Business Management Daily) noted some recent trends in teleworking. The most important insight: teleworking is the new normal.

As Business Management Daily says:

If your organization's execs still insist on eight consecutive hours of face time each day from every employee, you're probably already losing young hires, new moms and mature employees. They're going to competitors offering more flexibility. Make flex central to your recruiting and retaining effort.

In addition, evolving and widespread technologies make teleworking easier and easier:

  • Increasing broadband speeds
  • Cloud services (meaning you can access email, documents, and other services from your computer, anytime and anywhere)
  • Smartphones with increasing sophistication

If your city provides limited or no teleworking options, consider these benefits when making your case for teleworking:

  • Talent Retention and Morale Employers compete for the talent you want to hire, and they even compete for the talent already working at your city. If teleworking is the "new normal," that means talented employees will weigh this kind of flexibility against what other employers offer. Cities that don't offer teleworking can lose employees to other businesses. Your talent recruitment efforts will suffer along with existing staff morale.
  • Business Continuity Few people think about this aspect of teleworking. In case of a disaster—such as a tornado, fire, severe thunderstorm, or hurricane—it's much easier for city operations to return to normal when everyone works remote. Until the city returns to normal operating capacity, basic city functions still hum along—virtually.
  • Green and Environmental Initiatives Driving less means less gas and emissions. Less employees in the office means less electricity and power. Those add up and contribute to green efforts. If the city already promotes green initiatives, teleworking nicely complements this strategy.
  • Reduced Costs Especially look at teleworking as a way to reduce the total amount of employees who work at the city each day. Real estate and office space eats up a lot of money. You might significantly cut costs by lessening the amount of people who actually come into the office every day in terms of physical space and electricity.
  • Accommodate a Diverse Workforce Teleworking makes it easier for people with disabilities, working parents (especially single parents), and sick or ill people to still work for the city. You accommodate these people's life circumstances while utilizing their talents—the talent you lose to another business if you force people to come into an office every day.

To meet the new normal, you need flexibility. Teleworking not only benefits and accommodates your staff, it also benefits the city on many levels. For more information about what technology you need to enable teleworking at your city, contact us for more information.

Wednesday, September 12, 2012
John Miller, Network Infrastructure Manager

While password policies seem like just a small part of IT management, a perfect storm is brewing that places password vulnerability at an all-time high. Fox Business recently reported (from a Janrain study) that people are experiencing password fatigue. By contrast, Ars Technica recently reported "the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker."

If people are weary of coming up with new passwords, that means they will use (and reuse) weak passwords. That makes it a feasting ground for hackers, and a source of anxiety for IT.

Thankfully, a strong IT department or vendor exists to enforce some basic password best practices that don't agonize users while also securing this often user-generated Achilles heel.

To assess if you've mastered your Password 101 basics, use the following as a quick checklist.

  • Force users to have strong passwords. A strong password is one that is long with multiple characters. Use a complex password with letters, numbers, a capital letter and a special character such as a dollar sign. While annoying at first, users will get used to creating more complex passwords—which are more difficult to hack.
  • Force users to create new passwords. Whether it is every three months, every month, or some other frequency, have users change their password on a regular basis. Again, it will annoy them at first, but it will soon become habit.
  • Your IT staff must also create strong passwords and frequently change them. Users are one thing. But IT staff often shockingly use weak passwords for server and administrative access—and rarely ever change them. Since these passwords protect the most sensitive information, they—of all passwords—must be the strongest. No excuses.
  • Train users to NEVER give out their passwords through email or over the phone. Phishing unfortunately tricks millions of users every year. All it takes is an official-looking message or an unknown person on the phone to gain access to a user's password. Either give out passwords face-to-face, or use an automated secure system where users can create or reset passwords.
  • Consider 2 factor authentication. This means a user needs to authorize a computer before they can use sensitive applications such as email. Users should be used to this through Google and Facebook's services, which often sends a verification code to a person's cell phone before they can officially log in. This adds an extra layer of password security that makes hacking more difficult.
  • Create a password policy. This not only includes requirements for strong passwords and when they should expire, but also handles items such as who has access to users' passwords.
If you want to discuss these issues in more detail, contact us. We'd be happy to chat!
Tuesday, September 11, 2012
Dave Mims, President

If a business fails at customer experience, it soon loses business (or goes out of business). But cities operate differently. While cities cannot go out of business, they serve as a backbone to an entire community. Customer service failures may not bankrupt the city, but they end up affecting the lives of every citizen. And because their taxpayer dollars help fund the city, citizens grow frustrated when cities fail to measure up to basic customer experience standards.

Thankfully, cities have continually improved their customer experience over time, but even the most well-meaning cities often struggle with their website. And online customer experience expectations increase each year. Several trends are pressuring cities to increase their website customer experience, despite size or location.

Increasing broadband access. While speeds often vary from area to area, broadband penetration is currently at 80% of the United States. That percentage will only get higher.

Mobile access. Over half of people with mobile phones have smartphones. That means an increasing segment of the United States population expects to access online information with their smartphones like a computer.

Higher customer experience expectations for websites. Amazon, Google, major online retail stores, and other businesses make online experiences easy. As online payments and billing become mainstream and the preferred way of conducting transactions, then the expectations for something as important as city services rise higher and higher. For example, people lose patience if they cannot easily pay a simple bill or fee online.

Of course, we understand that local government budgets remain tight. As long as your website gets you by, it might seem unreasonable to splurge for a new website. You might also believe that building or redesigning your website will cost thousands of dollars.

However, cost-effective options exist for modernizing your website. Below, we share some tips about improving your city's online customer experience without breaking your bank.

  • Modernize Your Website With a Well-Designed Look-and-Feel Without spending thousands of dollars on a redesign, you can still modernize your website. Too many city websites still look like they were built in the late 1990s or early 2000s. Many design templates and low-cost hosting options exist. Freshen up your website and bring it aesthetically up to date.
  • Create Pages That Match Your City Services Make sure you provide pages that match each of your city services, and that they prominently display on your homepage for easy navigation. That means pages for City Hall, Public Safety, Parks and Recreation, Community Development, News, Events, and any other information that citizens need most.
  • Offer Online Payments Whether through your own website or a third party, you should offer online payment options for most city services. Provide ways to pay property taxes, fines, and fees online. Most people find it difficult to get to City Hall during normal weekday business hours. They expect options to pay from home, outside normal business hours.
  • Share Information We live in an era of transparent government, and that means you need to share the business of government with citizens. Share agendas, minutes, and videos of important meetings. Share relevant documents and public notices through your website. Failing to share information leaves you open to attack.
  • Use a Content Management System (CMS) to Update Content If you primarily rely on a webmaster to upload all of your content, you are wasting time and money. Content management systems exist to make updating your website content as easy as using Microsoft Word. Many low-cost CMS options exist. Your staff needs to update website content themselves, especially when fresh content signifies a vital website to citizens and even businesses considering locating to your city.

By focusing on these basic issues, you will solve many of your customer experience woes. Contact us if you want to discuss some options that will help you alleviate these pain points.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |