We put the IT in city®

CitySmart Blog

Thursday, December 10, 2009
Jeramie Mercker, Director of Technology
As we look over the last year, there’s no doubt that the biggest news for local government was the emergence of cloud computing initiatives – from LA embracing Google’s Gmail to New York’s open data app contests, local governments everywhere have been looking to the cloud as a way to put more power into the hands of its citizens. GovTech is running a great “Year in Review” piece about how local governments have been embracing cloud computing. If your city is thinking about some of these initiatives, this is a good place to start.
Monday, December 7, 2009
Dave Mims, President
This is the first of a few posts we’ll be doing on some of the local government trends for 2009. Perhaps the biggest change over the last year from the vantage point of the citizenry is the open data initiatives that many cities are starting to implement. From NYC to LA, cities large and small are making municipal data available in ever-more accessible formats. When combined with pre-existing technologies like Google Maps, these data sets – everything from crime to traffic data – create what are known as “mashups”. Want to see when, where and what crimes were committed in your neighborhood? Pop open a map that uses the police department’s data and get the information you need. While much of this data has been available in the past, it’s always been very difficult to actually get a hold of. Now that cities are making it available online in standardized formats, all manner of exciting applications are starting to pop out. Check out this article from the New York Times for a great primer and what’s happened over the last year in the field of open government data.
Friday, December 4, 2009
Jeramie Mercker, Director of Technology
With recent fears of a flu epidemic and the lingering danger of terrorist attacks, many cities have been taking a serious look at their emergency broadcast capabilities. In many cases, they’re finding that these systems are woefully inadequate for the modern age. Systems that rely on land line phone calls or TV broadcasts have been hampered by changing customer tastes. Land line systems, for instance, are not nearly as effective because many people are dropping their land lines in favor of cell phones. And while a sizeable portion of the nation still watches TV, many have shifted to computers and video game consoles as a primary form of entertainment. Add these two up and you have the potential for a lot of missed people when a emergency notification goes out. After an E coli. scare over Thanksgiving weekend, Portland, Ore. is looking at a new emergency broadcast system that will use mobile phones, Twitter, Facebook, and other technologies to effectively and quickly get the message out. Meanwhile, New York is looking into using video game consoles like the Xbox to stream emergency broadcasts. Its really great to see government embracing emerging technologies in order to update operations, many of which have remain unchanged for 50 years.
Friday, December 4, 2009
Stan Brown, City Manager, Oakwood, Ga

Oakwood recently went through a city-wide rebranding effort and we wanted our website to be consistent. We decided on Sophicity and Tribune because it was the best mix of service and features for the right price. Sophicity worked directly with our marketing staff to give us the exact website we wanted and delivered it on time and budget. Now we can update our own website without having to hire expensive programmers. We couldn’t be happier with how it turned out.

Wednesday, December 2, 2009
Dave Mims, President
GovTech is reporting that electronic theft of government records has skyrocketed this year. In 2008, only(!) 3 million records were compromised but 2009 saw more than 79 million records in the hands of the bad guys. That’s a huge jump and it makes me wonder why. I’ll leave the statistics to the number crunchers but I’ve got to think that many of these records are do to poor data management policies for remote workers. In fact, the article points out that a sizeable portion of the records were lost because of stolen laptops, hard drives and other external storage devices. This highlights the need for a policy regarding the mobile workforce, one that can be easily enforced. As more offices move to a more remote set up, this problem is only going to increase. If you haven’t already grab your IT team or your favorite IT vendor and begin developing remote worker policies to protect sensitive information. No one wants to have to explain a huge data theft on their watch…
Wednesday, November 25, 2009
The team at Sophicity wishes everyone a happy and safe Thanksgiving holiday, filled with food, drink and merriment all around!! (We sure could use a few days off as we've been real busy helping cities and municipal league prepare for 2010!)
Monday, November 23, 2009
Jeramie Mercker, Director of Technology
The State of Virginia has had a rough year. After having medical records held for ransom, and numerous other IT woes, comes its ongoing tense relationship with Northrup Grumman over the State's outsourced IT contract. This time, it appears that many critical network services were left without backup connections, meaning that if the internet connection went down, so did all the services attached to it. In this case, the DMV system went down repeatedly causing havoc in DMV offices across the state. When folks dug into the contract, it appeared that the reason the backups were not in place is because it was not specified in the contract and so NG didn't build it out. While folks continue to argue over what is or is not included in the contract, Va.'s system continue to operate at risk. This is further proof that when implementing any It project, whether it be in or out sourced, planning is absolutely essential to make sure all of the bases are covered.
Thursday, November 19, 2009
Jeramie Mercker, Director of Technology
Connecticut is demonstrating some creative thinking with a new web-based permitting system that can be shared by the state’s municipalities. Essentially, this will allow the cities to handle the issuance of building permits and similar documents by providing citizens an easy way to request them online. The technology is nothing new, but what’s interesting here is that they are forming a sort of IT co-op so that smaller municipalities can afford a system that would normally be well out of their reach. This is the kind of thinking that will help cities make those much needed budget cuts.
Tuesday, November 17, 2009
Clint Nelms, Practice Manager: Network Infrastructure
Phishing is a form of fraud that masquerades as an official email or website which attempts to steal a victim’s username, password, and other information. Typically, a scammer will send an email that appears to be from a well-known bank, asking the user to log in to their account. When the victim clicks the link, it sends them to a website that looks and acts exactly like their bank’s website with one key difference: it’s actually a fake run by the scammer. Once the user logs in to this fake site, their user name and password are captured and saved. The user’s data is then used for theft, hacking, or other mischief. Due to its simplicity, phishing is prevalent and effective. How effective? Research firm Gartner estimates that in 2007, phishing attacks resulted in over $3.2 billion stolen in the United States.

City government should not take phishing lightly because scammers with passwords to crucial systems like traffic, police, or public works could wreak havoc on the city’s infrastructure. Imagine what they could do to the traffic grid! With that said, phishing is only as effective as the number of people who fall for it. Implementing anti-phishing best practices can go a long way toward preventing a successful attack. Here are four of the most important:

Best Practice 1: Conduct Anti-Phishing Training

Awareness is a phisher’s worst enemy. As more cities move to web-based services, scammers can easily prey on unsuspecting employees. Before giving any employee access to email or web-based services, hold a mandatory anti-phishing training session to review these best practices and use policies. Train non-technical staff to never give out their username and password via email, over the phone, or in person, even to IT support staff. Also, train them to always log into a system manually instead of clicking a link in an email. For technical staff, train them to never ask for passwords or provide email links to any web-based systems. When providing support, all instructions should be in plain text and simply direct users to, for example, “please log into the accounting system.” IT teams should have all the necessary clearance to access systems without the need for user passwords. Finally, train all employees to report suspected phishing attempts immediately to their IT department or other designated person.

Best Practice 2: Implement Anti-Phishing Technologies

Ask your IT team what kind of anti-phishing technologies are in place on the city’s network or email service. Many phishing scams can be halted before they even reach the email server by using technologies that scan incoming email traffic and compare it to a list of known phishing sites. However, these services are not guaranteed to catch all phishing attempts as newer scams or those directed at a single organization likely won’t show up on the detection list. Still, these technologies can drastically reduce the number of incoming phishing emails and offer a good first line of defense.

Best Practice 3: Use a Web Brower with Anti-Phishing

Most modern web browsers have built-in anti-phishing technology to help detect fraudulent websites. Before the browser loads a website it checks to make sure that the site is legitimate by comparing the address to a list of known phishing sites. If a fraudulent site is detected, the browser warns the user of a potential phishing hazard. This is, however, also a weakness of browser-based security measures because the browser only issues a warning; it will not prevent a determined user from ignoring the warning and entering information anyway. As above, browsers are also not guaranteed to catch all phishing websites as newer scams or those directed at a single organization likely won’t show up on the list. Even so, anti-phishing browsers are an important part of a protection strategy and are typically the last line of defense between the user and the scammer. Speak to your IT team and have them update the city’s browsers to the newest version in order to get the best possible protection.

Best Practice 4: Perform Routine Phishing Audits

If awareness is the most important defense, persistence is a close second. Even the best technologies aren’t going to completely stop phishing, so ongoing training and testing are important. The best way to get a feel for how well your employees are doing is to simulate a phishing scam on them! Work with your IT support team to create a phishing site that collects user data and an email that looks like an official city email which contains a link to the phishing site. Send the phishing email out to all of your staff and then sit back and see who falls for it. For those that take the bait, inform them what happened and schedule an anti-phishing refresher training course. If employees remain vigilant in looking out for phishing attempts, it makes it that much harder for scammers to practice their criminal art.

Tuesday, November 17, 2009
Dave Mims, President
When the NSA talks about network security for governments, it’s probably a pretty good idea to listen. In a recent interview with GCN, the NSA’s information assurance director provided three best practices to thwarting attacks on your network. They are:
  • Implementing best security practices
  • Proper network configurations
  • Strong network monitoring
What are “best security practices” and "proper network configurations"? He doens't really get into that, but I happen to know a few people that can help you with that… ;)
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 |