We put the IT in city®

CitySmart Blog

Tuesday, April 3, 2018
Mike Smith, Network Infrastructure Consultant
Mike Smith

In the wake of a recent ransomware attack at the City of Atlanta, the question has been raised (again) about whether to pay a ransom or not. It appears the city ended up not paying, but other cities and government entities have done so. Unfortunately, IT professionals and law enforcement sometime give mixed signals about paying ransom. But you should never pay.

Here’s why.

1. It is never guaranteed that criminals will unencrypt your data.

Criminals often ask for thousands of dollars in ransom. Would you take thousands of dollars from your city treasury and then flip a coin to see if you keep it? That’s essentially what happens when you pay criminals.

According to SentinelOne's Global Ransomware Report 2018 (reported in KnowBe4), “45% of US companies hit with a ransomware attack last year paid at least one ransom, but only 26% of these companies had their files unlocked.” Yes, only 26 percent! With such a low chance of your ransom actually unencrypting your data, it’s not wise to throw thousands of dollars at criminals. Plus, if you pay, criminals may also ask for more money or target you again—viewing you as a nice source of revenue!

2. It is never guaranteed that criminals will restore your data as it was.

Once you get your data back, do you know for sure that it’s unaltered? If criminals had access to it, they could do anything with it. Delete some of it. Corrupt it. Implant malware into it. Who knows? These are criminals. You can’t trust them.

In some cases, ransomware attacks are led by sophisticated nation states or professionally organized criminal syndicates with deep pockets and resources. Who knows what they’ve done with and to your data before they give it back.

3. It is never guaranteed that criminals will no longer have access to your data.

Remember, these criminals held your data hostage. By paying a ransom, you are trusting a criminal to perfectly return your data back to its previous state. And maybe they’ll also nicely clean up the mess they made to your data, computers, and network—and lock the door behind themselves on the way out?

Don’t bet on it. How do you know they don’t intend to still use the data they held hostage? You don’t know for sure if criminals accessed your data, still have your data, and intend to use your data for malicious purposes.

4. You’re supporting a criminal enterprise by paying the ransom.

Why is ransomware so rampant right now? Because it works. People are falling victim and then paying the ransom. If no one paid, criminals would not make money.

If you pay the ransom, you’re funding criminal activity and encouraging it to continue. It’s no different than traditional blackmail or ransom. By not paying the ransom, you’re helping to cut off the lifeblood from these crime rings.

5. You’re further avoiding taking proactive steps to protect your environment.

A CBS News article about the City of Atlanta’s March 2018 ransomware attack said:

Atlanta was warned months before a recent cyberattack that its IT systems could easily come under attack if they weren't fixed immediately, an internal audit obtained by the CBS affiliate WGCL-TV shows. In the 41-page audit, which was presented to city leaders last summer, the city was told that its IT department was on life support and that were no formal processes to manage risk, WGCL-TV reports.

Don’t be “that” city. Ransomware need not cripple you. Some key best practices include:

  • Data backup and disaster recovery: Because there is no guarantee that you’ll get your data back after paying a ransom, you need to take steps to ensure you can retrieve your data even after a ransomware attack. A tested onsite and offsite data backup and disaster recovery plan is your best insurance against a ransomware attack.
  • Proactive IT support, maintenance, and monitoring: This includes antivirus software kept up to date, security patches applied to software, and senior IT professionals monitoring your systems for red flags.
  • Ongoing employee training: All it takes is one employee clicking on a malicious email attachment or website link to download ransomware into your systems. However, ongoing training can help employees spot phishing attacks and avoid malware.

You should never pay a ransom, and you should never be in the position of even considering it as an option. Don't be that city leader who ignores the auditors, ignores best practices, ignores red flags and warning signs, and doesn’t ask “What are we doing about this problem?” until your ransomware attack is front page news.

Worried about your ability to survive a ransomware attack? Reach out to us today.

Tuesday, March 27, 2018
Tim Koutropoulos, Data Center Engineer
Tim Koutropoulos

Highly competitive businesses (such as retail) care a lot about time to recovery. Why? Systems down for even just a few minutes can lead to millions of dollars lost and long-lasting, damaging impact to a company’s brand. But in the world of government, time to recovery is often overlooked as part of a disaster recovery plan.

Even city governments must collect revenue and keep their operations running to deliver mission critical services. Time to recovery cannot be neglected or taken lightly. Recent media coverage has put a glaring spotlight on a few Georgia cities that experienced compromised computers. As a result, these cities lost data, services were unavailable, and drastic steps were needed to recover. The result?

 

  • Unexpected, unbudgeted, reactive high costs
  • Services at risk
  • Community needs unmet
  • Citizen frustration

This is the risk of time to recovery realized. And as that time grows, cities see costs, risk, unmet needs, and citizen frustration all increase.

Is your city doing enough to ensure a quick time to recovery? Here are some ways to prevent your mission critical systems and operations from going down for weeks or months.

1. Address time to recovery for smaller incidents through onsite data backup.

For smaller incidents like a server failure or a limited virus infection, you can recover quickly from onsite data backup—sometimes within an hour or less. If something bad happens to your server and any initial means to address the issue are unsuccessful, then you always have a fallback of onsite data backup for quick recovery of your data, systems, and servers.

2. Plan for worst-case scenarios through offsite data backup.

Yes, a virus outbreak that affects thousands of computers is a very bad scenario. With cyberattacks, if you are on “the network” (connected to other computers and/or the internet), then you are at risk. It’s that simple. Hackers are looking for just one weakness as their entry point. This weakness can involve technology but it can also involve a criminal duping an employee. In one city’s case that was recently reported in the media, an email phishing attack appears to have tricked a susceptible employee. That’s all it takes.

Because you need to plan for the worst, offsite data backup must form part of your disaster recovery plan. It’s not just about fires, floods, and tornadoes. It’s about losing your site. A widespread cyberattack that compromises your network is the same as losing your site. For example, by taking snapshots of your data and storing them offsite (geographically separate from your onsite servers), you will be able to recover your data at a point in time when the data was not infected by a virus. You may still lose a little bit of data, but you will be able to recover most, if not all, of it reasonably quickly. Offsite data backup is an essential part of any disaster recovery plan—and it’s an underrated tactic to fend off viruses and ransomware.

3. Ensure that you can access your data soon after an incident.

Here’s where we go beyond simple onsite and offsite data backup recommendations. You may have data backups running and you may even have the data backups stored offsite. But can your city recover quickly? Ask yourself:

  • Do you have a plan?
  • Is your plan documented?
  • What procedures and steps will you follow?
  • Could someone other than you execute this plan?
  • Who has access to this plan?
  • Do they know how to access your data through this plan?
  • Do you know what systems need to be recovered first?
  • Is your technology compliant? Onsite and offsite?
  • Are you monitoring your data backups for issues?

As Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” When it takes weeks or months to recover, it raises questions—questions you need to ask yourself. Am I prepared? Am I taking the high risk of a cyberattack seriously?

4. Test your disaster recovery plan.

We’ve said this many, many times, and it’s always worth repeating. Test your data backup and disaster recovery plan by assuming a worst-case scenario. During this test, ask yourself:

  • Is all your data backed up (or at least what you designate as critical data)?
  • Can you recover your data and systems from your data backups? If not, then you can work to resolve those issues before a disaster happens.
  • Can you recover within any required timeframes from your data backups?
  • Are you truly accounting for a worst-case scenario?

Why do your firefighters train? Why do your police officers train? It’s because the likelihood of an event needing their response will occur.

In today’s cyber world, the likelihood of an event needing a tested disaster recovery plan at your city is high.


We’re not saying there is a magic way to prevent all serious IT disruptions, especially after a data breach, virus, equipment failure, or other incident. However, this set of time to recovery best practices can go a long way toward mitigating the risk of a longer outage—especially for mission-critical systems that affect public safety, business continuity, and revenue.

Worried about your time to recovery after a disastrous IT incident? Reach out to us today.

Thursday, March 22, 2018
Dave Mims, CEO
Dave Mims

If you’re a Georgia city, you may have heard that members of the Georgia Municipal Association’s (GMA) property and liability fund (GIRMA) are eligible to receive a grant from GMA’s Safety and Liability Management Grant Program to reimburse your city for up to 25 percent of the annual IT in a Box subscription fee.

Why has GMA taken such a step? Because a lack of proactive IT support has become a critical liability for cities—and municipal leagues are noticing.

Not long after GMA began offering this grant, two Georgia cities were hit hard with malware attacks (one of which likely happened when an employee clicked on a malicious email attachment). Systems went completely down, computers needed erasing and re-imaging to be usable again, and some data was permanently lost as the cities worked to eliminate the malware.

The result? Weeks and weeks of downtime. Lots of money lost. And a loss of trust with citizens impacted by a lack of services.

These events are not surprising. Cities are struggling with three consistent issues:

1. Cybersecurity

It’s not exaggeration to say that all cities are now targets for hackers. Ransomware, malware, and viruses lead to data breaches, data loss, and inoperable systems that are taking unprepared cities weeks or months to recover—with high financial and potential legal liability added on top of the disruption.

2. Data backup and disaster recovery

Too many cities still cannot say for sure that they can recover data after an incident.

3. Helpdesk

IT support with poor response times, poor troubleshooting, and poor problem resolution hurts cities that must rely more and more on technology to run their operations.

Last year, we wrote an article titled “The Tripod of IT: Proactivity, Training, and Disaster Recovery” as a way for cities to think about tackling their technology problems.

  • Proactivity involves the right policies, processes, technology, and tools.
  • Training involves aspects such as teaching employees how to spot email phishing attacks or avoid malicious website
  • Disaster recovery involves onsite and offsite data backup along with regular testing.

One city that has tackled many of these problems is Forrest City, Arkansas. We’ve highlighted them in a case study and as our Featured Article for this month (see below). Read more about Forrest City to see if your city could use a similar technology transformation.

In customer news, check out the Town of Trion, Georgia’s new website. Plus, we’d like to welcome Alpena, Arkansas; Bull Shoals, Arkansas; Eastman, Georgia; Fairburn, Georgia; and Dover, Arkansas to the Sophicity family.

As always, don't hesitate to reach out to me if you have something to share with our local government community.

Blessings,

Dave Mims


Forrest City, Arkansas No Longer Worried About Legislative Audit Compliance and Now Enjoys Responsive IT Support

Doubling in population since 1950, Forrest City, Arkansas has continued to see steady population and business growth in recent years. To support more businesses and residents, Forrest City’s staff at city hall needs reliable technology. However, some uncertainty and technology issues started to hinder the city from not only serving its citizens but also complying with the important Legislative Audit.

After the city switched over to IT in a Box, they experienced many positive results.

  • Forrest City passed Legislative Audit with the burden of the process managed for them.
  • Responsive IT support led to increased productivity and employee morale.
  • Data backup helped prevent the permanent loss of data.
  • Sophicity untangled several complex IT problems that addressed employee frustration and lack of productivity.
  • Modernized hardware for a low price.

“I recommend that cities consider using IT in a Box. They especially helped us with the Arkansas Legislative Audit. For a city with limited staff, it’s a headache for one person to sit down and get all those policies in place. Also, Sophicity is there if you need them for overall IT support. At first, we thought the service was a little costly. But after getting IT in a Box up and going, we all now realize we should have done this a long, long time ago.”

– Derene Cochran, City Clerk / Treasurer, City of Forrest City, Arkansas

Read the full case study.


Newsletter Signup

Sign up for Sophicity's CitySmart Newsletter. Get all of the latest City Government and Municipal League news, articles, and interviews.


Recent Media

Is Your City Really Prepared for a Disaster?

Ransomware Cripples City for Weeks—and What We Can Learn

Securing Your City Employees Without Annoying Them


Events

We hope to see you at these upcoming events including:

2018 GCCMA Spring Conference 
Monday, March 26, 2018 – Wednesday, March 28, 2018 
Jekyll Island, Georgia 

GMA District Spring Listening Sessions 
March and April 2018 
Across Georgia 

KLC City Official Academy II 
Wednesday, May 23, 2018 – Friday, May 25, 2018 
Bowling Green, Kentucky 


A Taste of I.T.

Taste of IT

Recently, CIS (Citycounty Insurance Services) Oregon (located in Portland) took time out of its busy daily schedule to grill out with us for what we call a Taste of I.T. These are BBQ-heavy :) customer thank you events that we’ve been bringing to our customers. Literally each month, we bring the food and beverages and get to have lunch with your staff. Thanks to Executive Director Lynn McNamara and CIO Mark Snodgrass. We had an awesome time!


Other Solutions 

IT in a Box 
Who guarantees IT services based on your expectations? We do.

Frontline
Take action against technology issues at your city.

Data Continuity 
Peace of mind about your records and data.

Tuesday, March 13, 2018
Rodney Riga, Data Center Team Lead
Rod Riga

You’ve probably called utility service providers for help when experiencing an issue—and wished afterward that the lost time could somehow be given back to you. As you replay the call in your mind, you become even more frustrated.

Maybe the customer service representative had trouble understanding your problem.
Maybe they were sticking to some sort of call script to work through the issue.
Maybe they were making your problem more complex.
Maybe they simply didn’t have the capacity to provide proper support as promised.

In the end, you just wanted the problem solved, and you saw the issue as a relatively simple one that they should have been able to fix. Right?

At your city, you need an IT helpdesk that gets the simple stuff right. With your city staff wearing multiple hats and juggling busy workloads, there is never enough time for the unexpected. Addressing what should be a simple issue is a must so that these issues do not become time vampire nightmares.

Here are five examples of simple stuff that cities struggle with before switching to a solution like IT in a Box.

Computer Support

1. Computers, printers, copiers, and other hardware not working

We know that IT support engineers often oversee complex hardware that employees never touch such as servers and network equipment. However, it’s the heavily used hardware like computers, printers, and copiers that see the most wear and tear from employees. Printers break. Copiers stop working. Computers run into problems.

In fact, cities may even have issues with a printer or a certain computer that go on for years. Why? Sometimes the IT support vendor doesn’t really understand how to fix the root cause of a problem. Other times, the IT support vendor fails to help a city clearly understand that the best step is to replace a broken piece of equipment.

Keeping basic, heavily-used equipment up and working is a primary job of IT support. Engineers should either quickly get to the root cause of an issue or urge you to replace a piece of equipment if it’s dying or dead.

2. Access issues

This includes issues accessing an employee’s computer, the internet, email, a document management system, or an application. Everyone experiences these kinds of issues from time to time—whether forgetting a password or needing setup help as a new employee. At some cities, previous vendors have done a poor job of coordinating such access—letting many days lapse before getting back to an employee or not following a strict process for enabling authorized access. Employees should be able to call into an IT helpdesk that quickly gets them secure, approved access to important applications crucial for them to do their job.

3. Missing files

In this case, we’re talking about missing files that are the result of human error and still retrievable (such as “deleted” files in the employee’s recycle bin folder on their computer). Even if an email or document seems gone forever, it may still exist. And depending on the city’s data backup and disaster recovery system, even seemingly permanently deleted files can be recovered. A good IT helpdesk will not throw up their hands but instead work with the employee to find or restore data that seems like it vanished.

4. Frozen or locked computers

It’s not uncommon for a city to tell us they have struggled with this issue for years. As a result, employees unnecessarily suffered with slow computers. A good IT support vendor will immediately address likely causes of frozen computers such as:

  • Software patches: Patches not only resolve security issues but also resolve performance issues and bugs.
  • Software updates and upgrades: As technology evolves, software must evolve with it. Updates and upgrades help software keep pace with the higher demands of modern operating systems, multimedia, sophisticated applications, and higher internet speeds.
  • Aging, obsolete hardware: On average, computers start to become a liability after five years. In many cases, a slow computer may be the result of age and it eventually becomes less costly to just replace the computer rather than support it until the machine dies.

5. Resolving issues with other software and technology vendors

We call this “vendor management.” Many cities—by themselves or through the help of a previous IT vendor—have often tried to resolve ongoing issues with internet service providers, software vendors, or hardware vendors. Sometimes, issues are extremely technical and both a city and an inexperienced IT vendor might not understand the exact root cause. For example, a city might spin its wheels about slow internet for years as an internet service provider simply tells staff to restart their modem every day and limit the use of streaming video. By contrast, an experienced IT support engineer may discover a cabling, port, device, or configuration issue. Then, that engineer would work with the ISP until the problem is resolved.


In a recent case study, a city clerk told us “…we all now realize we should have [switched to IT in a Box] a long, long time ago.” A major reason for that reflection was the city’s experience with unreliable IT support. Having the right IT support makes a huge difference to city operations on so many levels.

Are you struggling with simple IT issues that just never get resolved? Reach out to us today.

Wednesday, March 7, 2018
Nathan Hall, Network Infrastructure Consultant

Nathan Hall Just as internet access is standard at nearly all organizations, Wi-Fi access to the internet is nearly at that same level of expectation. Most organizations rely on it internally and guests expect it. So many employees use untethered devices such as laptops, smartphones, and tablets—and those devices often work best with wireless access.

Simply buying a few retail wireless routers and setting them up yourself may not meet your needs. It’s not uncommon to see cities with spotty wireless access, slow wireless internet connections, and even a risk of data breaches through unsecured wireless access points.

If you’re struggling to provide quality, consistent, and reliable wireless access for your guests and employees, then you may want to explore these four ways to improve your situation.

Wireless Icon

1. Look at your technology foundation.

The root of many wireless issues goes deeper than your wireless equipment. You may want to assess your:

  • Internet service provider: Have you reviewed your ISP options lately? Your city needs a stable and reliable solution. Look at your uptime and make sure you’re getting business-class (rather than a consumer-class) service.
  • Network equipment: Are your network systems able to handle your wireless needs? Your network includes switches, routers, and firewalls appropriate for your needs.
  • Modernized hardware: You may have great wireless equipment but lack devices that can use it properly. Aging laptops will often have trouble connecting to wireless access points.

2. Make sure you’re using scalable, business-class wireless equipment.

If you’re tempted to buy your wireless equipment at a retail store, don’t. Consumer-grade wireless equipment will likely not fit your needs—especially when you have to scale as more employees and guests use it.

As one example, many consumer-grade wireless routers only provide what’s known as “single band connectivity.” At home, you might connect to one 5 GHz or one 2.4 GHz band at a time. Now imagine if all your city employees tried to get onto that single band through your home router. Like a rush of traffic on a single lane highway, your internet will slow down. By contrast, business-class wireless equipment provides you dual band or triple band connectivity options—giving you more “lanes” so to speak. These “lanes” help you accommodate all your users’ needs—including high-bandwidth activities like accessing videos or large files.

3. Ensure proper wireless coverage appropriate for your city.

Walls, floors, and other equipment (such as electronic devices and appliances) can all affect your wireless connectivity. You might have employees in a basement or on a top floor struggling to get a good wireless connection. Part of your wireless access planning needs to involve coverage. Who needs wireless access? What equipment will provide an appropriate range? How much equipment do you need to provide multiple access points? Without proper planning, cities may have too little equipment for their needs.

4. Secure your wireless access and improve your wireless security policies.

Why is security important for wireless access and reliability? When you aren’t managing your wireless access, you don’t know who is on your network, how many users are on your network, or what they’re doing.

In a previous post about wireless access security, we recommended that you:

  • Secure and lock down all wireless devices.
  • Remove physical wireless access hardware from the public or unauthorized employees.
  • Apply patches and upgrades to wireless devices.
  • Use appropriate wireless hardware and configure it properly.
  • Monitor and maintain your wireless network for security risks.

If someone is abusing your wireless access, then you could see significant slowdowns when employees try to access the internet.


Is your wireless access unstable or unreliable? Reach out to us today.

Tuesday, February 27, 2018
Patrick Perry, Network Infrastructure Consultant
Patrick Perry

We secure our cars, but we don’t drive Batmobiles. We like to unlock our car doors with one click but it’s still possible for a criminal to smash the window and grab something inside. It’s a trade-off.

We secure our homes, but we don’t live in a fortress with a moat surrounding it. We can unlock our doors with a key and perhaps a security system with an easy-to-remember code. Yet, if someone really wants to enter your home, it’s still possible. It’s a trade-off.

Similarly, your information technology needs to allow your city staff to easily perform work while keeping them secure. Sure, you could remove all access to the internet—but then you would get very little done. Sure, you could whitelist every single website that employees visit—but that takes excessive oversight and IT support.

What’s the right balance? If you are too lax with your information security, then you make yourself an easy target for bad actors (such as hackers). If you are too strict, then employees become unproductive, frustrated, and trapped.

Here are a few best practices that can help you balance both user productivity and security.

1. Monitoring and alerting for suspicious activity

Monitoring and alerting technology, coupled with proactive IT, provides early identification of suspicious activity and anomalous incidents before they become serious. For example:

  • An employee’s email account is being accessed remotely from Kazakhstan.
  • A large download or upload of data starts occurring in the middle of the night.

By proactively noting suspicious activity, you may be able to stop a data breach or data loss before it happens.

2. Enterprise-grade antivirus

Enterprise-grade antivirus is quite good at shielding and blocking obvious risks when employees accidently do something wrong. This software will flag and stop many viruses before they are activated, and it will also help prevent employees from entering suspicious websites or clicking on malicious email attachments. It’s not perfect, but antivirus software stops a lot of obvious breaches that result from employee error.

3. Patch management, software upgrades, and browser security

In addition to antivirus software, patching and upgrading your other software helps prevent employees from exposing your city to a virus or data breach. Patches often contain fixes to security vulnerabilities, and up-to-date software is built more securely than older software. Your accounting, office productivity, operating system, web browser, and other software all need regular patching and updating.

For example, keeping modern browsers up-to-date (such as Chrome, Firefox, or Edge) ensures that each browser’s built-in virus and malware protection helps prevent users from entering risky websites. When a user clicks on a bad website, a clear warning will often appear. It is important to keep your browsers updated to the latest version and with the latest patches.

4. Access and authorization

At a policy level, you need to restrict access to your software applications and data. Each person should be assigned the least security privileges required for them to do their job. For sake of ease, many cities allow administrative access (or full access) to many employees—even if those employees should not have access to sensitive information. By restricting access, you mitigate the risk of stolen, deleted, or corrupted data.

5. Wireless network security

It’s not uncommon to encounter an easily compromised wireless access point at a city. Warning signs include:

  • No password needed to connect.
  • An unencrypted or weakly encrypted connection.
  • A default admin password identified in the original wireless access point packaging.

It’s essential that you require employees (and everyone) to log into a secure wireless network that you host. Also, make sure that wireless access points are set up by authorized IT staff or an IT vendor.

6. Physical access

Any employee shouldn’t be able to wander into a server room or have physical access to a computer. Protecting equipment through locks, encryption, and passwords is a sensible security precaution.

7. Application controls

Software that deals with important data needs controls over data input, processing, and output. Otherwise, employees could accidently (or intentionally) delete, alter without logging, corrupt, or even steal data. You also don’t want users seeing data they should not be able to see.

8. Content filtering

Content filtering can help block bad websites—and unfortunately many good websites. Whitelisting websites is very secure but it’s a pain for employees as they must submit many legitimate websites to someone within the city for approval. However, certain temp employees or employees focused on simple tasks may not need full internet browsing to do their jobs. Content filtering may work well to keep them focused.

9. Creative training

Employee error is the root cause of a high percentage of data breaches, viruses, and permanently lost data. All it takes is one employee to click on a malicious email attachment or website and you’ve got a potential data breach on your hands.

Consider training that is:

  • Ongoing: This helps reinforce cybersecurity lessons for existing employees while training new employees.
  • Test-oriented: For example, IT can periodically test city employees with mock phishing attacks to see if employees will click on malicious emails. If a user gets fooled, especially multiple times, they may need extra training.
  • Leader-oriented: City leaders such as the city manager, city clerk, and department heads need to buy into the importance of cybersecurity training. Otherwise, no one will take it seriously.

These best practices will help you balance employee productivity with security in a way that won’t overwhelm or slow employees down. If you need help finding a right balance, reach out to us today.

Wednesday, February 21, 2018
Jessica Zubizarreta, Network Infrastructure Consultant

Jessica Zubizarreta 

When we begin working with many of our city customers, we often see the need to modernize dated hardware, software, and systems. We know this is sometimes a scary prospect.

First, old habits die hard. City staff get used to familiar servers, computers, or the way their network operates. Second, the budget for new equipment often seems too expensive. As a result, it becomes tempting to stick with old equipment until it dies to “maximize the investment.”

However, there are five major reasons why modernizing your hardware is important and should take place on a regular replacement cycle (or better yet, why you should move to a cloud platform that eliminates the need for some hardware).

Computer at a desk1. Old hardware is more likely to break down.

Treating hardware like a junker car is not wise. When you use hardware until it breaks down, you don’t know when it will break down, what it will impact, and how you will stay operational. What if your hardware breaks down during a busy time of year? What if your dead server impacts payroll for weeks? How long will it take you to order new hardware, transfer all the data (if you backed it up), and get a new server up and running? Waiting for hardware to break down begs for unnecessary disruption.

2. Old hardware freezes up and slows down more often.

As hardware ages, it impacts your city’s operations more and more. Signs of disruption include:

  • Servers and computers crashing.
  • Servers constantly needing rebooting or restarting.
  • Computers and software applications slowing down to a crawl.

Like an old car that constantly breaks down, these problems can become expensive—so expensive that simply buying modern hardware will save you money in many cases. Just add up the costs of wasted employee time and billable hours for IT vendors. After a certain point, your older hardware is just bleeding money.

3. New software and applications often don’t work on old hardware.

Technology evolves quickly—so quickly that older hardware has trouble running newer software and applications. This problem only increases with time. Just think about your smartphone. Why do you think so many people upgrade every two years? The more sophisticated mobile apps become, the more they need the latest hardware to run properly and efficiently.

At your city, you need the ability to run important software for activities such as accounting, records management, or utility billing. Even basics like web browsing, email, and productivity software require modern hardware. When you modernize your hardware and move some applications into the cloud, you are able to use modern software and applications—which increases your capabilities and productivity as a city.

4. Older hardware becomes harder to support.

Your city staff or trusted IT vendor might be able to put out your hardware fires to get you by for a few more days or weeks, but that’s often a temporary solution. As hardware gets older, it’s less likely that the vendor will continue to support it. That support includes patches for security vulnerabilities and updates that fix bugs.

With cybersecurity so important today and cities constantly targeted with ransomware, viruses, and phishing attacks, it’s a major liability to use old, unsupported hardware. Keeping it around increases your risk of a data breach. Modernizing your hardware makes your information more secure.

5. Older hardware hits annoying storage and memory limits.

To function as a city, you require appropriate information storage. Yet, many cities find themselves in awkward storage “battles” with their servers and computers. Offloading information to external hard drives, deleting emails, or erasing older information before you want it deleted are all signs that your hardware cannot handle your demands.

Especially think about your records retention, body camera video, or email needs. Do you really want old, aging hardware dictating what you must keep or delete? Modern hardware also contains plenty of storage for affordable prices. By modernizing your hardware, you will likely have plenty of affordable storage for your needs as well as retention compliance.


We’ve worked with many cities where upgrading from aging hardware to modernized hardware made a night and day difference to operations. Benefits included:

  • Cloud applications that are automatically updated, supported, and accessible anywhere/anytime over the internet.
  • Servers with increased, affordable storage that accommodated modern software application performance and storage requirements.
  • The ability to use software and applications that enhanced city operations and productivity.
  • Higher security that reduced the risks of data breaches.

Ready to explore hardware modernization? Reach out to us today.

 

Wednesday, February 14, 2018
Dave Mims, CEO

Dave MimsAs the “Jewel of the Delta” and an important business hub in Eastern Arkansas, Forrest City rests almost exactly between Little Rock and Memphis. I-40, Arkansas Highway 1, and two railways go through Forrest City—making it an important location for both businesses and residents.

Doubling in population since 1950, the city has continued to see steady population and business growth in recent years. To support more businesses and residents, Forrest City’s staff at city hall needs reliable technology. However, some uncertainty and technology issues started to hinder the city from not only serving its citizens but also complying with the important Legislative Audit.

Forrest City City Hall

Challenge

Forrest City has four primary locations that each had its own technology challenges.

  • City Hall: In many cases, challenges arose with things such as printing issues and employees needing help accessing their computers. The city’s technology support had trouble even completing such simple requests. Uncertainty with data backup and a lack of clear policies also worried the city about passing Legislative Audit.
  • Library: Because the library needs to give public access to specific computers, some security issues existed related to that access. The software and support for enabling public access also led to inefficiencies and problems with authorizing users. Online, the library’s website looked outdated and needed a refresh while making it easier for library staff to update information.
  • Public Safety: With aging, outdated technology infrastructure, public safety’s systems needed an upgrade and some modernization. Some uncertainty also existed with their data backup and disaster recovery.
  • Court: Computers often froze and locked up, and the city’s vendor support was not capable of quickly handling these issues remotely. Onsite visits were expensive and not timely—leaving employees without working computers for days. Some uncertainty with data backup and recovery existed. Issues with IP phones also lingered, and the city did not have someone on staff to engage technically with the vendor to thoroughly understand and solve these issues.

While some problems overlapped across city departments, many unique problems made it challenging for the existing vendor to serve the city. With the current vendor not up to the task and the city worried about passing the legislative audit, it was time for a change.

Solution

Needing experienced IT professionals who also had significant municipal experience, Forrest City chose the Arkansas Municipal League’s “IT in a Box” service.

Once Sophicity began to implement the IT in a Box service, Forrest City had many of its technology issues resolved fairly quickly. The services within IT in a Box included:

  • 24x7 helpdesk: Sophicity provides 24x7x365 support to city staff. Experienced senior engineers are ready to address any IT issue both remote and onsite—ASAP. Forrest City staff no longer had to wait for an unresponsive vendor to solve issues or look up different random IT vendors in the phone book that were not familiar with the city’s IT environment.
  • Server, desktop, and mobile management: Many of Forrest City’s issues resulted from a lack of proactive IT management. Sophicity now proactively keeps computers patched, protected, and healthy to both keep computers operating properly and to guard against cyberattacks.
  • Policy and compliance: Through implementing proactive IT best practices, Sophicity also went a step further by:
    • Addressing security issues related to Legislative Audit: Sophicity helped resolve Forrest City’s issues with information systems management, contract / vendor management, network security, wireless networking security, physical access security, logical access security, and disaster recovery / business continuity.
    • Drafting policies to help the city comply with Legislative Audit: Because Sophicity works with cities that must comply with Legislative Audit, policies and procedures were quickly created that met the demands of auditors.
  • Data backup and offsite data backup storage: Forrest City received unlimited offsite data backup storage and retention for disaster recovery and archiving. No longer did staff have to worry about data backup with Sophicity’s real-time monitoring and quarterly testing.
  • Vendor management: The city did not have to worry any longer about frustrating calls with vendors about software issues or hardware procurement. Sophicity deals with any technical issues related to the city’s IP phone system, the email/fax system, the library software, and other specific technology-related vendors.
  • New city websites: The library immediately received a modern fresh custom-designed website with Sophicity hosting the website and managing the content. Plus, library staff can now also edit and update website content themselves. With such a great example already in place, city staff are currently working on a new version of the city’s website.

Results

After the city switched over to IT in a Box, they experienced many positive results.

  • Forrest City passed Legislative Audit with the burden of the process managed for them: With their systems secure and the right policies in place, Forrest City passed Legislative Audit without a problem.
  • Responsive IT support led to increased productivity and employee morale: Employees who grew frustrated with IT issues in the past that affected their productivity for days are happy to now receive remote or onsite IT support for issues that are often resolved in minutes or hours. The ability to call Sophicity 24/7/365 and receive a quick response and resolution to issues has made a big difference.
  • Data backup helped prevent the permanent loss of data: The city experienced a few incidents—including a virus outbreak—where previously the risk of permanent data loss would have been high. Instead, Sophicity used IT in a Box’s data backup solution to get the city back up and running.
  • Sophicity untangled several complex IT problems that addressed employee frustration and lack of productivity: Some complex issues related to the city’s network system setup and library software were unraveled and addressed by Sophicity—leading to long-term permanent solutions rather than the city fighting mini-crises every day.
  • Modernized hardware for a low price: Sophicity modernized the city’s aging hardware while also carefully negotiating prices that are beneficial for a local government. Aware that cities need to be good stewards of taxpayer dollars, Sophicity also made sure that the city had the hardware needed to improve productivity and citizen services.
“I recommend that cities consider using IT in a Box. They especially helped us with the Arkansas Legislative Audit. For a city with limited staff, it’s a headache for one person to sit down and get all those policies in place. Also, Sophicity is there if you need them for overall IT support. At first, we thought the service was a little costly. But after getting IT in a Box up and going, we all now realize we should have done this a long, long time ago.” – Derene Cochran, City Clerk / Treasurer, City of Forrest City, Arkansas

Contact Us Today

If you're interested in learning more, contact us about IT in a Box.

Print-friendly version of the Forrest City, Arkansas IT in a Box case study.

About Sophicity

Sophicity provides the highest quality IT products and services tailored to city governments. Among the features Sophicity delivers in "IT in a Box" are a new city website, data backup and offsite data backup storage, records and document management, email, video archiving, information security policy and compliance, server and desktop management, vendor management, and a 24x7 U.S.-based helpdesk for remote and onsite support. Read more about IT in a Box.

Wednesday, February 7, 2018
Dave Mims, CEO

Dave Mims

If you are a member of the Georgia Municipal Association’s (GMA) property and liability fund (GIRMA), then you are eligible to receive a grant from GMA’s Safety and Liability Management Grant Program to reimburse your city for up to 25% of the annual IT in a Box subscription fee.

GMA’s Safety Grant program exists to provide a financial incentive for members to improve their employee safety and general public liability loss control efforts through the purchase of training, equipment, or services. Information technology and cybersecurity remain major sources of liability for many cities. By not addressing cybersecurity threats, data backup uncertainty, and lack of cyber hygiene (such as software patching, antivirus, proactive monitoring and alerting of IT systems, etc.), cities increase the risk of a major incident such as a data breach, ransomware attack, or permanent data loss.

Save money by contacting us today. We will complete the grant application for you and work through the submission requirements on your behalf, making the whole process easy.

Your participation in GIRMA and IT in a Box makes such a grant possible. Thank you!

 

 

Tuesday, January 30, 2018
Cale Collins, Network Infrastructure Consultant

Cale CollinsOn December 17, 2017, the Hartsfield–Jackson Atlanta International Airport experienced a power outage that lasted for about 11 hours. The outage was disastrous on all levels because:

  • An electrical fire destroyed both the main power system and the backup system that were located right next to each other.
  • The outage lasted far longer than airport security experts said should happen.
  • Passengers had very little idea what was going on most of the time.
  • Airlines lost millions of dollars in revenue (with Delta alone losing up to $50 million).
  • As the world’s busiest airport, flights were massively disrupted around the world.

The shocker? Hartsfield–Jackson Atlanta International Airport did not have a clear plan for a power outage that took out the entire airport.

Your city may not be the world’s busiest airport but you can learn some important lessons about your disaster recovery plan from this actual disaster.

1. Create a true disaster recovery plan that accounts for a complete disaster.

You’re not building a “mild inconvenience recovery plan.” Disaster recovery needs to mean what it says. What happens when a real disaster hits like a massive power outage, a tornado, a flood, or a fire? Then, work backward from there. For example:

  • Who’s here?
  • What are the priorities?
  • How will you get your technology up and running after a disaster?
  • What data will you restore, and in what order?
  • What contingency plans will you create while specific data and information is not accessible?

2. Ensure that you have an offsite data backup component as a part of your disaster recovery plan.

If a disaster strikes, then your backups cannot exist in the same physical location as the information you’re backing up—even if they are right next door. You will need a distant offsite component as a part of your disaster recovery plan to ensure that your information is protected. Ideally, that offsite backup is stored in a geographical location far from your city. During a disaster, your data is safe—and you’re even able to access it while you wait for new equipment to arrive. By having an offsite data backup component, you also make sure you don’t have a single point of failure.

3. Test your disaster recovery plan.

The City of Atlanta and the Hartsfield–Jackson Atlanta International Airport admitted later that they had plans for partial outages but not a plan for a full outage because it was a “one in a million chance.” However, that’s the entire point of a disaster recovery plan. Be prepared for the worst that can happen. If you can handle the absolute worst-case scenario, then you can handle less serious scenarios.

The only way to know that you will be able to handle that worst-case scenario is to test your plan. And yes, test your plan regularly. Is your critical data actually getting backed up? Are you able to recover your data and use it in an operable fashion if a disaster hits? It’s not uncommon to find cities that never test data backups and find out too late that they do not work. By testing on a regular basis, you ensure that your disaster recovery solution works. You are not hoping that it does—you know that it does.

4. Include communication as part of your plan.

While not a technical component, communication is essential and should form part of your disaster recovery plan—both communicating to citizens and communicating internally to your staff. The Hartsfield–Jackson Atlanta International Airport communicated poorly to people and the media—leading to a lot of uncertainty, fear, and conjecture.

In case of a disaster, who will communicate to the public? Who will communicate to city staff? What happens if someone is unable to fulfill their duties? Who takes over? Communicating basic information such as the nature of the problem, how long it will take to get resolved, and what contingency plans are activated in the meantime will help you manage uncertainty. Otherwise, people panicking and barraging you with questions just adds more problems to your plate.


Learning from the Hartsfield–Jackson Atlanta International Airport’s power outage can save you some unnecessary trouble in case a disaster hits your city. Citizens depend upon you to safeguard important information and keep city operations running no matter what happens. They will depend upon 911, public safety, and city hall after a flood, tornado, or other catastrophe. If you plan and test for the worst, then you have the confidence of knowing you will be able to handle any disaster.

Need help with your disaster recovery plan? Reach out to us today.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 |