We put the IT in city®

CitySmart Blog

Friday, July 27, 2018
Jeremy Mims, Account Executive
Tuesday, July 24, 2018
Sylvia Sarofim, Network Infrastructure Consultant
Sylvia Sarofim

In April 2018, Bromium released a report, Into the Web of Profit, that noted cybercrime is now a $1.5 trillion criminal industry. By comparison, the GDP of Russia is just slightly higher than $1.5 trillion. Security Intelligence quotes Bromium CEO Gregory Webb who says:

“The platform criminality model is productizing malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as the web of profit continues to gain momentum.”

Why should cities care? This massive amount of money made at the expense of victims around the world is a wakeup call to cities in five key ways.

1. Hackers are not adolescents in a basement.

People hacking cities are often part of highly sophisticated organized crime rings. Quoted in Information Age, Dr. Michael McGuire (the lead researcher of the Bromium report) says that cybercrime is “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale.”

These criminals are targeting your cities with tactics ranging from spear phishing (imitating key decision makers at your city) to ransomware.

2. Usernames, passwords, and other sensitive information is regularly sold on the dark web.

A recent report noted “a 135% year-over-year increase in financial data for sale on dark web black markets between the first half of 2017 and the first half of 2018, and it saw a 149% spike in the amount of credit card information for sale on black markets over the past 18 months…” A McAfee report (summarized in Digital Trends) says, “When [...] login credentials are weak, hackers can use brute force attacks to gain the username and password for each [Microsoft Remote Desktop Protocol (RDP)] connection. McAfee found connections up for sale across various RDP shops on the dark web ranging between a mere 15 to a staggering 40,000 connections.”

These are just two examples of many reports that indicate how usernames, passwords, financial data, and other information sells on the dark web—often cheaply. Criminals use this information to help steal your money or weaponize for further attacks. An entire economy exists on the dark web that facilitates the buying and selling of such information.

3. Criminals exploit your security vulnerabilities.

Criminals know that most organizations don’t patch and update their software. Computer Weekly said, “Only 16% of companies investigated are clear of software vulnerabilities that external cyber attackers could use to gain access to their IT systems, a study by security firm Rapid 7 has found.”

Cities lag even behind most businesses when it comes to “cyber hygiene” such as patching and updating software. Some cities use software that can be over 10 years old (an eternity in technology time) that is no longer supported by the original vendor. That means security patches and fixes often aren’t occurring, leaving your software incredibly vulnerable to hackers.

4. Criminals take advantage of your employees.

If your employees aren’t cyber-savvy, then hackers will easily take advantage of them. Some examples include:

  • Your employee gets tricked by a fake PDF attachment that actually downloads ransomware and infects all of your systems.
  • Your employee gets an email saying that they need to change their banking password. They click on the website link and end up downloading malware to your systems.
  • Your employee gets tricked by a fake Word document that seems to come from the city manager and ends up downloading a virus that infects your servers.
  • Your employee gives away your city’s banking information over email to a phisher posing as the city manager.
  • Your employee gives away their username and password over the phone to a hacker posing as an IT vendor.

Without training and constant reminders about cyber awareness, your employees will become the weak link in your security—even if you’re doing well with your technical security. Training will help your employees spot email scams (such as phishing, spear phishing, and whaling), phone scams (vishing), and in-person scams.

5. Criminals take advantage of weak passwords.

Every year, SplashData publishes a list of the worst passwords actually used by organizations mostly in North America and Western Europe. In 2017, the top five worst passwords were:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345

Other bad, commonly used passwords include “admin,” “starwars,” and (yes) “trustno1.”

Think about it. Sophisticated criminals aren’t hacking into your servers and computers and then spending time guessing your password. They are using automated software that helps them crack passwords. Easy passwords will crack so easily that getting into your systems will seem like a joke. Passphrases, complex passwords, two factor authentication, and other password best practices can help prevent criminals from easily gaining access to your sensitive and confidential information.


Cybercriminals are not playing games. Over a trillion dollars is the reward. They are after your money and data. The question is: Are you going to support their efforts with your weak security? Or will you invest in the right security to encourage them to pass you over?

Need help assessing your cybersecurity? Reach out to us today.

Friday, July 20, 2018
Jeremy Mims, Account Executive
Thursday, July 19, 2018
Dave Mims, CEO
Dave Mims

In the criminal world, cybercrime has become a $1.5 trillion “industry.” Yes, trillion. With a “T.” If cybercrime was a country, it would have the 13th largest economy in the world.

Cybercriminals view organizations all around the world as low-hanging fruit to plunder. And cities are a big target! This year alone, we’ve seen many cities targeted with ransomware, malware, and hacking.

No matter the size of your city, you are a target. Municipal leagues have been requesting me to give presentations about cybersecurity from Arkansas to Georgia. I’m passionate about making sure cities are protected from cyber threats. For me, it comes down to 3Ps and 3 Fundamentals.

Your biggest risks are Passwords, Patching, and People.

The fundamentals to get right are the Wall, the People, and the Escape.

To learn more, check out either my Georgia Municipal Association presentation (Cyberattacks and Georgia’s Cities) or my Arkansas Municipal League presentation (Cybersecurity: Is My City at Risk? What Can I Do?).

With cybersecurity, mitigating your risks is important. Yes, you want to spend with discipline and frugality, but not spending enough dooms you to fail—as we mention in our featured article.

In customer news, check out the following new websites:

(Plus, every Friday on our blog, Facebook, and Twitter feeds, we showcase the website of a city we serve with the hashtag trend #WebsiteFriday.)

We’d also like to welcome Franklin Springs, Georgia to the Sophicity family.

As always, don't hesitate to reach out to me if you have something to share with our local government community.

Blessings,

Dave Mims


If You’re Not Spending Enough on IT, You’re Doomed to Fail

You might think your city’s size makes IT less important. Not so. In today’s world, IT has become the backbone and an essential utility for most organizations. But unlike traditional utilities, many cities think they can get by with underinvestment in something so crucial to city operations.

Waiting for an IT-related disaster or disruption before you invest is simply negligent. And the public can grow cynical about your city when they realize that suddenly you found money in your budget to pay for IT after a disaster. It tells them you did have the money all along but chose not to spend it...why? Why operate with that risk?

While there are many repercussions to underinvesting in information technology, we highlight 5 of the biggest ways that not spending the necessary money will doom your city to fail.


Newsletter Signup

Sign up for Sophicity's CitySmart Newsletter. Get all of the latest City Government and Municipal League news, articles, and interviews.


Recent Media

The Risks of Hoarding City Records and Body Camera Video

5 Questions to Assess Your IT Helpdesk

It's Not Disaster Recovery When…


Events

We hope to see you at these upcoming events including:

2018 Kentucky Master Municipal Clerks Academy
August 22-24, 2018
Burkesville, Kentucky

Georgia Clerks Education Institute Fall Conference 2018
September 9-11, 2018
Athens, Georgia


Apply GMA's Safety and Liability Management Grant Toward 25% of IT in a Box’s Cost

If you are a member of the Georgia Municipal Association’s (GMA) property and liability fund (GIRMA), then you are eligible to receive a grant from GMA’s Safety and Liability Management Grant Program to reimburse your city for up to 25% of the annual IT in a Box subscription fee.

Read about the City of Pembroke, Georgia receiving a GMA liability grant for IT in a Box.

Friday, July 13, 2018
Jeremy Mims, Account Executive
Wednesday, July 11, 2018
Brian Ocfemia, Engineering Manager
Brian Ocfemia

Are you a hoarder? Do you keep everything—every record, every video, every file—indefinitely? In some cases, this leads to expensive physical or electronic storage costs. In other cases, you may find yourself crushed by the operational burden of storing and managing so much data. You may think, “I need to be ready in case we need it.” Or maybe you are just too busy to regularly and consistently prune information.

Hoarding records may seem responsible on the surface, but it’s not. Hoarding opens your city up to legal, operational, and financial risks. Let’s look at some of these risks in more detail.

1. You’re adding a legal risk to your city.

Records retention policies provide you a record lifecycle that begins with creation and ends (for most) with disposal. Depending on your adopted records retention policies, you are only required to keep most records for a finite amount of time. Then, you may dispose of those records. That means if someone requests a record after you legally dispose of it, you are not required to produce it.

Not following this process opens yourself up to legal risks. For example, someone may ask you to produce records that go far back in time. If you have those records, then you must produce them. This creates unnecessary work and opens you up to legal issues that could have been easily avoided.

2. You’re adding an operational burden to your city.

No matter who does the work to search for records—you, your staff, an IT vendor, a legal team—someone is using up your time and money. The more records you indefinitely store, the more labor you will need to find those records. Those operational costs add up and a request can be highly interruptive (especially when members of your staff dedicate time searching for records). After producing the record, you may need additional time reviewing and redacting what you’ve found.

Managing less records by disposing of them according to your retention schedule, along with better organizing existing records, allows you to lessen the amount of retrieval time. An IT vendor with experience in municipal records retention storage and retrieval can also help you reduce operational costs.

3. You’re adding a storage burden to your city.

Whether you have physical records or electronic records, the cost of record storage grows year after year as you hoard records. By following records retention schedules, you lessen the amount of physical and/or electronic storage needed—reducing your costs and data management burden.

This is especially helpful in a storage-intensive area such as body camera video. Video records create a large record footprint to manage, but you don’t need to compound that problem by retaining records past the retention schedule. In Kentucky, it’s 60 days (unless part of a criminal investigation). In Georgia, it’s 180 days (unless part of a criminal investigation). Other states vary, but the timeframes are relatively short. There’s no reason to keep such large amounts of video past the retention deadline when the data takes up massive amounts of storage and incurs legal and operational burdens.


Following records retention best practices not only helps you comply with the law but also benefits you financially and legally. Reduced costs, reduced risks, and reduced operational and data management burdens all result from not hoarding any and all records.

Need help tightening up your records retention processes to reduce risks and costs? Reach out to us today.

Monday, July 9, 2018
For Bryan County Now

As reported by For Bryan County Now, the city of Pembroke was recently awarded a Liability Grant from the Georgia Municipal Association (GMA) in the amount of $3,200 for the purchase of IT in a Box.

IT in a Box is technology the GMA helped create that can be used for backing up and securing data to modernizing websites.

“This program allows each city to stretch their budget dollars and provide a safer work environment for their employees,” said Eileen Thomas, marketing field manager for the GMA, on June 11.

 

IT in a Box services include: 
  • Cybersecurity and computer maintenance
  • A 24x7 helpdesk
  • Data backup and disaster recovery
  • Records / document management and email
  • Video archiving
  • Policy and compliance practices and procedures
  • Website production and management
  • Vendor management and procurement

 

The GMA Safety and Liability Grant program was introduced in 2000 to provide a financial incentive to assist members in improving their employee safety and general public liability loss control efforts through training and the purchase of equipment or services. Since the inception of the program over 130 cities have received grant money through the program, over 500 grants were approved totaling nearly $1.5 million to fund items such as bulletproof vests, training videos, confined space entry equipment, reflective safety vests, fire department turnout gear and police department in-vehicle video systems. These grant funds have helped leverage the purchase of over $2.6 million in this type of equipment and training.

Based in Atlanta the GMA is a voluntary, non-profit organization that provides legislative advocacy, educational, employee benefit consulting services to its over 500 member cities.

Friday, July 6, 2018
Jeremy Mims, Account Executive
Wednesday, July 4, 2018
Dave Mims, CEO
Friday, June 29, 2018
Jeremy Mims, Account Executive
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 |