We put the IT in city®

CitySmart Blog

Friday, November 16, 2018
Kevin Howarth, Marketing & Communications
Wednesday, November 14, 2018
Nathan Hall, Senior Engineer and Team Lead
Nathan Hall

According to a recent study by Positive Technologies, “As expected, the most successful social engineering technique is the use of a phishing link—27 percent of employees clicked it. Users are not picky when reading the link URL, sometimes clicking it without a second thought. When a user is prompted to download a file and then run it, every additional requested action raises more suspicions. In these cases, only 7 percent of employees were inattentive and fell for the bait.”

With phishing attacks, more steps create red flags—and that means it’s less likely employees will fall for the scam. But phishers are getting better and better at making emails look legitimate. And if scam emails look legitimate, many employees will fall for them.

If you don’t think phishing is a problem at your city, take your total number of employees and multiply that by 0.27. The answer is the total number of employees who are statistically likely to click on a phishing email. But remember it only takes one employee to be fooled for your city to become the latest victim of cyber criminals.

Training helps lessen that risk. In this post, we dissect the tactics scammers use in phishing emails. Your city employees should know about these tactics and receive regular training about them.

1. Convincing email subject lines

A recent TechRepublicarticle outlined 11 common email subject lines used to trick employees. Notice the pattern for how these subject lines are meant to get your attention and replicate an urgent notice from a legitimate source.

  • Review or Quick Review
  • Bank of [Bank Name]; New Notification
  • Charity Donation for You
  • FYI
  • Action Required: Pay your seller account balance
  • Unauthorize login attempt
  • Your recent Chase payment notice to [name of employee]
  • Important: (1) NEW message from [Bank Name]
  • AMAZON: Your Order no #812-4623 might ARRIVED
  • Wire Transfer
  • Assist Urgently

Scammers are looking to get your attention so that you open their email, and they use compelling email subject lines to do it.

2. Convincing sender email address

Scammers have gotten good at spoofing email addresses from people. You may receive an email that looks suspicious (such as saying, “Click here!”), but you might trust the email because it looks like a friend, family member, or co-worker sent it. Their name appears along with their correct email address, so you logically think it’s from them.

So, how do you know whether it’s really from them? Look at other clues within the email. Does the message sound like something that person would send? Is it consistent with previous messages? If you have any doubt at all, call that person and ask if they sent it.

3. Convincing message

Here is where scammers often hit pay dirt. They become better and better at writing messages that seem legitimate. Let’s look at two tactics.

Classic deception

Scammers craft mass email messages that seem legitimate and trick you into clicking. For example, you might receive a message that says, “You have (1) new Amazon reward ready to claim.” If the email contains other Amazon-like messaging that seems legitimate and you’ve participated in similar rewards programs with companies, you may click on the link.

Business email compromise and spear phishing

Business email compromise takes a variety of forms but often involves scammers taking over an email account (by gaining access to a username and password), targeting specific people in your city by pretending to be the person whose account they took over, cultivating a targeted person over a period of time, and then enacting the scam.

According to the FBI, “[In] just about every [business email compromise] case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.”

Business email compromise is different than “spear phishing,” which involves the same tactics but instead relies on a spoofed email address rather than a compromised email account. The City of Paris, Kentucky experienced a spear phishing attack last year. If you want to learn more, we wrote a blog post interviewing the city clerk and analyzing the email.

4. Convincing look and feel

Another approach involves closely copying legitimate emails from a graphic design perspective. One way that people assess emails is by the look and feel. If it looks professional and sophisticated, it must be okay, right?

Take a look at this email. The scammer copies Google graphics fairly well so that, at a glance, it looks legitimate. The Google logo is correct, the blue button looks like Google buttons, and the messaging below the button looks professional.

 

However, a few things should raise red flags:

  • The email address does not look professional or related to Google at all.
  • “GoogleSupport” is one word. That’s odd.
  • What’s a “returned email message”? If you’ve used email for many years, you know that emails sometimes bounce back and you receive an automated message from the recipient. But you don’t get “returned email messages” with email.
  • An organization like Google would send clear, professional, detailed messages during the rare times they contact you. This email raises more questions than it answers. It’s cryptic.
  • Hovering over the button shows a URL that is suspicious and not related to Google at all.

Again, if you have any doubt whatsoever about an email, don’t click on anything. Instead, go directly to the company’s website or application. For example, if you had doubts about the message above, go directly to your Gmail account and see if any legitimate alerts or messages are waiting there.

5. Convincing attachments

Phishing scammers love it when you open attachments full of ransomware, malware, or viruses. To tempt you to open them, they use Word documents, PDFs, and zip files with normal business terminology like “contract,” “invoice,” “order,” etc. For example, look at the following message.

 

At a glance, you might just see “Apple” and “Order” and think, “Did I order something? Let me check the order.” You click on the PDF and…it’s not a PDF. Something starts downloading to your computer and suddenly you’ve got a ransomware virus infecting your city.

Do not, do not, do not click on suspicious attachments. In the email above, notice the strange email address and complete lack of information about the order. If you have doubt, ask the sender if they sent you a legitimate email with a file or document.

6. Convincing links and buttons

Scammers can sometimes spoof links and buttons. In some sophisticated phishing emails, a link can look legitimate but then redirect you to a malicious website that asks you for a username/password, financial information, or information that helps a hacker take over an account. Other links may initiate or get you to download malware, ransomware, or a virus.

Unless you are absolutely certain an email comes from a trusted sender, don’t click on links from an email. For example, even if you think an email from your bank is legitimate, be safe by going directly to the bank’s website.


By understanding the different components of a phishing email, you can better spot the signs of a scam. This post should also highlight the importance of cybersecurity training for city employees. Addressing topics like phishing helps city employees stay aware and guarded against cyberattacks—lessening your risk of human error and lowering your liability.

Need help with cybersecurity training? Reach out to us today.

Friday, November 9, 2018
Kevin Howarth, Marketing & Communications
Tuesday, November 6, 2018
Dave Mims, CEO
Dave Mims

While cybersecurity can seem like an overwhelming problem, we strongly and consistently encourage cities to start with the initial step of addressing the most important low-hanging fruit risks we call the 3Ps: passwords, patching, and people.

If cities can improve upon these three areas, they can eliminate some of the biggest risks that lead to viruses, ransomware, hacking, and cybersecurity incidents. Being proactive and intentional about these problems will lead to strengthening your overall cybersecurity and decreasing your liability.

Let’s look at the 3Ps in more detail.

1. Passwords

Too many cities still use default passwords, obvious passwords (such as a child’s name, pet’s name, college mascot, birthdate, etc.), or weak passwords (like “123456”). Half of all security breaches involve stolen or easily guessable passwords. The weaker or looser the security around a password (such as people writing their passwords on paper notes around their desk), the easier it is for hackers to break into your systems and steal information. Hackers use automated software to look for holes in your systems. That automated software attempts common and weak password combinations that are easy to crack.

To protect yourself:

  • Do not write passwords down and leave them visible.
  • Use a password on all devices.
  • Do not use simple or obvious passwords. We strongly recommend using passphrases.
  • Do not save passwords to websites and applications.
  • Change passwords regularly.
  • Do not use the same password for all systems you access.

Two Factor Authentication (2FA) is also becoming easier to use and vastly decreases the risk of a hacker using a password to break into your systems. With 2FA, your employees may enter their email login information and then receive a notification through an app on their phone that they use to complete the sign-in process. Even if a hacker somehow obtains an employee’s username and password, the information is worthless because they are required to validate the authorization through an app on the employee’s phone—which obviously they cannot access.

2. Patching

So many data breaches and cybersecurity incidents—including major stories that dominated headlines over the past two years such as Atlanta, Equifax, Petya, and WannaCry—are rooted in a simple failure to patch software security vulnerabilities. Sadly, government entities (including cities) significantly lag on replacing outdated software, patching current software, and implementing endpoint defense that makes sure devices connected to the network follow a compliant process.

It’s not unusual for us to see cities using software that is 8-10 years old—or even older. That’s an eternity in technology time—so much so that software vendors often stop supporting those systems. If you keep using older software, then security vulnerabilities are not getting patched and that software becomes more of a major vulnerability for your city. By not regularly applying patches, whether your software is older or newer, you are choosing to leave security holes open for hackers to exploit.

In a previous post, we discussed a few important points about patching:

  • Patch management is an essential element of cyber protection. Just do it. Fears such as “I’ll break my software” mean you need to modernize your software or you’re making excuses.
  • You need IT professionals overseeing patch management and following rigorous procedures. There are too many risks when you let non-technical city employees apply patches themselves.
  • Non-technical employees aren’t able to test patches before applying them. IT professionals test patches to monitor possible issues and ensure they will work before full-scale deployment.
  • Patches need to be applied to all your machines regardless of their location. That includes the devices of remote employees using your city-owned hardware and software.

3. People

A recent survey shows that 64 percent of working adults either did not know the definition of ransomware or defined it incorrectly. In addition, 32 percent of working adults could not define malware or misunderstood it.

Now, ask yourself, even if you have the best information security at your city:

  • Who is likely to receive an email with ransomware?
  • Who is likely to click on a malicious website link?
  • Who is likely to open a malicious file attachment?
  • How is ransomware most likely going to enter your city network?

The answer? People. It’s possible that you, your staff, or some other user on your network will make a mistake that leads to a cybersecurity incident.

And what’s the answer to combatting this weakness? Training.

Today, training employees about cybersecurity is more important than ever. Hackers use techniques that trick employees into handing over access to your systems—and criminals know that people can be the weakest link in your security. Those who need ongoing regular training include your mayor, elected officials, the city manager, the city clerk, and department heads, along with all other employees.

We’ve created a blog post titled “How to Create Effective Cybersecurity Training for Cities” that outlines what you need to cover in your cybersecurity training and how to get started.


Remember it takes just…

  • One unprotected or unmanaged computer for a cybercriminal to exploit.
  • One unsuspecting employee for the cybercriminal to trick.
  • One critical best practice to overlook (such as regularly patching your software) for a cybercriminal to steal your data.

If you need help with the 3Ps, reach out to us today.

Friday, November 2, 2018
Kevin Howarth, Marketing & Communications
Wednesday, October 31, 2018
Brian Ocfemia, Engineering Manager
Brian Ocfemia

As the Georgia Municipal Association points out in its City Clerk Handbook, “A good records management plan requires a lot of education and hard work. As the records custodian of your city, you must inventory, organize, maintain, archive, and delete records according to the city’s records retention schedule.” These records retention schedules usually follow specific, rigorous state laws—making this aspect of a city clerk’s job one of the most difficult and detail-oriented.

While the field of information technology does not seem at first like a records retention ally, experienced IT engineers can help city clerks beyond just providing hardware and software. Here are six ways that technology can ease your burden.

1. Applying records retention schedules to the document management software and automating specific tasks related to those records.

Different documents will have different records retention schedules according to law, and these rules can be applied to records that you store in your document management system. Upload a document, tag it by type, and know that the schedule is applied automatically. You can classify documents and set times for them to be staged, reviewed, and purged. Otherwise, the manual aspect of trying to remember what schedules apply to what documents can get overwhelming and lead cities to make errors or keep all documents indefinitely.

2. Assisting with search and retrieval.

Getting an Open Records Request or FOIA request is always a pain for city clerks. It takes time to search for specific records, and sometimes they can be hard to find. We often surprise cities when we tell them, as part of IT in a Box, that we can help city clerks process these requests.

Quick search and retrieval is rooted in having:

  • Google-like search capabilities to help you easily and intuitively find documents.
  • Highly organized documents ideally organized by groups that match records retention categories.
  • Tagged documents with useful labels so that you can find them by different search criteria.
  • Significant data storage capabilities so that you don’t worry about running out of room.
  • 24/7 access (versus 9 to 5 access) so that city employees can access documents anywhere, anytime.

3. Deleting records according to records retention schedules.

Many cities keep all documents indefinitely for fear of purging a record accidentally. While that caution is admirable, two key problems emerge:

  • Unnecessary use of storage space. You are keeping documents you don’t need to keep.
  • Unnecessary liability related to keeping documents. If you have a document, even if you’re not required by law to keep it, then you must produce it if asked.

In a blog post earlier this year, we cautioned about some of the dangers related to hoarding city records instead of purging them according to state records retention law:

  • You’re adding a legal risk to your city.
  • You’re adding an operational burden to your city.
  • You’re adding a storage burden to your city.

As we say in the post, “Depending on your adopted records retention policies, you are only required to keep most records for a finite amount of time. Then, you may dispose of those records. That means if someone requests a record after you legally dispose of it, you are not required to produce it.”

4. Going paperless.

Paper may seem safer than electronic information because you can see and touch it. However, paper has many disadvantages including:

  • Single copies of important documents that can be lost or destroyed.
  • Physical storage space limitations.
  • Money wasted on paper and ink.
  • A requirement for people to go to the physical location to get access to a document.

By scanning your paper documents into your records management system, you will be able to search for and find them much easier. Plus, electronic copies can be backed up, making sure that the chance of data loss from theft, fire, flooding, or simply losing documents goes way, way down.

5. Enhancing security.

A document management system introduces more security and protects the integrity of your city records. Many cities without a document management system may store city records on unsecured computers or shared folders with no real authorization policies or procedures. Your IT staff or vendor can help you:

  • Create authorization policies that only allow specific people to edit or delete city records.
  • Protect access to the overall document management system with a strong password policy and other security features.
  • Keep the document management system software patched and updated.
  • Ensure that files are encrypted and protected, as needed.
  • Track all document interactions and changes while creating an audit trail (which is especially useful for compliance or legal issues).

6. Backing up data.

For any worst-case scenario—from a server failure to a natural disaster—you want your city records protected. Data loss is simply unacceptable when it comes to city records. When it happens, it’s devastating—financially and legally. It also doesn’t look good as a front-page headline.

City records are best backed up with the following components:

  • Onsite data backup for quick recovery after a small incident (such as accidental deletion).
  • Offsite data backup for more serious disasters (such as a tornado or fire).
  • Periodic data backup testing to make sure it will work and that you can restore city records.
  • Real-time maintenance of all data backups to spot issues early.

As you can see, technology can benefit records custodians at cities whose job is already difficult. Automating many elements of records retention while securing, protecting, and improving access to files allows cities to focus on more creative and unique tasks related to records management. Plus, leveraging senior engineers (such as with IT in a Box) who can find records for you and help you respond to Open Records Requests makes your job even easier.

Need help improving your records management processes? Reach out to us today.

Friday, October 26, 2018
Kevin Howarth, Marketing & Communications
Tuesday, October 23, 2018
Nathan Eisner, COO
Nathan Eisner

Do you remember reading those Choose Your Own Adventure books when you were younger (or seeing your kids read them)? You may know that, in those books, the reader can choose between different storylines based on their decisions. Many stories and many endings that all start from the same beginning.

In the spirit of those books, we’d like to do our own IT support “adventure” where you get to see two different paths depending on the choice you pick. So let’s start with a scenario…

The Story Begins

Your city is experiencing a typical Tuesday when, suddenly, a server begins acting up. It’s freezing and slowing to a crawl—to the point where your finance department employees cannot process payroll data or do much else. After trying to reset the server yourself and getting nowhere, you decide it’s time to call your IT helpdesk.

If you work with an “as needed” reactive IT support resource, go immediately below.

If you work with a proactive IT support resource experienced with municipalities, go to the bottom of this article.

Reactive IT Support Storyline

You call your “as needed” reactive IT support resource at noon on Tuesday and leave a voicemail. You also send an email for good measure. When you don’t hear back all day, you tell yourself, “That’s okay. It’s only a two-person shop, but they’re local. They’ll eventually respond.”

The next morning, you call again. Finally, late Wednesday morning, one of the two IT support employees (a junior-level person working for the owner) gives you a call back. He apologizes because they were both onsite at a business yesterday solving some problem. The junior-level person asks you what’s wrong, and you repeat what you explained on your voicemail and email. He asks you if you rebooted your server. “Yes,” you say, growing a little frustrated.

Over the phone, the junior-level person has no idea what problem you’re experiencing and needs to talk to the owner. Getting back to you later that afternoon, the owner calls you back and asks you what problem you’re experiencing. Frustrated that you’re explaining it again, you ask if he can fix it. He says he needs to schedule an appointment for Thursday morning. “Thank you,” you say. “Payroll really needs to go out this week.”

The appointment is scheduled for 10 a.m. Thursday. You wait. And wait. And wait. The owner shows up at 11:30 a.m., just as you and some employees were about to head out for a long-planned lunch. For four hours, the owner fiddles around with the server. You check in every now and then, asking if he’s found anything wrong. You hear technical jargon and go back to your office.

Four hours later, the server is working. “Thank goodness,” you say. The owner says a few things that you don’t understand and says it should work fine. For four business days, it does work fine—enough for you to do payroll for that week, barely.

On Tuesday of the following week, the server starts freezing and slowing down again.

If you work with an “as needed” reactive IT support resource, repeat what you just read above.


See the problem of choosing this path? It’s like a loop, or like the movie Groundhog Day. Problems are not resolved, or not resolved quickly.

Before we show you the alternate storyline, we want to share some aspects of IT support that will help you assess your current resource.

1. Initial responsiveness

How quickly does your IT support resource respond to you by phone or email? That initial responsiveness is crucial because city operations often rely heavily on IT systems.

2. Problem diagnosis

When you communicate with your IT support resource, are they good at diagnosing problems? Do they have a good process and tools to troubleshoot problems? Are you talking to senior engineers with lots of municipal experience? Or are you finding yourself talking to a junior-level person reading from a script and in over their head?

3. Remote IT support

Onsite visits can grow expensive, and many IT problems can be solved remotely (such as giving an engineer remote access to a computer to directly fix a problem). Is your IT support helpdesk trying to solve problems remotely first before scheduling onsite visits?

4. Timely onsite visits

If an onsite visit is required, does an engineer show up within hours or a day—and do they show up on time for their appointment? During their visit, do they communicate to you clearly and without jargon about the nature of the problem?

5. 24/7 access

Does your IT support resource support you beyond a 9 to 5 timeframe? For public safety departments or city council meetings, can you call your IT helpdesk any time of day if you have an issue?


So, let’s see how the second storyline plays out…

You call your proactive IT support resource at noon on Tuesday. A senior IT engineer immediately answers. After explaining the server problem to her, she does some diagnostic tests over the phone and points out that the server—more than eight years old—really needs replacing and will not get any better. It’s been showing end-of-life signs for a long time, and she reminds you that these warnings have been shared with you for a while.

You agree that it’s finally time for a new server. During the time that a new server is ordered and shipped to your city, the proactive IT support resource helps you temporarily switch over to your onsite backup server so that payroll can continue working uninterrupted. The IT engineer will monitor the server order and send a senior engineer onsite on the day the server arrives so that it’s deployed immediately.

One week later, the new server arrives and the senior engineer shows up on time for the appointment. She installs and deploys the new server, returns the other server to backup mode, and communicates to you clearly about what she did. From that point forward your new server runs smoothly, without any of the freezing or slowing down, because your proactive IT support resource addressed the root cause of the problem.

THE END!


If you’d like to choose the path of proactive IT support over reactive IT support, reach out to us today.

Friday, October 19, 2018
Kevin Howarth, Marketing & Communications
Tuesday, October 16, 2018
Eric Johansson, Network Infrastructure Consultant
Eric Johansson

Cities and towns—even the smallest municipalities—not addressing fundamental problems with information technology and cybersecurity are not simply risking a virus that could wipe out data. They risk serious legal, financial, and operational penalties. As stewards of private, sensitive, and confidential information, cities must take information technology seriously.

The impacts of IT and cybersecurity underspending, obsolete systems, and poorly trained staff can hurt cities from a variety of angles.

1. The high costs of a cybersecurity incident.

When cities experience a cybersecurity incident without proactive IT support and cybersecurity best practices implemented, the costs in the aftermath of that incident will rise quickly from:

  • The time needed to notify authorities and regulatory agencies.
  • Hiring emergency IT consultants to address the incident.
  • Notifying citizens about the incident and providing them financial reparations (such as free identity theft monitoring services).
  • Paying lawyers lots of money to deal with legal issues related to the incident.
  • Many hours spent by city staff in crisis mode addressing the incident.

Even after addressing the incident, the repercussions may continue to be costly. Lawsuits, fines, and a damaged reputation in the eyes of citizens and businesses will haunt your city for months and years.

2. Losing access to national and state databases (such as crime databases).

When your city appears unable to handle sensitive and confidential data, you may lose access to it. Just consider the example of the Riverside Police Department in Ohio. According to the Dayton Daily News (via GovTech):

“Riverside Police Department’s access to Ohio’s statewide system of law enforcement databases is suspended following multiple ransomware attacks on the city’s computers earlier this year, the Dayton Daily News has learned. The department lost access to the Ohio Law Enforcement Gateway on May 14 in order to shield the system from damage and protect confidential information from exposure, a spokeswoman for Ohio Attorney General Mike DeWine said. Frank Robinson, the Riverside police chief, said the department is largely unable to access ‘anything that has do with old reports or old cases’ in Riverside. He said it is possible that some of the inaccessible reports are for still-open cases.”

Imagine if your police department was unable to access state or national crime databases. Today, so much information access and sharing requires interdependence—and with interdependence comes responsibility. Do you think a friend would feel comfortable leaving valuables at your house if you never locked it? The same logic applies here. Cities need to implement basic cybersecurity best practices or risk losing access to important information from government agencies.

3. Paying higher cyber insurance premiums.

Some cities think that cyber insurance will help take care of the high costs of a cybersecurity incident. However, cities will pay much higher premiums for what’s already costly insurance if they don’t address some of the following issues:

  • Keeping software modernized, upgraded, and patched
  • Creating a strong password policy
  • Protecting wi-fi access points
  • Using enterprise-class antivirus software managed and maintained by IT professionals
  • Using modernized, professionally supported hardware
  • Conducting ongoing employee training about cyber threats
  • Establishing clear data access and authorization policies
  • Establishing a data backup and disaster recovery plan

By taking more proactive steps, cities both lower cyber insurance premiums and reduce the risk of having a cybersecurity incident at all.

4. Cybersecurity continuing to affect municipal borrowing.

Last year, we reported on a trend with credit-rating agencies such as Standard & Poor's (S&P) and Moody’s taking municipal cybersecurity into account when considering borrowing rates for cities. In April 2018, PNC published a report that stated:

“We are seeing that the rating agencies are starting to ask issuers cyber-security-related questions. We also are seeing a limited amount of disclosure, usually after an attack occurs. To date we are not aware of any municipal bond participants that have been downgraded solely as a result of a cyberattack. However, we do think state and local governments will need to take these very seriously in the future and prepare technological and procedural solutions mitigating the threat that exists from cyberattacks.”

The report references cyberattacks at the City of Atlanta, the City of Baltimore, the Colorado Department of Transportation, Davidson County (NC), Mecklenburg County (NC), the City of Dallas, and the City of Lansing (MI) as important examples of why borrowers must take municipal cybersecurity into account. If cities want to borrow money at lower interest rates, they need to proactively address cybersecurity.

5. Arkansas cities can lose their charters if they do not maintain specific cybersecurity standards.

In one state, not following cybersecurity standards can lead to the loss of a city’s charter. As we reported last year after the passage of SB 138:

“The bill states that an Arkansas municipal charter can get revoked (yes, revoked!) if the Legislative Joint Auditing Committee finds two incidents of non-compliance with accounting procedures in a three-year period. Revoking a charter is serious, rare, and extreme. That’s pretty much the end of your municipality. The Arkansas Legislative Audit (ALA) includes both general controls and application controls around information systems. For municipalities, accounting systems are often the most important information system they oversee.”

In another post, we talked about three important points related to this new law:

  1. Arkansas cities can now lose their charter from non-compliance with IT-related accounting practices.
  2. While the law applies to application controls, it’s wise to follow all IT best practices recommended by the Arkansas Legislative Audit.
  3. Other states should see Arkansas as a sign of what’s to come—and prepare.

See a pattern? Today, proactive IT maintenance and support goes far beyond just making sure your hardware, software, and systems are running smoothly. Lack of proper “cyber hygiene” can impact the way you protect information, comply with the law, and stay financially sound as a city.

Are your cybersecurity measures up to the task of protecting your city? If not, reach out to us today.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 |