We put the IT in city®

CitySmart Blog

Tuesday, July 31, 2018
Jeff Durden, Network Infrastructure Consultant
Jeff Durden

You already get enough email in your inbox to keep you stressed out. But on top of important requests from your staff, updates about projects, and inquiries from citizens, you also get spam.

In this post, we define spam as any unwanted email—even if it’s from a legitimate source. Spam includes phishing emails but also unwanted newsletters, sales promotions, and daily news updates. While you might innocently sign up for emails now and then, those emails can add up over time and overwhelm your inbox.

Why do some people get more spam than others? Here are five ways that you may unintentionally encourage more spam to enter your inbox.

 

1. Entering your email address for free things.

Give us your email address and we’ll enter you in a contest! Or give you a 50% off coupon! Or get a free coffee!

Giving your email address away always comes with a price. If someone is using a contest, promotion, or free stuff to get you to share your email address, be wary. They are usually adding you to a newsletter or email list so that they can send marketing messages to you in the future.

If you do enter your email address with a company because you want free stuff, choose the company wisely. Even consider having a separate email address that you use only for contests and promotions.

2. Publishing your email on a website.

It may seem helpful to provide your email address on your city’s website or another public website. However, spammers like to use automated software that skims websites for email addresses. They then send spam to those email addresses with promotions and links potentially leading you to malware.

We recommend that you use online forms to capture questions and inquiries instead of publishing your email address.

3. Signing up for legitimate services but not unchecking the right boxes.

Obviously, you will sign up and register for many legitimate services from established companies. However, if you’re not careful then you may get more emails than you want. When going through a signup process, take each step slowly and read everything. You will often see pre-checked boxes that say something like “Yes! Send me emails from Your Company and our trusted partners.” When you leave that checked, it’s likely your email address is sent to a variety of companies who will all start sending you marketing emails.

It’s okay to do business with legitimate companies but you need to control what you want to receive and what you don’t. Otherwise, “Yes, send me stuff!” is often the default option during a signup process.

4. Replying to spam.

It’s always, always, always good to ignore spam. However, we still encounter many people who get fed up and think, by angrily replying to the spammer, that the spam will stop.

Nothing could be further from the truth. In fact, replying to spam often backfires.

Why? Spammers use automated software to spam people and don’t care about every single message sent. It’s very impersonal. All they look for are signs of life. Your angry message? A sign of life! Opening a spam email, and especially responding to it, shows that you are a live human who received it and engaged with it. That encourages spammers to send you more emails.

Three other related tips include:

  • Do not attempt to unsubscribe from malicious spam. It’s okay to unsubscribe from emails sent by legitimate companies. They are required by law to comply with your request. However, scammers see your unsubscribe request as a sign of life and they will likely send you more emails. Just ignore malicious spammers.
  • Autoreplies may lead to more spam. Use your judgment on this tip. If you absolutely need to use autoreplies to let people know you are away, keep using them. However, if you don’t absolutely need to use them, don’t. Autoreplies show a sign of life to spammers and reveal important intelligence (such as alternate points of contact and additional email addresses) that they may use for malicious purposes.
  • Mark suspicious emails as spam (or junk). If your email client application supports marking suspicious email as spam, do so. By marking an email as spam or junk, future emails from that same sender will be blocked for you.

5. Lacking quality antispam software and email filters.

A combination of antispam software and email filters can help reduce spam. Some email programs automate several antispam processes while other best practices reside in the hands of your employees:

  • Antispam software: This software, implemented and overseen by your IT staff or vendor, is meant to stop most obvious spam that should never even make it to anyone’s inbox. Without strong antispam software (often built into your email software), your inboxes will be deluged with too much spam—increasing the risk of an employee clicking on a malicious link or attachment.
  • Email filters: On top of antispam software, a quality email program should help filter emails. For example, many modern email programs automatically filter out social media updates, promotional emails, and likely spam into separate folders.
  • Trusted senders: At the employee level, you can go a step further to segment out emails from trusted senders. That way, your primary inbox will contain emails from people or companies you know and trust. Then, you can look through your other folders from time to time to see if someone needs to become a trusted sender.

Implementing these tips should help you reduce your spam, which also reduces security risks such as phishing, viruses, and ransomware.

Need help lowering the amount of spam at your city? Reach out to us today.

Friday, July 27, 2018
Jeremy Mims, Account Executive
Tuesday, July 24, 2018
Sylvia Sarofim, Network Infrastructure Consultant
Sylvia Sarofim

In April 2018, Bromium released a report, Into the Web of Profit, that noted cybercrime is now a $1.5 trillion criminal industry. By comparison, the GDP of Russia is just slightly higher than $1.5 trillion. Security Intelligence quotes Bromium CEO Gregory Webb who says:

“The platform criminality model is productizing malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as the web of profit continues to gain momentum.”

Why should cities care? This massive amount of money made at the expense of victims around the world is a wakeup call to cities in five key ways.

1. Hackers are not adolescents in a basement.

People hacking cities are often part of highly sophisticated organized crime rings. Quoted in Information Age, Dr. Michael McGuire (the lead researcher of the Bromium report) says that cybercrime is “a hyper-connected range of economic agents, economic relationships and other factors now capable of generating, supporting, and maintaining criminal revenues at an unprecedented scale.”

These criminals are targeting your cities with tactics ranging from spear phishing (imitating key decision makers at your city) to ransomware.

2. Usernames, passwords, and other sensitive information is regularly sold on the dark web.

A recent report noted “a 135% year-over-year increase in financial data for sale on dark web black markets between the first half of 2017 and the first half of 2018, and it saw a 149% spike in the amount of credit card information for sale on black markets over the past 18 months…” A McAfee report (summarized in Digital Trends) says, “When [...] login credentials are weak, hackers can use brute force attacks to gain the username and password for each [Microsoft Remote Desktop Protocol (RDP)] connection. McAfee found connections up for sale across various RDP shops on the dark web ranging between a mere 15 to a staggering 40,000 connections.”

These are just two examples of many reports that indicate how usernames, passwords, financial data, and other information sells on the dark web—often cheaply. Criminals use this information to help steal your money or weaponize for further attacks. An entire economy exists on the dark web that facilitates the buying and selling of such information.

3. Criminals exploit your security vulnerabilities.

Criminals know that most organizations don’t patch and update their software. Computer Weekly said, “Only 16% of companies investigated are clear of software vulnerabilities that external cyber attackers could use to gain access to their IT systems, a study by security firm Rapid 7 has found.”

Cities lag even behind most businesses when it comes to “cyber hygiene” such as patching and updating software. Some cities use software that can be over 10 years old (an eternity in technology time) that is no longer supported by the original vendor. That means security patches and fixes often aren’t occurring, leaving your software incredibly vulnerable to hackers.

4. Criminals take advantage of your employees.

If your employees aren’t cyber-savvy, then hackers will easily take advantage of them. Some examples include:

  • Your employee gets tricked by a fake PDF attachment that actually downloads ransomware and infects all of your systems.
  • Your employee gets an email saying that they need to change their banking password. They click on the website link and end up downloading malware to your systems.
  • Your employee gets tricked by a fake Word document that seems to come from the city manager and ends up downloading a virus that infects your servers.
  • Your employee gives away your city’s banking information over email to a phisher posing as the city manager.
  • Your employee gives away their username and password over the phone to a hacker posing as an IT vendor.

Without training and constant reminders about cyber awareness, your employees will become the weak link in your security—even if you’re doing well with your technical security. Training will help your employees spot email scams (such as phishing, spear phishing, and whaling), phone scams (vishing), and in-person scams.

5. Criminals take advantage of weak passwords.

Every year, SplashData publishes a list of the worst passwords actually used by organizations mostly in North America and Western Europe. In 2017, the top five worst passwords were:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345

Other bad, commonly used passwords include “admin,” “starwars,” and (yes) “trustno1.”

Think about it. Sophisticated criminals aren’t hacking into your servers and computers and then spending time guessing your password. They are using automated software that helps them crack passwords. Easy passwords will crack so easily that getting into your systems will seem like a joke. Passphrases, complex passwords, two factor authentication, and other password best practices can help prevent criminals from easily gaining access to your sensitive and confidential information.


Cybercriminals are not playing games. Over a trillion dollars is the reward. They are after your money and data. The question is: Are you going to support their efforts with your weak security? Or will you invest in the right security to encourage them to pass you over?

Need help assessing your cybersecurity? Reach out to us today.

Friday, July 20, 2018
Jeremy Mims, Account Executive
Thursday, July 19, 2018
Dave Mims, CEO
Dave Mims

In the criminal world, cybercrime has become a $1.5 trillion “industry.” Yes, trillion. With a “T.” If cybercrime was a country, it would have the 13th largest economy in the world.

Cybercriminals view organizations all around the world as low-hanging fruit to plunder. And cities are a big target! This year alone, we’ve seen many cities targeted with ransomware, malware, and hacking.

No matter the size of your city, you are a target. Municipal leagues have been requesting me to give presentations about cybersecurity from Arkansas to Georgia. I’m passionate about making sure cities are protected from cyber threats. For me, it comes down to 3Ps and 3 Fundamentals.

Your biggest risks are Passwords, Patching, and People.

The fundamentals to get right are the Wall, the People, and the Escape.

To learn more, check out either my Georgia Municipal Association presentation (Cyberattacks and Georgia’s Cities) or my Arkansas Municipal League presentation (Cybersecurity: Is My City at Risk? What Can I Do?).

With cybersecurity, mitigating your risks is important. Yes, you want to spend with discipline and frugality, but not spending enough dooms you to fail—as we mention in our featured article.

In customer news, check out the following new websites:

(Plus, every Friday on our blog, Facebook, and Twitter feeds, we showcase the website of a city we serve with the hashtag trend #WebsiteFriday.)

We’d also like to welcome Franklin Springs, Georgia to the Sophicity family.

As always, don't hesitate to reach out to me if you have something to share with our local government community.

Blessings,

Dave Mims


If You’re Not Spending Enough on IT, You’re Doomed to Fail

You might think your city’s size makes IT less important. Not so. In today’s world, IT has become the backbone and an essential utility for most organizations. But unlike traditional utilities, many cities think they can get by with underinvestment in something so crucial to city operations.

Waiting for an IT-related disaster or disruption before you invest is simply negligent. And the public can grow cynical about your city when they realize that suddenly you found money in your budget to pay for IT after a disaster. It tells them you did have the money all along but chose not to spend it...why? Why operate with that risk?

While there are many repercussions to underinvesting in information technology, we highlight 5 of the biggest ways that not spending the necessary money will doom your city to fail.


Newsletter Signup

Sign up for Sophicity's CitySmart Newsletter. Get all of the latest City Government and Municipal League news, articles, and interviews.


Recent Media

The Risks of Hoarding City Records and Body Camera Video

5 Questions to Assess Your IT Helpdesk

It's Not Disaster Recovery When…


Events

We hope to see you at these upcoming events including:

2018 Kentucky Master Municipal Clerks Academy
August 22-24, 2018
Burkesville, Kentucky

Georgia Clerks Education Institute Fall Conference 2018
September 9-11, 2018
Athens, Georgia


Apply GMA's Safety and Liability Management Grant Toward 25% of IT in a Box’s Cost

If you are a member of the Georgia Municipal Association’s (GMA) property and liability fund (GIRMA), then you are eligible to receive a grant from GMA’s Safety and Liability Management Grant Program to reimburse your city for up to 25% of the annual IT in a Box subscription fee.

Read about the City of Pembroke, Georgia receiving a GMA liability grant for IT in a Box.

Friday, July 13, 2018
Jeremy Mims, Account Executive
Wednesday, July 11, 2018
Brian Ocfemia, Engineering Manager
Brian Ocfemia

Are you a hoarder? Do you keep everything—every record, every video, every file—indefinitely? In some cases, this leads to expensive physical or electronic storage costs. In other cases, you may find yourself crushed by the operational burden of storing and managing so much data. You may think, “I need to be ready in case we need it.” Or maybe you are just too busy to regularly and consistently prune information.

Hoarding records may seem responsible on the surface, but it’s not. Hoarding opens your city up to legal, operational, and financial risks. Let’s look at some of these risks in more detail.

1. You’re adding a legal risk to your city.

Records retention policies provide you a record lifecycle that begins with creation and ends (for most) with disposal. Depending on your adopted records retention policies, you are only required to keep most records for a finite amount of time. Then, you may dispose of those records. That means if someone requests a record after you legally dispose of it, you are not required to produce it.

Not following this process opens yourself up to legal risks. For example, someone may ask you to produce records that go far back in time. If you have those records, then you must produce them. This creates unnecessary work and opens you up to legal issues that could have been easily avoided.

2. You’re adding an operational burden to your city.

No matter who does the work to search for records—you, your staff, an IT vendor, a legal team—someone is using up your time and money. The more records you indefinitely store, the more labor you will need to find those records. Those operational costs add up and a request can be highly interruptive (especially when members of your staff dedicate time searching for records). After producing the record, you may need additional time reviewing and redacting what you’ve found.

Managing less records by disposing of them according to your retention schedule, along with better organizing existing records, allows you to lessen the amount of retrieval time. An IT vendor with experience in municipal records retention storage and retrieval can also help you reduce operational costs.

3. You’re adding a storage burden to your city.

Whether you have physical records or electronic records, the cost of record storage grows year after year as you hoard records. By following records retention schedules, you lessen the amount of physical and/or electronic storage needed—reducing your costs and data management burden.

This is especially helpful in a storage-intensive area such as body camera video. Video records create a large record footprint to manage, but you don’t need to compound that problem by retaining records past the retention schedule. In Kentucky, it’s 60 days (unless part of a criminal investigation). In Georgia, it’s 180 days (unless part of a criminal investigation). Other states vary, but the timeframes are relatively short. There’s no reason to keep such large amounts of video past the retention deadline when the data takes up massive amounts of storage and incurs legal and operational burdens.


Following records retention best practices not only helps you comply with the law but also benefits you financially and legally. Reduced costs, reduced risks, and reduced operational and data management burdens all result from not hoarding any and all records.

Need help tightening up your records retention processes to reduce risks and costs? Reach out to us today.

Monday, July 9, 2018
For Bryan County Now

As reported by For Bryan County Now, the city of Pembroke was recently awarded a Liability Grant from the Georgia Municipal Association (GMA) in the amount of $3,200 for the purchase of IT in a Box.

IT in a Box is technology the GMA helped create that can be used for backing up and securing data to modernizing websites.

“This program allows each city to stretch their budget dollars and provide a safer work environment for their employees,” said Eileen Thomas, marketing field manager for the GMA, on June 11.

 

IT in a Box services include: 
  • Cybersecurity and computer maintenance
  • A 24x7 helpdesk
  • Data backup and disaster recovery
  • Records / document management and email
  • Video archiving
  • Policy and compliance practices and procedures
  • Website production and management
  • Vendor management and procurement

 

The GMA Safety and Liability Grant program was introduced in 2000 to provide a financial incentive to assist members in improving their employee safety and general public liability loss control efforts through training and the purchase of equipment or services. Since the inception of the program over 130 cities have received grant money through the program, over 500 grants were approved totaling nearly $1.5 million to fund items such as bulletproof vests, training videos, confined space entry equipment, reflective safety vests, fire department turnout gear and police department in-vehicle video systems. These grant funds have helped leverage the purchase of over $2.6 million in this type of equipment and training.

Based in Atlanta the GMA is a voluntary, non-profit organization that provides legislative advocacy, educational, employee benefit consulting services to its over 500 member cities.

Friday, July 6, 2018
Jeremy Mims, Account Executive
Wednesday, July 4, 2018
Dave Mims, CEO
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 |