We put the IT in city®

CitySmart Blog

Friday, December 14, 2018
Kevin Howarth, Marketing & Communications
Tuesday, December 11, 2018
Victoria Boyko, Software Development Consultant
Victoria Boyko

While you have many activities always going on at your city, governance forms the backbone of your work through the council meeting. Everything revolves around it. Your mayor and elected officials use them to communicate to the public, hear concerns, approve ordinances, and conduct city business.

At a minimum, your city’s website should keep the public informed about basic details related to city council meetings. Yet, many city websites fail to do so. Many times, it’s not the fault of city staff. They may struggle with an old, obsolete website that they cannot use because it requires technical expertise. Maybe it’s difficult to add or update content, and so it just doesn’t happen.

Is your website able to handle important tasks related to council meetings? Use this checklist to see if you need a website upgrade.

1. List city council meetings on your calendar.

Do you list city council meetings on your website calendar? If so, is it updated regularly and in a timely fashion? Do you even have a calendar on your website?

Many city websites lack calendars, or city staff fail to populate calendars with information. Your city website should have an easy-to-find, easy-to-update, and easy-to-read calendar that provides information about upcoming (and even past) city council meetings. Include meeting cancellations or reschedulings, special meetings, and subcommittee, board, commission, and authority meetings.

You might also include a calendar widget on the homepage to make your calendar easy to find (along with adding to the aesthetic look-and-feel of your website).

2. Upload agendas to your website.

As soon as you can, upload agendas to your website to inform citizens about what you will discuss at the council meeting. For example, Jonesboro, Georgia provides both the agenda and agenda packet of their upcoming meetings in PDF form for people to view and download.

When you don’t provide agendas in a timely fashion, citizens can grow frustrated and feel your city lacks transparency. As you prepare for city council meetings, make it a habit to upload agendas and packets to your website. The capability should exist for large PDFs to be uploaded to your website without any technical expertise or issues.

3. Upload minutes to your website.

Just as with agendas, minutes are another crucial aspect of transparency about city council meetings. Try to post minutes as soon as possible after the meeting. If you delay, you may annoy citizens and members of the media who want to learn what took place. More importantly, cities often announce a lot of good news and progress during council meetings and you want others to know about it.

For example, Bromley, Kentucky offers links to all minutes from 2018 and an archive of minutes that go back even further.

4. Extend your reach with social media.

In the old days of the internet, people primarily visited websites directly. Today, websites are still very important—but you also need a presence on social media to share information and get people to visit your website. That’s because people spend massive amounts of time on major social media platforms—and you want to be there.

Share information about council meetings, agendas, minutes, and other city business on platforms such as:

  • Facebook: People like to socialize, share news, and discuss topics among friends—so you want to be conversational and engaging in a slightly informal way on Facebook.
  • Twitter: Short and sweet, and just the facts. Twitter is best if you think of it like broadcasting. You’re getting basic information out to the public about council meetings and providing website links if they want more information.
  • Flickr or Instagram: If you want your pictures to be seen beyond your website, you might share photos of city council meetings to people using Flickr, Instagram, or other photo sharing sites.
  • YouTube: If you live stream your city council meetings or provide videos later, then YouTube is an essential place to have these videos found beyond your city website.
  • RSS Feeds: While not as popular as in the 2000s, many people still use RSS feeds to get updated directly about new content from favorite websites. The minute you upload information about city council meetings, agendas, or minutes, a subscriber will get an alert that this new content is available.

5. Enhance your council meetings with video.

We mentioned YouTube and video above, and it’s worth focusing more on this valuable way to share city council meetings with the public. With broadband internet so powerful today, videos and live video streaming are becoming common. Hazlehurst, Georgia records their council meetings, uploads the videos to YouTube, and then publishes each video to a quick access page on their website called City Council Meeting Video Recordings.

If you don’t live stream or, at the least, provide videos uploaded later of a city council meeting on your website, then you’re missing out on engaging citizens who normally might not pay attention to what’s going on at your city. Many people may work during your city council meetings, not be able to make it to your physical location, or suffer from an injury or disability that keeps them home. Yet, they want to be informed about your city. Online city council videos allow that to happen.

When uploading videos, it helps to label what’s discussed at specific times during the video so that people can jump to a desired part of the meeting. While you might want to disable public comments, you should also provide a link to your website in the video details section in case citizens want to follow up with you. If you’d like some tips about live video streaming, check out our blog post about this topic entitled “Live Video Streaming Tips and Best Practices for Cities.”


There are many ways to bring your city council meetings online by sharing minutes and agendas on your website, extending your website outreach through social media, and providing videos of your meetings. If you need help with any of the items above, reach out to us today.

Friday, December 7, 2018
Kevin Howarth, Marketing & Communications
Tuesday, December 4, 2018
Matt Wood, Network Infrastructure Consultant
Matt Wood

When a new city contacts us wanting help with IT support, we often hear frustrations about their current provider such as:

- “They can take days to respond.”

- “It sure does take them a lot longer than expected to fix what should be simple issues.”

- “They return to fix the same issues again and again.”

Have you said or thought the same thing? Assess your current IT support against the five different aspects of responsiveness we’ve listed below and consider if improvements are needed.

1. The time it takes to respond to your initial communication.

This may seem simple, but so many IT support vendors get this wrong. Many cities will call or send an email about an issue and wait days (yes, days) to hear back. As you know, IT issues are urgent. They disrupt city operations, citizen services, and employee productivity. You can’t wait days, and yet many cities do because they are not a priority for the vendor or the vendor doesn’t have enough available staff resources.

How about an IT vendor that immediately picks up the phone when you call and is ready to address the issue? Or responds within minutes? That’s the kind of responsiveness cities need. Using other channels such as email or live chat windows are other ways to contact a helpdesk engineer fast. If your city can’t contact and engage with IT support within a reasonable timeframe, then you need to seriously explore new options.

2. Remote support as a diagnostic and resolution tool.

Whenever possible, a good IT helpdesk will attempt to quickly resolve problems remotely. By securely accessing an employee’s desktop, the IT engineer can respond immediately to your issue and begin troubleshooting—collecting a lot of useful data as they assess. In many cases, they can often resolve issues remotely. If an onsite visit is required, the IT engineer will already have identified the problem and understand what needs fixing to maximize time when the IT engineer does arrive onsite.

IT vendors sometimes schedule onsite visits for every problem imaginable, thus delaying resolution. As you know, many onsite visits rack up billable hours and get expensive—especially when IT engineers arrive not having even yet properly diagnosed the problem. Make sure your IT support vendor has secure remote support capability. It’s more professional and lessens expensive onsite time.

3. A focus on business continuity in case of major problems.

Let’s say the helpdesk assesses that you have a serious problem such as a failing server or critical software that needs replacing. At the same time, you need to keep your city operations going. How does your IT support vendor respond? Is it with “This is another vendor’s issue, not mine,” or is it possibly something like “It is going to take an additional _____ hours to fix and cost _____ more not including the additional _____ that must be ordered which will take _____ days to deploy.” Or, is it even a response of “I don’t know.”

Where does that leave you in the meantime? Issue unresolved. System down. Uncertainty about when you will be back up. Uncertainty about cost. Uncertainty about what to do.

Your IT support vendor should focus on keeping you running while fixing the bigger problem. For example, if a server is starting to fail, they may respond by switching you over to a temporary solution while a new server is ordered. Or while you begin the search for new software, the IT support vendor may work to optimize the current software’s performance or place the data in the cloud for easier access. In other words, they help you stay operational while continuing to fix the bigger issue.

4. Communicating with other IT vendors on your behalf.

Let’s say you run into a technology issue that’s not under the scope of your IT support vendor—such as a specific hardware or software issue. Cities have told us stories about IT support vendors that throw up their hands and leave thorny technology issues to non-technical city staff to handle (who are already overwhelmed with their day-to-day jobs).

We provide a service with IT in a Box called “vendor management.” That means we handle and resolve technology issues including working with and managing issues related to other vendors. We don’t wait, and you’re not left trying to figure out who has responsibility for what issue—with vendors pointing fingers at each other. We just handle it. If your IT support vendor makes you deal with those kinds of issues, then they are not being responsive to your needs.

5. Quick, efficient, and knowledgeable onsite support.

Obviously, IT problems will arise that require an onsite visit. We’ve talked above about how some IT support vendors like to rely too much on onsite visits. But even when onsite visits are needed, other problems can arise that cities face:

  • IT engineers don’t show up on time. It’s amazing to us how many times we hear about this problem. You’re uncertain why they are consistently not on time, and you’re uncertain when they will arrive.
  • IT engineers seem like they are encountering your problem for the first time. It’s frustrating to explain a problem over the phone and then see when someone arrives that they know nothing or very little about it. Good IT support vendors send people who are informed, knowledgeable, and ready to work on a specific problem that’s already been diagnosed, documented, reviewed, and thought through.
  • IT engineers poorly communicate to you about the problem. Many cities also tell us of their frustration when an IT support vendor shows up, works for a few hours on something, says a bunch of technical jargon, leaves you unclear about the next steps, and leaves. We believe that IT engineers onsite should explain clearly why they are there, ask about your priorities, set clear expectations with you, regularly check in with you, and communicate with you in non-technical, plain language.

In fact, communication is so important that we want to highlight it as an essential element of all five points above. Communication is essential to responsiveness. Responding quickly, clearly, and continually is an intangible ingredient that separates the good from the not-so-good IT support vendors. You may be able to fake technical mumbo jumbo, but you can’t fake timely response and good communication.

Ready to explore better IT support options for your city? Reach out to us today.

Friday, November 30, 2018
Kevin Howarth, Marketing & Communications
Tuesday, November 27, 2018
Dave Mims, CEO
Dave Mims

Over the past year, Sophicity has provided a lot of training across Georgia, Kentucky, and Arkansas centered around cybersecurity. The cities we train show up because they don’t want to be that “next city” hammered by ransomware and viruses causing data incidents that lead to disrupted operations, permanent data loss, and expensive financial and legal repercussions.

While cybersecurity can get overwhelming, we beat the following “3Ps” like a drum:

Passwords

Too many cities still use default passwords, obvious passwords (such as a child’s name, pet’s name, college mascot, birthdate, etc.), or weak passwords (like “123456”).

Patching

By not regularly applying patches, whether your software is older or newer, you are choosing to leave security holes open for hackers to exploit.

People

Who is likely to receive an email with ransomware? Who is likely to click on a malicious website link? Who is likely to open a malicious file attachment? People. And what’s the answer to combatting this weakness? Training.

Obviously, there is much more to consider and address with cybersecurity but these 3Ps – your top 3 risks – are ones you must address head-on, ongoing, and proactively.

One way to tackle these 3Ps is with proactive (rather than reactive) IT support. Read more about the “choose your own adventure” path you should pick in our featured article below.

In customer news, take a look at the following new websites:

Plus, every Friday on our blog, Facebook, and Twitter feeds, we showcase the website of a city we serve with the trending hashtag #WebsiteFriday.

We’d also like to welcome Rincon, GA, Worthington Hills, KY, Farmington, AR, Ryland Heights, KY, and the Water Board of the City of Vincent, AL to the Sophicity family.

As always, don't hesitate to reach out to me if you have something to share with our local government community.

Blessings,

Dave Mims


Pick a Path: Proactive or Reactive IT Support?

Do you remember reading those Choose Your Own Adventure books when you were younger (or seeing your kids read them)? You may know that, in those books, the reader can choose between different storylines based on their decisions. Many stories and many endings that all start from the same beginning.

In the spirit of those books, we’d like to do our own IT support “adventure” where you get to see two different paths depending on the choice you pick.

Click to begin your IT support pick-a-path adventure!

Newsletter Signup

Sign up for Sophicity's CitySmart Newsletter. Get all of the latest City Government and Municipal League news, articles, and interviews.


Recent Media

6 Ways Technology Helps Cities Follow Records Retention Schedules

5 Legal, Financial, and Operational Penalties for Cities Not Addressing Cybersecurity Risks

Data Backup: Not the Only Answer to Ransomware and Viruses


Events

2019 is upon us! We hope to see you at these upcoming events including:

Arkansas Municipal League 2019 Winter Conference
January 16-18, 2019
Little Rock, Arkansas

2019 KLC City Officials Academy
January 16-18, 2019
Lexington, Kentucky

2019 KLC City Officials Academy
January 23-25, 2019
Owensboro, Kentucky

GMA Mayors’ Day Conference
January 25-28, 2019
Atlanta, Georgia

Georgia Clerks Education Institute Conference
February 3-5, 2019
Jekyll Island, Georgia

A Taste of I.T.

Recently, Eastman, Georgia took time out of its busy daily schedule to grill out with us for what we call a Taste of I.T. These are BBQ-heavy :) customer thank you events that we’ve been bringing to our customers. Literally each month, we bring the food and beverages and get to have lunch with your staff. Thanks to City Manager Jason Cobb, Chief Becky Sheffield, and Chairman Buddy Pittman. We had an awesome time!


Wednesday, November 21, 2018
Dave Mims, CEO
Peanuts Thanksgiving Quote
Friday, November 16, 2018
Kevin Howarth, Marketing & Communications
Wednesday, November 14, 2018
Nathan Hall, Senior Engineer and Team Lead
Nathan Hall

According to a recent study by Positive Technologies, “As expected, the most successful social engineering technique is the use of a phishing link—27 percent of employees clicked it. Users are not picky when reading the link URL, sometimes clicking it without a second thought. When a user is prompted to download a file and then run it, every additional requested action raises more suspicions. In these cases, only 7 percent of employees were inattentive and fell for the bait.”

With phishing attacks, more steps create red flags—and that means it’s less likely employees will fall for the scam. But phishers are getting better and better at making emails look legitimate. And if scam emails look legitimate, many employees will fall for them.

If you don’t think phishing is a problem at your city, take your total number of employees and multiply that by 0.27. The answer is the total number of employees who are statistically likely to click on a phishing email. But remember it only takes one employee to be fooled for your city to become the latest victim of cyber criminals.

Training helps lessen that risk. In this post, we dissect the tactics scammers use in phishing emails. Your city employees should know about these tactics and receive regular training about them.

1. Convincing email subject lines

A recent TechRepublicarticle outlined 11 common email subject lines used to trick employees. Notice the pattern for how these subject lines are meant to get your attention and replicate an urgent notice from a legitimate source.

  • Review or Quick Review
  • Bank of [Bank Name]; New Notification
  • Charity Donation for You
  • FYI
  • Action Required: Pay your seller account balance
  • Unauthorize login attempt
  • Your recent Chase payment notice to [name of employee]
  • Important: (1) NEW message from [Bank Name]
  • AMAZON: Your Order no #812-4623 might ARRIVED
  • Wire Transfer
  • Assist Urgently

Scammers are looking to get your attention so that you open their email, and they use compelling email subject lines to do it.

2. Convincing sender email address

Scammers have gotten good at spoofing email addresses from people. You may receive an email that looks suspicious (such as saying, “Click here!”), but you might trust the email because it looks like a friend, family member, or co-worker sent it. Their name appears along with their correct email address, so you logically think it’s from them.

So, how do you know whether it’s really from them? Look at other clues within the email. Does the message sound like something that person would send? Is it consistent with previous messages? If you have any doubt at all, call that person and ask if they sent it.

3. Convincing message

Here is where scammers often hit pay dirt. They become better and better at writing messages that seem legitimate. Let’s look at two tactics.

Classic deception

Scammers craft mass email messages that seem legitimate and trick you into clicking. For example, you might receive a message that says, “You have (1) new Amazon reward ready to claim.” If the email contains other Amazon-like messaging that seems legitimate and you’ve participated in similar rewards programs with companies, you may click on the link.

Business email compromise and spear phishing

Business email compromise takes a variety of forms but often involves scammers taking over an email account (by gaining access to a username and password), targeting specific people in your city by pretending to be the person whose account they took over, cultivating a targeted person over a period of time, and then enacting the scam.

According to the FBI, “[In] just about every [business email compromise] case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.”

Business email compromise is different than “spear phishing,” which involves the same tactics but instead relies on a spoofed email address rather than a compromised email account. The City of Paris, Kentucky experienced a spear phishing attack last year. If you want to learn more, we wrote a blog post interviewing the city clerk and analyzing the email.

4. Convincing look and feel

Another approach involves closely copying legitimate emails from a graphic design perspective. One way that people assess emails is by the look and feel. If it looks professional and sophisticated, it must be okay, right?

Take a look at this email. The scammer copies Google graphics fairly well so that, at a glance, it looks legitimate. The Google logo is correct, the blue button looks like Google buttons, and the messaging below the button looks professional.

 

However, a few things should raise red flags:

  • The email address does not look professional or related to Google at all.
  • “GoogleSupport” is one word. That’s odd.
  • What’s a “returned email message”? If you’ve used email for many years, you know that emails sometimes bounce back and you receive an automated message from the recipient. But you don’t get “returned email messages” with email.
  • An organization like Google would send clear, professional, detailed messages during the rare times they contact you. This email raises more questions than it answers. It’s cryptic.
  • Hovering over the button shows a URL that is suspicious and not related to Google at all.

Again, if you have any doubt whatsoever about an email, don’t click on anything. Instead, go directly to the company’s website or application. For example, if you had doubts about the message above, go directly to your Gmail account and see if any legitimate alerts or messages are waiting there.

5. Convincing attachments

Phishing scammers love it when you open attachments full of ransomware, malware, or viruses. To tempt you to open them, they use Word documents, PDFs, and zip files with normal business terminology like “contract,” “invoice,” “order,” etc. For example, look at the following message.

 

At a glance, you might just see “Apple” and “Order” and think, “Did I order something? Let me check the order.” You click on the PDF and…it’s not a PDF. Something starts downloading to your computer and suddenly you’ve got a ransomware virus infecting your city.

Do not, do not, do not click on suspicious attachments. In the email above, notice the strange email address and complete lack of information about the order. If you have doubt, ask the sender if they sent you a legitimate email with a file or document.

6. Convincing links and buttons

Scammers can sometimes spoof links and buttons. In some sophisticated phishing emails, a link can look legitimate but then redirect you to a malicious website that asks you for a username/password, financial information, or information that helps a hacker take over an account. Other links may initiate or get you to download malware, ransomware, or a virus.

Unless you are absolutely certain an email comes from a trusted sender, don’t click on links from an email. For example, even if you think an email from your bank is legitimate, be safe by going directly to the bank’s website.


By understanding the different components of a phishing email, you can better spot the signs of a scam. This post should also highlight the importance of cybersecurity training for city employees. Addressing topics like phishing helps city employees stay aware and guarded against cyberattacks—lessening your risk of human error and lowering your liability.

Need help with cybersecurity training? Reach out to us today.

Friday, November 9, 2018
Kevin Howarth, Marketing & Communications
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 |