This article is posted with permission from VC3's blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. VC3 is solely responsible for the article’s content.
In Part One, we talked about warning signs such as lack of data backup, aging hardware, and non-technical staff handling IT issues. In Part Two, we discuss five more warning signs that may lead your city toward a disaster.
Warning Sign #6: Unknown IT assets and inventory.
One of the most overlooked security risks is simply not knowing the total amount of hardware and software you own. And even if you do know that you own something, you may not know where it’s located. You can only secure what you can locate.
Disaster
On a two-year-old spreadsheet that lists 20 laptops, you can only track down the location of 17. You had not updated this spreadsheet in a while and you are not sure if a former employee walked off with the laptops. Because the laptops contained sensitive information, you may have a potential data breach on your hands.
Prevention
Part of asset management includes monitoring and maintaining any “live” hardware, software, and networking equipment. If you’re not using an asset anymore, then it needs to be decommissioned by an IT professional. Asset management also includes technology-related warranties, licenses, and upgrades.
Warning Sign #7: Reactive IT support putting out fires.
Imagine someone arrived at your house every week to make continual bare bones fixes to your roof, floors, or plumbing. You barely keep leaks, pests, and the outside elements at bay. Would you consider that a proper home? Instead, if a major problem occurs then you likely eliminate it once and for all by addressing the root cause. Yet, many cities put up with reactive IT support that never fixes the root cause of serious problems.
Disaster: After a lot of publicity, you offer a new payment system on your city’s website for citizens. Within weeks of its debut, the website continually crashes. For months and months, your reactive IT support vendor makes temporary fixes but the root problem keeps occurring. Citizens grow frustrated and complain to city council about wasted taxpayer dollars going to online services that don’t work.
Prevention: Ongoing, proactive IT support not only more quickly addresses technology issues but it also involves IT professionals implementing modern technology and best practices to eliminate issues before they occur. In the case of our website example, a proactive IT support team might upgrade an aging website or revisit what vendor hosts the website.
Warning Sign #8: Unknown network hardware configuration.
Network hardware helps ensure that your technology is secure, connects you to the Internet, and ties together technology between various city buildings and departments. When IT professionals don’t oversee the setup of firewalls, switches, routers, and other networking equipment, then you can open yourself up to major security threats.
Disaster: A non-technical city employee buys a firewall and sets it up. While the employee has a bit of amateur technology savviness, they improperly configure the firewall. Ports are open that allow hackers to easily gain access to city servers and steal information.
Prevention: Trained IT professionals need to configure all network hardware so that it works properly and keeps you secure. Then they need to monitor, maintain, upgrade, and replace network hardware as part of your ongoing technology support.
Warning Sign #9: No one monitoring and maintaining technology.
While related to the reactive IT support point above, this problem still often appears even when some “proactive” IT vendors serve cities. Technology monitoring and maintaining includes patching, upgrading, and threat monitoring.
Disaster: An employee keeps complaining that their computer has gotten slower and slower and slower over a period of six months. The IT vendor checks some type of diagnostics and says things look fine. They even suggest that the Internet service provider might be having issues. One day, the employee clicks on a malicious website by accident and gets a virus that leads to a data breach. After a virus cleanup and audit, an IT professional notices that the computer had not been patched in six months—including various important security patches that would have prevented the virus from getting accessed or downloaded.
Prevention: Ongoing patching, upgrading, and threat monitoring allows IT professionals to detect anomalies and address problems before they become disruptions. Keeping technology updated often fixes major security and functionality issues.
Warning Sign #10: Physical security for technology is weak.
Servers in offices where anyone can wander in. Computers left on so anyone can sit down and access sensitive information. Wireless routers left out in the open. These are signs of weak physical security for technology. Often overlooked in lieu of information security, data breaches related to physical security are just as important to prevent.
Disaster: After hours, a disgruntled employee sits down at another employee’s computer to steal confidential personnel information about staff on the city’s payroll. The data breach is later deduced through security camera footage.
Prevention: We recently talked at length about
physical security policies. At a high level, you need to lock up core technology (such as servers and networking equipment) in secure rooms, escort any visitors, and require employee computers to lock after a few minutes and request a password to log back in.
Use these 10 warning signs (including those from Part One) as a self-assessment to see if you’re headed for a disaster. If you notice any weak points, don’t wait to fix them. Waiting until a technology disaster is like leaving your door unlocked at home or going without car insurance. The costs of a technology-related disaster at a city can seriously harm your operations, employees, citizens, and bottom line.