This article is posted with permission from Sophicity’s CitySmart blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. Sophicity is solely responsible for the article’s content.
t home, it’s acceptable to put together a handful of PCs into a network. If you have an application on your PC, then others in your family can access that application through the shared network. Very tiny businesses may also operate in this fashion. Despite so many applications now accessible through the cloud, there are still many homes and small businesses that operate with the traditional networked PC model.
We see many cities use this model, too. Instead of buying a server or exploring cloud application options, they will have a critical application residing on one person’s PC. If others need to access that application, they will network PCs together. We’ve seen critical applications ranging from police case management software to utility billing software residing on a single person’s computer.
Unlike a server, a person’s computer is, well, personal. Think about how your computer is like a part of you every day. You log in, you do work on it, you check the news and weather, you browse the internet, you update your website, you do research, and you even customize the look and feel of your screen. It’s your computer. And yet, if you’re running a critical application, then it’s also your responsibility to make sure that application continues to work and its data is protected.
But having this critical application on your PC is highly risky. Your police chief or city clerk might be IT savvy, but they are not experienced IT engineers. You may have survived so far, but consider the number of situations that can put your city at risk.
1. Data backup and disaster recovery How are you backing up your PC? You might have a manual process in place such as an external hard drive, flash drive, or consumer-grade data backup solution. But people can get distracted and forget to back up. Manual backups fail or data gets corrupted. And when do you have time to adequately test your data backup to ensure it works?
If your PC crashes, fails, or gets destroyed, then you risk permanent data loss. A server or cloud-hosted application managed by IT professionals combined with a robust data backup and disaster recovery solution will allow you to recover quickly in case of device failure and even help you recover after a major disaster.
It’s highly unlikely that a single non-technical employee can do what it takes to properly fend off cyberattacks. Ransomware, viruses, malware, and other nasty threats relentlessly target cities. That includes smaller cities. The number of virus and ransomware stories that have knocked out smaller cities keeps adding up year after year. Cybercriminals are looking for access to money and sensitive information. Cities, to them, are low-hanging fruit.
On an individual PC, is the non-technical user…
- Keeping antivirus software updated?
- Using a sufficiently configured firewall?
- Regularly applying security patches to the application?
- Managing user access to the application?
Probably not. These tasks are challenging and complex, especially when issues arise. Imagine what a police chief or city clerk faces trying to consistently fit these tasks into everything else they must do. Unfortunately, slipping in this area means you risk a data breach, data held hostage by ransomware, and permanent data loss.
3. Software patching and upgrading
Partly, software patching and upgrading helps you avoid security issues. All software has security vulnerabilities that vendors must shore up with patches. Not patching opens you up to cyberattacks—like leaving a back door open at city hall. But patches and upgrades also address other important problems such as performance, reliability, and bugs. Upgrades feature improvements to functionality that may help you and your staff more productively use the application.
Many organizations—including cities—fail to apply patches and upgrades in a timely fashion. The probability that your city patches and upgrades software significantly goes down if that task is in the hands of non-technical users.
4. User management and authorization
Part of making an application secure involves managing users and authorizing their use of the software. Application permissions can be granular and complex to manage, and this management can fall to the wayside if a non-technical user doesn’t have the time or experience to properly configure them. That leads to situations we’ve seen where anyone networked into an application can access it without a password (or with a bad password like “123456” or “admin”).
Within an application, non-technical users will often fail to set permissions around users accessing specific kinds of data. If authorization policies are loose, then unauthorized people might access files, data, and application functionality that they should not be able to see at all.
So, the application doesn’t work. Or it’s slowing down. You think, “What’s going on? Where do I begin? I have to get payroll done by noon, and it doesn’t work!”
That’s right. It requires a lot of technical experience to fully understand what’s going on with applications when they slow down, crash, or freeze. Maybe it’s a patching issue. Maybe it’s the computer or network. Maybe it’s hardware. Maybe it’s a virus. It’s hard to say without an experienced diagnosis. Additionally, recurring problems might need a more long-term solution (such as a server or cloud-hosted application).
If you’ve survived so far with only a few networked PCs with a critical application residing on a single employee’s computer, then that’s great. But with cyberattacks growing more sophisticated, higher technology standards expected of cities, and significant liability concerns around sensitive and confidential data, it may be time to look at a solution that mitigates the risk. Alternatives—from a single server to a cloud-hosted application—can help offload the security risks and technical burdens of managing an application on a single PC.