Georgia County just paid $400,000 to hackers – Crucial steps to prepare your business. (March 2019)

Past Friday Jackson County Manager Kevin Poe confirmed that the county was in the process of restoring it’s systems by applying the decryption key they had been given by unknown hackers. After meetings with FBI and cybersecurity experts they agreed to pay $400,000 to unknown hackers to prevent extended of downtime.

During the critical time only 911 and the counties website where up and running, all other systems where down. The sheriffs department had to resort back to pen and paper for all their work and simply restoring the systems would have taken months.

In the past year 2400 Managed Service Providers (MSP’s) reported that 79% of their clients had been hit by ransomware. This make it the largest threat to SMB’s.

Atlanta became victim of a ransomware attack and for weeks they had to use pens and paper for everything. While government can recover, most SMBs can’t. Once vital systems are down, money stops coming in.

Most cybersecurity firms recommend a disaster recovery plan as well as a solid backup strategy. Also drills are part of the first line of defense. Making sure that an attack can’t destroy your business is pivotal. 

There is one man, who is intimately aware of these issues and found ways to carry his knowledge to SMB’S. His name is Ed Eisenstein, the former IT commissioner of Nassau county. He was running nationwide homeland security war games, as well as introduced many innovations until he left government to launch his own IT services company.

“Ransomware spreads in many different ways, but infected email attachments are high on that list. It takes some time to train employees to become highly security aware but you will never get it perfect. Therefore the main objective in any business should be a sensitive backup and recovery strategy that allows less than 24 hour recovery windows. Critical systems even way faster. Only when these measures are in place, management can relax.”, so Ed Eisentein. He concludes: “It can hit any time and when it does, most businesses end up paying ransom demands or potentially shut down.”.

“Always, always, always assume, yes be certain, that you will be hacked, that you will lose all data. It helps you to prioritize recovery strategies – Without them your business is already doomed” – Ed Eisenstein

In addition to these backup strategies he recommends to run drills for system recovery as well as to put real playbooks in place for different kinds of issues. “Once these measures are in place, firewalls, employee training and more are very important. Always, always, always assume, yes be certain, that you will be hacked, that you will lose all your data. Only then you make better decisions as of how to ensure full recovery. If you would lose your customer data today, what would be left of your business?” Ed Eisenstein about setting the right priorities. He admits that it might sound harsh or even paranoid but reiterates that experience unfortunately proves his point.

Ed Eisenstein is the founder and CEO of United Network Associates in New York and can be contacted athttps://www.unatechnical.com

Unwinding IT Problems in your office. Feb(2019)

At United Network Associates, Inc. it is just another day in saving the business world from poor IT work.

It is common for UNA to get calls from companies that have heard about the service and are having IT issues affecting their business.   

The first thing is a meeting.  The client meets with IT experts at UNA and an interview takes place. “Can UNA can repair the IT problems right now and then be available for service if we have a problem in a few weeks?” …

Recently, UNA received a call from a Industrial Services company that was experiencing daily data sharing and user issues to the point they were unable to operate.

On a daily basis, the users complained that their system seemed slow while errors were interrupting their work. The Problems were growing to the point where data was getting lost and the problems were compounding and erradic.

During the UNA interview, it was realized that many different IT companies have done service on this network although no one ever really cared to get to the bottom of these problems and band aided this network to the point where it was failing.

The UNA consultation resulted in a proposal describing the remediation and a road to success where there would be ZERO IT problems in their daily operation. The proposal described an approach of remediation in a logical manner and setting up the right data redundancies to maximize uptime and speed and minimize data loss.

The UNA proposal described a multi-step process in getting to the bottom of and forever correcting these annoying IT failures. Pealing back the layers of problems one by one that were compounded by years of quick fix fast in and out repairs that lead to these issues.

On the on-set, the client questioned a multi-step process and requested all the work be done in 1 step.  UNA reassured the client that a multistep remediation process will help us discover and eliminate any hidden issues that are difficult to locate.  

The client accepted the multi-step network remediation process and we were on our way.  At first, we logged and verified the issues and made a specific plan that was measurable and explainable. 

Second, we analyzed and found significant labeling issues at the primary location. It seemed that during a recent remodeling event, the data closet was affected by power problems during the construction. The remediation process was on the way ad we began with re-wiring the facility with new CAT6 wire and a new patch panel. 

Next, we replaced the network switches and upgraded to Professional Network Security appliances. In less than one day, our engineer re-established communication with all of the computers and equipment in that office.  

Finally, we added NAS equipment that consolidated their Data. This was a critical part of the completion to this project. During our visit we discovered not all of their critical data was being saved on the server hence not being backed up. By adding the Network attached Storage Device, there was now ample space to now copy and store all of the critical and growing data necessary to manage that company.

In the end, the client that has been experiencing years of IT issues has a perfect environment today and no problems exist.  The speed of the network is maximized, the user experience is maximized, and trust is re-established with their technology giving them assurance of stability and usability to perform their work.

We The client engaged UNA with a monthly managed Services plan where the network and the servers are being actively monitored. Drive space issues, update errors, Server and network failures are being monitored in real time to immediately alert network techs of issues in your environment.

Proactive support by UNA along with a properly configured network is the winning formula to minimize downtime and dataloss.

This is one of many ways, a IT managed service like UNA can help.

Converged Infrastructure, the future of computing

Converged infrastructure provides technical and business efficiencies, according to industry researchers and observers.  These gains stem in part from the pre-integration of technology components, the pooling of IT resources and the automation of IT processes.

Converged infrastructure further contributes to efficient data centers by enhancing the ability of cloud computing systems to handle enormous data sets, using only a single integrated IT management system.

Decreased complexity, through the use of pre-integrated hardware with virtualization and automation management tools, is another important value proposition for converged infrastructure.

Historically, to keep pace with the growth of business applications and the terabytes of data they generate, IT resources were deployed in a silo-like fashion. One set of resources has been devoted to one particular computing technology, business application or line of business. These resources support a single set of assumptions and cannot be optimized or reconfigured to support varying usage loads.

The proliferation of IT sprawl in data centers has contributed to rising operations costs, reducing productivity, and stifling agility and flexibility. Maintenance and operations can consume two-thirds of an organization’s technology budget, according to a 2009

InformationWeek survey of executives in 500 companies with annual revenue over $250 million. That leaves just a third of the budget for new IT initiatives. This ratio prevents IT from supporting new business initiatives or responding to real application demands.

A converged infrastructure addresses the problem of siloed architectures and IT sprawl by pooling and sharing IT resources. Rather than dedicating a set of resources to a particular computing technology, application or line of business, converged infrastructure creates a pool of virtualized servers, storage and networking capacity that is shared by multiple applications and lines of business.

Using converged infrastructure by combining server, storage, and networks into a single framework, helps to transform the economics of running the datacenter as well as accelerating the transition to IP storage to help build cloud ready infrastructure.

Benefits of converged infrastructure

Converged infrastructure provides both technical and business efficiencies, according to industry researchers and observers. These gains stem in part from the pre-integration of technology components, the pooling of IT resources and the automation of IT processes.

Converged infrastructure further contributes to efficient data centers by enhancing the ability of cloud computing systems to handle enormous data sets, using only a single integrated IT management system

Writing in CIO magazine, Forrester Research analyst Robert Whiteley noted that converged infrastructures, combining server, storage, and networks into a single framework, help to transform the economics

Running the datacenter thus accelerating the transition to IP storage to help build infrastructures that are “cloud-ready”.[5]

Decreased complexity, through the use of pre-integrated hardware with virtualization and automation management tools, is another important value proposition for converged infrastructure as noted in an IDC study.[7]

InformationWeek highlighted the promise of two long-term advantages of a unified data center infrastructure: Lower costs as the result of lower capital expenses resulting from higher utilization, less cabling, and fewer network connections.  In addition, gaining lower operating costs coming from a reduced labor force via automated data center management and a consolidating storage and network management infrastructure team.  Increased IT agility is gained byvirtualizing IP and Fibre Channel storage networking and allowing for single console management.

Data centers around the world are reaching limits in power, cooling and space. At the same time, capital constraints are requiring organizations to rethink data center strategy. Converged infrastructure offers a solution to these challenges.

Converged infrastructure and cloud computing

Converged infrastructure can serve as an enabling platform for private and public cloud computing services, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) offerings.

Several characteristics make converged infrastructure well suited to cloud deployments. These include the ability to pool IT resources, to automate resource provisioning and to scale up and down capacity quickly to meet the needs of dynamic computing workloads.

Software-defined data center (SDDC)

In a software-defined data center, “all elements of the infrastructure — networking, storage, CPU and security – are virtualized and delivered as a service.”  Software awareness in the infrastructure is not visible to tenants.

SDDC support can be claimed by a wide variety of approaches. Critics see the software-defined data center as a marketing tool and “software-defined hype,” noting this variability.[3]

The software-defined networking market is expected to be valued at about USD $3.7 billion by 2016, compared to USD $360 million in 2013.  IDC estimates that the software-defined storage market is poised to expand faster than any other storage market.

A software-defined data center differs from a private cloud, since a private cloud only has to offer virtual-machine self-service, using traditional provisioning and management.

Instead, SDDC concepts imagine a data center that can encompass private, public, and hybrid clouds.

In a SDDC scenario, IT would define applications and all of the resources they require—including compute, storage, networking, security, and availability into one group made up of all of the required components to create a “logical application.”

Commonly cited benefits of software-defined data centers include:

  • improved efficiency from extending virtualization throughout the data center;
  • increased agility from provisioning applications quickly;
  • improved control over application availability/security using policy-based governance;
  • flexibility to run new and existing applications in multiple platforms and clouds;

In addition, a software-defined data center implementation could reduce a company’s energy usage by enabling servers and other data center hardware to run at decreased power levels or be turned off.

Some believe that software-defined data centers improve security by giving organizations more control over their hosted data and security levels, compared to security provided by hosted-cloud providers.

According to some observers, software-defined data centers won’t necessarily eliminate challenges that relate to handling the differences between development and production environments; managing a mix of legacy and new applications; or delivering service-level agreements (SLAs).

Software-defined networking was essential to the software-defined data center, but it is also considered to be the “least mature technology” required to enable the software-defined data center.

A widespread transition to the SDDC could take years.  Software-defined environments require rethinking many IT processes—including automation, metering, and billing—and executing service delivery, service activation, and service assurance. 

Responding to RFP or Not

Request for Proposal (RFP) also knowns as Request for Quote (RFQ), Request for Bid (RFB) are documents released by municipalities to get pricing for products and services these entities are looking to buy.

RFPs often include specifications of the item, project or service for which a proposal is requested. The more detailed the specifications, the better the chances that the proposal provided will be accurate. Generally RFPs are sent to an approved supplier or vendor list.

In most instances, only selected bidders may be invited to participate in subsequent bids, or may be asked to submit their best technical and financial proposal, commonly referred to as a Best and Final Offer (BAFO). Subsequent changes can be referred to as the Best andRevisedFinal Offer (BARFO).

Once both the parties i.e. a buyer organization and seller organization agree on the technical and commercial terms and conditions of the proposal, they could move on to next steps like contract signing, statement of work which would formalize the purchase transactions.

The bidders return a proposal by a set date and time. Late proposals may or may not be considered, depending on the terms of the initial RFP. The proposals are used to evaluate the suitability as a supplier, vendor, or institutional partner. Typically organizations follow a detailed vendor screening process to short list the vendors who should be invited for further rounds of negotiation. This screening process could either be vendor scoring models or internal discussions within the buyer organization. 

Ed Eisenstein experienced his first RFP award in early 90’s when he was in his 20’s about winning a Million Dollar School District bid for computers in every classroom. He started his career with being awarded this Million Dollar RFP that came from the Smithtown School District in the early 90’s.

Ed Eisenstein is happy to guide other companies and business owners through this process. Today, Ed Eisenstein works on 1 to 2 RFP responses each month.

How long does a hard drive last?

How long does a hard drive last?  Why is this an important question?  Has a computer ever stopped working for you and the tech told you.  ” Your hard drive crashed” you need to restore from backup.  For those unfortunate folks that did not invest in their data backup and redundancy strategy, they will pay dearly when hearing the tech say those words.

Fact is, Hard drives up until recently have been mechanical devices with arms and fast spinning plates that statistically have a high failure rate. hard-drive-internal

Research in Hard Drive Life expectancy shows three distinct failure “phases.”
In the first phase, which lasts 1.5 years, hard drives have an annual failure rate of 5.1%.
For the next 1.5 years, the annual failure rate drops to 1.4%.
After three years, the failure rate explodes to 11.8% per year.
In short, this means that around 92% of drives survive the first 18 months, and almost all of those (90%) then go on to reach three years.

Extrapolating from these figures, just under 80% of all hard drives will survive to their fourth anniversary.

Failure rate will probably stick to around 12% per year. This means that 50% of hard drives will survive until their sixth birthday.

Data Experts at United Network Associates, Inc. (UNA) prevent unexpected downtime when details like hard drive life expectancy are taken into consideration.

A business that cannot afford downtime works with a firm like UNA to assure smooth operations in their infrastructure as well as their security stance for compliance.

Contact us at: 631 393 2980
visit our web site: www.unatechnical.com

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES 23 NYCRR 500:

CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES

DFS 500 Cyber-security Requirements Document\

The New York State Department of Financial Services (“DFS”) has been closely monitoring the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors. Recently, cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data. Cybercriminals can cause significant financial losses for DFS regulated entities as well as for New York consumers whose private information may be revealed and/or stolen for illicit purposes. The financial services industry is a significant target of cybersecurity threats. DFS appreciates that many firms have proactively increased their cybersecurity programs with great success.

Given the seriousness of the issue and the risk to all regulated entities, certain regulatory minimum standards are warranted, while not being overly prescriptive so that cybersecurity programs can match the relevant risks and keep pace with technological advances. Accordingly, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. This regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion. Senior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations. A regulated entity’s cybersecurity program must ensure the safety and soundness of the institution and protect its customers.

Experts at United Network Associates, Inc. are available to consult and resolve this matter.

Ed Eisenstein, President ed@unatechnical.com

DarkWeb Scan. What is that?

Is your companies data already sold on the dark web?

The dark web, as the name suggest, is the hidden, dark side, of the Internet. Often behind cryptic addresses and only reachable via vast encrypted networks lays a world of political forums, questionable images, sites who’s members seek privacy as well as outright criminal marketplaces where people happily trade guns, drugs and stolen items as well as information.

When businesses are being compromised, their data often is being offered to the highest bidder on dark web auctions or sold in bulk for a fee. Many businesses find out that their network had been hacked, with help of information, obtained on the dark web, where it had been up for sale for weeks or months. If they would have known, preventive measures, would have prevented the disaster.

Do you know if your data is already being traded on the dark web? Passwords and personal information of employees are the most commonly traded items.

Recently former Nassau county chief information officer and now private Cybersecurity expert Ed Eisenstein, has introduced a sophisticated monthly service that scans the dark web continuously for hints, that point towards your business and alerts you immediately once compromising information is being found. This service, available for less than 35 cents per day, is a must have in the tool belt of every security aware business and should be the minimum line of awareness that is being build. For more information check: https://www.unatechnical.com