Your Step by Step Guide to Mitigating and Preventing a Ransomware Virus in your Small/Medium Business

With the recent epidemic of ransomware viruses (up over 600% in 2016 and with the newest batch of exploits wreaking havoc internationally), I thought it would be a good idea to go through the basic guidelines for mitigating and containing ransomware for your small to mid sized business. There are plenty of additional pieces to putting this together completely so please reach out to me if you would like some assistance. Some of these are simple recommendations and this is by no means a complete list. But, then again, eat healthy, exercise regularly and don’t smoke are simple recommendations – and if you don’t follow them, you know what to expect.

  1. Use a reputable multi vector end point security – Use anti virus programs like Webroot/Kaspersky/McAfee/Avast. Don’t be penny wise and pound foolish. Buy a proper license for each machine. Keep it updated for all new definitions. Keep it current and get one that is constantly being updated. No one program is going to be 100% effective. Also, make sure that you have a program that detects malware. Malwarebytes Premium is my favorite. Again – go for the full paid version and don’t try to cut corners on freemium or freeware versions. An ounce of prevention is worth a pound of cure.  You need protection that is going to detect phishing from spam, detect unsafe websites and web browser protection.
  2. Put strong back up procedures in place– you should have back ups in place with a return point objective that you can live with. That means that you should have back ups both onsite on a device and in the cloud. Both of the back ups should be constantly tested for verification and the process should be monitored. When this is successfully in place, in case of an outbreak, you can restore to the last back up that was unaffected. Please note: tape drives, USB sticks, and removable hard drives are not adequate for business applications. You need a proper belt and suspenders- a properly sized on premise device that is backed up to the cloud.
  3. Make sure that you are updating your operating system and plug ins regularly – the current round of ransomware is exploiting unpatched and un-updated Windows vulnerabilities. We update our clients with whitelisted patches and updates from Microsoft. Make sure that you are constantly updating your operating system. Make sure that you are scheduling your updates properly- for all of your computers and all of your devices. Make sure you update all of your computers- even those that you may use less frequently. For example, we use micro pc’s in our conference room- for use with our large screen monitors. All of those units must be updated regularly.
  4. Make sure that your firewall is regularly updated and maintained– your firewall should be under contract and updated with the very latest definitions. Your firewall is all that stands between you and the virus filled Internet. We recommend Watchguard because it is constantly being updated and maintained – and it includes best of breed components that would be too expensive to buy separately bundled in.
  5. Disable autorun- make sure that you disable autorun for everyone!!Yes, autorun is useful. Yes, it is also used by viruses and malware to propagate itself throughout a network. In these dangerous times, disable it.
  6. Stop making everyone an Admin!! – administrators should be admins. However, if you give everyone admin rights, you open yourself up to more damage. User should be users and admins should be admins. Period.
  7. Enforce secure passwords– believe it or not, people use stupid passwords. Enough with stupid. If you want to get infected, use a simple password. If you don’t use a secure password (strong with characters, alphanumeric and symbols). Better yet, have your users get a password manager app.
  8. When relevant, encourage the use of two factor authorization– if you have compliance requirements (HIPAA or PCI) definitely use two factor authorization.
  9. Disable RDP– remote desktop protocol is used by all sorts of viruses and malware to gain access. If you don’t need it or don’t know what it is, disable it.
  10. Educate EVERYBODY– even if your office is a handful of people- but especially if you have less sophisticated users- education of the threat is important. Your staff should know what phishing, spear phishing and how to recognize and avoid suspicious emails. Incorporate this into your onboarding of new employees or have a meeting about this. If you would like a recommendation for videos, send me an email and I will send you a recommended list. Along with that, add pertinent sections to your employee manual about bringing your own device onto the network, using “free”USB drives, and clicking on links in emails.

Like I said, this is by no means a comprehensive list. I have learned Mark Twain may have had the last word. “It’s not what you know that gets you in trouble, it’s what you know for sure that just ain’t so”. The world of viruses and malware is changing. Yesterday’s method may be overcome in an instant and you have to keep on top of it. If you need help- just let me know!

 

Advertisements

Is your Data compliance in place?

With all of the security breaches we keep on hearing about (Target, Michael’s, Neimann Marcus) there is a secondary issue that also needs to be addressed: compliance. Compliance basically means that the customer data that you have on hand has to be protected above and beyond. If you don’t protect that data and if there is a breach, your company could be liable for the damage caused by the loss of that data. If you are in healthcare, the standard is for HIPAA (which mainly is concerned with keeping patient health records private). If you take credit cards, the relevant standard is for PCI compliance. With all of the different types of data and line of business issues, data compliance can be a thorny issue.

The latest cure for this is, as frequent readers can probably guess, compliance as a service. Prime Telecommunications is working with RapidScale, a national leader in cloud applications. Rapidscale has a proven compliance service that is available to simplify compliance for our clients.

RapidScale’s innovative Cloud Compliance tool is a user-friendly web based portal software solution which offers its clients an easy, affordable way to prove they are in compliance with the standards and regulations of the industry they service.  CloudCompliance is one of those tools which will prove itself as an invaluable to its clients.  For further information, please contact RapidScale professional support.

The products available in the market today for compliance are overly complex and more confusing than they are helpful. Furthermore, often times it is not tied into crucial trouble ticketing systems while also being linked to approval processes required for third party vendors. CloudCompliance provides a true tracking mechanism with regards to every action within a healthcare provider’s systems.

With RapidScale’s CloudCompliance solution, the focus is on meeting compliance standards while operating within the convenience of the cloud. CloudCompliance is not only for the healthcare industry and HIPPA, but for all compliance dependent industries that are required to follow laws including PCI, SOX, FINRA, ISO, FDA, FAA and many more. CloudCompliance is an easy, affordable way for organizations to prove that they are following the standard guidelines for any particular compliance law. Users have access to real time reporting, tracking and system interfaces for all of their healthcare clients. If an organization has a compliance team on staff, they will love the easy to user interface. If an organization does not have compliance teams, CloudCompliance will provide a user with the diagrams, information and details auditors are looking for.

CloudCompliance offers numerous system benefits for healthcare including the ability to track every movement within the system. Additionally, once in the system, the information cannot be tampered with, destroyed, or altered in any way. CloudCompliance has no platform limitations either. If a hybrid cloud environment is required, RapidScale can keep an organization compliant by integrating CloudCompliance into their solution. CloudCompliance can also be implemented into large healthcare organizations in order to provide a hybrid cloud support model. CloudCompliance is one of those tools which will prove itself as an invaluable to the Healthcare industry.

About RapidScale:

RapidScale, a cloud services innovator, delivers world‐class, secure, and reliable cloud computing solutions to companies of all sizes globally. Their state of the art CloudOffice platform and market leading cloud solutions are the reason why RapidScale is the provider of choice for leading telecommunications providers, VAR’s, MSP’s and agents throughout the United States. RapidScale is not only delivering a service, but they’re innovating advanced solutions and applications for the cloud computing space. Today, many of the top carriers, VAR’s, MSP’s and master agents across the globe are selling RapidScale’s cloud solutions to their customers. RapidScale’s market leading solutions include: CloudServer, CloudDesktop, CloudOffice, CloudMail, CloudRecovery, CloudApps and more. For more information on RapidScale visit http://www.rapidscale.net  any of our other sites at www.chicagocloudconsultingservices.com, www.chicagobusinesscloudservices.com or www.cloudhostingserviceschicago.com

What lessons can business learn from the Healthcare.gov roll out?

healthcare gov

Regardless of whether you are for or against the Affordable Care Act (a.k.a Obamacare), there are still important lessons to be learned for business in the roll out of the website Healthcare.gov.

Government has a long history of spending money unnecessarily. But in an age when the U.S is home to the world’s largest, most successful Internet companies, how is it possible that we can’t even manage to build a functional website without blowing through hundreds of millions of dollars?

1.       Political Interests Trump Operational Interests

The federal  government has too many political interests involved in the acquisition process. The biggest takeaway though, is that the way that the federal government bids out software is fundamentally broken. According to reports in the NY Times, the managers at the Centers for Medicare and Medicaid Services  (CMS) were tasked with the oversight.  They did not have experience in integrating a project of this complexity

2.       There is no substitute for Experience

There are clearly companies in the industry who understand exactly the kind of problems that healthcare.gov needed to address. Intuit’s online TurboTax is much more complicated than the sign-up process for healthcare, and it works under heavy load. Amazon and Google both handle crushing loads gracefully as well. Why can’t the government draw on this kind of expertise when designing a site as critical to the public as healthcare.gov, rather than farming it out to the lowest bidder?

3.       Test extensively before roll out

Load testing is your friend. If there’s a positive message that we can glean from the collapse of the portal, it is that there are a LOT of people interested in getting healthcare via the government. Unfortunately, that has led to what is effectively a DDoS attack. It has become abundantly clear that the site was never stress-tested under anything like the type of load it is encountering. The solution so far has been to put people into a queue, something that would get a site like Amazon laughed out of the marketplace. “I’m sorry, we’re a little busy right now, try shopping later?!!”

Creating realistic load testing of a site as complicated as healthcare.gov isn’t easy, but just having a thousand bots load the home page isn’t going to give you a realistic load test, especially of database transactions. You need to really bang on the core functionality of the site, and tune the heck out of it.

4.       When you’re wrong, promptly admit it

Companies such as Google, Amazon.com, Twitter, and Facebook all think in terms of platforms talking to applications. They deploy lots of small teams that are expected to ship new features and fixes all the time—sometimes daily. Like anything that involves human beings, shipping code can devolve into squabbling, missed deadlines, and flawed releases. The programming community’s key realization is that the solution to these problems is to create more transparency, not less: code reviews, tons of “unit tests” to automatically find flaws, scheduled stand-up meetings, and the constant pushing of new code into the open, where it’s used by real people. To cite just one example, developers at the giant online marketplace Etsy are encouraged to release code to the world on their first day of work. Of course it is going to have bugs- deal with them and fix them.

5.        Don’t reinvent the wheel. Use open source.

Government IT can’t work in such a transparent way. Or could it? There’s a whole set of tools, methods, and processes already set up and ready to use, all embodied in the culture of open-source software development. The U.S. federal government, led by the executive branch, should make all taxpayer-funded software development open-sourced by default. In the short run, this would help to prevent the recurrence of problems like those that plague healthcare.gov. Longer term, it will lead to better, more secure software and could allow the government to deliver a range of services more effectively. And it would enrich democracy to boot.

The basic goal of the free software movement is to make useful software code available to anyone who wants it. Thirty years ago this sounded like communism, because code was seen as a kind of property. But in recent decades many people have come to believe that software code is more like a conversation. (As one famous programming textbook put it, “Programs must be written for people to read, and only incidentally for machines to execute.”) That’s why people say that free software is free as in free speech, not as in beer.

Want to open-source code? Choose a free software license and release your code online with the text of that license attached. That’s all it takes. History shows, however, that just licensing code and making it available isn’t enough. You need to create a culture around your project and engage with other people doing related work. If you do a good job of it, you and your collaborators can create great, first-class, highly secure software. Web browsers such as Mozilla Firefox and Google Chrome were built this way.

The government has an advantage over typical open-source projects. People, including programmers, are intrinsically interested in what it’s doing, often because their lives are affected directly. If it wanted to, the U.S. could tap an army of interested coders ready to support official efforts

Read more:  I used the following articles in preparing this post.

http://programming.oreilly.com/2013/10/what-developers-can-learn-from-healthcare-gov.html

http://www.businessweek.com/articles/2013-10-16/open-source-everything-the-moral-of-the-healthcare-dot-gov-debacle

http://www.digitaltrends.com/opinion/obamacare-healthcare-gov-website-cost/#ixzz2kSlTevvq

Data Backups and the Holes in your Socks

Data back up and disaster recovery are both complicated and crucial. It is all about planning, attention to detail and faultless execution.

By way of a parable:

Imagine that you are all dressed up for a special occasion. You know that appearance is important. You try everything in your power to look your best. Except, the socks you are wearing have huge holes in them. Now imagine that you are going to a place that requires you to take off your shoes (e.g. a Japanese restaurant, a house of worship or your mother in law’s living room). Not good, right?

In our reality:

In data backup and disaster recovery, this scenario is more the norm than the exception. We relegate back up to a secondary IT role, performed as a task by a junior staff member, on generally older technology platforms. Everything that everyone can see and use, desktops and applications, is snazzy. It is only when a disaster strikes- power failure, database corruption, virus- that the lack of attention to detail is brought to the forefront- for everyone to see.

There are two types of metrics that need to be determined first. What is the recovery point objective (RPO) and what is the recovery time objective (RTO)? The RPO tells you how much data you need to back up and from what point. The RTO tells you how long of a lag you can tolerate in having that data unavailable.

Thankfully, there are a number of technologies that are available to optimize both.

DISK: YOUR FIRST LINE OF DEFENSE

Disk to Disk to Tape (D2D2T) strategies have gained popularity in recent years due to the great disparity between the devices being backed up (disks), the network carrying the backup, and the devices receiving the backup (tape).

D2D2T strategies solve this problem by placing a high-speed buffer between the fragmented, disk-based file systems and databases being backed up and the hungry tape drive. This buffer is a disk-based storage system designed to receive slow backups and supply them very quickly to a high-speed tape drive.

DEDUPE: THE DISK ENABLER

Typical backups create duplicate data in two ways: repeated full backups and repeated incrementals of the same file when it changes multiple times. A deduplication system identifies both situations and eliminates redundant files, reducing the amount of disk necessary to store your backups.

BACKING UP AS YOU GO

CDP (continuous data protection) is another increasingly popular disk-based backup technology. Think of it as replication with an undo button.

Every time a block of data changes on the system being backed up, it is transferred to the CDP system. However, unlike replication, CDP stores changes in a log, so you can undo those changes at a very granular level. In fact, you can recover the system to literally any point in time at which data was stored within the CDP system.

One of the biggest challenges of managing a backup infrastructure is that no one wants the job. In large companies, the backup admin position is an ever-revolving door staffed time and time again with junior people. In smaller companies, backing up the infrastructure is a peripheral duty that is often ignored. The result is the same in both cases: bad backups.

Cloud backup services take advantage of many of the technologies mentioned here, but allow customers to use the service without having to manage the process or invest in the equipment required to optimize the back up. Instead, customers simply install a piece of software on the systems being backed up, and the cloud backup service does the rest. But as with any backup system, make sure you have a way to verify that backups are working the way they’re supposed to.

By selecting the right cloud back up provider, using the right network bandwidth and the correct recovery time and recovery point objectives, the whole problem is reduced to one of intent. You have to recognize the importance of back up, you have to determine the objectives and test the model. For more information, call us at 847 329 8600 or check out our You Tube Channel (http://www.youtube.com/user/PrimeTelecomInc/videos).

Plug It – But Change the Password Before You Play It!

In today’s technology environment, whether personal or business, every device and most software packages come with default passwords. When these devices are installed, users frequently leave the default passwords in place. When default passwords are left unchanged, any person with less than perfect scruples (read: MALICIOUS HACKERS) can access your device and gain access to other devices on your network.

Although it sounds absurd, many people do not think about changing their passwords on their routers, on their firewall appliances or on their MAC addressed devices. Using easily available tools on the Internet, the type of device can be easily determined. Other sites have published default passwords or administrative passwords for commonly installed devices and appliances. This potentially puts millions of devices – with IP addresses and MAC addresses- at risk for exploitation.

Some examples that you may not think about: smart TVs, gaming consoles, refrigerators, industrial control systems, business phone systems and voice mail systems. This is in addition to the regular favorites – routers, wireless access points, firewalls and computers.

According to the US Computer Emergency Readiness Team (US-CERT) a hacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. The consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include

  • Internet Census 2012 Carna Botnet distributed scanning
  • Fake Emergency Alert System (EAS) warnings about zombies
  • Kaiten malware and older versions of Microsoft SQL Server
  • SSH access to jailbroken Apple iPhones
  • Cisco router default Telnet and enable passwords
  • SNMP community strings

The first thing that you can do to address this problem is to always – ALWAYS- give a device a unique non default password. Recommended passwords should be strong- meaning that the include both alpha numeric characters, capitals and symbols (!,@,#,$,% & ).

If you manage technology for others – coworkers, clients, family members or friends- always enforce a password changing policy when you set up new devices. Always change passwords from default passwords.

More importantly, restrict access to your network. Make sure that only those users who should be allowed on the network are allowed on your network. With the amount of cyber attacks growing at an alarming rate, the safety of information on a network is only as good as the passwords restricting access to the network.

If you are interested in seeing how secure your network is, there are a number of legitimate sites that will show you how to scan your network for vulnerabilities and secure the access.

For more information on how you can put together all of the pieces of your business’s IT puzzle, visit http://www.primetelecommunications.com/data-solutions. Other great sources of information are the US Computer Emergency Readiness Team at http://www.us-cert.gov/ncas.

Why Cloud Computing Offers Affordability and Agility

Hit the ball out of the park

I love sharing articles that I have read that just make sense and hit the point right away. Bernard Golden in Networkworld hit the ball out of the park yesterday.

By Bernard Golden, CIO
June 18, 2013 09:35 AM ET
CIO – When I was a kid, Miller Lite ran an endless series of commercials in which former sports greats debated the merits of the beer. One would assert that the best thing about the beer is its smooth, rich flavor. No, the other would respond, the best thing about the beer is that it’s light. They’d go back and forth:

“Tastes great!” “Less filling!” “Tastes great!” “Less filling!”

This would go on until the voiceover announcer would settle the matter by noting that what’s really great about Miller Lite was that it’s less filling and it tastes great. In other words, it was special because, unlike every other beer on the planet, it could square the circle and deliver two previously incompatible characteristics. What was fantastic about Miller Lite was that it combined two contradictory qualities: flavor and low calories.

I’m reminded of those commercials when I hear people talk about cloud computing benefits. One person will say that cloud computing is less expensive than traditional IT, contending that on-demand pricing, efficient provisioning and scale make it possible for cloud providers to deliver IT capability much less expensively than established practices.

After a couple of minutes, someone else will say, “Well, I don’t know if it’s less expensive or not, but what’s really great about cloud computing is its agility.” Because cloud providers offer self-service and immediate provisioning, companies can now respond to business opportunities or threats far more quickly than the old, manually-provisioned practices of IT can support.

Click here for the full article. It’s worth the read!

 

Prime is Coming out of the (Phone) Closet- Cloud Computing, Cloud Phones, Cloud Business Management

We went to a seminar this past week. We followed up with some pretty intensive vendor training from our partners- and there will be more on their offerings in the coming weeks. We learned a lot- and would love to share it with you.

Here are some reasons to give serious consideration to cloud-based business services.

BYOD

The “bring your own device” (BYOD) movement is rapidly altering the business landscape. Employees want to use the power and convenience of their smartphones to access data, sales reports, and other tools to enhance efficiency. Likewise, enterprises appreciate what improved productivity generated by the BYOD movement can do for the bottom line.

Immunity From Disaster

Another major benefit of the cloud is disaster management. Cloud-based communications systems include automatic redundancy. Voice, data, and all digital information are typically routed to multiple data centers. The days of a business losing business hour-by-hour when its phone system goes down is a thing of the past. Fires, super storms, equipment failures, and even cyber-attacks are no match for the built-in redundancy of IP-based telecommunications.

Those that had embraced VoIP phones and cloud-based computing on the East Coast prior to Superstorm Sandy were often able to continue operations when others with traditional systems were down for days.

Business Management “To Go”

For business managers and executives, cloud-based operations allow them to, in fact, be “two places at once.” One can head out to an impromptu but vital sales call without worrying about what will be missed while you’re gone. The advantages of a fully integrated system go well beyond the mere ability to stay in touch via smartphones. Full, seamless integration of all company operations is possible in the cloud, and it can be done securely.

OfficeSuite is one such platform that can integrate your office phones, mobile devices, and data networks into a single system. Over 100,000 business professionals nationwide already enjoy the ease and efficiency of cloud-based communications and business management. Companies like Broadview Networks has already helped many clients to realize productivity gains through OfficeSuite’s business phone systems.

No longer want to be tethered to your office phone? Move your operations to the cloud and you will feel liberated as you can conduct essential business from anywhere at any time – and on any device.

Scalability

Phones that work over the Internet can be set up without the need for telephone installers at your premises. Better yet, as soon as you add staff or new locations, the system is readily scalable. Grow as you need to without having to spend precious capital for new equipment. As you grow, simply add new licenses for your new employees and set them up on the system in minutes.

The number of businesses around the world that will be using Internet-based phone systems is expected to double in 2013, to over 100 million. There’s a reason for this communications revolution, so see how your productivity can soar with cloud phones and cloud-based business management.

Using the Cloud and Managed Services to Make More with Less

The bigger a company is the bigger their IT staff – a truism. While the best companies learn to scale operations and solutions beyond a 1:1 ratio, staff growth inevitably follows corporate success and computing sophistication. However, the vast majority of companies are on the ‘understaffed’ side of this growth in a significant way frequently lacking dedicated IT staff completely. The majority of companies rely instead on local consulting companies, staff with rudimentary knowledge, or the teenage children of the owner (in all seriousness I’ve seen this too many times to count).

A large non-profit I spoke with not long ago has a staff of over 1,000 with geographically dispersed sites, but an IT staff of about 6. They certainly had little hope of getting everything done through no fault of their own with so few people to manage a dozen servers and over a dozen remote locations. This last case is extreme in its ratio, but the limited staff overwhelmed by the amount of work and its complexity is all too common. How would they have time, initiative, know-how to move to the cloud?

One of the keys is timing, not finding the time, selecting the window that helps avoid disrupting ongoing operations or slipping delivery dates. While some companies make an outright strategic commitment to the cloud diving in deep, the majority want to put their toe in the water to test it out. Adoption of cloud computing is being used far more than most people realize from payroll by ADP to CRM & SFA (salesforce.com, NetSuite, Intuit), and hosted VoiP/PBX systems. While cloud computing is the most important change in IT today, the majority of companies systems are still run in-house and moving anything to the cloud creates significant discomfort for many.

Testing the Waters

Here are some steps for deciding how to test these water vapors:

  1. Select a provider; learn how things work; make a plan.
  2. New initiatives make an excellent choice in generally avoiding CapEx, avoiding impact to current systems, and significant unknowns surrounding total computing requirements and change management.
  3. Integrate initial efforts with already planned deployments.
  4. Use existing maintenance windows for integration and testing.
  5. Pick a system/solution that has low business impact risk – not payroll, CRM, SFA.
  6. Duplicate your production system, or use a non-production environment (development, test, QA) though alternative environments are uncommon for smaller companies.
  7. Avoid “leaps of faith”. They don’t really work for computing solutions… test, test, re-test.

 

Common Uses

  • Secure file sharing with your extended team. From managing your own file system to using cloud SharePoint, there are many options available.
  • Everybody has email, but many cloud solutions offer integrated calendars, folders, document management, and more making teams far more productive with all the email touch points.
  • Expand web and application servers to reduce latency for remote workers, improve overall scalability, or free expensive hardware for more critical in-house computing.
  • Establish a backup service – very easy with commonly available tools with direct file system integration as a drive letter (Windows) or volume (Unix).
  • Duplicate databases for high-availability or business-continuity use cases – MySQL Cluster, Oracle streams, SQLServer replication, etc. from the current system to a cloud database instance. Implementing a redundant database would be the easier and safer use, but with the option to change to a high-availability solution at a future date.
  • For some companies with more sophisticated data needs (and staff), data warehousing and lightweight BI of the reporting variety would be a good option. Performance is sometimes an issue for cloud databases. But for prototyping, developing and more, it could be a good starting point. Moving to dedicated, private cloud solutions, provide excellent capabilities for databases while supporting the dramatic benefits of the cloud simultaneously.

PS-ALI Do I need it? Getting it for free.

I received an email from user who is having some problems interfacing with his carrier regarding PS ALI service, and was starting to question if his information was incorrect, or had he reached a customer service representative that was talking about a subject they really knew nothing about. Since I do run into this from time to time throughout the year, I thought it would be appropriate to provide a rundown on PS ALI for my readers.

Before we dive into the complexities of ANI and ALI, let’s put some definitions around what were talking about.

By definition, ANI is the telephone number associated with the access line from which a call originates. It is used by the PSAP to retrieve the ALI of the caller. ALI is the automatic display of the PSAP of the caller’s telephone number, the address or location of the telephone, and supplementary emergency services information of the location from which the call originates.

Private Switch ALI, also known as PS ALI, is a service option which provides enhanced 911 features for telephone stations behind private switches. E.g. PBXs.
But, do I need PS ALI?

This is where the confusion comes in the play. Let’s assume that, legally, every real telephone number is entitled to its own ANI and ALI record. ANI and ALI records are managed by the dial tone providers, such as the LECs. Changes and updates are provided to the Database Management Service Provider (DBMSP) through Service Order Input (SOI) transactions, which is a file of completed service order updates sent to the DBMSP by all service providers.

As you would expect, NENA has defined the standard formats and protocols for ALI data exchange, ALI response and GIS mapping, and makes that information available in the NENA 02-010 document,

Referring to the NENA 1.0 data format structure, the record is a 240 character fixed length record, and positions 108 through 127 provide 20 freeform alphanumeric characters that can describe location. Under the NENA 2.1 data format structure, this 512 byte record allows for 60 characters in positions 128 through 187.

This example is your primary argument to your LEC that you are only asking them to perform a service that they are mandated to provide using the standard mechanisms already in place.

What they will try to sell you at this point, is their service, which allows you to manage your records in the database. This is commonly referred to as PS ALI, but is often marketed under localized service names such as Pinpoint, PS ALI Connect and various others. The services, as well as their monthly recurring fees, provide customers with the GUI that enables them to manage their entries, and even update the location field in the records.

So your question back to the LEC is “Why should I pay for the ability to update a database that I will never update?” and “Aren’t you already being paid to handle 911?”

The line I like to use on the customer service rep is “I’m already paying you a monthly fee for 911 services on my phone bill. But if I don’t want to manage my numbers, and the information is going to remain static, why again do you need to bill me more money?” I then like to remind them that the telephone number they provide to my home address as specific address information on it, and yet I don’t have to maintain PS ALI service for that. At some point in time, you’ll get escalated to a supervisor, and at that point, you use the exact same logic on them, until they agree to provide you with access to make a one-time update to an existing record, or they escalate you further up the chain.

At some point, you’re bound to reach either someone that knows what they’re talking about and can fix the problem for you, or you’re going to get someone to just make the change.

So in the end, your argument points are:

  • You are already paying monthly service charges for E911 on all of your numbers
  • You are asking for the ability to make sure that the information associated with each of those numbers is correct.
  • You are not asking for a system to manage those records on a daily basis
  • If the LEC refuses to correct the information, ask them to provide you with a liability waiver that states they acknowledge your concern about location granularity, the fact that their database is not correct, and that they are refusing to assist you to fix the problem.

Document everyone you speak with, and keep a journal entry, including any research that you do on the Internet, including this blog. If you can’t convince your local carrier to play nice in the sandbox, at least you’ll have a nice discovery file to hand to your lawyer.