Doing What’s Right: Helping Our Kids Get More. Advance2000 Questioning The Buffalo Schools’ Bidding Process

Helping our kids get more.

Advance2000 CFO Jad Maouad challenges the integrity of the Buffalo Public Schools’ bidding process for a contract to upgrade technology that would affect children in all 70 Buffalo Public Schools. Read more on Jad’s moral stance in his personal letter to the media below.

To: The Media      

Date: 5/16/2017

From: Jad Maouad

Governance by transparency is a key value of Advance2000, hence we would like to report the misconducts we have experienced with Buffalo Public Schools (BPS) bid process.  

  1. BPS staff has been predetermining prior to the bid to favor a specific manufacturer by having that manufacturer’s specifications. This practice immediately disqualifies other vendors even though the alternative vendor products could be of greater benefit to the schools. This practice has been taking place for several years.
  2. AIS, the incumbent vendor for the past years, has been able to register with the specific manufacturer prior to the biding process, synonymous to insider trading on the NYSE. This gives AIS up to a 50% discount versus 25% for all other bidders involved in this bid opportunity.
  3. Due to Advance2000’s deep relationship with specific manufacturers and our significant volume purchasing capability, Advance2000 was able to obtain necessary discounts allowing us to aggressively bid and win the BPS bid.
  4. The mood at the bid opening for both BPS and AIS staff was shock when they discovered that Advance2000 had the lowest responsible bid price. Advance2000 had the winning bid.
  5. As a result, BPS staff resorted to a completely illegal practice. BPS staff initiated a best and final pricing after sharing the Advance2000 bid content with AIS and subsequently asked AIS to submit a number lower than the lowest responsible bidder (Advance2000 ). 

According to Office of General Services of the State of NY (OGS), best and final is a discussion process that takes place between the bidding party and the lowest responsible bidder (Advance2000). We have yet to hear back from the BPS staff.

This misconduct is disheartening and sadly has been costing the district significantly more money.  Writing bids to favor one manufacturer, having the incumbent vendor (AIS) preregister the opportunity prior to the bidding process, and initiating a kangaroo-style best and final without engaging the lowest responsible bidder is nothing other than unjust and collusive. This practice has been enabling AIS to go unchecked for years, overcharging the schools hundreds of thousands of dollars resulting in monies that the school system would have saved and invested in more meaningful ways.  The AIS bid was $6,932,056 and the Advance2000 bid was $6,541,449.  After receiving the Advance2000 bid, BPS staff shared the Advance2000 bid numbers with AIS resulting in AIS discounting their price to $6,106,401.  We are still willing to provide our best and final that will be lower than AIS. Even so the entire process is unjust. Please keep in mind that AIS is and has been receiving a higher discount for years from the manufacturer than anyone else due to the insider trading described above in section 2. 

Sincerely,

Jad Maouad – Advance2000 CFO


View the video below for the full story via 7 Eyewitness News or click here to read more on their website.

How to Protect your Company from Cyberattacks

Let me begin with a hard truth: Your company is at risk from cyberattack.

It’s true; every firm is at risk, and most will be attacked in some form, at some point in time. It’s nearly inevitable.  However, there are things you can do to protect your firm from a cyberattack, and ways you can mitigate the damage if you are attacked.

What kind of company data needs to be protected from a cyberattack?

There are three categories of company data you need to protect. They are the company’s intellectual property, employee information, and client data.

Company Intellectual Property

The company’s intellectual property includes processes and procedures, firm standards, templates, and forms.  It also includes firm documentation and how-to information, like patents, formulas, recipes or other proprietary information.  It includes marketing information, client names and client information, the types of projects you are pursuing, and other competitive information.

Client Data and Information

The next thing that must be protected is client data.  Client data includes work product – such as project drawings, designs, and schedules.  It also includes information about move dates and expansion plans.  In addition to protecting client project information, you need to protect client intellectual property.  This includes clients’ employee names, information about projects you’re working on for them, client growth patterns, and departmental or organizational structures.

Employee Information

Finally, you need to protect your employees’ personal information.  Personal information like the names of employees, their addresses, social security numbers, and other personal information like spouse and children’s names.  You also need to guard employees’ financial information, information about direct deposit and bank information, as well as payroll and salary information.  Finally, you must safeguard employee personal health information like doctor’s names, health claims, coverage amounts, and other confidential information.

What do you need to be protected against?

 

File Corruption / Loss of Data

You need to maintain data integrity.  You could be attacked by malware, ransomware, or viruses. Your data integrity can be compromised by file corruption, backups that fail, or files that cannot be restored.

There might also be data errors caused by a translation.  For example, if you send files to others as part of your work process and you translate those files from one program format to another, there might be errors or changes caused by the translation programs.

Access to your Data

In addition to the integrity of the data, you need to protect data access (who can get into and access your information).  You must guard against a compromised network or security access problems.  Penetration testing can check your vulnerability against an outside attack.  There’s also a type of attack called “denial of service” that can prevent you from accessing your data.

A malicious or disgruntled employee might change passwords or erase or steal files.  A technology disaster can cut off access to your data.  A server or disk drive can fail, or your internet connection can fail or be disrupted.  A building or office disaster can keep you from accessing your data.  If your office is compromised by fire or another building problem, you might not be able to physically reach your office.  If there is a fire or problem in another part of the building, you might be forced to leave and lose access to your data.  Then there are plain-old hackers, people who try to break into your network to either cause damage or steal information.

Hackers often use social engineering to get to your data.  Social engineering takes advantage of peoples’ good nature; they use peoples’ willingness to help to break in.  For example, a hacker might play on someone’s fears by telling them they have a computer virus infection and trick them into loading software, or giving away passwords or user account names.  Unfortunately, people are generally trusting and sometimes naive – we don’t want to believe others are malicious. For this reason it’s important to understand that employees can be tricked very easily into sharing or giving access to confidential information.

Reputation

The last and most important thing is to protect your company’s reputation and your client’s confidence.  Your clients count on you to keep their data safe.  If there is a security breach or a problem with client data it is very difficult to regain their trust.  You can’t unring the bell.  It is easy to restore a client’s files but it may be very difficult to regain a client’s trust.

How can you protect your firm from a cyberattack?

To protect your firm, it’s important to always be prepared; expect that you will be attacked at some point.  Every firm should prepare for and expect some type of cyberattack.  Firms that work more collaboratively – especially when using BIM – are at higher risk.  Being more collaborative means being more open, which, in turn, increases your risk.

Planning

Expect the unexpected by developing a plan to deal with cyberattacks.  You will never eliminate all risk, but you can mitigate most of the risk with a good plan.  Your plan should explain step-by-step what to do in the in the event of a cyberattack and explain to employees how to get help. Your plan should not be overly burdensome or people will find ways to work around your security.  You can spend a lot of time and money on a security plan, so it’s important to decide how much to spend to get the greatest benefit.

Training

Take the time to train your staff.  Your staff needs to understand the risks and know what to do in case of a cyberattack, as well as how they can protect themselves from a cyberattack.  There must be policies and penalties for violating the rules.  Encourage your company to take security seriously.

Backup / Disaster Recovery (DR) Plan

You must have good backups and a disaster recovery plan.  You should have three copies of your data, the original copy, a local onsite backup of the data and an offsite copy of your data.

[Check out our blog post on how to write a disaster recovery plan for your business]

Check your backups and archived files. Having multiple copies of your data is useless if it’s all corrupted. For archived data, keep in mind that certain file types might be discontinued or no longer usable with current software.  For example, does anyone still have old Lotus spreadsheet files? .WKS or .WK1 files?  You can’t open them using current spreadsheet software. You might need to archive a copy of the original software and operating systems used to read and access old files or develop a plan to update old archived data. Test restore your backed-up files and don’t assume everything will just work.

Passwords / Encryption

Consider encryption – at least for laptops and mobile devices.  Laptops are often lost or stolen, or might be left in a hotel, airport, or cab.  If the mobile devices are encrypted, you’ve lost a piece of hardware, but your data is safe.

People must use secure passwords.  I know, I know: employees hate using secure passwords that are hard to remember, but requiring a new password every 90 days is not asking much.  That’s only four times a year! Consider using multi-factor authentication wherever possible.  Multi-factor authentication uses a third party to authenticate access to an account.  Any account that needs to be very secure – whether it’s a bank or legal account, or just a secure website – should be using multi-factor authentication to be safe.  VPN connections to your office network should also use multi-factor authentication.

Monitoring

Monitor your network access.  You need to know who has been on your network and when.  If you see anything strange, question it.  Do employees really need to be on the network at 3 AM?  It might be legitimate, but you should know what they’re doing and why.

Good Policies (with teeth)

Implement written policies that describe and outline what you expect from your employees.  You should have a policy for email usage, a general IT policy, an equipment policy, and an internet usage policy.  You should outline how to protect the firm’s intellectual property and what you expect employees to do to keep it safe.  Your policy should also describe what happens when the rules are not followed and there’s a problem.  As I mentioned before – there should be penalties.  Policies need to have teeth to be effective.  Employees should know that they must follow the rules or bear the consequences.

Anti-virus / Anti-malware / System Patches / Updates

Finally, make sure that your systems are up to date with the latest security.  Check your anti-virus and anti-malware software to make sure it is up to date and scanning properly.  Change the default passwords on all hardware.  Download and install all operating system security patches.  If you are still using old software that is no longer supported or updated, you are at risk. Work with your vendor to get your software up to date.

Get Help

If you don’t have a disaster recovery plan or IT security strategy, now’s the time to make it happen. If you need help protecting your firm from cyberattacks, Advance2000 can help.

 

IT Security Consultation

May 2017 Newsletter

Back to Basics: Screen Capture for Collaboration

One of the most simple and effective tools for sharing on-screen concepts and ideas in today’s technology-driven world is screen capture. In fact, it’s a tool I’ve come to use just about every day to communicate with my colleagues and clients. A picture is worth 1,000 words, as they say – and capturing an image from your computer screen allows you to communicate what you’re seeing – and why it matters – to another person in a way that eliminates the need for a long, wordy email explanation.

To help you get the most out of this often-overlooked tool, here are some ways I’ve come to use screen captures to collaborate, as well as some of the best tools out there to make it happen.

Sharing information

It’s not uncommon to want to share something you’ve seen or read with another person on your team.  You can take a screen capture and get an exact copy of the information or image in context and with the formatting intact.  Let’s say I have a question or want feedback on something I’m working on. It’s easy and fast to send an annotated screen capture like this:

screen-capture-collaboration

Presentations

You can create quick and informative diagrams and cut and paste them into blog posts and other presentations.  I use screen capture all the time in presentations; it’s a great way to teach your audience how to do something or show a process. Here’s an example of a screenshot showing the process one would go through to insert a SmartArt graphic into a Microsoft Word document.

screen capture collaboration

Emailing to a friend or colleague

A screenshot is incredibly handy if you’d like to quickly share something on your screen with a friend or colleague to help support a conversation – or just give them a quick look at something you’re seeing. For example, here’s a clip I sent to a colleague with annotation showing our different support options.

 

screen capture for collaboration

Preserving or saving important on-screen information

When I finished my taxes, there was a screen with information I had to print and save. Naturally, the page did not print (as it was a government website), so I used screen capture to save the proof that I did my taxes…ugh!

screen capturing information

Asking a question or getting information

When it’s hard to express a question you have about something you’re looking at on your screen, an annotated screen capture works well combined with a question.

screen capturing for collaboration

 

***

When it comes to tools for screen capturing, there are many free and paid programs available. For the sake of brevity, I’ve compiled a quick list of some of the tools I use personally (and like).

I use both Windows and MacOS (and Linux) – here are some options for both:

Windows

 

Screenshot Captor

Screenshot Captor is super full featured and does just about anything you can think of in terms of capturing and editing/annotating screen captures. It’s extensive features satisfy my needs for the tool and then some. This tool is donationware and needs to be registered.

Greenshot

Also full featured and includes an image editor, Greenshot is open source and free to use.

Jing

Jing is simple, easy to use, and gets the job done. It’s free, but requires registration, will also record a 5 minute screen video with sound. I personally use this tool on my Mac and PC. It works the same on both operating systems.  (no learning curve)

Snipping Tool

The Snipping Tool comes with Windows; it’s already loaded and ready to go. It’s very basic and allows for minor editing, saving, and copy to clipboard.  If you’re having trouble finding it, simply search your computer for snipping tool and go.

Windows Snipping Tool

Pro Tip: Hit the Prt Scr key on your keyboard, then paste from clipboard (or Ctrl + V) – or hit the Alt + Prt Scr keys for active window capture

You can also set up OneDrive or Dropbox to automatically save screenshots created this way for later editing or sharing. These key commands are built into Windows and on most keyboards.

Mac

 

Skitch

Skitch has many features, and has both free and paid versions available. If you’re an Evernote user, this tool saves right to Evernote for you.

Jing 

Jing for Mac works the same as the Windows version – I use this for both PC and Mac, and there is no learning curve.

Press Command + Shift + 4 on your keyboard

This turns the cursor into a cross hair and allows you to draw a window to save. The screenshot will save as a PNG image to your desktop.

 

Screen capture is one of my most used productivity and collaboration tools.  Try incorporating it into your workflow, and I think you’ll be pleasantly surprised to see what a handy tool it is!

Next time, I’ll share my favorite tools for screen sharing over the web.

Advance2000 IT Strategy Assessment