If the recent global ransomware attack taught us anything, it is that everyone needs to be vigilant when it comes to cyber-security.
Among those issuing warnings was the Federation of Small Businesses (FSB) who urged business people not to make the mistake of assuming only big business is at risk.
The federation is warning small businesses in the UK to take urgent steps to protect themselves.
Dave Stallon, commercial director at FSB, said: “We are raising the alarm with the UK’s 5.5 million-strong small business community. It is vital that small businesses and the self-employed prioritise this and that they do it today.”
We agree. In addition to offering a range of IT solutions that can help businesses take advantage of the digital revolution, Bowe Digital can also advise on your cyber security.
Call us on 0191 214 1750 or email firstname.lastname@example.org to find out how.
Bowe Digital – we make I.T. happen
The leader of a small businesses organisation has welcomed the recent launch of the Government’s strategy against cybercrime but warned that SMEs still need more protection.
The Federation of Small Businesses (FSB) said the National Cyber Security Strategy was welcome because small businesses are the victims of more than seven million cyber crimes a year, costing £5.26 billion annually.
FSB National Chairman Mike Cherry said:“When a small business is attacked, it can lead to weeks of delayed or lost orders, significant financial loss and damaged reputations. It’s an absolute necessity for businesses and Government to work together to increase the resilience of the small business community to help them get back on their feet after an attack.”
Bowe Digital can help protect your IT system against the latest cyber threats. Call us on 0191 214 1750 or email email@example.com to find out how. Can you afford not to?
Bowe Digital – we make I.T. happen
The UK Government has launched a new Cyber Security Information Sharing Partnership (CISP), which aims to protect the nation from cyber attacks.
The partnership will bring together government experts, cyber-crime specialist and industry to share intelligence on the latest cyber security threats.
Francis Maude, the Cabinet Office Minister responsible for the Cyber Security Strategy, said when launching CISP: “We know that cyber attacks are happening on an industrial scale and businesses are by far the biggest victims of cyber crime in terms of industrial espionage and intellectual property theft with losses to the UK economy running into the billions of pounds annually.”
Bowe Digital can help protect your IT system against the latest cyber threats now.
Call us on 0191 214 1750 or email firstname.lastname@example.org to find out how. Can you afford not to?
Bowe Digital – we make I.T. happen
Author – Be Everywhere
Understanding password strength and security
It’s becoming more and more common that when you sign up for any account online you see a password strength meter. They come in various shapes and sizes and are coded with varying restrictions that measure how easy your password would be to crack. Password strength meters work by measuring entropy, which shows the amount of time it would take for a hacker to get your password by using a brute force method. Also known as an “exhaustive key search” this process is basically a systematic attempt to guess all possible passwords until they find the correct one.
Exhaustive key search method for cracking passwords
Imagine you pop to the shops and lock your pushbike to the rails outside it using a padlock secured with a 4-digit code. If someone wants to steal your bike there is a finite number of possible ‘passwords’ that they can cycle through (pun intended) until they find the right one. The brute force method of stealing your bike would be to get a chainsaw and cut through the railing, but the brute force method of hacking your password would be to start by trying ‘0000’, then ‘0001’, then ‘0002’ and continue all the way up to ‘9999’. At some point the would-be thief/hacker would find the right password and they’d ride home on your bicycle.
Except, if your password is way up in the 8000s then it’s going to take the thief an age to try that many combination, and you’ll probably have finished your weekly shop by the time he’s even halfway through the possibilities.
In a theoretical universe where there are 100 thieves trying to get your bike, and they can all try a password combination simultaneously, then they’ll be away with your bike before you even pick up the shopping basket. One bike between 100 of them will be uncomfortable, mind you.
This multi-pronged attack is more relevant to computer based passwords, where it’s realistic that the computer can attempt a tonne of possible passwords in a very short amount of time. Password strength checkers like zxcvbn can show just how quickly a computer can guess your password. For the example password ‘fountain’ (admittedly not a very good one) a computer guessing 100 iterations per hour could crack the password in half a day. If it was guessing 10,000 passwords a second then it would be cracked in under a second.
This is why text only passwords are usually highly disregarded, and a lot of websites won’t even let you create an account with a text only password. Instead, you’re encouraged to increase the strength of your password with disguising factors like capitals, numbers, and symbols. On the ‘howsecureismypassword’ password checker the word ‘fountain’ was cracked instantly, but “Fountain123!” was cracked in 34 thousand years.
This measure of entropy is one way to see how quickly a computer could crack a password, but if we go back to the bike thief analogy, that thief knows that it’s far more likely that you’ve set your padlocks password to something memorable like ‘7777’ or ‘2468’, so he’s probably going to try a sequential, or palindromic pattern before he tries the brute force method of 0001, 0002, 0003. So don’t make your password 7777 or 1234 or 2468, and don’t make it 0001 either. If the thief really, really wants your bike then he might have done his research and found out when your birthday was – so don’t make the password your birthday either.
This mentality translates to computer passwords, too. Everyone knows that the most common password is ‘password’, yet people still use it. So a hacker will go straight to ‘password’ before he tries ‘aaaaaaaa’. On the internet you can find a list of the 10,000 most common passwords, and if hackers are trying to access your account they’ll cycle through these before they do anything else. A recent study showed that 30% of all passwords fall on the list of the 10,000 most common. Knowing the restrictions that websites have in place, hackers will also try variations of these common p@s5w0RD!S!S! that fall within the restrictions.
Combining all of this, we see that ‘Fountain123!’ isn’t actually as strong as that password checker suggested. The numbers are sequential, and the format of having the capital letter at the front and an exclamation mark at the end is a very standard way that people try to disguise passwords. It may have passed the brute force test, but a hacker with external knowledge would find it a lot easier to crack.
The strongest and safest passwords
So, after all that am I telling you that your password should be… *ahem*…ADF%$gwsdfgsdge5te45yFgxdfgsDFSDGdg54gsfgsdfgs2343£$?%”£$%”£?
No. Because you won’t remember that well enough to re-type it in the ‘repeat password’ validation, let alone be able to repeat it every time you visit the site. Instead, it’s suggested that passwords should actually be memorable ‘passphrases’ with all of the number, symbol, and case boxes ticked.
An example here would be that “Fountains123!” wasn’t actually a very strong password, but “FountainBikes!157” would take 93 trillion years to crack, and with passwords, longer is generally better. So by the https://howsecureismypassword.net/ password checker “PadlockThiefFountainBikes!157” is even better, and would take 4 undecillion years to crack.
For the record, depending on where you’re from, an undecillion is a 1 followed by either 36 or 66 zeroes. And there’s four of them. That’s a long time.
Sure, if a hacker has four undecillion computers to hack you with, then it’d only take them a year to get in. But in that case they must really, really want to read your emails – and just imagine the electricity bill.
PadlockThiefFountainBikes!157 passes the brute force test for password strength, as well as the human test. As a string of words it’s easy to remember but hard to crack because there’s no logical connection between them. The punctuation isn’t predictable and the number isn’t sequential or meaningful. It would take a hacker so long to get in that he’d just move on to the next guy long before he got anywhere near your information.
Follow this advice to choose the best passwords and stay safe online.
Author – James Norman
What is ‘Backing up data’?
Data backup is one of the most important areas of business IT and yet is also one of the most ignored. Backing up data making a copy of your most important and needed files; this can then be used if the original is lost or becomes corrupt.
Why you should backup?
Losing your business files can happen in a variety of ways, the common causes include your IT system failing physically, errors, theft or disasters like fire, flood and dropped mugs full of liquids! People also commonly save data to just one place, like ‘My Documents’ on your PC’s hard drive. Which means that if this data were to be changed or deleted it would take considerable time for IT support to restore it.
What should you backup?
Choosing which files is a good start to ensuring you have a copy of all your business’s important information. To help choose which files you should backup try thinking about what you would need to continue working if your PC were to be stolen/damaged. For example clients address/telephone details, your account information, important documents.
Another question to ask yourself when choosing which data to backup is “How long has it taken me to collate all this information and what would happen to the business if I couldn’t get it back once lost?” These are the key things that you should be thinking about.
What type of backup should I run?
There are many options to choose from, but the two moat popular options are an online or physical backup though a hard drive. Both have their advantages and are explained in detail in our most recent post, which you can read by clicking here.
If you have any more questions about backups or just IT in general, feel free to contact us and we’ll be happy to provide you with our IT support advice.
Many times we have found ourselves wanting to ‘test’ entering transactions, running reports and adding new accounts without using our ‘real’ data but not implementing it on our live Sage 200 company.
This is where a Test Company comes into play!
What you need to know…
This is essentially a company where we are able to test, play, amend and delete data that we have entered into Sage.
Whether you are:
- Questioning the end result from a transaction
- Unsure of the result from changing a setting
- Carrying out training with new employees
- Experimenting with a new process
- Trying to improve on your Sage knowledge
A test company is a great resource that enables you to cover all of these and more.
Setting up a test company is easy. If you don’t already have one, we highly advise that you set one up.
Fortunately, we will be covering that today.
How to set up a Test Company
Prior to setting this up , a few key pieces of information are required.
You will need:
- Access to System Admin
- Access to the SQL Server
- The current live company database name.
Firstly: Head to System Admin > Select Companies from the columns on the left hand side.
From here you will need to make a note of the database name assigned to your current live company.
With this then you need to head to the SQL Server and create a backup of that database.
Once the backup is complete you need to restore this as a new database.
Once this is completed, you will need to create a new company within system admin.
We would suggest that you call the company name the same as your live company, only with test at the end like so:
- Live company name = Small Soldiers LTD
- Test company name = Small Soldiers LTD Test
This ensures the two companies are never selected in error.
You should now open Sage and select the test company from the list of companies, then that is your test company all set up.
Getting the most out of your Test Company
To ensure you are getting the most out of your test company, we suggest you regularly update it.
Similar to the installation of the test company, updating it is simply taking a backup of the live data. The only difference is we are going to restore the backup over the existing test company’s database.
When the process is complete and you have successfully completed your backup and restore, it will be fully up to date.
So, there we have it. I hope you were able to follow all steps easily… Until the next time!
Author – Jade
Healthcare organizations and other companies need to alter security approaches as their organizations pursue changes in IT strategies and operations, according to results of recent research.