Security and Safety Archives - Cloud Genius Ltd

I feel a change coming on. I have a vision.

These are odd times.

To say the least.

Many people have been furloughed or wondering what to do with their lives. Will they have a job? Are they happy with the job they have?

With so much spare time, many people have taken this as a opportunity to think about their future.

However, money is scarce.

Many people are choosing to PIVOT to new careers, but budgets are tight.

Part of launching a new business is having a website to go with it… but just getting some hosting and an installation of WordPress is only the start. What about SSL certificates, forms for people to request you contact them, a high quality theme… all those cost money. Then there is the hosting… some is just so slow that you will lose customers.

I saw these problems and came up with a solution.

It is a package with everything you need set up. All you do is give us some text and graphics. We will put them up for you and get you going. At that point you have an amazing website package. When we totted it up, if you purchased it yourself the components would cost £450 per year. That would stretch most starter budgets. As we have mass buying power, we offer it all for £247… and it is all properly configured… and backed up… and the software is regularly updated, minimising data risks. Even if you completely ‘break it’… we can have it back to the previous days configuration in under an hour.

So, you have one fewer thing to worry about.

You save money.

You have a full, working website. (Unlike some other providers who give you a ‘reduced functionality’ website.)

How much?

Just £247 (inc VAT!) per year.

Look at what some of our recent clients have done with it.

 

Your Path . Guru – where Em Melrose will gently help you find Your Path

Ty Llwyd Fach – Socially distanced camping

Perky Wales – Expert counselling from Gwilym Roberts

All of these are on our super-fast hosting.

So, what have you got to lose?

To book yours, go to Pivot Sites – we set it up for tutors, dog groomers and virtual assistants… but so many others are making use of it.

Passwords… and why you need to care

Let me tell you of an IT company. It had started off small so the director had chosen a favourite password ‘D0neit01

This was some time ago, so the fact that it had numbers in made it really secure. It wasn’t particularly long, but it was memorable. Much better than other familiar passwords, like ‘Password01’ or ‘letmein’.

There were five of them working for this company and they were all really good friends. Three directors and two minions. They were working with cleaning companies and whoever would take them on. They realised that their level of service was a cut above everyone else’s, so they realised they could aim higher.

With one of those flashes of inspiration that sometimes hits small companies they realised that they could start working with the finance industry. They already had some contacts in that area of business and, well, those clients had money. It was a sure-fire hit!

Success Breeds Success

A few years later and they had an impressive portfolio of clients. Around a hundred in the bespoke finance industry. Hedge-fund managers, bespoke bankers, investment companies. Their clients loved their high level of service. In part this was because an engineer visiting site knew what the top admin password would be. You’ve guessed it. By this point about a hundred of their clients were investing more than $1B each. (Yes, 100 x $1,000,000,000 = $0.1T). Which starts to look like a significant part of the UK’s GDP. Some of the companies demanded ’secure passwords’ with funny characters in. For those companies the password became ‘D0nit01!’. Engineers knew that if the ‘low security’ password didn’t work you could use the high security one. Simples!

One of the managers was tasked with looking for a password manager. This would be able to hold all types of password. It would be able to fill in passwords automatically. You could give different members of the company different levels of access.

It came back with a price-tag of £10,000.

That was a lot of money.

The directors were not convinced that it was necessary.

Black android smartphone on top of white book 39584

An Innocent Mistake

One day, one of the directors was logging into a client, let’s call them ‘securefinance’. Their website was ‘securefinance.com’. The director had not noticed that in their speed they had typed ‘securefinance.co’. The website looked EXACTLY like securefinance.com so why would they notice?

Over the coming months they started to notice that some of their clients were failing. In one bad incident a client lost $0.1B in a week! That client immediately started the process of winding down. It was sad – they were a difficult client, but they had been a good payer.

You are probably going to guess what had happened. That fake website had grabbed the entered username and password and was now beginning to use it on lots of websites. They were getting lucky. They were also trying password variations automatically. So they were picking off both the ‘low’ and ‘high’ security clients.

Bad Guys Collaborate

They had also submitted the successful usernames and passwords to a database that is maintained by hackers. (Yes, this really does exist.) So lots of other people were trying these passwords… but they were not using them themselves. They were getting computers infected with ‘malware’ to try them. That IS the job of a lot of malware. If the malware successfully logged in then they would update the database. If the password failed then the bad guys were untraceable. Either way the bad guys win.

By now, clients were getting picked off at an increasing rate.

It was looking very bad.

Several consequencies could have happened, including a significant impact on the UK economy, jail terms and collapse of the IT company. This is based on a true story. The directors were potentially negligent, so could have lost the shirts off their backs.

The Good News

A good password manager is available for FREE. It has greater capabilities than that old software costing more than £10,000.

There is an Enterprise version which has all the granular controls you require for a little bit more.

With a password manager, doesn’t that mean that I am committing all my passwords to a database protected with ONE password? Surely that is a really BAD idea? Yes, it would be UNLESS you set up 2 factor identification. This means that you have a code to type in that is sent to you or generated on an app on your phone in addition to the password. As a hacker will not have both access to your password AND your phone your database is safe. It is also highly encrypted and if you lose your phone or your admin dies there are very secure ways to recover the database.

Here is the manager we use: Lastpass It is not the only one out there, but it is very good. We manage more than 1,500 passwords with it. All our client’s passwords are unique, long and very complicated.

You might not be managing billions of dollars, but you wouldn’t want to lose what you have.

Top 7 GDPR myths and a few truths

Here are 7 GDPR myths (General Data Protection Regulation) or ’new Data Protection Act’. We hope this is of some help:

1) It only applies to computers. No, it all applies to all records containing personal data, including those stored on scraps of paper and written in quill pen.

2) You can buy a piece of software that will make you compliant. No! It is more about you knowing how you hold and process data and how you have other people hold and process your data. In other words, it is about you having policies.

For instance,

  • How long do you retain a client’s information after they become an ex-client?
  • How do you ensure that data is fully deleted if a client requests it?
  • How do you gather data together is a client requests a portable, electronic copy of the data you hold on them? (and they are entitled to this.)
  • and many more.

3) It will cease to apply after we leave the EU. Wrong! we are committed to upholding the GDPR after we leave.

4) It only applies to large companies. Wrong! It applied to all companies.

5) It only applies to the ‘owner’ of the data. No! This regulation applies to data processors as well.

6) You can continue to direct market to your potential customers. Do you have their informed permission? Was it given within a reasonable time?

7) If your company holds Cyber Essentials Plus certification you are covered. No! Read all the above again.

Here are the promised truths.

Yes, the top fine is €20M or 4% of global annual turnover, whichever is greater!

Yes, you do have to report all data breaches within 72 hours.

We are running a masterclass on Wednesday 22nd November. This will help you sort out the fact from the fiction.

https://bit.ly/GDPR-MC

See you at the masterclass to get it all sorted.

John

GDPR Masterclass

GDPR Masterclass

Led by Chris Roberts of the GDPR Alliance.

Is your business ready for the new data protection regulations?

On May 25th 2018, less than a year away, the European Data Protection Regulations (GDPR) comes into force. This represents the most significant change to data privacy regulations for more than 20 years. With significant non-compliance penalties including financial ones of up to 4% of global revenue or €20m, it is essential that business owners understand what is coming, the potential impact it will have, and what actions are needed to ensure compliance.

Is your organisation going to be affected by GDPR?

The vast majority of businesses will hold what the regulation describes as “personal data” on an EU citizen so will need to be compliant with the regulations.

What is personal data?

Phone numbers, email addresses, home addresses, bank details, demographics, health information, sexual orientation, in fact anything that could identify a specific person.

What’s covered during the workshop?

  • Why this legislation has come in to being
  • The key points of the new legislation
  • Likely causes of non-compliance
  • Risks and penalties: what changes will you need to make?
  • What actions should you consider to reduce risk
  • What are implications of non-compliance?

Workshop leader

Chris Roberts a Director at Highend Software and a Co-founder of the GDPR Alliance leads these workshops.  Chris regularly presents on business efficiency and productivity improvements and GDPR. Recent presentations include those for the Federation for Small Business (FSB), Superfast Business Wales, Wales Fraud Forum, BNI and numerous private clients.

Venue

The class will start at 9:00am for a 9:30am start in the Conference Room at the prestigious Beacon Centre for Enterprise in Dafen, Llanelli, SA14 8LQ.

Tickets are on sale through our ticketing portal https://bit.ly/GDPR-MC. Book early for deep discounts.

GDPR – General Data Protection Regulation

On 5th October, I was giving a talk to a Novus Networking in Cardiff. The topic was the GDPR. Not the most exciting topic for a group of under 35s, but there you go.

At its heart the GDPR is about protecting our privacy. As the prominent privacy campaigner, Julian Assuange said, to those who doubt our need for privacy: “There is no killer answer yet. Jacob Appelbaum (@ioerror) has a clever response, asking people who say this to then hand him their phone unlocked and pull down their pants.”

Of course we know of cases where governments want backdoors into our phone security and airports have x-ray systems that reveal our unclothed bodies.

There are many great materials out there. In the next month, Cloud Genius is hoping to be running some courses on the GPRS in Llanelli. As a starter, there is an introduction (for free) on trailhead.salesforce.com

The provisional date of our masterclass will be Wednesday 22 November. It promises to be full of useful information that will help you remain compliant.

(The fines for non-compliance are up to €20M or 4% of annual global turnover, whichever is greater.)

Why you need a Stripe…

How gPadlockreat would it be if you could take credit card payments directly from you website.

It’s not as if you have an online store, but there are just one or two services that you would like to charge for. You could use PayPal, but their fees are 3.4%.

Stripe is a really good credit card processor. (After all, even billion-dollar businesses like Salesforce use them.)

Their fees are as low as 1.4% + 20p per transaction at the basic level. Much cheaper than PayPal. 

The downside is that they require a website that meets the standards of TLS 1.2.

Ours do. 

We can set you up with a secure website.

If you use our Safe and Secure website service, we will ensure that it meets the security standards of the future.

(BTW we do full e-Commerce websites, too.)

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Want some tips to help you through lockdown?
ErrorHere