password policy

Best Practice for Creating and Enforcing a Password Policy

No matter how complex and thorough your company IT security is, human users will always find a way to work around protections. If you don’t have a password policy in place, it’s difficult to ensure that your employees are making smart choices. One of the biggest problems is in password strength, with the majority of employees choosing easy to guess passwords and using the same password for everything. Equifax recently hit the headlines when it was revealed a database could be accessed using the username and password ‘admin’. Although it’s easy to joke about these instances, this is no different to a company employee using their first name followed by the year and assuming this is sufficient for security. If you want to keep your company secure, creating a password policy and enforcing it is essential.

Creating and Enforcing Password Policy

Decide what is secure

Although the conventional wisdom seems to be that passwords need to above 8 characters, and include a mixture of lowercase, uppercase, numbers and special characters, this often leads users into the trap of thinking ‘Pa$$word123’ is a strong password. Before creating a company-wide password policy, it’s a good idea to make sure you know what a secure password looks like. You can try this quiz to test your knowledge of password strength.

Update passwords frequently

In addition to guidelines on password length, you should also set a time limit on how long employees can keep the same password as part of your password policy. Changing passwords too frequently can be just as problematic as never changing them, as employees might be tempted to switch back-and-forth between two passwords just to satisfy your password policy.

Decide if password managers are allowed

Some companies swear by password managers as the best way to enforce password policy. While there are many benefits, there’s also the risk that systems could be compromised if one employee’s password manager is breached. If you do decide to use a password manager, it’s important that employees update their access passwords frequently to prevent unauthorised access.

Don’t write passwords down

If your password policy is leading employees to write down long and complicated passwords, it’s time to re-think. Employees need to understand that writing down their passwords is in breach of password policy. Passwords should be long, but they should also be memorable. For example, using a sentence like ‘y3sterd4yicl!mb3dATr33’ is a very secure password, but will be a lot more memorable than a random selection of letters, numbers and punctuation.

If you need help with your IT security, get in touch with our team today on 0345 095 7000 to discuss your needs.

Amazon Web Services will Soon Bill Customers by the Second

When Amazon Web Services launched in 2006, it sparked the cloud computing revolution. Fast forward a few years, and we now have the likes of Dropbox and Airbnb following the introduction of Amazon’s server by the hour model. Developers would no longer have to build and maintain their own servers at considerable cost. Instead, they could pay by the hour for access to supercomputers, as and when they need it. The latest changes are small, but could once again disrupt the way that software is made. Instead of billing users by the hour, they will now be billed by the second.

This isn’t the first time Amazon Web Services has trialled charging users by the second. In 2014, Amazon developed a tool called Lambda to help developers with short-term server needs. This brought to light the trend of serverless computing, as developers could use Amazon’s servers for exactly as long as they needed.

For example, if creating a translation app, the server used to process a request might not exist until required, and then would disappear once the request has been fulfilled. This allows developers to focus on the task of building great software rather than worrying about the deployment and footing the bill for unused server space. By charging users for exactly as much as they need, and operating a generous free tier policy, this opens the floor for developers to get creative. However, while Lambda might have billed by the second, the rest of Amazon Web Services was still billed by the hour, so the process wasn’t entirely seamless.

The latest development, named Amazon EC2 will allow developers to take a more flexible approach to capacity. As outlined on the Amazon Web Services website, developers will be able to increase or decrease their capacity within minutes, rather than hours or days. EC2 will also introduce the option of auto-scaling, which will allow members to maximise the performance of their applications by scaling up or down as required.

Not only will this present money-saving options for developers, but some have also noted that it might encourage developers to push the boundaries of their current offering. According to Amazon’s Jeff Barr: “many of our customers are dreaming up applications for EC2 that can make good use of a large number of instances for shorter amounts of time, sometimes just a few minutes.”

The new billing option will be available from 2nd October on Linux instances launched in On-demand, reserved and spot form.

Spotlight on our partners: Veeam Software

For a new series on our blog, we’ll be taking a closer look at our software partners. If you’ve ever wondered about how we deliver our services, it wouldn’t be possible without the help of our software partners. These companies are the disruptive forces that move the whole IT industry forward and force us to challenge the way we’ve always done things. Often, they are the background processes that make the user experience seamless and enjoyable. Starting with Veeam Software, we’re going to take a look at what they do, where they came from and where they’re headed…

What is Veeam Software?

Veeam Software is a technology company that specialises in backup, disaster recovery and virtualisation management. This software ensures that downtime for virtualized environments is minimal and also ensures systems can stick to their service-level agreements. An example of this was seen recently when they streamlined the backup process for Bupa Dental UK, saving them over £350,000 per year. Each of the 400 UK-based practices was moved to a single backup system through virtualization with 250 virtual machines. The result? Rather than each individual practice taking responsibility for their own backups, the process was virtualized and centralised, which saved them money.

How did Veeam Software get started?

Veeam Software was founded in 2006 in Switzerland. The company’s headquarters are still based in Baar, Switzerland, although they have regional offices around the world. The company was founded by Ratmir Timashev and Andrei Baronov after selling their previous software company, Aelita Software Corporation, to Quest Software. The company grew from just 10 employees in 2008 to 2,000 employees by the end of 2015. In 2014, Veeam Software hosted VeeamON, its first conference on data protection. The event is now hosted annually in Las Vegas, USA.

What do they have in store in future?

In October this year, while attending the GITEX conference, Veeam Software will reveal their new Availability Suite v10 which aims to bridge the “availability gap” between the customer and their demand for uninterrupted access to IT services. This availability gap is said to be holding companies back and having a huge impact on their profitability. By cutting the downtime, companies will be more competitive and be able to provide a seamless experience. We wrote about the release of the Availability Suite 9.5 in May 2016.

If you’re interested in Veeam Software, virtualisation and cloud backup options, get in touch with our team today.

Major Ransomware Attack Underway, according to Security Experts

If you received a suspicious-looking email this weekend and aren’t sure about the attachment, it might be wise to send it straight to the trash. According to IT security experts Barracuda Networks, there is currently a widespread ransomware attack in progress that could be set to disrupt healthcare and other industries. The extent of the attack is not yet known, but in the past few weeks, researchers at Barracuda Networks have detected around 20 millions attempted attacks.

This latest attack comes just months after the dust from the WannaCry ransomware attack has settled. This latest attack uses impersonation to gain the trust of the recipient and infect individual computers and networks. The attack starts with an email from a spoofed address landing in your inbox. The attachment name is variable but will be included in the subject line. According to the example provided, the subject line is a variation of the following: “Payment_201708-6165” with variable numbers at the end.

The attachment is a Javascript file in a 7-Zip archive folder, and it should be picked up by up-to-date anti-virus software, but unfortunately, many people will circumnavigate these protections, turn them off, or fail to update them. Once the user downloads the file and unzips it, the user will be presented with a document demanding payment for a decryption key. You can read more about the ransomware attack in this blog post.

What should I do if my computer is infected with ransomware?

If you see a screen demanding money or BitCoin in exchange for the decryption key, it’s important not to bow to demands or hand over any money. For starters, there’s no guarantee that you will actually receive the code to unlock your files. It also makes you an easy target for future attacks as hackers will know that you are willing to part with money to get your computer back in working order. During a company-wide attack, it can be tempting to hand over the money just to return to normal, but this is unwise.

Often, if you have a sufficient backup plan in place, then a ransomware attack can easily be resolved by reverting to a previous backup. Prevention is often the best way to keep the hackers at bay, so regularly reviewing your IT security plan and ensuring you regularly back up systems and files is essential. If you aren’t sure what to do in the event of an IT security breach, get in touch to speak to our team about our IT security solutions.

Essential Agile Methodologies For Any Business

Agile is a broad term to describe software development methodologies that have grown in popularity in recent years. They’re popular because they place software development back at the heart of the practice, rather than focussing on things like documentation or top-heavy management. Every developer within an agile team is responsible for self-management, meaning this leadership philosophy is a lot more empowering for members of a development team.

As more and more software development companies adopt agile methodologies, other parts of the business world are starting to pay attention to this management style. Agile methodologies focus on getting a minimum viable product up and running, testing regularly and setting specific goals. Done is better than perfect when it comes to agile methodologies. This is something that can be applied to many different areas of a business to help streamline processes and ensure efficiency. Here are just some ways agile can be used in business.

Agile Methodologies for Business

Embrace pivoting

As the name would suggest, the pivot is a part of the agile methodology that encourages decision makers to make quick decisions about the direction of a project. If something isn’t working, agile methodologies would say to abandon the project and pivot in another direction. This goes against many management styles which dictate that if time or money has been put into a project, you need to see it through to completion. When you embrace pivoting, this drastically changes the way you approach projects and evaluate their success.

Open Communication

Most people glaze over when they think about the meetings they have to sit through a work. When adhering to agile methodologies, these meetings are multiplied but shortened. This might mean having a 10-minute check in every day to discuss the work ahead. When you check in every day, it’s easier to ask for help, point out problems, or identify areas of weakness that need attention. Not to mention, it’s a great time to praise success!

Project organisation

When you have a large organisation filled with lots of people doing different jobs and managing different workloads, it can be difficult to prioritise workloads. By using agile methodologies like the Kanban board, you can easily visualise workload and flow and make smarter decisions about what to prioritise. This might be a physical board filled with colourful post it notes, or it could be a digital board shared with everyone in your organisation.

A mix up of roles

One of the 12 principles of agile methodologies is that business people and developers must work together daily throughout the project. If developers only developer, testers only test and managers only manage, then you may be missing out on vital connections and collaborations which could give rise to interesting new ideas. If everyone is allowed some scope to explore outside of their roles, you’ll get to explore new avenues throughout the project.

Maximise the work not done

Think about the time wasted on unnecessary and superfluous tasks carried out every day just out of habit. Micromanagement goes out of the window when team members are given the opportunity to self-manage. The result? The amount of work not done increases and simplicity takes over. Rather than documenting work and keeping meticulous records, everyone has the time to focus on the task at hand.

Agile methodologies aren’t for everyone, but they can be highly effective when implemented in the right way. Turning the entire organisation of a team on its head can be stressful, so instead, look for small ways to improve workflow in your business.

5 Steps to a Successful Digital Detox

What does your early morning routine look like? If you’re anything like us, it starts with a quick scroll through your phone. You might check the latest headlines, have a glance at social media or check the weather for the day. At the end of the day, your bedtime routine probably follows a similar trend. Our lives are full of screens, and sometimes it can start to get a bit much. If you spend your whole day looking at a computer screen only to go home and look at a TV screen, it all adds up to too much screen time. So what is the solution? Just like any kind of detox, a digital detox is a period of time where you commit to cutting down or cutting out your use of electronic devices. If you’re looking for a way to cut down your screen time and reconnect with people IRL, then why not plan a digital detox?

Digital detox basics

First things first, identify which screens in your life get the most attention. For most of us, it’s our smartphones, but you might be more attached to a tablet or even your laptop. Next up, set limits on how much time you are allowed to use each of these. If you have a desk job, you probably won’t be able to get a digital detox past your boss, but you can cut down on other types of screen time. Once you’ve identified your habits, you can start to look for small ways to change them.

Get away from it all

If you have some holiday time booked, it might be easier to go cold turkey with your devices and get away from it all. According to this article, our smartphones are killing conversation and leading us to forget how to interact with people. Get away from the crowds, turn off your phone and reconnect with your family or friends with a week-long digital detox.

Improve your sleep

The blue light emitted by your smartphone is proven to disrupt your sleep cycles by making your brain think that it’s still daytime. If you suffer from insomnia and regularly find yourself reaching for your smartphone, this could be making the problem much worse. Buy yourself a real alarm clock and then commit to leaving your phone out of the bedroom for one week. You’ll soon notice the difference in your sleep patterns.

Tell everyone about it!

If you’re planning a digital detox, you’ll be a lot more successful if you have some accountability. Letting your friends and family know what you are planning will help them to be more supportive, and might even encourage them to join you. You’ll also want to explain to people why you might be less responsive than usual.

Turn off alerts

A digital detox might not be for life, but when you return to normal you’ll probably find that you naturally reach for your phone less often. One way to make sure your new habits stick is to turn off your notifications. This means you won’t be running to check work emails outside of work hours and you won’t be drawn back into Twitter or Facebook every time a notification chimes.

If technology is giving you a headache at work, too, it might be time to outsource! If you’re looking for managed IT or support services in the Manchester area, why not get in touch with BCN today!

Want to know why 100 million people have moved to Office 365?

Did you know that there are now more than 100 million active Office 365 users? It’s a big number and it’s growing by an estimated 2.5 million every month.

As the world’s most popular business productivity suite, Microsoft Office has finally transitioned from a clunky set of online pseudo applications launched in 2011, to the seriously dynamic cloud-based application it is today that we know as Office 365.

And while Office 365 revenue has now overtaken conventional licence sales of Office, there are still many who have not yet gotten past the poor press that the earlier versions received to see what transformative value this latest incarnation offers.

So here are 10 reasons why Office 365 will be right for you – and why your legacy software may no longer be the best option going forward.

Work on the move

No matter where you are, whether you’re on a train, at home or even dipping in and out of your email while on holiday, you can work anywhere at any time with Office 365. Long gone are the days of being glued to an office workspace – you can now put your smartphones and tablets to better use and work on the move, increasing the productivity of your business.

Predictable costs

As a subscriber service, there are no upfront purchases required. You get a flexible contract with fixed, clear monthly ‘per user’ charges where you can mix and match plans to suit your business and user needs. Budget planning is a lot simpler because of it too.

No more licensing headaches

Previously, knowing what licences you needed could be a real challenge, particularly if different applications and releases were in use. Office 365 includes all the licensing required, and everyone has access to the same software at the same time.

Security

Cloud-based storage services invariably make people think about security. Office 365 makes use of 128-bit SSL/TSL encryption which ensures that even if data is intercepted, it cannot be read. Microsoft enacts a policy known as the Security Development Lifecycle, which ensures that data is secure and safe when developing, deploying and maintaining data.

Evergreen

Office 365 will always include the latest edition of Office technology, which means you won’t have to buy another copy of Office to upgrade, as all changes will be brought to the current software. This saves businesses from having to reinvest in new versions of Office to access the latest developments in the software.

No more patches and maintenance

Office 365 also means Microsoft is taking care of keeping everything up to date and ship shape. The Service includes all of the traditional behind-the-scenes IT support within the licence, so you can free up time and resources for other projects and needs.

Always be unified

Regardless of device you happen to be using, because your email, calendar, contacts and other Office 365 apps are synchronised in the cloud, updating information on one device is automatically updated across the rest.

Reduce your hardware and energy needs

Because it’s a cloud based service, there’s no need for in-house servers. Less equipment means fewer energy requirements and ultimately less space.

Use O365 on up to 5 devices

The days of one licence for every device are well and truly behind us. Now, as you move about you can bring your Office 365 access with you, switching between desktop, mobile, tablet and so on up to 5 devices. All automatically in sync in the cloud.

Disaster Prevention

With old versions of Office, data is stored locally, which means you have to rely on your own backup procedures to ensure the safety of data. With Office 365, Microsoft provides data protection and backup in the cloud, which you can access whenever you want, wherever you are.

As with most things in life, the process of moving to Office 365 can be a mixed bag. For very small organisations it can be a simple DIY job. For slightly larger businesses, the process can be straightforward, but there may be some degree of complexity depending on your legacy set up and arrangements. However, with the right tools, approach and support, Office 365 will quickly make its place at home within your business and will help your users collaborate and operate far more effectively.

If you’re still sitting on the fence, or if you’ve decided to move forward with Office 365, we’re here to help. To learn more about us and what we do, check out our Office 365 page, or get in touch at info@bcn.co.uk.

GDPR, Security & Office 365 Seminar

What Can Companies Learn from the HBO Hack?

At the end of July, news broke that HBO had suffered a serious security breach. It was soon reported that hackers had managed to extract 1.5 terabytes of data from the network. To put this in context, this is 7 times more data than was stolen from Sony in 2014. The Sony breach had wide-reaching implications and led to the resignation of the company’s co-chairman, Amy Pascal. The HBO data breach is still unfolding, but it has become clear that the hack will have a financial impact on the company. For any other company, a data breach of this size could easily represent every file, email and document the company has ever created. It’s only because the HBO hack included audio and video recording that the volume of data is so vast.

For some people, this hack represents nothing more than a chance to get their hands on unaired episodes of their favourite TV shows a few weeks or months earlier. For HBO, it’s theft, not only of completed episodes but of concepts and ideas that might one day make them a lot of money. The emails and documents that the hacker group are threatening to release would likely make interesting reading for their competitors. A data breach of this kind is every company bosses worst nightmare, whether you make TV shows or garden sheds. So, what can other companies learn from the HBO hack?

Acknowledge the problem

With a data breach of this size, it would be difficult for HBO to keep it quiet for long. The handling of the breach from the top-level management was exemplary as the company issued a company-wide memo and statement acknowledging the breach as soon as the breach was confirmed. With the Sony breach, it took 7 days for the company to announce that the details of 77 million users had been stolen by hackers. When it comes to data breaches, a swift response is essential, not only to fix the problem but also to prevent further fallout from the associated PR nightmare.

Be careful what you type

Perhaps the most concerning aspect of the breach is the news that one HBO Executive’s personal details and entire email history had been made publically available. It isn’t yet known how this was made available, but all the signs seem to point towards this executive keeping sensitive information all in one place. We’re all guilty of scribbling down passwords or sending bank details back and forth via email. It’s important to understand that, while you may not create a folder titled “all of my personal information”, this can after be pieced together from various email threads in order to create a complete picture. If you wouldn’t want someone reading it over your shoulder, then don’t put it in writing, and certainly, don’t email it to anyone.

Learn from mistakes

Many experts in network security have been voicing their frustration that lessons weren’t learnt from the Sony hack. According to Fong Choong Fook, a former white hat hacker turned financial digital security consultant, he raises doubts that “the hacking activities were only confined to online hacking. There would have been sequences or combinations of internal corroboration and physical intrusions” He goes on to highlight the dangers of storing media content and Intellectual Properties on a network that is not properly protected by strong access controls and data encryption.

Hopefully, the HBO hack will encourage business owners to sit up and pay attention to their network security. In the past, we’ve written about how hackers rely on company bosses not speaking out as it helps them to fly under the radar. You might not be holding the secret ploline to the next Game of Thrones episode in your emails, but we’re sure that any business owner would agree that their trade secrets are just as important, so surely they are worth protecting? Get in touch today if you want to discuss your network security provisions.

Getting to know Lindsey at BCN a bit better!

Each month we will be interviewing a member of the team to give you a little insight into the day-to-day running of the business and get to know our staff better!

To kick off the interviews, we have asked Lindsey, our Operations Manager to answer a few questions.

What is your role at BCN & how long have you worked here?

I am the operations manager here at BCN and have worked here coming up for 6 years now. I am incredibly lucky as my job here at BCN is so varied and I get to be involved in many parts of the business and with various projects. I manage our admin and accounts team, ensuring the smooth running of our processes. I am involved in our marketing and I lead our SEO team to improve our google rankings. As I am responsible for managing our ISO:9001 accreditation, I am always looking to improve our systems and processes, implement changes and ensure our customers get the absolute best out of BCN.

 

Take us through a typical day at work for you…

First thing in the morning, I will try and get small projects or issues that need resolving out of the way, I write up blogs and check my emails to plan the day ahead effectively. Depending on the day, I could be sat with our in-house developers working on new functionalities in our system, or sat with the admin and accounts team to help progress any orders and projects, or working on our website with the SEO team.

What is the best thing about being part of BCN Group?

The best thing about BCN is the culture – we are a very hardworking, driven team who are lead by inspiring but down-to-earth directors. BCN is a really fun company to work for which is reflected in our low staff turnover and I can honestly say that I enjoy coming to work 99.99% of the time 😉. Also seeing a company set aims and targets and being a part of achieving them is very motivating and satisfying.

What advice would you give to a new colleague on their first day working at BCN?

Don’t take yourself too seriously, work hard and be prepared to be a team player!

What are your aims outside of BCN?

A few people at BCN call me a hippy because one of my main aims in life is to grow enough fruit and veg in my garden to feed my small family for the year. My ideal weekends are spent planting, weeding and harvesting with the help of my 7 year old daughter.