For a free initial consultation
call Dave Anderson on
(07710) 537-909
or email _e%cWdwNX~pl{yx8CmR`ut3]#[DGxInRYAEh_Onc`{4]AiYd{
 

Two new websites from Marlin

Posted by admin on December 15, 2014

sz.png

We've been busy! Marlin has built two new websites which have been launched recently - an ecommerce site for menswear (which wasn't actually a huge build since it uses an off the shelf product), and an interactive song writing competition website.

For the technically minded, the competition website is hosted on a Google Compute Engine, and uses nginx, symfony2, mysql and mongoDB. This is a high performance website, capable of handling multiple uploads and streaming of music files.

The menswear site is pendulummenswear.com

The competition website is songzone.net

0 Comments Read full post »

How to manage your passwords

Posted by admin on February 08, 2013

cypher.png

In this blog I'm going to give you a method of handling passwords that is safe and easy. There are many methods around, and most people don't use them because of the hassle. This method is fairly hassle free, as well as being completely under your control. It is a good compromise between security and practicality. This is the method I use.

I recently saw a video about password management. While the video had some great advice, it did recommend not re-using passwords. Unless you use a password manager, this is completely impractical. I have 30-40 passwords.

Here's what I do.

1. Divide your passwords into two or three groups

Your first group is ultra secure - bank accounts, credit cards, paypal, etc. There's a good argument for putting your email password in that group too, as long as you always use a secure login (that's one where the url starts with 'https'). Email passwords are a major source of hacking and identity theft. Then, if doing three, you have a middle group that is medium secure. These would be accounts that have plenty of personal details. This would include sites where you regularly buy stuff. The last group is ones you don't care too much about - like forums you post to infrequently, or small ecommerce sites you don't expect to use again. Call them Groups 1,2 and 3.

The idea is that there will be a lot of Group 3, and the sites won't be so secure, so this password is the most likely to be hacked. If one is hacked, you can either go through them all and change the passwords, or you may decide that you can live with just changing each one when you next use it. If there's any compromise of Groups 1 or 2, you should change them all immediately.

2. Choose one password for each group

Use this well known method for choosing a safe password - pick a phrase with words, numbers and a capital letter. For example - "walking in the London rain 1997". Take the first letter of each word, and the numbers, giving "witLr1997". This is a pretty decent password. I usually use about 8 characters, with 9/10 or more for Group 1.

3. Write it all down!

Really? Aren't we supposed to never write down passwords? Well, correct, you aren't, but you do need to write something down. If you have 30/40 passwords, you'll have various combinations of user ids - self created ones, email addresses, login numbers, pin codes etc. You won't be able to remember them all. So write down each website you care about, write down the user id you have to use, and write down a hint to the password. For the above example password, I might write "lon".

If you're pretty forgetful, you could also write down hints to your security answers. The key to this file, of course, is that nothing should be guessable from the hint. I keep the file on my PC, and my mobile. I'm pretty confident that if someone got the file, they'd know pretty much all the places to try, but they'd find it hard to guess any passwords. Of course, you may feel more comfortable writing it all in a notebook.

Lastly, if any of your important logins offer two step authentication, like Google's, use them!

Update - As a result of some feedback I wanted to clarify a few things. There are more secure password policies than this, and this is intended to be a simple workable improvement for people who have little or no password policy already.

The advice about not reusing passwords is, of course, good advice and good for security if any of the passwords are discovered. The problem comes when you have 40 passwords (and if they're really strong they'll be over 10 characters each). One solution is to use a password manager. There's a good summary of the potential problems with that here. Another solution is to write them all down, and some people do advocate this. If you then have to carry the written passwords (and presumably login ids etc) around with you, then you need to weigh up the risk of losing the list, which would be a disaster. An additional problem is that people tend not to want to make the effort, especially when it comes to copying each password out every time you want to log in somewhere.

The groups I gave above is a compromise between never reusing and having the same password for everything (the worst thing you can do) Obviously you can increase the groups and reduce the reuse. Another thing you can do is alter the password slightly in Group 1 for each login. So, if you log in to Bank A, alter your Group 1 password for Bank A. You could add the street number of your branch, for example. The key here is to alter it enough so that if a password was obtained elsewhere and tried with Bank A, it wouldn't work immediately and would probably give you time to change it.

You could also seperate out prominent targets such as Google Mail, Paypal and Ebay and have different passwords for each one. I should also point out that many financial institutions have random long user ids (such as 12 digits) and Two Factor Authentication. This greatly reduces the risk of a password from one bank allowing instant access into another. This is also a very good reason for never writing your user ids next to your password.

In summary, be aware of the risks, and choose what you are prepared to make the effort to do. Following some method is much better than following none. Here are two important things you must do

1. Only use strong passwords.

2. Never use the same password for important sites, like banks, as you do for any less important site.

0 Comments Read full post »

Cloud Snooping - Should you be worried?

Posted by admin on January 31, 2013

cloud-1.jpg

The BBC revealed today that US Cloud providers could be compelled to release private data belonging to any citizen living outside the US. This law has apparently been around for a while, and although there appear to be no cases yet, it's debatable whether they would come to light anyway.

It sounds scary, and I suppose it is to some people who might really disagree with US policy, but the average person should probably be more worried about basic security such as password strength.

If you are worried though, it seems to me that there are a couple of solutions. You could store your data using an appropriate level of encryption. Better still, use a European cloud provider such as Wuala, who will store your data encrypted on servers based in France, Germany or Switzerland. With Wuala your data is encrypted locally before uploading, and the password never leaves your computer. Security varies massively between different cloud providers, and there are many different levels and types of security available.

I should point out, we don't have any sort of deal with Wuala! We're independent - so if you want impartial advice about the best cloud solution for your business, talk to us. Many businesses, especially small ones, have no idea why the cloud can be such a good idea for their IT strategy.

0 Comments Read full post »

Is all of your company data on one disk?

Posted by admin on October 24, 2012

Image courtesy of renjith krishnan / FreeDigitalPhotos.net

Image courtesy of renjith krishnan / FreeDigitalPhotos.net

Sure, I know you’re sick of doom and gloom stories from IT people, but could your business really survive a hard disk failure? How about this near disaster story -

I recently came across a small business (3 people) whose server died. All of the company data was on it, but they weren’t extremely worried as they’d had daily backups for years. I couldn’t help them as they weren’t local, but I did hear what happened. They needed the server fixed asap, so they got someone in that day. He quickly determined that their last backup on the external backup drive was two years ago. They’d failed every day since.

Incidentally if your backup drive is sitting on top of your server when something really bad happens (like a bad power surge) you may be waving goodbye to both.

Fortunately the server problem was just a cheap fan, and the data was still OK, on the server’s disk. Don’t wait until that happens to you to sort out and test your backups.

0 Comments Read full post »

Should you outsource your IT?

Posted by admin on October 05, 2012

Who does run your IT? Anyone?

It’s difficult for small businesses to justify a full time IT expert, and if you go to suppliers for IT, you may find you’re tied into their solutions and products. You may also find they’re better at, say, IT hardware support, rather than helping you decide on your IT strategy.

This article has some solutions, including the Cloud, or employing hybrid staff who have IT skills and can also work in your core business.  One solution is to outsource the role of IT director – i.e. pay someone to be your IT director just when you need one. That person can then develop your IT strategy, deal with suppliers, check you’re getting value for money – then leave. They know your business, and they’re there at the end of a phone the next time you need them.

Outsourcing can seem expensive, but in fact outsourcing lots of tasks that aren’t your core business is an increasingly sensible strategy. Many small businesses simply don’t have an IT strategy. When they determine a need for IT, whether it’s a new PC or a program, they just go out and buy it. Some businesses think that is exactly how IT is supposed to work – but it isn’t. There are often various types of IT solution (the difference between adding a new employee to the cloud or to in-house systems is considerable)

Even a strategy that just takes a few hours to develop is better than having no strategy. It will make you feel more in control of your business, and that you’ve considered how best to spend money on IT. It will usually end up saving you lots of money, and just as importantly, it will make money, since IT will work hand in hand with your business processes making them much more efficient.

If you do decide to get an IT strategy, it’s best to get one from someone who is independent of the possible solutions – please get in touch for a free chat about it.

0 Comments Read full post »