Protecting your Data - Are your Passwords Strong Enough?

We came across this article about 12 months ago: Why passwords have never been weaker, and we urge you to read it. For anyone running a web site or a network its message is quite worrying, basically with the data and hardware available to them it has never been easier for a hacker to break a password. Any way you look at it that's bad news.

As a business owner or director you are responsible for the data that your company keeps, this is set out in law. The Data Protection Act sets out what those responsibilities are and what remedies are available in law should you fail in those responsibilities. Just because a business is small it doesn't mean that its responsibilities are any less than those of the government departments and big corporations whose data protection failures make the news.

How adequately is your data protected?

How strong is your password for accessing your PC?

Do you even use a password to access your PC?

What about your tablet if you own one?

How strong is the password you use to maintain your web site?

As a business owner/director can you demonstrate that you take the security of the data you keep seriously? (Having a password on your PC or web site doesn't count if it's weak)

The Ars Technica article recommends that passwords should now be a mixture of letters, numbers and (preferably) symbols with a mixture of case but not in the common format of a capital letter first, then letters then a number at the end (e.g. Cccccc9999). It might be easy to remember but because everyone does it it's also easy to crack. The recommended length of that password has also changed, to at least thirteen characters.

It also recommends the use of a password safe. I couldn't agree more with both recommendations and always use a password safe ( I use Steganos Password Manager) along with strong random passwords when signing up to a web site. It means that I can never remember a password, but that's what the password safe is for. By doing that I know that the probability of my password being cracked is minimized, although it's impossible to say that it won't be as all that is needed is time and sufficiently powerful hardware.

Data Backup

The single most important aspect of any IT maintenance regime is ensuring that you have regular backups of your data, and that those backups would work in the case of disaster. Ideally a backup should not require the involvement of the single greatest point of failure, us, unfortunately we humans tend to be the weak link.

So for a backup regime to work effectively it's much better if it doesn't require any human involvement. That means an automated system running on a pre-determined schedule. Here at Convallis we have a multi-layered approach to our Backups. For local network backup we use a tool called SyncBackSE which synchronises the contents of specifed folders on our computers with folders on a Network Attached Storage (NAS) device, for instance my 'My Documents' folder is synchronised with a 'Documents' folder on the NAS. This happens every evening as a schedule has been setup to start this process (so that I don't have to remember to do it).

That is all very well but it still leaves us with a problem, what happens if there is a fire and the computers and NAS device are damaged? Or perhaps there is a theft and the devices are stolen? In either case all the data is lost. One approach is to backup the data onto removable media such as a flash drive or DVD and take it off site (to your house maybe?). But that's only any good if the data is smaller than the capacity of the media, and of course it relies on the unreliable human to remember to change the media (and even put it in in the first place) and then remove it from the premises.

An alternative approach is to make use of an online backup service, this immediately gives you an offsite backup. Using the software provided by the service provider the data to be backed up is selected and then scheduled for backup at a convenient time. Most services encrypt and compress the data before it is uploaded to the server, after the initial backup (which obviously makes and uploads a copy of everything) the software will only upload those files that have changed, which can save a considerable amount of space. This is the approach that we've recently adopted, we chose PerfectBackup as our provider and we were so impressed with the service that we decided to become a reseller. 

As well as PerfectBackup, for some business and our personal use we use SkyDrive from Microsoft as an additional backup solution. This is where I like to keep backup of my photographs and important personal documents as well as work documents that I may need when out and about as I can have access to them from my tablet or smartphone.

Please note that as of 1st August Microsoft will have to rename SkyDrive after a legal challenge from BSkyB

Twitter - Information Network?

This blog post was originally published on the Convallis Software website

in 2012 but I think that it it is still just as relevant today.

I ended up being involved in a conversation which started after the remark of a top Twitter manager when he described Twitter as an Information Network. Many folk seemed to be disagreeing with that view and were
keen to call it a social network, and expressed concerns that Twitter management don't 'get it'.

I have to say I think calling it an Information Network is a far more accurate description.

Let's examine what Twitter does at its core. It takes data, which is passed into its systems by a client application which must have identified itself and its user to Twitter, and then delivers that data to all the other user accounts that follow the identified user. Incredibly, that data is in general only ever delivered to any given destination once, that's in spite of the hundreds of millions of messages that are generated every day. That's quite an impressive technical feat.

So Twitter is a huge and (hopefully) well engineered broadcast messaging system, i.e. it broadcasts the message to all those who have expressed an interest in following the user.

Why an Information Network? From a computer science point of view all those messages are being moved around a network, and each user could (I think) be considered to be a node on that network both generating and consuming content. But there's more to it than that.

Social Networking seems to be one of those things that raises a lot of passion in people, personally I don't pretend to understand why. But I think (and this is only an opinion) that Social Networking is just one of many Twitter use cases, albeit an important one.

There are others, a broadcast messaging system can be used to simply announce an event, or the publication of a new article or to inform a user that a particular event has occurred (a server backup for instance, although there are perhaps better ways of doing that). None of these use cases are 'social' (although the word seems to be redefined so often that it's difficult to know), especially if bots are used to send them - but that doesn't mean that people won't follow that account if they have sufficient interest in the subject matter.

I suspect that since it was first created, its users have created many use cases for it (probably even most of them) that weren't even imagined when Twitter was first designed.

So I think that the Twitter management view of Twitter as an Information Network is actually reassuring, because it means it's less likely to be pigeon holed into serving any one particular use case.

Author: Richard Isaac - originally published March 2012

Nominated for an Award

 PLEASE VOTE!!!!
The inaugural Nat West Devon Venus Awards were launched earlier this year with an event at the Sapphire Living Space in Topsham. The awards are designed to recognise women in the workplace and employers that support women. The awards started in Dorset by Tara Howard in 2010, and have since grown to include Birmingham, Brighton, Bristol, Southampton and of course Devon.

I was extremely lucky to have been nominated in the Heart Business Mother of the Year category and from an initial 222 nominations made it to the filming section and from there to the semi-finals.

The semi-finals are a public vote, and those with the most votes make the final 3 (announced at a special event on 10th July) and go on to the award ceremony that will be held at Exeter University on 5th September.

This is where I am now asking for your help! The vote closes this evening at midnight and I am looking for as many votes as possible. Why vote for me? I'm a mum of three that runs a business with my husband, I am also a farmers wife and help in the local community. I am a Trustee of the local sports centre/recreational association where I also help out on a voluntary basis. I also manage their Facebook and Twitter accounts on a voluntary basis.

VOTE HERE!

PS: You don't have to live in Devon to vote!

Taking Cheques - do you?

Most of our invoices are now paid electronically via BACS, standing order or direct debit,  but having not had any for a while, in the last week we have received 2 cheques for payments.

Obviously I don't have a problem receiving cheques, the bill is still being paid after all, but it made me realise the extra effort that needs to be made to bank them.

Read more...

ConvallisCMS and ASP.Net MVC 4

In previous posts I've talked about how we slowly evolve our software by taking advantage of advances in the platform that we write our code in (the .Net Framework). Last time I discussed the Entity Framework and why I decided to move us over to it's most recent release. This time I thought I'd write a little about ASP.Net MVC.

This is a technology that I doubt hardly anyone who isn't a software developer (and probably a web developer at that) will have heard of. I'm sure many of you will know that ASP.Net is the name Microsoft gave the web development platform which is part of the .Net Framework, and the MVC framework is a subset of that.

Read more.......

Author: Richard Isaac

Entity Framework 5

Last time, I wrote that I'd decided it was time to update our software and make use of technologies that have been more recently released than those we'd been working with over the past few years. One of those technologies is the Entity Framework.

When we first started work on ConvallisCRM the Entity Framework was still in development and hadn't been released, but what had been released was a tool called Linq to SQL. Both of these technologies are examples of what are known as object relational mapping tools, or ORM for short.

In our daily lives we make use of various objects on a daily basis, from the telephone to communicate with others, to our beds in which we sleep. In a similar fashion many programming languages allow us to define and create 'objects' that represent a function or data within an application. An ORM is a tool that performs a query on a database and maps those results into a data object within the application that can then be further manipulated, oft times that simply means that it is displayed.

Read more.....

Author: Richard Isaac