To get in touch please send us an email via the contact form

News - Semaphore Comms

08 Apr 2015

The dangers of a sulking contractor or employee

As ICT (Information Communication Technology) professionals clients put their trust in us to do a good job. Most of us work hard for our clients and seek to give them the best value for money. Some, as we know, bring the profession into disrepute and its not just from shoddy work. Within thirty seconds a petulant employee or contractor can cost you thousands, but how do you protect yourself?

In my years working in ICT I recognise that you have good times with clients and you have bad times with clients. Build a strong relationship and you have them for a long time. Sadly though that doesn’t always work out as personnel changes and changes in circumstances within a client company can mean that, through no fault of your own, your relationship ends. Then of course there is the time the client outgrows your ability to support them.

I have learnt many things about people and seen much unprofessional behaviour over my years as an ICT consultant and I have often warned clients about the dangers of placing too much trust in one solution or one area. I also find myself having to advise clients to consider the possibility of a failed relationship and the damaged that can ensue should a former employee or contractor decide to wreak havoc or vengeance. Not a message the client wants to hear because after all they trust us and so do not want to believe such things happen.

Let me relate one such tale which illustrates this point exactly. It emphasises the need to have your own backups of all the data and content of the website at all times and not rely on the website contractor, designer, or other parties to maintain them for you.

Recently a company that I have done business with for a number of years, but don’t do contracted consultancy for (so they have not received security assessments or briefings from us) got themselves into quite some difficulty just because they didn’t renew the support contract with their web developer.

I was aware that the web developer had been causing trouble for some time. Not delivering and narrowing the options of the client unnecessarily. I supported them in finding an alternative developer and I suggested strongly to them that they allowed this developer to get in place before they sacked the existing one. For reasons of their own they didn’t do that, however they did ask my support in changing passwords and locking out the existing developer. They assured me that he had been fully paid and that has proven to be the case. They simply did not want to renew his support contract which was due as is of course their right and they had not yet concluded their deal with their new provider. The client was concerned that this developer would be unhappy about it and they proved to be very right.

In providing the initial advice to them, and at their request, I had researched the particular CMS that was in use and with the support of other ICT professionals that were familiar with, indeed expert in it, and know to me and trusted by me, I developed a strategy to transition to another developer to take over. However I wasn’t expecting the following outcome.

The developer had completely taken over the site by, over time, changing notify information, contact information and some ownership details. This meant that when I changed the cPanel (gateway) password he was automatically and immediately notified by the service provider and he by his own admission logged in giving him access. According to the ISP he also changed the passwords by means of a lost password request and while he was at it he was deleting critical configuration files, logs and the contents of system files and CMS users from the database causing a cascade delete of data and so a lot of the website content was gone. In short, the website no longer worked any more!

When you get these situations you have to ask “What could I have done differently?” Not much against someone who was so determined. Changing the notify information would have tipped him off in the same way and he could easily lock me out by changing the master password that the client gave me. In any case it is not so easy or quick to do and it was not visible and had to be changed by the ISP, so I could not have been aware of it. Taking a complete back up of the system in advance would also have alerted him and although I had some backups and some information I by no means had it all and would have required the website to have been taken down for some time as it is relatively huge.

The developer gave himself away that he had been on the site by admitting that he had removed his google analytics and some fonts so his presence there is without doubt. He also gave himself away by his other comments to the client including an almost preemptive list of things that we now had to do, followed by a “see I told you so” taunt email or txt when it had been done, some at 9.45 pm. Each intervention by text to the client declared with certainty what needed to be done with unerring accuracy. Something he could not have known once, with the help of the ISP, we had secured his inability to connect unless, of course, he had been guilty of the cause. However when he finally gave up the backup of the data he had spiked it with extra code meaning it didn’t work and had broken a routine that the client was currently relying on.

Needless to say that cunning plan” didn’t completely work as the site is up and running and the client and ourselves are licking our wounds from the three day war that we ended up in because of an unprofessional and petulant developer who had lost the client long before he chose to wreak revenge because he was no longer employed.

So here is my simple advice on how to avoid most of the above happening to you in the future:

Enter into a contract with your developer requiring him to deposit an up to date copy of the database into a site where he has write only access. Check that it is done regularly and have it tested to make sure it works occasionally. Check that they have done it often and pull them up if they don’t do it.

Keep the copies so that you have the latest working backup to hand and several from before. It’s not fool proof but I suspect that 90% plus of the issues we faced would have been circumventable with more ease if the client had done this. Slightly paranoid? Possibly but how important is your website these days? What is more how many of you have access to and a sound relationship with, a Professional company such as ourselves who are capable of responding to such events?

03 Jun 2014

Major Security Threat

Posted by with - in Security Read More →

If you are not already aware there has been a very serious virus threat detected, but fortunately there is something we can do about it. (http://www.bbc.co.uk/news/technology-27668260). This comes in the form of a Bot-Net. I won’t bore you with the details of how this particularly nasty piece of malicious viral software works, but essentially it will lie dormant until a preset date, then it wakes up and becomes active, which will be in about 2 weeks. (http://thenextweb.com/uk/2014/06/02/uks-national-crime-agency-two-weeks-protect-gozeus-cryptolocker-malware/)

When this virus activates it will encrypt all of your personal files and force you to pay the virus owners money to unlock them and / or access your personal / corporate bank accounts if you use online banking and then fraudulently transfer your money out of your bank accounts into their own.

We implore you to take steps to prevent a potential disaster to your company. Any Windows based computers should be protected immediately, if they aren’t already. Please make sure that all Desktops / Laptops and Servers have up-to-date Anti-Virus software as well as Anti-Malware software. We currently recommend Avast Anti-Virus protection as well as Spybot S&D for malware. Once you have updated and scanned your machines we also recommend you use a specially designed scanner to scan for this specific virus. On the website (http://www.getsafeonline.org/nca/) is a compiled list of BESPOKE scanners. We recommend the Symantec scanner found here (http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network). Symantec are a well known and trusted Anti-Virus company. This link will explain more about the scanner, but effectively you download the file and open it and follow the instructions and it will scan your computer for the virus in question. If found it will act appropriately. If you do not get on with this scanner we can help you with it or try one of the other ones from the list.

If you need any help at all with any of this please get in contact with us.

12 May 2014

Security Concerns

Posted by with - in Security Read More →

Now more than ever we need to be with security. Security of our data and our preferences but especially the data of our clients. Since the internet was invented people have dedicated their time to breaking and disrupting computers that are connected to it. To combat this network administrators have also dedicated their time to prevent these attacks. The continual battle between ‘white hats’ and ‘black hats’ has lead to more advanced technologies for protecting the ever increasing amounts of data that people and companies store. Eventually newer and more powerful defensive technologies are created to defend against hacks and attacks that seem almost impenetrable. The black hats will eventually find a way around these it is just a matter of time.

Over the course of the last decade HTTPS has become used more and more, being seen as the most secure method of transmitting secure data. However after a combined effort from researchers from UC Berkley and Intel Labs they have discovered HTTPS isnt as secure as everyone once thought (http://www.net-security.org/secworld.php?id=16485). They showed how anyone can intercept and analyze data using this protocol with accuracy around 89%. Fortunately for us they have already begun working on the next level of security, “they have thought of several defense techniques which, if implemented, can drastically reduce the accuracy of such an attack”. As I said earlier the constant digital war promotes growth as each side races to outdo the other.

Here at Semaphore we are always very concerned with our clients data, we will do our utmost to enable you to secure it. With backups in case of damage or loss, appropriate security measures to keep your data safe and making sure all of your passwords are the most secure they can be.

With our help your company can be the most secure and protected that it can possibly be, but this can only be achieved with your help. We all need to work together to stop the bad elements.

03 Mar 2014

Do you have slow broadband?

With our government pushing to get broadband to all of the UK we still have people who don’t have broadband. Yet those who do have broadband have rather poor or patchy broadband.

If you are lucky enough to have a superfast broadband connection or a fibre based broadband then you are one of the 73% (http://tinyurl.com/ox7aok7) as of the 1st of August in 2013, so its slightly out of date by now but still it cant have progressed that much. The government’s original plan of having the majority of the country on super fast broadband, which I believe they set as a minimum of 30Mbps, by 2015 has now been extended to by 2017. This doesn’t fill me with hope for those who can’t access good consistent broadband.

When I first set my first broadband through Sky in 2006 they were advertising a 32mbps connection at what was a reasonable rate at the time. By the time it had traveled several miles as the crow flies from the exchange and arrived at our door we were getting between 1 and 2mbps.

Technology has come a long way now especially since the advent of fibre optic broadband. Now I can quite comfortably achieve around 100mbps. From the sounds of things my home is one of the lucky inner city areas. According to Ofcom the average for urban areas is 26.4Mbps, 17.9Mbps in suburban areas and 9.9Mbps in the countryside. With this being said this covers anywhere from ADSL to fibre broadband and anything upwards.

In a recent Guardian article by Harriet Meyer at (http://tinyurl.com/o9u5tut) she discusses how many people are unhappy with their connection or their speed. From the Article it would be easy to assume that the major cities would be completely covered especially London would have the fastest broadband possible at the time. This would be a perfectly rational assumption but you would be wrong. According to Val Shawcross of the London Assembly (http://tinyurl.com/opoe78m) the area of SE16 is still struggling to get fast let alone super fast broadband.

Here at Semaphore we endeavour to give our clients the best broadband possible through our provider VOIP Unlimited (http://www.voip-unlimited.net/). Before recommending a broadband to clients we always sit down and run checks on the lines and the local area so we can give you the perfect type of broadband for your needs.

20 May 2013

News item about Databases

Our design staff have a high level of expertise in database creation. Their varied backgrounds ensure that they understand your needs and are able to constructively input into the project.

We will work closely with you to develop the projects and to ensure that they are specified correctly and capable of meeting both current demand as well as potential developments of your business or project.

We can either supply you with a custom designed database to fulfil your exact requirements or we can redesign and update your existing system. We also have a selection of pre-made solutions, which can be tailored to fit your needs.

Many of our valued customers purchased our bespoke systems after having years of trouble with an off the shelf system and they never look back! Our variable support packages allow customers to keep their software up-to-date and bug free whilst enjoying the ease of use.

Our consultants are experts in the installation and set up of Filemaker / VPN (Virtual Private Networks) / VoIP and IOS solutions, either off the shelf or custom installs that will suit your business and your budget. Streamline your data communications and networking capability, improve your database capacity and utilise more IT to improve speed, performance and the integrity of your business information with these expert products.

We will accurately assess your needs and appropriately design a database to fulfil them.