First Birthday

Code 56 is celebrating helping local companies grow with tailored IT support as business goes from strength to strength.

Owen Conti, who has previously worked with High Street banks tightening up their fraud systems, is now offering businesses support in making sure their company is not only protected but their IT systems are working as well as they should.

Marking one year of launching the specialist IT practice Code 56 he has now thanked everyone who has helped him get this far as he takes on a new member of staff to meet demand.

“Code 56 has been really well received locally and it has been fantastic to see things develop over the past year,” said Owen.

“As a business we like to make sure we are always thinking ahead to find solutions before problems arise so that you have an IT system that is working for you and your business.”

“It has been a great first year, I think the flexibility we offer is something that has really appealed to businesses. It is personal, onsite IT support. Rather than talking to someone in an office miles away, we actually come out and work alongside you so that we truly get to know you and your business needs.”

“It is like having an extra member of the team you can call on as and when you need.”

Drive Forward

A few people have asked me about the news that Google is getting rid of their “Drive” app, so I thought it might be worth a moment to explain what is going on.

Head in the Cloud(s)

Drive is Google’s cloud storage solution and their answer to the likes of DropBoxOneDrive Box.

Essentially, all these cloud storage solutions are online areas where you can store copies of your files. (You can think about them as USB Flash Drives that exist on the internet.) Some services offer things like automatic syncing from your phone, laptop, Mac or iPad. Most have a “free tier” (typically between 2 – 5GB) and then you can pay for additional storage beyond that.

What’s happening?

Google are changing things, as they often do. In short, the app that people currently use on their PC & Mac to sync their files to and from their Drive is going to be replaced with a set of new apps. The important thing to note is: The online storage isn’t going anywhere, you’ll still be able to access all your files – just with a different app (or through a web browser).

When is this happening?

Support for the “old” app is still in place until 11th December 2017, and it will be formerly shut off on 12th March 2018. The new apps “File Stream” and “Backup and Sync” will be generally available at the end of September and have slightly different features and target audiences.

What’s the difference?

In short, “File Stream”, is aimed at the G Suite users, which are typically the Business users (read: paid subscribers) and adds in features that allow a lot more flexibility than the “old” app does today. One such feature is allowing users to pick and choose which files sync to their local drives to help them save space on their machine.

“Backup and Sync” is aimed at the consumer users (read: free users) and offers features such as syncing other folders on your computer (such as your Desktop) that aren’t in your Google Drive. In essence, it’s going to replace the functionality of the existing app.

Why bring out this change?

Only the teams at Google truly know why the changes have been brought around, but my guess would be a big part of it is making cloud storage more flexible & user-friendly while separating out some of the more advanced features to be included in their paid-for-services (such as the selective sync in File Stream).

Surfing & Staying Safe

Earlier this morning, at a networking meeting, a few of us were having a conversation that started around GDPR, evolved in to experiences with IT scams and had morphed in to a discussion around how to stay safe when surfing the web and interacting with emails as we were ushered towards our breakfast.

I figured that some suggestions on how to stay safe might be something people would find interesting. Without further ado I’ll start this series of articles with one on:

Verifying Links

One thing we discussed was how you could “hover” over a link in an email to see where it was really going to send you.

For example this link will send you to our website. The following link might look like it would send you to the BBC it will actually send you somewhere else: www.bbc.co.uk (it’s ok to click, it goes to the Channel 4 website instead).

If you “hover” the mouse pointer over the link in Outlook (in particular) it will display the full text of the actual link to you (either in a floating box by your mouse, or in the lower “status bar” at the bottom). Other programs, like your internet browser of choice will do the same thing (or at very least display it similarly); typically in the status bar at the bottom.

Link Shortener Services

There are services out there, like https://goo.gl/ that allow you to create shorter links like this: https://goo.gl/UXa8Ec (again this is safe – it’s just our site again).

Generally these are used to reduce the number of characters being used, or to share long and complicated links. Sometimes they’re used maliciously to “hide” where they are actually sending you.

With that in mind, there are services to do the reverse and “unshorten” the link, like https://unshorten.it/. That will tell you where you’ll be pointed to if you were to click on the link.

Once you know the full address (called a URL – Uniform Resource Locator) you can:

Check where it actually is sending you

A URL looks something like this (this is a made up example):

http://something.i.made.up.code56.co.uk/SomeFolder/SomePage.html

The trick to understanding where you will really be sent is to look for the first single / character. Once you’ve found that, follow the chain to the left:

http://something.i.made.up.code56.co.uk/SomeFolder/SomePage.html

...

http://something.i.made.up.code56.co.uk/

You’ll find the top level domain (TLD), like “.com”, “.co.uk”, “.co.au” or one of the many new ones like “.life” first:

http://something.i.made.up.code56.co.uk/SomeFolder/SomePage.html

...

TLD = .co.uk

Then follow the chain back to the left and before you come to the first full-stop you’ll find is the actual domain of where you will be sent:

http://something.i.made.up.code56.co.uk/SomeFolder/SomePage.html
...

Domain = code56

Everything to the left of this (separated by full-stops) is a “subdomain” and is under the control of whoever owns the domain we found above. This means they can set up any number, or length, of subdomains to make it look like the link is suppose to go somewhere else. In this case, the subdomains are:

http://something.i.made.up.code56.co.uk/SomeFolder/SomePage.html
...
Subdomain = up
Subdomain = made
Subdomain = i
Subdomain = something

They could be anything. An example I saw did a really good job of making the link look like it was supposed to be an Amazon UK link. It was really long & complex and initially it looked good.

If you’re unsure and think it might be legit, then you need to:

Copy the whole URL

If you right click a link, depending on the program you’re using, there is generally an option to “Copy Hyperlink” or “Copy Link Address”.

That’s all you need to do in this step! 🙂

Now you can:

Check the reputation

The team at Webroot have a free tool anyone can use to check a URL and get a reputation report over here: http://www.brightcloud.com/tools/url-ip-lookup.php

Just paste the whole URL you copied earlier in the box & then prove you’re not a robot and you’ll get a reputation report.

The report will tell you all sorts of details further down the page, but the first line boils everything down to whether the link is trustworthy or not.

If you’re still not 100% sure, my advice would be to not follow the link.

If you know a friendly IT Specialist by all means get in touch with them to double check; they really shouldn’t mind 🙂

Ransomware – What is it, and how do I protect myself?

Following the highly-publicised Ransomware attack that the NHS have fallen victim to, along with many, many, others (although they don’t make as emotive headlines), various people have been in touch asking what essentially boils down to 3 questions:

1)     What is ransomware?

2)     How do I protect myself from it?

3)     How do I recover from it?

I’m going to be focusing this very much from a normal person’s point of view, because I know the details are pretty boring unless you’re a bit Nerdy. If you would like to know a bit more about this particular attack, or anything else I mention, please feel free to get in touch, either via LinkedIn or any of the contact details on here.

So, in order then:

What is “Ransomware”?

Ransomware is an attack approach that a computer virus, more commonly referred to as malware (from shortening malicious software), takes. Basically, a ransomware attack locks up all your files so you can’t access them, and it demands a ransom for the key needed to unlock them.

Until the WannaCrypt variant (the one that hit the NHS), the ransoms were normally around £2000 – £5000 and allegedly would unlock all the files. WannaCrypt ransoms are reportedly £200 – £500, but are per-PC that get attacked.

The payment is usually demanded in BitCoins, which is an anonymous crypto-currency (an electronic currency not tied to a traditional currency like $ USD, or £ GBP). It’s untraceable through it’s very design, so is great for demanding ransoms.

I say allegedly because I would never entertain the idea of paying the ransom. You are, after all, dealing with anonymous criminals who cannot be trusted.

How do I protect myself (or my business) from it?

This sounds like a really simple question, but the answer has multiple layers:

Please note: These tips apply to all computers, be that Windows, Apple Mac’s or even Linux. This is because all of the platforms are becoming targets now as more and more people use them.

Ensure you have a good backup & you do test restores regularly

A backup isn’t a backup unless you test it! Also, the key is to have multiple copies of your critical files.

Cloud storage providers (like DropBox & OneDrive) have their role to play in the wider backup and disaster recovery (DR) planning, but they aren’t a complete backup solution by themselves, especially if that’s where you store your “working” version of a file.

Apply the regular updates to your computer

This particular attack relies on vulnerabilities that were fixed in March with Windows Updates. I know the updates can be annoying, but in this case a gram of prevention far out-weighs a kilo of cure.

Install a reputable anti-virus software

The “next-gen” anti-virus offerings are a lot better at picking up on attacks as they start to appear in the world due to how they work behind the scenes. We’ve partnered with Webroot because we think they do an amazing job. They’re not the only one, but they are the one we work with.

Use a trusted 3rd party DNS provider

DNS translates domain names, like www.bbc.co.uk, in to the language the computers speak in. A good DNS provider will be able to filter out any requests to sites that are known to be malicious & also be able to stop any communications from the attackers to a compromised computer by “black-holing” the command & control communications.

Webroot are rolling out a DNS platform that we’re trialling with some customers. We’ve found it to be really good and are really impressed. Again, there are others, but we choose to work with Webroot.

How do I recover from it?

If you’ve been attacked, there is really only one course of action to take:

1.      Disconnect your computer from ALL network connections

2.      Get rid of the infection

3.      Restore your files from your backups

As I said earlier, I would never even entertain the idea of paying the ransom; after all, dealing with anonymous criminals who cannot be trusted.

Thanks for reading, if you have any questions, please feel free to get in touch.

Owen

Sources

https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/

http://www.bbc.co.uk/news/technology-39901382

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

Hello World

This is just a quick post to mark the first day of trading for Code 56.

The title “Hello World” comes from a bit of a running joke in the Technology space.  Typically when learning a new programming language the first thing you’ll do is learn how to output something simple such as the phrase “Hello World”.

Although Code 56 is a new company, it has been a long time coming.

At the core the “Code 56” ethos about finding a way forward & designing solutions (and not saying “No”) has been brewing for a number of years.

Personally, I’ve been working in IT for a number of years now, and have first hand experience in businesses of various sizes and some very interesting and complex projects.

I’m looking forward to this new challenge and growing the Code 56 team in the coming years.

Owen