Blog

Is it worth sacrificing your personal data security for a bit of convenience?

Wed, 29 Oct 2025 00:00:00 +0000

I have spent far too many years working in IT, which is an odd place to find myself, especially when you consider I started my career as a Chartered Quantity Surveyor.

I have the privilege of witnessing the evolution of technology and I love helping organisations embrace technology that, put simply, makes their lives easier and more productive.

Throughout these 20 plus years, I am always sourcing and delivering solutions to protect against the ever increasing threat vectors that are aimed at my precious customer base. However, there is one threat threat that concerns me, over which I have no power to prevent; the government's plan to implement digital ID

What has got me worried?

Government led projects hardly ever scream efficiency, technical excellence, value for money, bug free or security.

It is nigh on impossible to find a Government implemented IT project that has been successful, they always run over budget and under deliver and suffer all sorts of technical issues and data leakage and breaches.

Next thing that has me worried is the Post Office scandal and the Horizon IT project which was flawed, known to be flawed but still Post Masters were held accountable for errors and some obtained criminal records and were imprisoned, rather than the people running a flawed system admit the software didn't work.

Let's set a scenario:

Someone steals your Digital ID
You try to use your Digital ID but no longer shows your picture or allows you access to your accounts and services

How do you prove to the government that you are you? Especially when your picture no longer is of you on your digital ID?

I don't mean what if someone steals your phone with your Digital ID on it.

I mean what if someone hacks the database and steals your identity and digitally becomes you?

Identity theft has been a blight on society, with people getting saddled with debt they were blissfully unaware of because someone stole their identity and used it to setup financial agreements, like credit cards or bank accounts or loans.

What then would happen if someone managed to steal your Digital ID, they are effectively you, and if the government development roadmap for Digital ID is accurate, they could have access to all your personal information, including financial details, medical records, driving license, passport, and potentially even contracts and property deeds. Meaning they become you, could then own what you do legally and how could you prove otherwise, especially if we look at the Post Office scandal track record of people spending years fighting to clear their names.

In the mean time all your assets could be exploited, spent and sold off, how would you get these back once you did prove you are you?

Recently, the Government hasn't covered itself in cyber security glory either, there have been several high profile hacks, the most shocking being an MoD data breach that resulted in the known deaths of 49 Afghanis and family members, with significantly more likely dead but unverified as yet, all as a direct result of the data breach.

Poor cyber security has real world consequences and unfortunately Government IT projects have poor cyber security. Couple this with the rich pickings of data on offer and it makes Digital ID a prime target for attacks.

Did you know...

That Digital ID has been in development since Covid? The vaccine passport application was the basis for the new Digital ID platform. It has already been hacked TWICE that they know of. The first was through Government testing of the application, the second was from hackers who broke the security, got in, were unnoticed by the developers and testers and it only came to light when they notified the project!! If they hadn't notified the Digital ID test team, they would most likely still be blissfully unaware of the breach!

But it is not just Digital ID that is insecure

The legal Aid Database has been compromised, leaking information relating to personal data about applicants for legal aid (both civil and criminal) and their legal representatives

Another example has been Russian hackers stealing data from MoD sites and publishing the data on the dark web.

In all cases the data should be stored and accessible only on an encrypted network that cannot access the Internet, let alone be hackable, but time and time again we find out this is not the case, so if this is the level of security that can be so easily breached, what chance with our personal sensitive information when it is all linked into one repository?

The government, through various politicians and departments recently went on a social media campaign pushing for how your life will become so much more convenient if we have Digital ID, but as I asked in the title, is it worth having a little convenience when the price you end up paying could be so high?

Are we putting too many eggs in a digital baskets?

Wed, 22 Oct 2025 00:00:00 +0000

On Monday 20th October, AWS US-EAST-1 suffered from issues which had a significant impact on a lot of online services.

AWS stands for Amazon Web Services, which is a cloud hosting platform owned and operated by Amazon, Jeff Bezos's massive online business empire. AWS provides cloud compute services to anyone that wants to buy them, they are used to host and operate various businesses which is why so many business websites, portals and online services suffered disruption when AWS US-EAST-1 suffered an outage.

This is a worry as these services are sold to businesses as having multilayer resilience, meaning they should not have any single points of failure, if a component should fail, it shouldn't knock out the entire service.

What happened with AWS and why did it have such a wide impact?

Monday's outage impacted more than a thousand businesses and millions of service users around the world and the most frustrating thing of all, it was down to something simple that should NOT have happened, it was a DNS (domain name service) error. This is not the first time this has happened and it won't be the last either.

DNS (domain name service) is how computers work out how to talk to each other and other services online. It allows a human to enter in something easy to understand like a website address (like our website www.thesilvercloudbusiness.com) and the DNS server tells your computer how to find the website or service by translating the name into an IP address so that the computer can then work out the route across the internet to connect to the site.

DNS service issues are usually down to one of two things, either a service failure, or human error. Both of which can cause catastrophic consequences and failures if this happens and unfortunately it is difficult to mitigate against these issues.

Now you may ask, and its a VERY sensible question:

"If it is something as simple as the DNS address being wrong, why can't they fix it quickly, why was the outage so long?"

Well, it is not that simple, we are still waiting to find out exactly what happened with AWS, but when Microsoft suffered from a DNS misconfiguration in one of their data centres in January 2023, and someone accidentally entered the wrong address in a DNS record on the server, it meant they had locked themselves out of the system because when they tried to reconnect to it, it would point them to the wrong address!

The other issue is that they were fighting DNS and how it works. DNS replicates itself to other DNS servers, so the incorrect address, once in the system, replicated with other servers, so not only were they locked out of their own system because it was reporting the wrong address, this information replicated around the world, impacting everyone trying to connect.

To fix the issue, they needed to work out what the issue was (remember they couldn't get into the system due to the wrong address making diagnosis harder), then they had to get someone who could physically access the DNS server to rectify the issue, then they had to wait whilst the updates replicated around the world to all the other DNS servers before things started to return to normal.

The above example hopefully explains why it takes a while for a simple issue to get resolved.

The next issue we are faced with is that unfortunately there are only three global cloud service providers:

Amazon Web Services
Microsoft Azure
Google Cloud

All of which are US companies, all of which have experienced significant service outages that have impacted millions and what this outage has highlighted once again is there are a lot of digital eggs in one of three baskets, making it harder and harder to mitigate incidents of these kinds.

So what can be done?

For larger organisations that went offline because of the AWS outage, it is unforgivable really. Not every service provider or company using AWS went down because they factored in their own resilience by spreading their services across multiple sites. If businesses had decided to build their own resilience into their service by using multiple sites then they would not have gone offline. Whilst it increases costs, it increases resilience, providing a better service to customers.

For businesses and organisations that consume cloud based services provided by others, such as cloud accounting services, or cloud based HR or stock order processing, the only real choice is to try to mitigate this risk as much as possible, and make sure that not all of your critical services are provided by businesses that are all working from the same cloud hosting provider with single site exposure.

For example, a lot of businesses couldn't access their email after the Microsoft outage of January 2023. However businesses that were using a mail security service such as Barracuda could still see inbound email sitting in Barracuda's service, waiting to be delivered to Microsoft, because their service was not using Microsoft Azure cloud services, so these businesses could still see inbound messages and react to them before the issue was fixed by Microsoft.

Another way to mitigate prolonged online service outages is to utilise data backup that is hosted away from your primary cloud provider and recover your data to a temporary work store so that your business or organisation can keep working.

It is easy enough to ask service providers if they use a cloud provider so you can map out where you data resides, and asking them about their service resilience and make sure it is spread across multiple regions, ensuring again that you are not putting all your digital eggs in one basket and you can access a copy of your data by restoring it elsewhere, should you need to if the outage is prolonged.

The long and the short of it is that we live in an online world, but this world is fragile, so it pays to ensure the services you subscribe to have geographic resilience and to spread the services you consume across different providers where possible.

If you would like help identifying where your cloud bases services are located, call us on 01722 411 999 and we can help you navigate the service layers making up your IT and work our where they reside and how resilient the services are.

Send A Visual Message In Outlook In Microsoft Windows

Wed, 15 Oct 2025 00:00:00 +0000

Have you ever had an email and you wanted to reply to something like a new logo but to mark it up and send back alterations but didn't know how without printing the email, hand writing on it and sending back either a scan or the physical copy.

Did you know that there is a way to annotate and send free form, hand drawn images in Microsoft Outlook Windows Edition?

Worry no more as here is how to do it in Outlook:

Open Outlook
Navigate to the email you wish to annotate or draw a reply in
Click on the Draw tab
From the menu, select Drawing Canvas and position the area you wish to draw or annotate in the email
Select one of the pens or annotation bubbles from the menu
Draw or annotate in the email
You can also
- Erase what you have done (by selecting the eraser icon)
- Change the thickness of the lines you are drawing
- Change the colour of the pen

If you have a touch screen computer, you can use stylus and free hand draw using the touch screen.

NOTE: as an added bonus, your email recipient can click on your drawing / sketch and download it as an image, allowing them to save it so they can edit the image or share it further. This means the image can be modified by both parties, back and forth until everyone is in agreement and happy with the end result.

What is an email signature manager and why does my organization need one?

Wed, 08 Oct 2025 00:00:00 +0000

Email clients like Outlook or Mac Mail can add an email signature so why would you want one for your business or organisation if you can use the email client? Here are a list of compelling reasons why you should:

An email signature manager allows you to control the email signatures used in the organisation, allowing for a uniform look to everyone's email signatures.
An email signature manager will apply the same email signature to outgoing emails regardless of which device is used, meaning emails sent from a mobile email client will get the same signature applied to the email as it would from a desktop client like Outlook, giving a uniform look to all outbound emails.
The organisation can control the signature, updating it regularly, with opening hours, seasonal messages, offers or up coming events, allowing for a centralised message applied to every email being sent from the organisation.
The email signature manager can build signatures based on information taken from the organisation's directory, so an email template can populate details like name, job title, phone number, email address, all taken from the organisation directory meaning that setting up a new user, once their details are in the organisation directory, will automatically create their email signature.
You can include graphics and logos in the email signature via the manager so that any changes in branding can be deployed across the organisation at the same time, making a rebrand launch seamless.
You can run different email signatures depending on users or groups, allowing a more custom look and feel, such as providing more information about a department such as department contact number or bespoke operating hours, or allowing part time users to have their active hours added to their email signature.
You can include URLs (web links) to allow users to click on a link or an image with a link embedded with it in your email signature to access various sites or services such as your organisation's website or social media links.

There are so many compelling reasons to have an email signature manager, it allows for centralised management of an organisations email looks and feel, so no more rogue email signatures, no more someone forgetting to update their email signature with updated details, no more old logo after a rebrand and every device that can send email, will get the correct signature added, even if you use a browser to access and use your organisation's emails.

If you would like more information about email signature managers and a demonstration, call us on 01722 411 999.

We use a signature manager ourselves for our email branding, so it is very easy to demonstrate how it works and show how easy it is to setup and use.

Why you should use unique passwords, they can help identify a data breach.

Wed, 01 Oct 2025 00:00:00 +0000

In our newsletter we have an article about the proposed Digital ID, the Brit Card, which is meant to be implemented some time in 2029.

The fundamental flaw with the Brit Card is that it will be a single repository for all the data the government will store about individuals in the country, but the biggest flaw will be that it won't be one source of data, it will be multiple threads, pulled together, with all of the inherent flaws and risks. Couple this with the government not exactly being a shining example of how to implement robust and functional IT systems, (it is why there is not a single NHS IT platform, but instead multiple, disjointed platforms that do not interoperate very well yet) and you start to get the picture. Then throw the Post Office Horizon IT project into the mix, that was flawed from the outset and even though they knew it was flawed, they chose to run with it rather than try to fix it and you get an understanding of how this could be a problem in the making.

Brit Card will initially only be about the right to work but it is no secret that the longer-term plan is to include all government gateway, medical information, all financial information, tying in your banking and spending, travel information, internet usage, in fact, pretty much everything about your life, all in one place. This creates a centralised gold mine of information about every individual in the country, and it will be a hacker’s paradise.

Putting all your eggs in one basket is never the best plan, whilst it is very convenient, if you drop the basket, you lose all the eggs, if it is a standard basket. This is why it is so important to understand that convenience of using a simple basket to carry all the eggs around should never trump security of being able to split them up into more secure containment.

And people already do this, for example, think of a bunch of keys. There are different keys on the bunch, one or two for the house, same for the office, the car, the locker at the gym, the back gate, the bike padlock, the safe key, all different, all unique keys for different and unique locks.

It would be really convenient to have a single key for every lock you use in your life, only needing to carry around that one key to unlock everything you access or operate, but if you lose that key, or worse, if someone were to copy it without you knowing, whoever has the key, ends up with full access to every single lock you use, granting them the same access to everything as the owner of the key. And if they got a copy of the key without you knowing, they have full access to everything you use without your knowledge, so you won't get the locks changed leaving them with full access.

This is why we have bunches of keys, not a single key. A bunch is harder to duplicate, a bunch is harder to work out which key opens which lock, it is a means of diverse security reducing risk, even with all the keys in one place.

This also translates into passwords and PINs. Security dictates that we should all have unique passwords and PINs for everything we access, but, and I am being generous here by calling it this, convenience (code for apathy or more brutally being lazy) typically means people use only one or two logins and passwords and more than likely the same PIN on all cards and phone alike.

Now is the time to start using unique passwords, if you don’t already, for every site and login that you use. The same goes with PINs, make sure you have unique PINs for everything.

Each password should be complex and unique, but a tip is to also include an identifier for the site it is used in so that if the site, business, or organisation gets hacked, and your information is leaked, the compromised information will expose which site leaked the information. A lot of the time, a data breach goes unnoticed by the organisation, often for a significant amount of time, in many cases months before the leak is identified.

If your details do end up exposed, at least you would know which site it was that leaked the data. It also means only one site is compromised, and you would not need to change the password on EVERY site it was used on as it is unique to the one site.

The one difficulty with this approach is to try to remember every password and login used across all sites you access, which is where a password vault becomes the best use option, with multi factor authentication enabled. A password vault is a single, secure, encrypted repository for all your passwords. Yes, it is putting all your eggs in one basket, but it is a secure basket with multiple layers of protection. It is protected by some or all the following:

Master username and strong password or passphrase
Multifactor Authentication – regularly changing code
Biometric layer
Encrypted database
Zero-Knowledge Architecture - data is encrypted on the local device using the master password or passphrase, and the decrypted data never leaves the device
Secure data transmission – the data is encrypted not just when stored but also during transmission between your device and the server, protecting it from interception

A password vault is protected by you at setup as you get to choose the encryption keys used meaning that no one else should be able to access the data, couple this with the layers of security means that someone would need to know multiple points of data (some changing every 30 seconds) making it nigh on impossible to crack the vault.

Password vaults can also be used in a business environment with compartmentalised vaults inside the vault. Some can be shared with other colleagues, meaning there is a shared, secure password repository for staff to access, securing company passwords.

If you would like more information about a password vault for either personal or business use, call us on 01722 411 999 to discuss all of the options available that would best suit you requirements.

How can AI help you to improve your business?

Wed, 24 Sep 2025 00:00:00 +0000

There has been a lot of hype in the media lately about AI but for many, it is just that, hype.

No one is really explaining how Artificial Intelligence can help smaller businesses or organisations, with the majority focussing on larger corporations and how they can use it, widening the gap between smaller businesses and larger businesses being able to compete on a level playing field.

Use yes or no to answer the following questions:

Does your business have to do repetitive tasks regularly?
Does your business undertake complex work flows with different people having to do different tasks to get things done?
Does someone have to spend time doing invoices or paying bills?
Does your business provide your customers with online or telephone support?
Is there something that ties you up in circles that you could teach someone else to?
Does someone spend time doing data entry?
Does it take time to sort out email and action or file it in folders?
Do you have to write proposals, content or copy for publication?

If you have answered yes to any of these questions then AI could easily benefit your business or organisation.

What is more, AI is not that expensive, it is a fraction of the cost of employing someone. How much is someone's time worth and is the best use of that cost spent doing mundane, repetitive tasks?

What if you could free up people so they could do more things that are more valuable but just don't have the time to do it? Artificial intelligence is a means to achieve this, to free up staff from the mundane to enable them to dramatically increase their productivity in more profitable tasks.

It is like increasing your headcount without increasing your wage bill.

AI tools are just that, tools, that can be trained to do tasks in the business, repetitive tasks that tie up staff. Training AI is very easy, you only need to show it how to do something once and it remembers, it also learns so if you need it to apply some intelligence on how to do things, it can make decisions based on the rules you provide it with. You can also provide it with additional steps if it cannot work out what to do.

Here is a simple example. Someone has to go through a mailbox and process all of email and determine what to do with each email based on the content. Some emails may be orders, some may be support requests, some may be sales pitches. AI can read the content and based on the set of rules you give AI, it can then process these emails. The more defined the rules, the more accurately it can action the emails.

You might have rules that tell AI to forward sales requests to the sales team, to forward invoices to finance, to open a support ticket for each support request in the helpdesk system.

There are a lot of different AI tools available to businesses to use in all areas of the business or organisation, from providing 24/7 chat on websites, to automating processes and complex work flows within the business.

At the end of the day AI won't take over many jobs, but the differentiator will be those who use it to compliment their business, getting more productivity with fewer resources, and those that are left behind.

If you would like to see AI in action, call us on 01722 411 999 for a demonstration of how AI can build and process complex workflows within your business or organisation.