World Password Day 2023
Started in 2013 by Intel, World Password Day is designed to raise awareness of the role strong passwords can play in securing our digital lives. Now more than ever, with the increasing frequency and sophistication of cyberattacks, it has become essential for individuals and organisations to keep up with best practices for password management. Although strong passwords are not a cure-all for making your organisation Cyber Resilient, they are still one of the best security measures. However, technology and cyber-criminals approaches are ever-changing, meaning advice can change over time.
Today we want to help raise awareness, not only on what is good advice for strong passwords in 2023 but also the reason why. So here are a couple of ways cyber-criminals get hold of passwords and how to defend against them.
In brute-force attacks, an attacker leverages high-speed computing power to try every character combination to break a password or password hash*.
Hive systems’ research gives an idea of the time frame to brute-force a password with that year’s technology. According to their 2023 table, the time to break a complex (numbers, upper and lowercase letters, and symbols) 8-character password in five minutes, and a 14-character complex password should take 1 million years to brute-force.
So, the longer a password, the longer it can take to be brute-forced; the same goes for the complexity of a password; the same 8-character long password, just using lower case could be brute-forced in less than a second, and a 14-character password in about a year.
Consider the growth of computer power and access to powerful cloud computing instances and think ahead; the same 8-character password now down to 5 minutes would have taken around 8 hours to crack six years earlier.
So, to defend against brute-force attacks, a password should be long and complex.
*Passwords do not usually get transferred across a network or the internet; typically, an application converts the password using a special one-way algorithm into a password hash, so the password-checking function only checks that the received password hash is the same as the stored password hash.
Phishing is where an attacker deceives people into revealing information or performing an action. A phishing attempt could be simple (designed to capture the one person in a thousand who doesn’t spot the danger) or complex and very carefully targeted (even security professionals fall for phishing!). One purpose of phishing is to lead people to fake login pages that harvest their passwords.
Keyloggers come in many forms and have legitimate uses. Still, in this context, an attacker might use malware to read and store all the keystrokes on a computer, capturing passwords and sensitive information.
Passwords gained from phishing, keyloggers, and breaches all tend to find their way into large password lists, used to either speed up brute-force attacks (dictionary attacks) or can be used to speed up the breaking of password hashes.
A compromised password is likely to be used in further attacks; if associated with an identity (an email, for example), any related accounts could be in danger if they use the same or similar passwords.
A good defence against compromised passwords is to use a new password for every account. It will not save the breached account but protect your other accounts.
Enforcing a password policy across every account a user needs to do their daily jobs is almost impossible. It is also difficult for users to remember multiple 14-character complex passwords. Users may use bad practices, like a breach of policy, reusing passwords, writing passwords down next to workstations, or saving them in documents.
- There are lots of ways to help users and defend against bad practices:
Help users by using single sign-on (SSO) services with an account that can use them and password managers for everything else. These will help users have different and complex passwords* - Consider scraping regular password updates; they encourage enumeration (adding a number to the previous password); this is almost as bad as reusing the same password, as many dictionary attacks will enumerate previously breached passwords. Save the password resets for when passwords are compromised or forgotten.
- When single sign-on and password managers are unavailable, one option is to advise users to use the three random words technique, which uses three random words to build a password, using symbols and numbers in a way that is easy to remember. This middle ground will generate long, complex, and easy-to-remember passwords, protecting against basic brute-force attacks but could speed up specialised dictionary attacks.
*There is a danger here that these systems if compromised, can result in multiple account compromises. Most single sign-on and password managers have extra layers of security built in because of this. Still, users should ensure they use a strong password for the master account when using single sign-n and password managers.
Takeaways
Individuals and organisations can enhance their cybersecurity by following these best practices for passwords and password policies:
- Use single sign-on first and foremost
- Create long, complex passwords (14 characters with symbols, numbers, and upper and lower case); store them in a password manager
- Use the three-word technique when no password manager is available, and you believe you may forget the password
- Always use a new password with every account
- Changing passwords should be reserved for compromised or forgotten passwords
In addition to the above, the following best practices can complement strong passwords:
- Enable multi-factor authentication where you can
- Regularly check the current password advice as it changes over time
- Regular security reviews or audits
- Education and awareness training, understanding why something is a good idea, means people are more likely to comply
- Tailor your policies to your organisation. The above is good general advice, but something more specific might suit your organisation better
Further up-to-date advice can be found at: https://www.ncsc.gov.uk/collection/passwords/updating-your-approach.
Each year on the first Thursday in May, World Password Day promotes better password habits and provides a timely reminder to evaluate our cybersecurity. If you need any advice, please get in touch. If you are a Millennium+ customer, hours can be used to access our Cybersecurity expertise.
How IFS software enables the energy sector to address its biggest operational challenges
BLOG
April 2023
How IFS software enables the energy sector to address its biggest operational challenges
It is never a case of ‘one-size-fits-all’ when it comes to enterprise resource planning (ERP), enterprise asset management (EAM) and other complex software initiatives. To maximise the chances of a successful project, factors such as sector-specific expertise, vendor reputation and the quality of support on offer must all be given special consideration during the solution selection/procurement process.
This is especially the case for businesses operating within the energy sector. From the revival of the switching economy, through to intense pressure to diversify and decarbonise, energy companies are facing a complex mix of sector-specific operational and market driven challenges at present.
With a track record of serving the needs of the energy sector since its inception, global cloud enterprise software company, IFS is acutely aware of the implications of these challenges.
Here’s how its offerings are equipping energy companies to tackle them head on…
1. Business-wide challenges demand an integrated approach
If a particular plant is hit with performance issues, or a sudden policy shift impacts a niche area of operations, what are the implications for the entire business? What does it mean both operationally – and for your bottom line?
Resource planning and performance management have never been easy for this sector. However, over recent years especially, it seems that the problems faced by energy – political instability, volatile pricing, and, of course, the pressure to hit net-zero, to name just a few – are of a different nature. For one thing, they are less localised: i.e. if an event hits, its implications are rarely confined to a particular business function boundary or geographical area. Another increasing descriptor of such challenges is non-linear: the idea that the full impact of an event or decision is difficult to trace and understand.
For energy enterprises to get a grip on performance and make the right decisions on asset management and allocation, they need clear visibility over all moving parts of the business. This includes linkages to possible early warning signs on performance-related issues. IFS appreciates this better than anyone. Its applications – including EAM, ERP, Enterprise and Asset Lifecycle Management – are made available through a fully composable, integrated platform. It enables planners to collect key information all in one place, get a joined-up picture of performance and make timely, better-informed business decisions.
2. Supporting enhanced customer service
As the price cap gradually becomes redundant, the coming months look set to see a return to competition across the energy sector.
The first stage will most likely take the form of a switching bonanza as customers cast their eyes across a newly competitive market and head for the most attractive tariffs. Beyond this however, savvy operators will be careful to focus not just on price, but on quality of service as a means of securing customer loyalty.
Energy companies need to look carefully at what type of experience customers expect, and whether they are equipped to deliver it. Factors such as speed of response, knowledgeable staff, and consistent, seamless messaging can all offer energy companies the opportunity to establish points of differentiation in the race for both consumers and commercial customers.
IFS applications directly support the development and optimisation of this type of standout customer experience. From human capital management through to customer fault logging, the entire process of service engagement management can be handled on a single platform. These are the building blocks for rapid, consistent service, happier customers and a stronger brand reputation.
3. Ensuring maximum return on technological investments
When market conditions are uncertain, businesses are more likely to think twice about major investments. Against this however, there is a desire on the part of energy companies to boost visibility across their organisations and to ensure they can respond with agility in the face of rapidly changing conditions. As such, despite – or perhaps more accurately, because of – a difficult economy, as many as 60% of businesses plan to increase investments in digital transformation this year.
Businesses are keen to upgrade their capabilities. But with budgets under strain, there is little room for expensive mistakes, and business leaders need to think very carefully about how and where to focus their investments.
Managers responsible for procurement and implementation on major software initiatives need to look very carefully not just at their choice of solutions, but also their choice of vendor. If it is a purely transactional relationship with the vendor attempting to shoehorn the business into a one-size-fits-all solution, the chances of failure are high. By contrast, IFS solutions have been devised and optimised with the needs of the energy sector squarely in mind. This sector-specific expertise helps ensure a genuine strategic partnership, complete with a carefully considered plan for prioritising projects, aligned to the organisation’s goals. This is precisely what companies require to maximise the prospects of success.
4. Helping create more agile businesses
The energy companies most likely to prosper over the coming years will be the ones who can respond with agility to shifting conditions and pre-empt customer demand and expectations. This includes the ability to spot trends in usage demand and behaviour, equipping suppliers with the intel to hone their service offerings accordingly.
IFS applications enable companies to manage and analyse all data relating to customers in a single location. Alongside tools to streamline service management, IFS also offers integrated customer experience management (CXM) software solutions to capture feedback data from customers. Utilising this intel, companies can get a better handle on what is and what isn’t working and focus on service improvements that are in line with customer needs.
Discover more
As a premier IFS Managed Service Provider, Millennium Consulting is ideally placed to support energy companies as they seek to transform their operating models to meet the challenges ahead.
To discover what’s possible through the IFS platform reach out to Philip Keet, IFS Customer Services Director via email or LinkedIn.
Hythe Beach Clean
Green agenda
Hythe beach clean
Please join us for a beach clean to help prevent harmful litter from polluting our seas. We welcome volunteers of all ages. The more volunteers we have, the better.
Date and time:
Meeting point:
Thursday 4th July, starts at 2pm until 4pm
Hythe Sailing Club, 48 Marine Parade, Hythe, CT21 6AW
All equipment will be provided by Folkestone & Hythe District Council.
If you are interested in joining us, please click the button below so we can get an accurate headcount.
Unit4 Financials 2023 Q1 Release
March 2023
Unit4 Financials by Coda 2023 Q1 was made available on 14 March 2023.
The new release contains all the previous Unit4 Financials functionality and new features. Plus, many additional customer requested fixes, highlighting the importance of logging enhancements via Unit4’s Community 4U.
Highlights of the 2023 Q1 release include:
Administration
- User Master
Finance
- Element Authorisation
- Pay Format Files
- Deprecated features
General Fixes/Updates
- Information about the version of a Desktop Application has now been updated to refer to the About option on the application menu.
- The Browse Worklist link has been corrected in the workflow alert email, the link now opens Browse Worklist.
- Metadata Dataview – It is now possible to add new attributes when editing dataview joins.
- Resolved an intermittent logon issue in Workflow Designer and Print Formatter.
- Functional errors (with stack trace) generated in webservices are no longer output to the container log.
- Out of memory errors when exporting data have now been fixed as part of general improvements to state handling.
- The Installation Requirements have been updated to explain how to get Java 11 to print the same separators as Java 8 for certain locales (for example Swiss French).
- If a cost centre transfer fails to post (for example – when period access is closed), the asset is no longer kept locked.
- All rows in Billing Browse are selected when using the ‘Select All’ check box.
- Restricted tax lists set on finance document masters are now enforced in Intray Management and Browse Intray.
- Header only documents on the Intray can now be retrieved for modification and deletion in Intray Management and Browse Intray.
- An original user can now modify and post back to the intray (but not to the books) a document whose “Prevent posting to books by original user” flag is set.
- Column recnum on tables ‘oas_elmhistory’, ‘oas_inthist’, ‘oas_lethist’ and ‘oas_prlhist’ has been increased in size from smallint to int to minimise accidental rollover.
- XL will reauthenticate when the current session expires.
- Reduced the memory usage in the CSV Transformation and the Repository Output.
- Security of attachments has been improved
The Release Notes detailing the fixes and features within this release can be found in the Documentation area on Unit4’s Community 4U.
Release dates for Cloud users
Unit4 Cloud customers are notified by Unit4 Cloud support when their pre-production and production systems will be updated. This information can also be found within the Cloud Services – Release Schedules area. View the 2023 Cloud Schedule here.
The Release Notes detailing the fixes and features within this release can be found in the Documentation area on Unit4’s Community 4U.
Upgrading Financials is not merely about accessing the new functionality that comes with a new software release. It is also about mitigating technology, operational, and business risk.
Aptitude Leadership Forum
The next Millennium Aptitude Leadership Forum for Banks, Insurance and Telecommunications organisations that use Aptitude Accounting Hub, sub-ledger and rules engine takes place in May 2024.
Join other Aptitude software decision makers to share experiences and to discuss systems architecture, performance, functionality, data, deployment challenges, regulatory compliance (IFRS9, IFRS15, IFRS17 etc.) etc.
Thursday 16th May 2024 at 2.00 p.m. GMT, 3.00 p.m. CET, 9.00 a.m. US ET and 10.00 p.m. HKT
N.B. This webinar will be hosted via Microsoft Teams, and you will receive a link to the session after registering. Please feel free to share this invitation with any other interested colleagues.
Millennium+
Resource
February 2023
Tailored packages to suit your Unit4 Financials by Coda needs
Would you like to learn more about Millennium+?
View our Millennium+ PDF as we outline exactly what it is, what services we provide and how it can transform your business.
Use the calculator to get started
Renewable energy to become the world’s top source of electricity by 2025
February 2023
Renewable energy will become the world’s top source of electricity within three years, new data reveals.
According to the International Energy Agency Electricity Market Report 2023, 90% of new demand between now and 2025 will be covered by clean energy sources like wind and solar, along with nuclear energy.
This growth in output means that renewables will become the world’s largest electricity source within three years – providing 35% of the world’s electricity and overtaking coal.
"The world’s growing demand for electricity is set to accelerate, adding more than double Japan’s current electricity consumption over the next three years. The good news is that renewables and nuclear power are growing quickly enough to meet almost all this additional appetite, suggesting we are close to a tipping point for power sector emissions."
— IEA Executive Director, Fatih Birol
IFS has Renewable Energy Market Solutions
IFS offers the best engineering services and industrial processes to clients involved in various industrial manufacturing sectors. IFS also provides efficient, environment-friendly renewable energy solutions for your renewable energy sector needs.
Millennium Consulting achieves Unit4 Elite Partner status for the fourth year running
February 2023
We are delighted to announce that we have been awarded Elite Partner Status by Unit4 for the fourth year running.
The Unit4 global partner program operates across three levels focused on capabilities, contributions, and customer satisfaction. Elite level partners have achieved the highest level within the Unit4 partner program. This level is awarded to partners that have consistently demonstrated the ability to meet the highest level of success with Unit4 and our joint customers. Millennium Consulting is committed to being an Elite Partner for Unit4, holding Elite partner status since the global partner program launched in June 2020.
This acknowledgement follows the recognition received during the Unit4 XKO partner conference in Lisbon in January, with Millennium awarded ‘Service Delivery Partner of the Year’.
“Achieving Elite Partner status for the fourth consecutive year is a significant milestone and testament to the hard work of the whole team. This is a great reflection of our continuing investment in the Unit4 product landscape. Alongside our Service Delivery Partner of the Year, this is a fantastic way to start the year!”
— Jeremy Lucas, Chief Operating Officer at Millennium Consulting
Why choose Millennium for Unit4 Financials?
We are an Elite Unit4 Partner with more than 27 years of experience working with Unit4 Financials. That means we have the knowledge and experience to design, implement and support the right Unit4 Financials solution for your business.
Events
Nothing found.
Unit4 Financials Continuous Release Schedule 2023
January 2023
Release dates for on premise users
The Unit4 Financials platform is maintained via a continuous release model. Thanks to this predictable cycle of quarterly updates, users get timely access to the type of customer-driven enhancements that helps to keep the finance department ahead of the game.
| 2023Q1 Release | Released 14 March 2023 |
| 2023Q2 Release | Released 13 June 2023 |
| 2023Q3 Release | Planned 12 September 2023 |
| 2023Q4 Release | Planned 5 December 2023 |
These dates can sometimes be subject to alteration.
Release dates for Cloud users
Unit4 Cloud customers are notified by Unit4 Cloud support when their pre-production and production systems will be updated. This information can also be found within the Cloud Services – Release Schedules area.
| 2023 | Preview & Acceptance | Production |
| Q1 | 28th March 2023 | 22nd/23rd April 2023
(Released Maintenance Window) |
| Q2 | 27th June 2023 | 22nd/23rd July 2023
(Planned Maintenance Window) |
| Q3 | 26th September 2023 | 21st/22nd October 2023
(Planned Maintenance Window) |
| Q4 | 19th December 2023 | 20th/21st January 2024
(Planned Maintenance Window) |
These dates can sometimes be subject to alteration.
Updating your legacy systems
Upgrading enables you to:
- Access the latest functionality
- Reduce operational risk and processing costs
- Continue to access Unit4’s “in support” software maintenance and support package
- Ensure you are up to date with Unit4’s latest software security package
As an Elite Unit4 Partner, Millennium Consulting specialises in delivering a seamless upgrade, while also ensuring your upgraded solution is fully aligned with organisational requirements.
How bespoke software can benefit your business
January 2023
Targeting your specific inefficiencies
From corporate accounts to data integration, all business software should have one aim: to make your business processes more efficient.
Every organisation is different in terms of its culture, preferred ways of working, priorities, and compliance requirements. Packaged (‘off-the-shelf’) software might help you solve a lot of these challenges. However, doing so can sometimes require you to make changes you didn’t want to make. For instance, a payment solution might make it easier for you to track invoices, but also requires you to alter your sales workflow. There may be other quirks that are either irrelevant to your business, or that even cause additional inefficiencies that your employees must work around.
The beauty of bespoke software is that you control precisely what’s included. You can target it to your specific inefficiencies, to give you everything you need – and nothing you don’t.
Optimising existing systems
Bespoke software doesn’t have to be a replacement for your existing systems and software solutions. In fact, the opposite is true: particularly when it comes to data integration, one of the most valuable uses for custom programs is in helping you achieve maximum ROI and longevity from existing systems.
Say for instance, your sales, fulfilment, and finance departments all have their own tools and data repositories in place. Bespoke software can be designed and deployed to connect these systems and processes, enabling the free flow of information across the business, and reducing the need for repetitive manual entry.
Support for new operating models
The last few years has seen many businesses transform how, when and where they work. Hybrid working practices are a big part of this, with employees splitting their time between multiple locations. Bespoke software can be configured to match your preferred working model, making applications responsive across all devices, but with access controls that reflect your security requirements. In this way, custom-developed software can help you adapt your existing architecture, ensuring that your entire team, tools, and data can remain connected – wherever they are based.
Creating unique selling points
A typical growth strategy involves maximising the lifetime value of existing customer relationships, while also attracting new customers. Bespoke software can support both aims, helping you create something unique.
For processes such as payment, fulfilment and customer service, off-the-shelf software can sometimes leave you confined to generic operating models. In other words, the user experience you can offer is pretty much the same as everyone else’s. But let’s say you have an idea for a unique subscription model, or a customer service interface: tailor-made software could be just what’s needed to help you stand out from your competitors.
Onboarding and new features
Off-the-shelf software can often involve a steep learning curve for ordinary business users; in some cases, even requires businesses to bring onboard additional expertise. Substantial reconfiguration may also be required to ensure it can support your organisation’s specific needs.
With bespoke software however, you have much greater control not just of the functionality, but also in shaping the wider user experience. At a development level, you can tailor the program’s workflows, navigation, and input fields so they are fully aligned with your own procedures. You can also consider the characteristics of your workforce (e.g., their level of technical ability) to design your user interface.
If your bought-in finance solution includes a reconciliation feature that’s perfect for your needs, you don’t necessarily want it to be tweaked, overhauled, or ditched altogether by the vendor! The beauty of bespoke is that you can determine what changes, improvements or additions are made – and when.
Security
When a vulnerability emerges in a software product that has hundreds of thousands of users, threat actors will try to exploit it before it’s patched. You could find yourself in that unlucky group of customers who are targeted.
Bespoke software does not make you immune to security threats. However, it’s generally a lot harder for hackers to find the weak points in an unfamiliar, one-off system. They prefer easier pickings, which makes a breach less likely. That said, it’s still vital to ensure bugs and source code vulnerabilities are addressed promptly, which is why it’s crucial to choose a reputable development partner to stay on top of this for you.
Scalability
Need to add extra users, or install your software on a brand-new batch of devices? Want to add a new feature to match some recent changes to your operating model?
Another big advantage of bespoke software is that you can do all of this, without having to haggle with the vendors over subscription extensions or functionality tiers. It becomes much easier to scale and evolve your solution over time, ensuring it is future-proofed in line with what your organisation wants to achieve.
Explore the possibilities of bespokesoftware for your business
For the past 10 years, Millennium’s highly skilled team of software consultants have designed, implemented, and delivered bespoke software for a diverse and global client base. This includes automating workflows, developing customised user interfaces, and enabling businesses to realise maximum value from existing systems.