Is an IRMS worth it?

AXLR8 provide special IRM systems for

  • Freedom of Information,
  • SARs (GDPR requests such as access or rectification) and
  • EIR (requests under Environmental Information Regulations)
  • Appeals
  • Complaints
  • Data Breaches
  • and many more information governance applications.

Productivity and saving public funds

All systems purchases need to be justified financially. This article and accompanying spreadsheet explain how one can measure the difference a system makes compared to manually updating spreadsheets. That means public sector buyers can calculate how much it costs their business every month that they do not have a system!

New Finance Broker Portal User Experience

Thanks to the commercial finance intermediary clients and their teams who have helped us develop and improve this new look and feel. We hope you feel we acted on your feedback and you like the results. If your organisation has not switched your user account over to it yet, here is a video showing how it works.

AXLR8 Commercial Finance Systems
Easy to use and improves productivity

AXLR8 has been working for two years on a new set of portal development tools to create user experience (UX) – simple workflow systems that are easy to use. We have deployed them on modules of our other systems before but this is the first full systems refresh to come all the way through a year of broker feedback.

In addition to improving productivity, the new user interfaces we hope the systems are

  • easy to use
  • simple to understand
  • quick to learn (virtually no training is our goal)
  • flexible to change and evolve for your company
  • easy to pick up again after a break
  • friendly
  • secure and quick

Please judge for yourself. Watch this video.

The new interface development tools are proven in many of our systems now including the Loan Matrix (Loan Management System), Information Asset register (IAR) and the new Talent Management and Applicant Tracking Systems (ATS) from AXLR8.

Easy to use AXLR8 Portals
Easy to use AXLR8 Portals

Secure Passwords

Your passwords should be unique and memorable. If you do not read any more of this article, just remember to make your passwords from three random words.

Passwords should be…

  • long at least 10 characters
  • unique – do not use the same password for more than one purpose
  • memorable – if possible so you do not have it on a yellow sticky!
  • complex – add some numbers upper and lower case characters and some non-alphanumerics such as $, -,!,@ (special characters)
  • regularly changed
  • securely stored if stored at all. Possibly an encrypted file or a specialist recognised password vault
  • changed occasionally (changed too often can create its own security weaknesses). It is accepted that a more complex long password changed less frequently (say annually) is better than a simpler, shorter password changed frequently (e.g. every quarter).

Some of the above may conflict. The better (long, uncrackable, frequently changed, etc.) your password is, the more difficult it is to recall. Therefore, you need to record it and, unless this is done securely, that in itself becomes a security weakness. The familiar yellow sticky on the screen is dangerous but writing them all down on a piece of paper is asking for trouble.

Only secure systems should be trusted with your personal information:

  • encrypted password storage so not even the programmer of the system can read it.
  • SSL encrypted browser to server communications (padlock HTTPS:// in the URL) so that it is not compromised between your PC and the server
  • A ban on further attempts at password attempts after a small number of tries – five to ten attempts maximum.

Your information is probably already compromised

You must assume your password has already been found out and is available to many hackers. How?  Check this site to see where your details.

https://haveIbeenpwned.com

Put your email into the box and see the results showing how many sites, where you used that site, and what personal information has already been stolen and has been on sale for many months or years. Everyone should know this but we reckon nineteen out of twenty AXLR8 clients we show this to are completely unaware of how exposed they are.

Brute Force Dictionary Attack

Someone can easily guess my password?

There are hacking tools that attempt thousands of username and password combinations. Many of our servers that are open to the internet have 45,000 attempts per day which are blocked.

The way password guessing works is by using information already available to the hacker’s computer. Your name is an example so do not use your name with “123” after it. Further, your first & last name, school and many more pieces of personal information must be assumed to be known by hackers. If you have a word that is typically used in your password such as a pet name, animal, flower, place, or whatever, a “Dictionary” attack will probably find it by using a list of common words and configurations of those words. For example, Dictionary attacks are really good at words and phrases. They also check adding your date of birth and other information they have derived or purchased. Thus, if your password is made from the word Banana and your date of birth (in this example 10th November), you might make a password like “B4n4n4-1011” On the face of it, this is more than 8 characters and obeys many of the accepted rules from a few years ago.

Good dictionary attacks already have your date of birth, first pet’s name, primary school name, and many other answers to “hint” and “ID check” questions you might have entered in other sites as mentioned above.  Most know dates of birth and names of children, which are very common combinations for passwords. All know combinations of common passwords like “Secur1ty”, “pass1234”, “Password!” and “letmein” is well known. Similarly, although it is not the subject of this article, please do not keep your default firewall or blue tooth PIN as “1234” or “0000”. Also, obviously, do not make it the same as your bank PIN!

Yikes! What shall we do then?

Password reset

You should change your password now.

Dictionary attacks are very, very good at finding a word or phrase and number combination. However, they are unable to begin to guess at something you passed on the way to work, a randomly selected object in your house and a film you like or three things you saw on holiday or in a film plus your favourite actor.

Just choose three random words to make a memorable password and chuck  in some number(s)/non-alpha(s) characters.

e.g. apple sock ship might end up apple1812-$hipSocks.

Maximum password attempts is a good way to protect against such attacks.

In conclusion make sure your passwords obey the rules at the top of this page and, if you do nothing else, use three random words that only you would recall because only you saw a jaguar, a robin and a bike tyre puncture on your way to the shop this morning.

Repercussions

If it is your personal password for, say a private bank, game or subscription, you may lose money or pride. Worse is possible if someone steals your identity and commits criminal offences in your name. It is not enough to know you are not guilty. There are several cases where an innocent victim of such ID theft has been attacked by another victim of the crime. Lastly, if you are at work and responsible for other people’s data on a system and neglect your duty to create a secure password and keep it secret, you could damage many other people. This could happen if you are working on any accounts, CRM, HR system and many others.

Also, if you are an AXLR8 client running a business you have built up for years, you will need to make sure that you and your staff abide by these simple rules in a complex world.

If this raises any queries, please call AXLR8 support on 01344 776500 and we can help your Super Users with your system security and staff security training.

New AXLR8 Commercial Finance interfaces

AXLR8 are migrating users to new interfaces to reduce training and make the system quicker and easier to use. Simple lists of proposals and clients have clicks through to more details if desired. Adding new propsals uses a step-by-step wizard approach that even the world’s greatest technophobe will embrace!

Easy to use AXLR8 Portals
Easy to use AXLR8 Portals

These announcements (and see here) are part of the product roadmap which started nearly 20 years ago and will continue with many interfaces to external lenders and other information sources.

Please call to discuss your team’s requirements.

01344 776500

AXLR8 commercial client GDPR

AXLR8 have produced the following AXLR8 GDPR document for clients in the commercial sector – especially those who use direct mail with our Newsletter Builder and other tools in B2C markets.

It also refers to a new AXLR8 Data Cleaning document.

Staffing Clients

Those in staffing will find it useful as there are some pointers about adding the Opt Ins to your staff contracts.  It seems reasonable to ask staff to read email in order to see what what work is coming up, confirming/ changing shifts and so on.  More is available on our specialist staffing website at http://staffing.axlr8.com.

For example, we will be covering data retention periods and especially applicant data and data about terminated staff (with and without payment history.

Government  Clients

AXLR8 are creating special new SAR 30/60/90 Information Request Types.  More details are on the way to government users of our FOI systems.

De Lage Landen integration

Great project with the De Laga Landen developer support team last month.

AXLR8 now have a direct proposal introduction system in test and hope to have the first clients using it within a month.  Fantastic development  job by all concerned.

Great to work with such a forward-looking financial company.

AXLR8 Commercial Asset Finance V4.0 launches

Version 4 of the AXLR8 Commercial Asset Finance offering is now available.

What’s new?  The system is GDPR compliant.

It now includes compatibility with:

  • AXLR8 Trigaware: which automates alerts and messages for end of funding period and other actions.
  • AXLR8 Exchange Vault: which automatically stores proposal and client email traffic in the correct places by using the client email address and, if relevant, to a quote or proposal, using the funding opportunity (also called “finance requirement” or “funding requirement”) reference in the email subject line.  This is an invaluable tool for both client service and relationship building as well as compliance audit transparency.  All the email correspondence for contacts from funders, suppliers, clients and others may be found in their file and likewise, all the correspondence for a quote or funding proposal may be found quickly with that funding requirement’s record.
  • AXLR8 Mailing Manager: this includes AXLR8 Newsletter Builder which is an effective tool for new business sales as well as keeping clients informed of news and developments at your company.  It also has extensive mail merge capability so that it can produce contracts for clients or employees and many other forms of correspondence.  In more advanced forms, the AXLR8 Mailmerge system can merge context specific information into one or more funding proposals documents including:
    • Funder Details
    • Client Details
    • Equipment Supplier Details
    • client bank, accountant, and other details from KYC and profiling (e.g. length of time at residence and home ownership  and unlimited other profiling information).
    • Equipment details
    • Background information and funding  business case.
    • Financial parameters such as equipment costs, advances and all the other data required for any funder’s decision.
  • AXLR8 Report Builder:  This allows the creation of reports on the fly and the creation of ad hoc operational data queries.  These may be combined and the data can be exported to other systems & tools.  Thus, the requirements for compliance reporting (e.g. Gabriel reporting) or funder reports, supplier reports, sales commission calculations are all avaialbe with a few clicks.

…..and many other AXLR8 modules.  The system parameters, vocabulary, labels, statuses, profiles and menus can be updated by the your superuser without expensive programmer intervention.

Cassiopae Freehand

AXLR8 have also been working with Cassiopae UK behind the scenes to integrate Cassiopae’s market leading Freehand quotation software in to our AXLR8 proposal management system for Commercial Asset Finance Intermediaries.

 

Is it compatible with my system and do I need to ugrade?  It is based on the AXLR8 CRM (Dragon release and above.  Those clients still using the previous version on Cobra releases have been contacted about options, dates and plans for upgrading.