news

Happy New Year!

If you’re like most people, chances are you have a list of resolutions for the start of 2023.  We have to admit that despite our best efforts, our resolutions sometimes don’t stick.  Our best intentions lasting a few weeks before we slip into our old ways.  Why is that so often the case?

For that answer we can look to our habits and how they are formed.  Whether it’s to stay more organised or save more money, making good habits is key to achieving our goals.

So, for this year, we want to be sure to focus on forming new healthy habits and making them stick!  With that in mind, let’s offer up some practical advice for creating lasting change throughout the New Year and beyond.

1. The Why

Be clear on why you want the change.  You might have a general view that you want to stay off social media because it feels like the right thing to do.  But what is truly driving you?  Successful habits are grounded in knowing truly why you want this change.  Spend some time writing down in as much detail as possible the reasons you have and the benefits you and possibly others could gain from this change.  Keep these reasons live and at hand.  Chances are that confirming your greater meaning will deliver greater sustainable success.

2. Be Specific

We might say to ourselves ‘I want to get healthier’, but without specificity, we can easily fail to reach our target as we lack a definable outcome that we can plan against (let alone knowing truly when we have got there).  Instead, write down as much detail about your goal to form a specific, measurable and timebound target.

3. Break Down That Goal

Your brain likes to feed on rewards with unconscious acknowledgement that what you are doing is reaping some form of benefit.  It’s a common trap for us to have this magnificent goal in our minds that can become overwhelming and difficult to achieve if you don’t start seeing immediate results.  Break that bigger goal up into a journey with more achievable steps.  That half marathon becomes a ten, twenty, then thirty-minute run.  At each milestone, celebrate your journey with something you enjoy and make it fun!

4. The Two Minute Rule

Research has stated that starting activity associated with a new habit is one of the hardest parts.  So, try breaking down the start of your activity to an action that takes just two minutes.  The idea here is that this initial action will slide you into the next step and then the next.  Change ‘going for a 15-minute run’ to ‘changing into my running clothes’.  Change ‘I’m going to learn one song on my guitar’ to ‘I’m going to pick up my guitar and tune it’.

5. Accountability Partner

It helps tremendously to share what your goals are with someone else.  It makes it feel more real when you talk about it and chances are that you will want to provide your accountability partner with good news.  In turn they can provide you with support and encouragement.  If possible, choose someone who can be non-judgemental and supportive.

6. Make Good Choices Easier and Bad Ones Harder

It’s difficult at the best of times to make new habits stick.  So, make the journey easier where you can.  Place your guitar where it’s visible, remove those beers from the fridge, put your mobile phone out of sight in another room, replace those snacks in the drawer with heathier ones.

7. Be Patient

It takes time to form new habits, remember this when you don’t see early results.  Repetition is the key to making habits stick rather than the length of time.  For example, five minutes of guitar practise each day forms more new neural pathways than thirty minutes of practise once a week.

8. Make It Tangible

Find the medium that works for you.  If you are a visual person, you can try creating a visual board of pictures and statements linked to your habit and place it somewhere prominent or you can use a calendar or a journal to record your progress.  If technology is your thing, there are a host of habit tracking apps you can utilise such as Streaks, Way of Life and Habitify.  Why not gamify your habits with Habitica.  The trick is to find a medium that works for you.

9. Your Clan

Surround yourself with people who share the same outlook and belief to how you want to show up in life.  It’s harder to change a habit if everyone around you is doing the opposite.  You are what your environment makes you.

10. Don’t Give Up If You Slip Up

Many of us slip up at the first time we miss a habit.  Acknowledge the miss, but don’t take it as total failure.  Recover your positive thoughts and keep moving forward knowing that the road ahead is not always in a straight line.

Do try these tips and see what ones work for you in combination.  I hope they go some way in helping you achieve your new year resolutions for this new year and beyond!

Nick is a professional life and business coach based in Norfolk.  Helping professional working parents get the career they want and to achieve a healthier, happier, work/life balance.  Nick also partners with solopreneurs, small and medium-sized business owners, providing expert coaching services to support themselves and their employees thrive in the workplace – www.nickhowellcoaching.com

Images provided by Nick Howell Coaching from unsplash: Engin Akyurt (2023 beach) and Tim Mossholder (Resolutions sign)

Thursford Enterprises has won a test case in a dispute with HMRC over whether its Christmas Spectacular was entitled to Theatre Tax Relief (TTR).

The Norfolk show is the largest of its kind in Europe and draws thousands of visitors to the region every year.

Larking Gowen’s Corporate Tax Specialist Ben Greves was advising Thursford Enterprises and assisting with the dispute. “For a number of years Thursford has made a claim under the Theatre Tax Relief scheme for the costs of producing the Christmas Spectacular.

“This is something we had advised them to do after informal discussions with HMRC. However, in 2019 HMRC told them it was launching an enquiry into the company’s TTR claim, which was the start of a long drawn-out and challenging process,” he explained.

He said Thursford’s position has been greatly helped by Larking Gowen’s advice to establish robust documentation and a filing position that could be supported. Also, that Thursford had subscribed to the firm’s Tax Enquiry Protection Service (TEPS) which protected them from substantial professional costs in defending their position.

When the two parties were unable to reach a negotiated position, HMRC issued a closure notice concluding that the Christmas Spectacular was not a qualifying production for TTR.

Thursford appealed against the closure notice and took their case to the First Tier Tribunal, where the judge ruled that the show was in fact a qualifying production for TTR. HMRC decided not to appeal the decision.

John Cushing OBE, Producer, Director and CEO of Thursford Enterprises, said TTR was essential to keep productions running.

“Before we even open our doors for the first performance, our production costs are in the region of £2m. Without Theatre Tax Relief, we would not be able to sustain our production, which has a cast of over 130 singers, dancers and musicians, not taking into consideration the technical and production teams.

“Everything in the show is performed live, and that is why over 100,000 audience members travel each season from every county in the country, as well as, increasingly, from further afield to see our Christmas Spectacular. TTR was passed as a Government Bill to protect and promote live theatre within the United Kingdom; to encourage and support us as a centre of excellence in the arts.”

He said that having a TEPS subscription in place had made the decision to go ahead with the financial burden of the appeal more defensible to the organisation’s trustees.

“Larking Gowen were with us at every stage of the journey. Following the acceptance of the appeal by HMRC they appointed a Chartered Tax Advisor, Andrew Gotch from The Tax Fellowship, who was absolutely superb and whose expertise and advice certainly helped us win the case.”

John stated this year’s Christmas Spectacular was playing to full houses of 1,400 patrons twice a day, “with standing ovations from the very first show.”

“With the continued support of TTR, long may our Christmas Spectacular survive and flourish,” he commented.

Larking Gowen’s Ben Greves said: “Tax relief is a form of funding for the arts sector, and this was a test case which helped us, and HMRC, determine where the line is drawn.”

Find out more about Larking Gowen’s Tax Enquiry Protection Service here.

Photo © Thursford Enterprises

This week King Nigel of Norwich took a break from panto and made a Royal Visit to Captain Fawcett’s Marvellous Barbershop Museum in King’s Lynn. Actor Rufus Hound is currently starring as King Nigel in Jack and the Beanstalkat the Theatre Royal, Norwich, until 7th January. Before Tuesday’s matinée Rufus whizzed over to Fawcett HQ for tea with Fawcett founder Richie Finney. After a quick tour of the Museum he said “What a place! Everything is totally in character. Honestly, everyone should come and see what’s been created here. It’s just amazing!

As well as being known for his acting talent and frequent appearances on comedy panel shows, Rufus is famed for his trademark whiskers, saying “I’ve chosen to wear facial hair since I was able!” He was sporting a particularly lush ‘English handlebar’ moustache when a chance meeting led to Captain Fawcett’s collaboration with the bewhiskered comedian. The result was ‘Triumphant’, a rather splendid Signature Series Gentleman’s Grooming range which made its debut in 2019 with a Moustache Wax. ‘Triumphant’ was such a success, six months later the range was expanded and now includes a Beard Balm, Beard Oil and magnificent Eau De Parfum with a heady fragrance reminiscent of the balmy days of Spring. The scent was inspired by Rufus riding his beloved motorcycle through England’s green & pleasant countryside.

Rufus says: “Captain Fawcett’s melange of magical moustache managers and array of oils, waxes and parfums are never far from my washbag or my whiskers. When we met he asked what my favourite smell was. My answer was immediate. I ride a Triumph motorcycle in an open face helmet. On those glorious days of summer, to be on a British bike, riding through the twisty, turny B roads of the British countryside is an exceptional treat. Whizzing through little villages on a bike designed to do just that is heavenly. The combination of sunshine, flowers and williwaw arrives olfactorily but manifests spiritually. If there was one smell, I wish there more of in the world, that’s it.

“Being asked to collaborate with Captain Fawcett is one of the most flattering things that’s ever happened. When ‘Triumphant’ was mentioned in Vogue it was just unreal. I mean, I’m not Beyoncé, I’m just a bloke from the theatre with his own fragrance. It’s brilliant and completely nuts!”

Rufus first fell for Norfolk when he starred in the touring production of One Man, Two Guvnors, also at the Norwich Theatre Royal. He says “Norfolk audiences are an excellent bunch. I was immediately up for coming back here to do panto. I like Norfolk very much and I could happily live in Norwich Market! It’s incredible!”

Talking of Jack and the Beanstalk he says “Joe Tracini (who plays Jack) was born to be in pantomime. The roots of panto are brilliantly disruptive, they’re shows where communities take stock of themselves. They’re about local in-jokes and references to things like street names get the biggest laughs. It’s exhausting doing two shows a day but when people are really joining in, screaming and shouting, that’s where the energy comes from. There’s no buzz like it.”

Oh yes there is…and it smells ‘Triumphant’!

Jack and the Beanstalk is playing at the Theatre Royal, Norwich until Saturday 7th January 2023. Tickets start at £10.

Ahead of councillors setting the Norwich City Council budget for 2023-2024 in February 2023, we are running a consultation to get the views of residents and businesses.

With just over £100m to deliver a range of services (some which are statutory and some discretionary) and invest in the city, set against a context of inflation and dwindling money from government – it’s more important than ever, we hear from local people on what matters to them.

Our survey sets out our plans for making savings and generating income, which you can find at GetTalking.norwich.gov.uk

Please give your views by Friday 20 January 2023.

Image credits – Chambers Canva Pro

Chantry Place Norwich is one of the sponsors of the Norwich Science Festival 2023, returning 11-18 February, and has lots of free family-friendly events planned during February to celebrate.

Dodo and Dinosaur, a Norfolk-based studio creating designs celebrating the Earth’s Extraordinary Extinct™creatures, is creating a special free Extraordinary Extinct™ Dinosaur Trail for Chantry Place. The self-led dinosaur-themed poster trail around the Centre will enable families to go on a dinosaur hunt around the Centre to discover some fascinating fossil facts to be in with a chance of winning a £100 H&M voucher and goodies from Dodo and Dinosaur. The free trail takes place from 4-18 February 2023 at Chantry Place Norwich and trail maps can be picked up at Langleys in Chantry Place and at The Forum Norwich.

A Museum of Plastic exhibition by Precious Plastic, who are on a mission to reduce plastic waste, will be located at Chantry Place from 11^th to 18^th February on the dining terrace. It will feature a Fantastic Plastic Litter Arcade for families to enjoy, including bottle tops in the style of a 2p machine game and much more. This exhibition explores the environmental and social harms caused by our current dependence on singleuse plastics, and presents possible steps we could take to eradicate them.

Plus, there will also be some fun characters for families to meet on Chantry Square on Saturday 11^th February.

Paul McCarthy, general manager at Chantry Place, is also teaming up with Molly Ajeto, visual merchandiser at H&M for a free talk at Sir Isaac Newton college on Friday 17^th February at midday on ‘Sustainability within modern retail’.

Paul McCarthy, general manager at Chantry Place, said: “Norwich Science Festival is always a fun-filled and educational event for families in Norwich and Norfolk and we worked with them in 2021 when we had a planetarium at the Centre. We are looking forward to being involved in February and helping showcase Norwich as a city of science, innovation and creativity, whilst having lots of fun. We are so excited to see the dinosaur trail which has been created especially for us for the festival and the arcade style games at the Museum of Plastic will be loved by all ages, while highlighting the importance of recycling and the impact that plastic has on our planet.”

All events at Chantry Place are free and do not need to be booked. The full progamme of Norwich Science Festival events goes on sale on 4^th January 2023.

“Norwich Science Festival is so delighted to be working with Chantry Place this February – with our free dinosaur trail and Museum of Plastic exhibition – plus on the first day of the festival, Sat 11th February, we will have some friendly dinosaurs outside the front of Chantry Place. It is going to be a fun-filled February half term with a huge Norwich Science Festival programme of free and good value events every day!”  – Claire Mutimer, Norwich Science Festival Producer.

For more information on Chantry Place, visit www.ChantryPlace.co.uk or follow chantryplacenorwich on social media.

Image credit: Dido and Dinosaur

Let UEA’s Gateway to Growth Team simplify the hiring process and unlock UEA graduate potential for your business. Our bespoke recruitment support packages are designed to connect you with UEA graduate talent and enhance your ability to recruit.

Gateway to Growth is an innovative project designed to boost engagement between graduates and Norfolk’s Small and Medium Enterprises (SMEs).

The University of East Anglia (UEA) led a successful bid to the Office for Students Challenge Competition with support from New Anglia Local Enterprise Partnership (LEP), Chamber of Commerce, Norfolk County Council, Norwich City Council, South Norfolk Council, UEA SU, Hethel Innovation Centre, Kings Lynn Innovation Centre, Cambridge Norwich Tech Corridor and the St Georges Works.

The tailor-made project comprises three strands; dedicated recruitment support for Norfolk SMEs, access to flexible graduate resource for partners of the project and additional support for UEA graduates who want to stay in the region and need support finding a job.

Dedicated Recruitment Support for Norfolk’s SMEs

The Gateway to Growth Team will simplify the hiring process and connect you with UEA graduate talent. Our expert knowledge of the graduate labour market and cost effective recruitment support will increase your visibility and enhance your ability to recruit UEA graduate talent. Your bespoke package could include:

• Improved job postings on the UEA MyCareerCentral vacancy advertising platform that will specifically target UEA graduates
• Support to write your job description in a way that will appeal to UEA graduates
• Increased exposure for your organisation and vacancies through our social media channels, networks and events
• Access to an online application form system via our MyCareerCentral platform and support with UEA candidate administration
• Support to co-ordinate and facilitate an interview/assessment day

For more information please visit our Gateway to Growth website or contact the Gateway to Growth Team on 01603 597757 or info.gateway2growth@uea.ac.uk .

The celebration of all things science returns this February half term, and events are now on sale. With more than 180 events taking place over eight days, there’s plenty for everybody to enjoy.

Norwich Science Festival is back 11–18 February 2023 around the city and beyond – expect intriguing discoveries, inspiring talks, engaging exhibitions, deep dives and debates, cutting-edge research, and lots of hands-on family fun!

You can now pick up a brochure from The Forum, Norwich or download a virtual brochure on norwichsciencefestival.co.uk, where you can also book talks, shows and workshops.

Every day there’s free hands-on fun and activities for all in ‘The Explorium’ at The Forum, with themed days from bugs, birds and beasts through to health and wellbeing. The Explorium takes over The Forum’s Atrium, as well as outside the building including a heated marquee, kindly sponsored by Vattenfall. The Explorium is open between 10.30am-4pm, with a pre-book Quiet Hour open between 9.30am-10.30am.

Plus this year, there’s two mini pop-up festivals, taking the science fun further afield, to Holt and Gorleston-on-Sea. These Science Satellite events are perfect for families, with bookable talks and workshops at East Norfolk Sixth Form College in Gorleston on Monday 13 February and Gresham’s in Holt on Wednesday 15 February. Highlights include Teddy Bear Clinic with Dr Jess French at Gresham’s; Extinct, about dinosaur super-predators, with Prof Ben Garrod, plus lots of fun workshops including stomp rockets, coding and robotics, kitchen science, chemical reactions and more!

The brochure was launched at East Norfolk Sixth Form College, with the help of principal Dr Catherine Richards, college staff and students, the Norwich Science Festival team, and sponsor Howes Percival.

Claire Mutimer, Norwich Science Festival producer, said: “We are so excited to have our brochures packed with inspiring events and really hope you enjoy planning your trip to the festival, with so many talks, shows and workshops on offer for adults and children.

We have really focused on ensuring Norwich Science Festival is affordable – so lots of the events are free or subsidised – just make sure you book them on our website. You can be sure of a very warm welcome at the festival and don’t forget The Explorium is open every day of half term in The Forum and is totally free.”

Highlights of the festival for families include the return of BBC Gastronaut Stefan Gates, with a brand-new show Rude Science (18 Feb); and Big and Small (16 Feb) – an interactive game show where you help astronomer Affelia and biochemist Alex settle a very important scientific argument: which is superior – big things like planets, or small things like proteins! Or why not try The biggest science quiz show EVER (12 Feb) with Prof Ben Garrod and Mark Thompson? Grab your friends and family and head along to this fun-packed show packed to the brim with explosive chemical reactions, answers to some of life’s biggest questions, live experiments, audience participation and tonnes of fun science!

For adults, there are panels and talks on the science of heartbreak; the menopause; Long Covid; and a masterclass with a Wim Hof Method instructor. Boogie on the Brain (14 Feb) is a quirky evening of psychology, science and dancing where you’ll need your dancing shoes! The Cosmic Shambles Network bring their Nine Lessons (17 Feb) to Norwich Science Festival – a special science cabaret show, hosted by Dr Helen Czerski with special guests including Dr Adam Rutherford, comedian Bec Hill, geoscientist Chris Jackson and music from Soft Lad (from Self Esteem). Expect weird science, quirky facts, lots of laughter and a great night out!

Plus, there’s a special headline event with Bonnie Garmus (17 Feb) – her bestselling novel Lessons in Chemistry tells the story of genius chemist Elizabeth Zott and her struggle against sexism in the science world of the 1960s.

Norwich Science Festival is presented by The Forum, Norwich, in partnership with many organisations across the region, including University of East Anglia and Norwich Research Park. Sponsors include Vattenfall, Gresham’s, Norwich School, Chantry Place, Pensthorpe, Breakwater IT, Briar Chemicals, Veolia, Chapelfield Veterinary Practice and Howes Percival.

To see all Norwich Science Festival events and book tickets, visit www.norwichsciencefestival.co.uk.

Leeway is delighted to announce the appointment of Jools
Ramsey-Palmer as the charity’s new permanent Chief Executive, following an
extensive recruitment process.

Jools brings a wealth of experience to the role, having
previously held leadership roles, most recently as Chief Executive of Ipswich
Housing Action Group and in roles at Solace Women’s Aid.

Leeway’s new Chief Executive
will officially start her new role on Monday 10^th November, with a phased start and
induction process through October.

Brenda Horner, Chair of Leeway’s Board of
Trustees, said: “We are delighted to welcome Jools to Leeway
as our new permanent Chief Executive.

“It was a tough recruitment process, with lots of excellent
candidates, but we were impressed with Jools’ experience and vision, which we
believe will help to guide Leeway into an exciting new chapter.

“Having recently celebrated our 50^th
anniversary, Leeway is looking ahead and looking at ways in which we can
continue to futureproof and diversify the important services that we
provide.” 

Jools Ramsey-Palmer, Chief Executive of Leeway,
said: “I’m excited to be joining the Leeway team as Chief
Executive. Leeway is a fantastic organisation with a rich history of delivering
high-quality services to those experiencing domestic abuse in Norfolk and
Suffolk.

“I’m looking forward to building on the excellent work
already being done across the organisation, as well as looking at ways in which
the charity can continue to grow and meet the ever-changing needs of service
users.” 

The appointment of a new CEO marks a new chapter for the
specialist domestic abuse charity, which supports over 17,000 people across
Norfolk and Suffolk every year.

The charity delivers advice and support, safe accommodation
services, support for children and young people experiencing domestic abuse, as
well as support for high-risk victims in Norfolk and Suffolk. 

To find out more about Leeway and the services that the
charity provides, visit www.leewaysupport.org. 

LastPass Advice

Are you aware of the recent LastPass security incident?  That your password “vault” may have been in the hand of attackers?  Have you seen some of the news but aren’t quite clear on what it all means, or importantly, what you should do now?  Are you looking for some clear advice?  Read on.

If you’re reading this article, I’m sure you’re aware of the recent LastPass data breach. In addition to the information publicly released around this incident from LastPass themselves, there is some really good additional information available based on analysis from a number of security experts, many of whom have a detailed understanding of encryption, as well as the specific architecture and process is used by LastPass. A number of these security professionals have also conducted their own testing and documented their findings.

A lot of this information is very technical in nature. This article seeks to utilise the information available to provide concerned LastPass customers with some practical, balanced guidance on what you can do to minimise the risks associated with this incident.  If you want to understand the finer detail around what feeds into this advice, I’ll reference and credit the relevant sources at the end of this article.

The purpose of this article is not to pass comment or judgement on the LastPass product, processes or how they have dealt with the incident, or to recommend alternative products which may or may not be better (there’s always multiple factors to consider here).  The over-riding aim is to clearly present the potential risks associated with this incident and to provide you with some easy-to-follow advice on how to analyse your level of risk, and sensible next steps to take.

The official line from LastPass

So firstly, let’s recap briefly what’s happened, as per the information released by LastPass:

• In August 2022, LastPass advised that an unauthorised party gained access to some parts of a development environment and extracted some code and technical information. At this point, LastPass indicated that they could see no evidence of access to any customer data or password vaults
• In September 2022, LastPass issued an update on the above incident following conclusion of their investigations, and again stated that they saw no evidence of access to customer data or encrypted password vaults
• At the end of November 2022, LastPass issued a new communication informing customers that using information obtained in the earlier incident, an unauthorised party was able to gain access to “certain elements” of customers information
• On 22nd of December 2022, LastPass issued an update to the above communication. In this communication, they stated that they had determined that the unauthorised party was able to obtain a backup of customer vault data. This communication contained a great deal more information than the previous statements by LastPass.

You can read all of the communications from LastPass outlined above in the LastPass blog, here:

Key points to know about the LastPass Incident

Based on reviewing and interpreting all of that, along with detailed analysis from other sources, here’s a few key things to know.

• LastPass haven’t specifically stated whether all customer LastPass vaults have been compromised or whether a subset of customers vaults were affected. We have to therefore assume that is all of them.
• The data that has been compromised is referred to by LastPass as “password vaults”. Vaults contain a whole host of information. Usernames and passwords, along with some other data is encrypted, however not all of the data within these vaults is encrypted.
• The data that is not encrypted, which includes information such as URL’s for websites you visit, can be used straight away to determine which sites and apps you use, and what you have passwords stored for in your vault
• The data which IS encrypted may be temporarily or permanently inaccessible to the attackers. Their ability to decrypt this, and how quickly they might be able to do so depends on a number of factors, a critical one being the strength of your Master Password at the time the vault data was obtained
• The attackers have an offline copy of the data that’s been compromised. This means a few things:
• Changing your LastPass password now will not affect their ability to access the information that they’ve obtained (although it does prevent them accessing your data online in the future)
• You, and LastPass have no control over the data that’s been extracted
• The attackers have as long as they need to utilise the unencrypted data, and decrypt the encrypted data
• Whether or not you have Multifactor Authentication setup for your LastPass account (and you absolutely should have) actually makes no difference to the ability to use the offline data. It does however limit the ability to access your data online if the password is obtained.

How at risk am I from the LastPass incident?

As with most security tools, the overall level of security they provide is a combination of the tool itself, and the decision you make.  If anything demonstrates that point, this incident does.  The level of risk therefore is different for each LastPass user.

The key questions you need to consider are (answer these as of August, i.e. the point the data was obtained):

• How strong is your Master Password?
• Have you used your Master Password for anything else?
• Is your Master Password similar to other passwords you might have (e.g. do you have a word which you commonly use as part of your password with slight variations across different accounts)?

The questions above all have a bearing on how long it might take to obtain your Master Password (using various different methods) and use it to decrypt your data.

Then you need to consider the data itself stored within your vault.  This is mainly sites/apps along with their usernames and passwords, but could also include bank account and card details, notes, PIN numbers, names, addresses, personal/sensitive information that you stored in LastPass to “keep safe”.  Key questions here are:

• Are the site passwords stored within my vault strong, unique passwords, or are there weak and/or reused passwords?
• Which sites/apps stored in my LastPass vault have MFA configured and which do not?
• What sensitive data (apart from usernames/passwords) do I have stored in LastPass and what could an attacker do with it?

As you can see, there a number of questions to ask yourself which will help determine how at risk you are.  This list is not exhaustive.  You can probably determine largely how these fit together.  For example:

If your Master Password is the same as you use on other sites, and is weak, and you don’t have MFA on your Gmail account (with the password stored in LastPass) – HIGH RISK

Strong, unique Master Password, no weak of reused passwords in the vault, MFA setup on anything containing important data – LOWER RISK

You get the idea, but there are a lot of inter-relating factors to consider.

Action Plan & Priorities

So, this is the piece that you’re probably here for – what do I need to do and in what order – what are the priorities?

This will vary depending on your risk, so I’ve tried to create a list which helps you both assess the risk and act accordingly.  I’m not going to attempt to explain in detail the rationale behind the order, but if enough people are interested, I may do a follow up video to explain it.

View the process on slideshow 1

Note that this process has been written specifically for stored passwords.  For other items such as secure notes, follow the same priority order depending on what information  was contained in the notes.  If you stored bank card information such as PIN numbers or CVV codes, particularly if you did not have a strong Master Password, it would be wise to change PIN’s or order new cards (in the case of CVV codes).

Additional actions

• Be extremely vigilant and on the lookout for phishing emails for ANY accounts that you had stored in LastPass. This is because URL’s (website addresses) of the accounts stored in your vault were NOT encrypted. Over the coming weeks and months, it is highly likely that targeted phishing attempts for sites which may well include reference to the LastPass breach or attempts to gain access to your account will be common.
• You may wish to consider changing your password manager or changing how you authenticate applications and websites by using Single Sign on or newer passwordless technologies. If you do decide to move to a different password manager, do your research and/or take some advice on this – don’t just move to “another” password manager as it may or may not be better for you depending on a whole bunch of factors.
• When implementing MFA, consider more secure mechanisms such as hardware tokens
• If you are using websites or apps that don’t support MFA, consider how seriously these providers take the security of your data, and whether you should continue using them
• If you have One Time or recovery passwords setup for accounts in order to gain access if you forget your password or lost access to your MFA token, I would advise updating these when you change your passwords
• Remove any accounts/password that you are no longer using (make sure your accounts for the sites are de-activated and data deleted)
• Educate yourself further. No matter how much we might know about security, we can always learn more, and things change constantly. There are lots of resources out there, and lots of people and organisations who can help, much of it free.  Visit the National Cyber Security Centre website.  Join your local Cyber Resilience Centre.  Reach out to a security professional.  Above all, take responsibility.  You can’t just leave it to someone else – however “secure” their solution might appear to be on the surface – as this incident has highlighted.

References/Credit

The following people and articles were most helpful in putting this article together, through either direct assistance/review or just posting/sharing their knowledge which was useful for researching, and I would like to thank them all.

Daniel Card

Greg Ford

The CyberScale team

https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

https://infosec.exchange/@epixoip/109585049354200263

Meeting like-minded business people in a friendly and informal  environment is a fantastic way of making those all important business contacts. MENTA’s networking event, Coffee Means Business returns to The Feathers Hotel, in Holt on Tuesday 18 June when sole traders, freelancers and company owenrs and staff are welcome to meet up over coffee and biscuits.

Leanne Castle of MENTA will host the event and comments, “Linking up, making new contacts cannot be underated in business, especially if you are someone who works remotely. Running a business can be a lonely place and to have the opportunity to meet others can lead to some great connections and sharing of ideas.”

“Our invited speaker will be Keith Osborne of Keith Osborn photography who will be sharing his thoughts on why we need proffessional photographs to reflect our brand.”

MENTA’s Coffee Means Business events don’t require a membership or joining fee, just £5pp payable on arrival. The event on Tuesday 18 June at The Feathers Hotel at Holt starts from 9.30am and finishes at 11.30am (it is fine to arrive later, or leave earlier).

For further details go to www.menta.org.uk and visit the events and networking tab or call 01284 760206

.