By Mark Hinkes, DPM.
Patient throughput is a pain point for many health care systems worldwide. In the US, when a patient with diabetes wants an appointment for foot care, they merely call the podiatrist’s office and ask for an appointment. Those patients who pay cash, have Medicare or PPO insurance (assuming the provider participates) usually have no problem with coverage. Those patients who have HMO insurance may not have the luxury to go “out of network,” and therefore may not be able to receive your care. Not only are there constraints on access by payor, but the time frame in which a patient may get access to care can vary. Several other questions for practices arise even after addressing payor issues. Is the patient new to the practice or requesting a follow-up appointment? When is the next available appointment? Is the nature of the visit emergent? In any case, access to care is usually achieved in a reasonable time frame.
In the US, we often take the ease of scheduling an appointment with a podiatrist for diabetic foot health care for granted. But scheduling an appointment in health care systems in other countries can be lengthy, complex, frustrating, and can result in unintentional tragedies. Some health care systems are not fine-tuned for patient throughput and patients with diabetes may become subject to a series of what might seem unreasonable bureaucratic steps that delay care. All too often, the delay in accessing care means that a problem that was at one time non-acute becomes critical and may require hospitalization or even result in an amputation.
Here is a story about a typical experience of a patient in a bureaucratic single-payor system that has a pain point with the issue of patient throughput. James is a 65-year-old male with type 2 diabetes and obesity. His blood sugars ran slightly elevated over many years and despite the recommendations of his primary care physician, he pretty much ate what he liked and used tobacco without regard to the long-term effects on his health. His attitude was quite cavalier. “Whatever it is, it won’t happen to me,” was his mantra. He lived a life of denial.
He recently developed a “sore” on the bottom of his right foot and only realized he had developed an ulcer when he saw blood and some exudate on his sock. Thinking the problem would heal itself in due time, he opted not to go to his primary physician, but instead to “give it some time to heal on its own.”
After waiting for a month, he realized the ulcer was not going to heal and in fact, a wound that was the size of a dime a month ago was now the size of a quarter and much deeper than he remembered. The development of redness and tenderness in his foot was the catalyst that made him ask for an appointment with his physician.
James lives in England and his health insurance is paid for in his taxes, so he, along with an avalanche of people, receive their health care from NHS England with no charges, deductible, or co-pay. Often times the demand for care is higher than the system is able to support and this is where patient throughput becomes an issue.
It is important to understand the cycle of events that James went through for an appointment to see a podiatrist. James first needed to get an appointment with his primary physician for an evaluation. That could take up to 14 days. If the primary physician felt unable to treat his ulcer, a consultation referral would be made by an acknowledgement letter (no phone call, no email, but by a letter!) to a podiatrist. Another 14 days could pass before acknowledgement of the consult request. Once identified as needing podiatric care, the actual appointment could be delayed for another 4 to 6 weeks. So, James could wait/in the queue for 8 to 10 weeks before he gets access to care. The longest a patient will wait from the time they are referred to the primary physician and before starting any podiatric treatment could be 18 weeks, or well over 4 months! (1)
James was eventually seen by a podiatrist and later hospitalized for treatment of his infected ulcer, which led to a below-knee amputation of his right leg.
The scenario James experienced has likely played out for thousands of people needing foot health care from NHS England. James was not alone. The most frustrating result of throughput issues is that patients are stranded in the queue and care is delayed. It is quite likely that had these patients been seen more promptly, their foot health issues may not have required treatment of complications requiring hospitalization, and in some cases amputations, both of which generate increased expenses.
The facts are that around 2 to 2.5 percent or around 60,000 to 75,000 patients with diabetes in England have an ulcer in any given week. There are over 7,000 lower limb amputations in people with diabetes in England each year, and the likelihood that someone with diabetes will have a leg, foot, or toe amputation is around 23 times that of a person without diabetes. Every year, approximately 8 out of every 10,000 people with diabetes undergo major lower extremity amputation (above ankle), and 18 out of 10,000 have a minor amputation (below ankle). (2)
While there has been significant progress in identifying at-risk patients and facilitating their entry into the system for medical care, NHS is working with one company who has led the way with a unique digital tool to facilitate patients’ throughput and more prompt access to foot health care. Their efforts have accelerated a change from using 19th century methods to a 21st century solution to one aspect of the problem of patient throughput.
To address the patient throughput issue to podiatry services that would lead to better access to care, NHS is working diligently to resolve the problem with Infotex, a London based digital health company. Infotex designed a digital self-referral tool for patients who would like an appointment with an NHS podiatrist that literally lets them skip the process of an appointment with their primary physician, saving 28 days of waiting time in the queue. The tool prompts patients to answer a series of questions and asks for a photo of their foot. A podiatrist at NHS reviews the documentation and decides on the nature of the foot problem, the immediacy / necessity of care, the type of care needed, and the location of the care.
The Infotex tool thus facilitates patient throughput by removing one time-consuming step in access to care. It expedites care by directing the patient’s request for foot care directly to a podiatrist who evaluates the request and refers the patient to the appropriate provider. It will be interesting to see how this tool impacts patient outcomes in England and what other countries, like the US, can learn from its results.
Dr. Mark Hinkes is a Doctor of Podiatric Medicine who recently retired from clinical care after 40 years’ service. 20 years in private practice in Miami, FL and 20 years at the Veterans Affairs Medical Centers. In Nashville, Tennessee he served as the Chief of Podiatry Services and Director of Podiatric Medical Education. He has been the Chairman of the Preservation Amputation Care and Treatment (PACT) Program for over a decade.
1. Personal communication with Deborah Keating, Head of Sales, Infotex
2. Improving footcare for people with diabetes and saving money: an economic study in England (PDF) Diabetes UK. Available here . Published January 2017. Accessed April 20, 2022.
We launched Infotex UK Systems just before the COVID-19 hit. We were excited about its potential to support the NHS at the time but throughout the last 2 years we have really been able to explore how critical well designed, value for money systems will be for trusts and CCGs\ICSs.
The NHS is ramping up its focus on digitising itself, its staff and providing better channels through which patients can engage with practitioners and also help determine how best to manage their care.
The expectation is that as a result of the epidemic, all technology will see a jump forward but that any used within the Healthcare Industry will see a more poignant increase in pressure to deliver.
With this in mind, we are excited to be attending a number of key shows across the year so we can purposefully engage with operations and administration leaders to understand their actual and specific needs and challenges. Though we have gained enormous information through careful research, the best way for us to deliver value is to speak directly with those looking to improve their systems as each team and trust have such a vast range of requirements and challenges (even if they can broadly be categorised together).
We next plan to attend THE HEALTH PLUS CARE SHOW, in London on the 18th-19th May.
It is FREE to attend for healthcare professionals, you can find the show guide and other details at healthpluscare.co.uk/digital.
The show will cover 4 key areas;
Topics we hope to explore include:
We are looking to speak to anyone that is working in the healthcare sector that would like to share their thoughts and experiences of patients facing AND internal administration systems so we can better meet the needs of patients and the CCGs\ICSs we hope to work with.
Get in touch if you would like to chat either online or in person!
“The Healthcare Show in 2022 provides that long-awaited opportunity for the NHS to come together to reflect, respond and re-organise in the face of the monumental challenge it has endured over the past two years.”
www.healthpluscare.co.uk
Want to arrange a meeting at the show or find out more about our systems? You can reach the team at:
debbie.keating@infotex.uk or via LinkedIn
alex.rawlings@infotex.uk or via LinkedIn
We hope to see you there!
To find out more about our healthcare solutions please visit www.infotex.uk/healthcare-systems or contact us for a brochure.
We’ll also be at:
Google Analytics is a (usually) free web tracking tool, and the most popular visitor analytics service. It tracks users across websites it is installed on, and provides data on how people are using and interacting with the site. The majority of websites that use Google Analytics are using Universal Analytics.
In October 2020 Google launched Google Analytics 4, and in March 2022 Google announced that Universal Analytics (sometimes called GA3) will no longer process new data from 1st July 2023. This leaves just over one year to make the transition to Google Analytics 4. After this date, Google’s analytics solution for websites will be Google Analytics 4.
Google Analytics 4 marks a large shift in terms of both measurement and reporting moving from session based to event based. The new version is cited as privacy-focussed, as it will eventually become a cookie-less solution and as standard has IP anonymization on by default. It will also utilise machine learning to fill in the gaps of web users who opt-out of cookie tracking and help make predictions on your data.
This change in measurement from session based to event based means much of the existing reports and metrics in the current interface are either removed or replaced. Don’t expect to see the same reports that you’re used to. While some data is lost from moving away from session based data, the new event model includes certain events being measured automatically including scroll tracking, outbound clicks (clicks to other sites), file downloads and video engagement.
In the period between now and July 2023 we are recommending sites implement the new GA4 version of Analytics and run this in parallel with their Universal Analytics. This gives a window of time to not only get used to the new version, but also to collect data to allow date comparisons for reporting. If you’d like to get a taste of what the new Google Analytics 4 reporting tool looks like you can access Google’s Demo Account.
Currently, GA4 feels a little way off from becoming the web’s primary analytics tool but we expect to see it grow in functionality and popularity as the July 2023 date nears. However, GA4 is the next generation and in 2023 and beyond it’s a tool we will all be using a lot more.
If we’re working with you on marketing and reporting and you’re not already on GA4, we’ll be in touch to discuss making the transition. If you’d like more information about GA4 or to discuss getting started with GA4 on your website, please do get in touch with us.
The year is 2019, Coronavirus is not yet a global issue but one business is about to start its own epidemic. A widespread contagion for fitness fever around Suffolk…
When Luke Read and his Airborne Fit team came to us that year with their vision we built a website to best match that and their brand which all parties were delighted with.
Two and a half years later, their business and market sector, like many others, has vastly evolved. It became quite obvious that their website and brand no longer matched who they are and what they’re really about.
With that in mind, and after various meetings with the client, we amended the current website to create a sleeker and simpler look. We adjusted its focus towards the warm, team spirit which Airborne Fit strives for, while also keeping an element of passion and hard-work across the site.
The new and improved website is now live and the most notable changes include:
It’s been a pleasure working with Luke and Michael at Airborne Fit on this website refresh project and we believe the changes have really helped achieve the new image they came to us for. Take a look for yourself!
“Infotex were brilliant from start to finish with redesigning our website to reflect the change of look and feel we wanted post-pandemic. Communication throughout was brilliant, they listened patiently to our aspirations for it, fed-back creative ideas we hadn’t thought of and brought our ideas to life to deliver a final product that mirrors exactly what we wanted. We now have a website that is dynamic, yet feels totally personable, clean and simple to navigate. Thank you guys.”
Michael Jennings – Airborne Fit
If you have an existing website that needs a refresh, please do get in touch. Whether you’re an existing client or someone looking for some new specialist website support, we’re more than happy to help!
Woodbridge School is a local independent school in Suffolk offering pre-prep, prep, senior school, and sixth form education. The school is deeply embedded into the community of the town of Woodbridge, and is part of the Seckford Foundation – founded in 1587 by philanthropist Thomas Seckford.
Woodbridge School recently approached us to take over the hosting and ongoing support of their lively website. We initiated the takeover project with an audit and health check of their site to ensure everything was in order, and now we continue to support the site’s security and functionality, including supporting their ongoing marketing via social media and landing pages.
Like the proactive staff and students, their website is a busy one! It is always being updated with news, events, and information to keep all of the members of the Woodbridge School community updated with everything they need to know.
To learn more, you can visit the website or sign up to their Open Day, Saturday 24 September, 10am- 3pm, where you can take a tour of the school, speak to staff and students, and meet the headteacher.
“It is great to be working with Infotex and their real technical competence for maximising the value of our website”
Gemma White – Director of Admissions, Marketing and Communications
A wise advisor, someone I admire and respect, once said to me “Strategy is What Happens, not what’s Supposed to Happen”. What Has Happened to our offices is, perhaps, just such an example.
In 2020 we made the decision to close our small London office, amidst the drama of the pandemic and lockdowns. This week we have said a final goodbye to our head office in Melton, Suffolk.
Riverside House has been our home for just 5 years, 2 of which have been lost to the pandemic. But we have always had our head office in Melton since 2004, so this is a big change.
We have opted to make working from our own homes our default mode, with flexible hours to boot, but we are aware that this will have consequences, so we see this as an evolving story.
The abruptness of the pandemic jarred so many businesses into adopting, at scale, remote working practices that have been in place for years. In Infotex, as in many businesses, we had already been working for a long time remotely with clients and staff across the world, on Hangout, Teams, Zoom and Skype, with all of the benefits.
Scaling this up to become the default taught us about new positives. For our staff who have always worked remotely from “the office”, having everyone on the same level has resulted in a new closeness within the business. Our daily chats mean that all of us see and hear more of each other than we used to, and our teamwork has improved through the flexibility of being able to make up teams so flexibly (although we tend not to use Teams, preferring Google Meet for its immediacy).
Having overall responsibility for the business, I feel more connected to all of our team of 25 than I ever have. Maybe that’s a damning indictment of how I was doing things before! Or maybe I am deluding myself. Certainly, this sense of connection has made me eager to find the ways and means to spend more time actually together. So far, we have had three 2-day “gatherings”, where the whole company works in one location. These have all been enjoyable, and constructive and important for our business. Now that we no longer have our building, we are free to roam. Our next gathering, in June, will be in Portsmouth. This is a welcome relief to our minority “Staff in the South”, who are relieved not to have to journey to Suffolk this time. It will no doubt invoke a nautical theme, and plans are afoot to visit the historic dockyard.
In the meantime, like so many other businesses, we are free to meet with one another and our clients in a variety of locations, many of them regulars. Serviced offices and workspaces offer the ideal answer for providing us with stimulating and enjoyable working environments when needed. For some of us, having somewhere to go is beneficial and needed, so this option always remains available to us all. But not being constrained by a rigid structure is an important step forward and feels like a step forward.
Propelled by events, we are following a new strategic direction, which is modern, flexible and resilient, and fills us with confidence. But it wasn’t supposed to happen.
The practice of logging into services, also known as authenticating to them, has been around since the 1960’s and in many ways not much has changed in the last half-century which, given the pace of development within IT, is quite staggering.
Even today for most purposes you will simply be asked for a email address and a password. Is it right for that to still be the case?
The problem is that email addresses are relatively easy to find or guess, and people are not very good at generating strong, random passwords. Indeed, all too often a password is little more than a word – perhaps your cat or dog’s name. When lists of passwords actually in use are revealed they all too often have entries like “123456”, “qwerty” & “password” filling the top slots.
Back in the 1960’s the volume and value of data protected by these passwords was relatively low, where it is now quite possible (albeit bad practice) to use the same password across multiple sites. Many of these sites are not administered to the same security standards that we expect from our banks and government bodies, so logins stolen from an insecure website can be used on more secure systems.
So, how are companies increasing security on logins to their sites? There is a computer science theory that a “factor” for authentication must be one of the below:
With a standard login, only knowledge is required, but by adding additional ‘factors’ security is increased. One of the first forms of 2-factor authentication (2FA) was when, in the early 2000’s, credit cards went from a simple swipe to “chip & pin” – thus they changed from a single factor of card possession to 2-factor – possession of the card & knowledge of the PIN.
You may have noticed that more recently a similar change was made when purchasing online via a card as you are now sent a text message to add Possession to the existing Knowledge of the card number.
This is a perfect example of where 2 Factor Authentication (2FA) becomes Multi-Factor Authentication (MFA) as there are scenarios today where all 5 factors are actively being utilised.
In the background the card providers are also doing location checks, i.e. if you purchase an in-store item in London and Manchester within a half an hour, the latter will generally be declined as banks know that it is highly unlikely you could have travelled that distance. This has been refined to the extent that I personally had an online banking transaction blocked a few weeks ago because I used a different broadband connection/device combination that had not been seen on my account before despite using 2 other valid factors to log in.
Using text messages is a very simple and ubiquitous way to provide a 2nd factor, however, security weaknesses in the text message system have reduced the security industry’s recommendation of this.
With the prevalence of smartphones you may now find yourself being asked to use an app to generate the multi-digit one time code, that when combined with the date and time generates a series of numbers that changes every minute as a Time based One Time Passcode (TOTP) as a way of proving Possession of your phone.
Google Authenticator was the first popular app to embody this very simple yet elegant technology that doesn’t even require the phone to be connected to the web (aside from downloading the app initially).
There are other competitors such as Microsoft Authenticator, LastPass Authenticator and some banking apps which work the opposite way in that the website instead sends a challenge to the app on your phone asking for confirmation that you are logging in and requiring your fingerprint to complete the login. This sends a confirmation back to the website, and you are effectively using 3 factors to complete the login: the username/password combination as Knowledge; phone as Possession and the fingerprint as Inherent.
The question that I’m sure many will still ask is whether all this extra effort is really justified?
In 2019 Microsoft research concluded that 2-factor authentication would prevent 99.9% of the over 300 million daily automated login attacks on their platform.
Google similarly concluded that their use of phone-based authentication prevented “100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks”
In the case of systems like Microsoft Authenticator and Google 2-step verification, having your phone popping up asking you to verify your login unexpectedly also provides early warning that someone has just breached your password and that you need to reset it – suffice to say if it pops up unexpectedly never, ever, approve it!
2-factor and multifactor logins are good techniques to improve security which you should be employing wherever practical (for some certifications such as Cyber Essentials it can even be a requirement) but this should not replace the need for your actual password to be strong (i.e. containing upper & lower case letters, numbers and punctuation) and unique as it still remains your first form of defence. You also need to ensure that you keep these additional factors current so when you upgrade your phone ensure to migrate any authenticator apps, if you are going overseas consider whether any services you will need have been locked to your country.
Most website administration areas don’t yet require 2-factor or multifactor logins, but this is gradually changing. WordPress has plugins that can add this capability, so if you would like it added to your site for additional peace of mind please speak with us.
So when you next log in to a site ask yourself whether you can add 2FA to your existing account. You might be surprised, Google, Microsoft, LinkedIn, Facebook, Twitter all offer 2-factor login free of charge.
It has been a year since we launched the website for local wedding venue Houchins. And what a year it has been!
The UK Weddings Task Force has estimated there will be a staggering 350,000 weddings in 2022. That’s almost 960 weddings per day in the UK! There is an estimated £14.7bn direct spend on weddings every year and more often than not, a huge chunk of the wedding budget will be spent on the venue and services tied to that.
Houchins, an Essex based wedding venue is an elegant wedding venue with stylish grade 2* listed farmhouse accommodation. Located in north Essex it has a rich history dating back to the 17th century. Houchins came to us to redesign and deliver a new website that would provide sustainable income whilst also ensuring their customers got a good feel for their style and excellent service. This was a strategic decision following the creation of the original site we had created several years earlier.
They host ceremonies and formal receptions for 150 guests and evening parties up to 180, with a range of entertainment areas on site, including the house itself – all of which have been beautifully designed to create a rustic-meets-traditional aesthetic. When approaching wedding couples, it is key to find a balance between delivering the core information (such as costs, terms and conditions etc) while elevating the experience the couple will have on their big day.
A critical part of our brief was to keep the couples and their special day at the heart of the design, using imagery and customer-centric site navigation to make the point.
A total of 320,000 weddings have been postponed since March 2020
Source: www.weddingstaskforce.co.uk
“During COVID, it was sensible to pause marketing activity, instead, time invested in learning more about customers needs and enriching the online experience for them when our venue was able to open again.”
Houchins have demonstrated remarkable resilience over what has been a very difficult 12 months (for all in their industry) but despite this, they have grown from strength to strength. We are delighted to have played a role in their success, and decided to look back on what we have been able to achieve with them.
Create an engaging website to capture leads, and the hearts of brides in the UK. We knew from previous experience that much of the search would occur online. As a start, we explored booking data and looked at the associated postcodes to make sensible decisions around design and potential marketing opportunities for the site.
Kris Parker, Project Manager for this re-design says “Our focus when building this new WordPress site was on mobile accessibility to suit the majority of users who use handheld devices, so clear calls to action to relevant pages are provided throughout.”
We were lucky to have access to some excellent photography which helped us boost the pathway to enquiry we needed to establish for the Houchins team.
“Infotex has been a key part in developing Houchins into a significant player in the Essex wedding market.” Adam Dixon-Smith – Owner
Our customer support team were able to identify key general trends in the marketplace and we saw this mirrored in the analysis from the Houchins website. Through this research we saw:
Keeping this in mind, we have continued to support the site and we were able to report an increase in user engagement, even before an increase in traffic as the result of improvements to the site.
Key improvements we have seen specifically in:
As part of our analysis to demonstrate site effectiveness, we ranked activity (based on pageview) across the site to build a picture for the client of the customer journey and sequence of questions the customer has in their head as they navigate. This allows them and us to better understand the behaviour of their potential customers and through this we can steer more positive and deeper engagement leading to higher conversion rates.
Infotex identified a huge uplift in visitors via mobile compared with traffic in 2019. The team at Houchins need to be able to make sure their content is accessible and engaging via the website for mobile visits as 67% of traffic can be attributed to this.
Through our rank analysis we can prioritise improvements to support and propel lead generating visitors.
We continue to support their marketing with Google Ads, Facebook Ads and other digital marketing activities, but we are more excited to see what 2022 has in store for the amazing team at Houchins and their lovely couples.
Visit: www.houchins.co.uk
It ensures our systems are up to date, secure and fit for purpose meaning our clients can rest assured that they are working with a business that is confident in its digital security. Plus, we have the hands-on knowledge to guide their security measures when we develop their websites and systems.
By having a clear picture of our organisation’s cyber security level, we can remain vigilant and keep ourselves ahead of any risk. Further securing our position as a reliable and trusted provider, particularly in the more heavily regulated industries and strengthening our position to further support larger government-backed organisations.
We signed up for Cyber Essentials Plus as part of our ambition to be transparent, accountable and authentically proactive for higher standards of security and support – meaning our clients can be confident they are in a safe pair of hands.
Our Cyber Essentials and Cyber Essentials Plus reviews were overseen by URM Consulting Services.
Why PLUS is different – self-assessment and independent review of our position
We decided to work to achieve the higher assessment level – Cyber Essentials Plus which ‘To achieve Cyber Essentials Plus, you must already be certified to Cyber Essentials. Gaining the extra qualification will also involve a technical expert conducting an on-site or remote audit on your IT systems, including a representative set of user devices, all Internet gateways and all servers with services accessible to unauthenticated Internet users. “
Working with Lauren and the team has allowed us to elevate our security measures and we can step confidently forward knowing we are in the best position to support ourselves and our customers.
We signed up for Cyber Essentials Plus as part of our ambition to be transparent, accountable and authentically proactive for higher standards of security and support – meaning our clients can be confident they are in a safe pair of hands.
URM’S assessor commented, “Infotex has a strong set of controls in place and an exemplary patching process where the organisation is applying the most up-to-date operating systems and system software which provides both security and stability.”
Richard Howlett, a Lead Developer at Infotex said ‘We are very proud of achieving Cyber Essentials Plus certification. Infotex has made some significant investments in its cyber security infrastructure and this external validation provides a clear demonstration to our clients and partners of our commitment to protecting the organisation from cyber-related attacks.”
Understanding the bigger picture, and the impact COVID and working from home measures have had in the background of businesses.
“The government reports that as many as two in five UK firms have experienced cyber attacks in the last year.”
Throughout the assessment process, we learned that many businesses have experienced issues similar to ours.
Martin Jones, who leads the Cyber Essentials Plus initiative commented “During the COVID-19 pandemic, a significant number of organisations have struggled to keep up-to-date with the latest patch cycles and security updates as the patching systems were kept on the local network. With many, if not all, machines being remote, the patches could not be applied effectively. Some organisations have relied on end-users to apply patches manually, but this relies on the users’ technical aptitude and conscientiousness.”
A significant portion of the effort surrounding mobilising our staff to effectively work from home was the proactive management of our IT kit by our talented and experienced staff members.
This was a key concern for our team, as our stability and security mindfulness directly impacts our clients and their business. We decided to boost our online resilience by taking the proactive steps to work with the team at URM Consulting Services to thoroughly assess our position, and take any necessary corrective steps.
“Infotex managed to keep their applications up-to-date despite the challenges being faced. They achieved this by applying updates remotely and by keeping the number of applications they use to a minimum hence reducing the effort required.”
If you would like to learn more about what we did, and how we can support your business – give us a call. Every project starts with a chat.
Infotex’s primary base of WordPress sites are not affected by this but do check your external systems.
First developed in 1995, Java is a popular programming language that you may be using without even knowing it! All Android phones are based on the Android Runtime which is itself a derivative of Java.
Java is a very structured language known by developers for embodying Object-Oriented-Programming methods and being platform agnostic, i.e. code written in Java will run equally well on Windows, Apple’s MacOS, Android phones and a plethora of esoteric platforms.
At one point it was commonplace to embed Java “applets” into web pages, however due to the power of Java this was found to be a very risky practice and modern browsers do not permit this.
In computing most systems output status updates for diagnostic purposes, some systems make these available to users while others hide them from public scrutiny by writing to logs thus allowing developers to understand what went on when something failed.
Log4J is a utility overseen by the well known Apache Foundation which is coded in Java and is designed to process log requests either from Java applications or third parties and can apply a raft of highly complex rules to understand when a status update is routine vs. critical in nature.
Because it is so powerful yet easy to configure, this has been used in a wide variety of purposes, both bundled with Java systems and deployed to process logs from other systems (one example might be to take web server logs and promptly raise a support ticket when certain classes of error occur).
There is a highly publicised bug in Log4j from version 2.0-beta9 – 2.14.1 which is technically known as CVE-2021-44228 but more commonly by the nickname “Log4Shell”.
This was announced on 9th Dec 2021 before its maintainers were even aware of it, it appears attackers had been taking advantage of it for at least a week prior and as such is given the “Zero-day” moniker and scores the highest possible severity rating of 10/10.
Basically, on systems not configured with formatMsgNoLookups, the vulnerability allowed an attacker to create a request which would be processed by Java’s Naming & Directory Interface (JNDI) and would cause the server to make an external request and potentially execute code provided by a third-party attacker. That’s about as bad as things can get when a system is intended to process logs that anyone can initiate in web scenarios.
There are already reports of attackers using this bug to run bitcoin miners earning money for the attacker on afflicted servers.
Fixes were provided by log4j’s maintainers in version 2.15 with a subsequent release to more fully disable potential attack vectors in 2.16.
The US Cybersecurity and Infrastructure Security Agency (CISA) estimates that there are hundreds of millions of devices that are (or were) vulnerable to Log4Shell.
Infotex’s core online platform is WordPress which runs on a PHP platform and none of our log processors run log4j, nor do our client servers have Java installed.
As such our primary base of client sites are not affected.
Since the news of this vulnerability broke on Friday our team reached out to a number of specialist suppliers who offer services (e.g. custom search facilities) to specific clients which could be impacted and have received confirmation from those suppliers that fixes are being, or have already been deployed.
We have also evaluated a number of tools that we use internally (Log4j is also in use on some desktop utilities although the window of opportunity for an attacker there is minute as those systems are not available for attack online) and we have installed updates where applicable for these tools.
We frequently recommend Cloudflare as a security & performance option to clients and it is worth noting that any websites with Cloudflare’s WAF deployed were protected from attack soon after news of this issue broke as they enabled an emergency firewall rule to block potential exploits.
If your website is managed and hosted by Infotex then the likelihood is that you do not need to take any action. If you have websites hosted by anyone else, then you will need to check with those respective hosts to clarify their position. You should also check that you do not have any vulnerable installations of Log4j on your desktop or devices within your business, as it can be utilised in desktop programs.
There are several resources online trying to pull together software vendors statements clarifying whether any updates are needed etc.
One such list can be found at: https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
Keeping your computers and website safe is a constantly evolving challenge and requires co-operation from all parties and this demonstrates the need to know who provides what and ensure that they are managing those systems effectively.
The winter of 2021 is going to be a particularly tough one for countless families across the country. Deciding to support Home-Start UK by taking on a mud run was one of the easiest decisions Infotex has made.
Back in October, the Infotex Home-Start team took part in the gruelling Whole Hog challenge. The eight-strong team completed a cross country run complete with 30-mud based obstacles, all in the name of charity.
Home-Start has been there to support thousands of families across the UK who have struggled with the difficulties of isolation, disability, mental health issues, bereavement, poverty, financial difficulties and multiple births, among others.
Thanks to the support of our family and friends, the Infotex Home-Start team managed to raise more than £2,500 to help the charity continue its much-needed work.
At 18 weeks into her second pregnancy, mum-of-three Katherine was told her daughter had Down’s syndrome. Three weeks later, she was told her daughter had a number of holes in her heart.
Her baby arrived at 35 weeks and spent her first month in hospital. That’s when Katherine’s health visitor referred her to Home-Start.
“Looking back, I was surviving on pure adrenaline. Everything else was falling apart, but I had my blinkers on – I could just deal with what was in front of me – everything else would have to wait. That included the house,” Katherine, 35, said.
“My health visitors referred me to Home-Start so I could get a little bit more help at home. There was always so much to do in the flat and I could feel the pressure building on me. To have someone come in and remove that pressure gave us the space we needed to focus on my daughter’s health needs. This was especially important because the gruelling feeding programme continued once we got home.”
The volunteer helped four hours a week with laundry and cleaning and stayed for a chat.
She added: “When you are in such an intensive situation, it’s really refreshing to talk to someone who isn’t emotionally involved.
“Our volunteer helped to ensure our eldest always had clean clothes to go to school in. Things that may have been missed with everything else that was going on. Looking back, I don’t know how we coped. But I do know that it would have been so much worse without Home-Start.”
Katherine’s daughter spent a further four months in hospital for heart surgery and the volunteer frequently called to ask if there was anything she could do to help. She also supported the family when the baby was discharged.
Katherine and her partner then fell pregnant with their third child and again, a Home-Start volunteer was there like clockwork.
“When lockdown happened and took away this support it was devastating,” Katherine explained. “Our third baby was just six months old. I also had a one-year-old, was home schooling a six-year-old, in a one-bedroom flat, and living with the after pain of symphysis pubis dysfunction which left me hardly able to move some days. The only aspect of lockdown I didn’t actually mind was not seeing people. I actually liked that part of it. My upbringing was hard. I don’t have happy memories of adults. “
She added: “During lockdown, Home-Start was very proactive in sending us activity packs to do. They’d often call to ask if we needed anything. My eldest got really into painting rocks after Home-Start dropped some off along with some paint.
“You can’t adequately convey the impact of Home-Start. Everyone has problems and everyone needs a helping hand, but Home-Start provides a hand, an ear and a heart. I’m so grateful to have Home-Start in our lives.”
For more about Home-Start and how you can help, visit www.home-start.org.uk
With Stripe’s Payment Link system you can quickly create a page for customers to safely provide their contact details and purchase. This could be used for selling tickets to a one-off event (with a fixed value), gift vouchers, or even for recurring subscription payments. As the name suggests, you provide a specific link to your customer which relates to a certain product. They go to that page, hosted on Stripe’s secure servers, and enter their details.
Customer’s can even pay via Apple Pay or Google Pay, making it a super quick way to checkout. Not only that, Stripe’s clear pricing model of 1.4% + 20p a transaction with no monthly fees makes it very competitive.
We’ve created a demo Stripe Payment Link example here, with the majority of features enabled. Note that the system doesn’t work like a shopping basket, you can only buy the product the link has been created for, so its not a substitute for an e-commerce store.
Firstly, go to stripe.com and register for an account if you haven’t got one already. At this point you can choose to use the ‘test mode’ to see if this solution will work for you, or if you’re happy to dive in select Activate Account.
Go to the Payments section of the Dashboard, and select Payment Links in the left hand navigation.
Select New from the top right to create your first link.
You’ll need to create a new “Product” to sell. This could be for a service or subscription you offer, or for a physical product. Click into the “Find or add a product” box then “Add a Product”.
In the popup complete the name of the product and the price. You can select either a One Time price, or one that’s recurring. Within the recurring options you can set the frequency of the recurrence, from daily up to yearly. Set up the pricing carefully as once you’ve created it you will be unable to edit it.
If you wish, upload an optional photo, this will show on the payment page so can be a visual clue to a customer they are purchasing the correct time. Images should be a jpg or PNG file smaller than 2mb.
Select Add Product to create the product.
Once you’ve created your product you’ll see a preview of the payment page on the right hand side.
There are a variety of settings you can customise for your payment link:
Use of promotion codes – Enabling this allows customers to use discount coupons. Coupons can be created as either a percentage discount, or a fixed value amount, and can be limited to a set period of time or total number of times it can be redeemed. These are created on the main Stripe dashboard under Products : Coupons.
Adjust the quantity they can purchase – This allows a user to purchase multiple of the product you are offering.
Collect customer’s addresses – Allows a customer to provide a billing and shipping address. If you select Shipping you can select which countries you wish to ship to.
Collect tax automatically – You’ll have to do a bit more configuration to get this working, detailing your business details and item origins, but once done it’ll auto calculate tax rates.
Confirmation Page – You can either show the default Stripe confirmation page with a custom message, or redirect users to a page on your own website. You can toggle the preview of this at the top right.
Once you’re happy with you page click the Create Link button at the top right. You’ll be presented with an overview of what you’ve just set, and the all important link button at the top, so you can view your new page.
You will likely want your page styled to match your brand, although the default styling is usable out of the box. To style your page go to the Cog icon at the top right, and select Branding. In here you can assign a logo, and brand and accent colours. These will then be applied to your payment page and email receipts.
That’s it! Copy the link you created earlier and share it via email or on social media posts.
It’s great that you’ve been able to take a payment, but most companies will want to do something more with the data once an order has been place. Stripe integrates with Zapier, a hugely flexible system that links different platforms together.
A popular integration is Google Sheets, so any order placed will appear as a new row. This means you can add additional information to them, such as tracking order status or delivery tracking codes.
For further information on linking Zapier to Stripe see their help page.
Discover how our team can help you on your journey.
Talk to us today