28 March 2017
Security Notice Regarding Faelix Registered Office
The Faelix Limited registered office was burgled. Entry was forced by destroying the locks to the building, and subsequently the intruders spent a long time going through the entire property. The burglars found little of immediate value, and we believe the risk to our customers is low:
all business laptops/tablets/phones were out of the office, which are in any case encrypted
computers, screens, and other “high value” business items were secured to the walls of the room, and are still in place
customers’ data is stored on servers which are kept within secure data-centres that are manned 24/7 with staff and guards
most of our business data is stored on the same servers, in the same secure data-centre locations (with the exception of hard copies of documents such as contracts)
we don’t have passwords written down in the office: they’re all encrypted in keychains, unlockable only with memorised passphrases
a backup of important cryptographic key material is itself stored in encrypted form, and kept in a high security safe; the safe key was with the technical director at the time of the burglary, and the safe is intact
no disks or other digital data assets from Faelix appear to be missing, and we have backups anyway
the CSI team has attended, taken forensic evidence, and Greater Manchester Police has opened an investigation
The only significant impact to Faelix is likely to be to our back-office administration: filing cabinets of accounts, contracts, and other paperwork are now in disarray. Our banks are aware, and we will be extra vigilant monitoring our accounts for suspicious or fraudulent activity.
We take our customers’ security seriously, and will always be open with our clients about any matters which could affect them. Therefore we wish to draw attention to “spear phishing” — a fraudulent con where the victim receives correspondence appearing to come from someone they know. In the case of business-to-business scamming this often takes the form of a request to change payment details, or a spurious invoice from an existing supplier. Frustratingly this robbery comes at a time when we really are changing bank from the Co-Operative to Santander, and that is clearly marked on our invoices and published on our website. Other than this account change, everything customer-facing about our business has been stable since incorporation. If you receive communication that appears to be from Faelix which is unusual — a change to payment terms, account information, request for a payment to be expedited to a different account — you would be wise to be suspicious and we ask that you call our office to confirm anything that seems out of the ordinary.
Other than this we anticipate very little disruption for our customers. We look forward to putting this distraction behind us, getting back to the real work, and helping our customers with their goals and objectives for FY2017 and beyond.
Please do get in touch by phone, email, or in person, if you have any questions lingering or if is anything else you wish to discuss.
Stay safe — reflect a little upon business continuity.
Marek Isalski, Owner and Technical Director