Blog posts written during February 2012

Sunday morning 26 Feb

Sunday Sunday, February 26, 2012 by Ian Pettman

Our apologies to those of you who tried to view our website on Sunday morning. This website its self was down. A possible cause was an overload of web requests (otherwise known as a denial of service attack). Under normal circumstances, even though our site is popular for a number of good reasons, it has very adequate resources to deal with normal peak demands (it can easily accommodate 10 times the normal peak requests). When this exceptional peak occurs in the early hours of Sunday morning something strange is going on. No data has been compromised. Other services were unaffected. We are looking into the reasons why this event may have occurred.

And your bank card PIN number is...

Friday Friday, February 24, 2012 by Ian Pettman

Research shows: if you can't remember your date of birth, then your bank PIN number is the least secure!

Actually expanding on this a bit, if you use your date of birth as a pin number, even though you may not have written it down to remember it, the odds are that its written on something in your wallet, bag or purse.

It turns out nearly a quarter of people out there, use their date of birth as their PIN number, and there by hangs a tale...

Ok hands up if you have lost your wallet or purse during your lifetime?  I was in my early 20s the first time and, not quite 20 years after that I did it again. Both times it did not quite go securely into my pocket. Once I got it back complete, the other time I got it back empty. Over the same period I've cancelled my credit cards (unnecessarily) at least a dozen times. Very few of us have a perfect memory. Remembering PINS is a pain and more than once over the years, I've had a craft moment (Can't Remember A F*****g Thing) when entering my PIN. Second time through and I stop, go away and have a real good think… oh yes its 5 3 rather than 3 5 (or whatever). Between phone numbers, Post codes, Car numbers (its really embarrassing when a Copper stops you and asks you the number and you can't remember it). It seems there is an exponentially increasing number of passwords our memories are stretched more and more.

So if you keep your debit card with your UK driving licence and use your date of birth as your PIN - that's where a thief will go first. If you didn't know, UK Driving licence serial number have a very thinly disguised date of birth in their serial number.

 A surprising number of people do use their DoB. Find out how many in this article here…

https://www.lightbluetouchpaper.org/2012/02/20/how-hard-are-pins-to-guess/

Here are some recommendations on how to secure your computer and phone based passwords, leaving only your pin number for the little grey cells.

https://lifehacker.com/5529133/five-best-password-managers

Setting up an Agency and VAT

Thursday Thursday, February 16, 2012 by Ian Pettman

There has been a ripple of reaction to the court ruling generally disallowing VAT on commission only for temporary staffing Agencies. This issue has no doubt resurfaced because of the activation of the Agency worker regulations.

At the end of last year Reed tried to take on HMRC over paying VAT on the commission element rather than the full invoice amount. Those of you that have been around long enough know that some agencies used to be able to pay/charge VAT on the commission element (only) of the Invoice.

Paying VAT only on commission would make a considerable difference to company's costs. It could reduce the VAT bill by in the region of 80%. In the end the ruling unsurprisingly was on the side of HMRC. This was one of those "invisible" taxation increases so beloved by the last Labour government.

The ruling simply revolves around the "principal" method of supplying workers. The principal is:

  • The Agency identifies a worker for a vacancy or post and has a contract to that effect, and as consequence has no further involvement in the payment of the worker for work done for the hirer.  
  • On the other hand, if the Agency does pay the worker: directly or via an intermediary company, then the VAT is payable on the full transactional amount.

 

Links which may be of interest

The Actual HMRC brief on payment of VAT for Agencies

 

Another EU directive on Privacy which could affect agencies

Tuesday Tuesday, February 07, 2012 by Ian Pettman

If you have stored any pictures on facebook, then had a second thought and "deleted" them, you need to understand that currently they are just hidden (and not very well at that). The link on your facebook page is removed, but the picture is still there. Anyone, friend or foe, who has kept a direct link to that picture (easily done in most browsers) will be able to see that unwanted picture at any time. They will then be able to copy them (this may be illegal: but if they are circumventing your deletion then that may not worry them).

Why is this of interest to you, if you are careful? Well if like us, you are very careful about images you display, but one of your friends isn't, then asking them to remove completely any image which for good reason you don't want others to see… just may not be possible at the moment. There is a link at the end of this blog post with more information.

The other side of the coin is also of interest to our customers.

Actually within our software, we employ a similar process to Facebook's deletion mechanism. It is very difficult and in some circumstance not possible by using the Ava programme itself to actually remove certain data. This is intentional. We hide data rather than delete it to preserve audit trails and ensure that important stuff cannot get accidentally lost, ie. Prevent the "O.M.G!" circumstance. Important data can be recovered, it's called peace of mind.

The data within our software is either private or only carefully exposed on the web (that is to say security and privacy measures are built in from the very start). This means it is very, very difficult to loose data and your business data is still very private and secure. Actually loosing data is almost impossible: if you have regular backups as well. But we are supplying software to keep your commercial data - your "intellectual property" aka "IP" private and secure. We take IP or intellectual property very seriously. We don't want either our software (code) or for example a list of your employees or customers email addresses and phone numbers to be available to competitors for any reason.

So this brings us to an initiative by the EU - yes another EU initiative. They are proposing an individual may request deletion of any data that a company holds on them. Where Facebook, Google, LinkedIn et al is concerned this seems all well and good. Quite simply an individual says - I dont want to use Facebook any more, please close my account and delete all my stored data.

However any such legislation needs to be very carefully framed. Removing personal data in the case of a staffing agency could prove very expensive. The following couple of considerations need to be taken into account:

  1. If data is backed up, then those backups would have to be destroyed, as by very nature they would contain a complete copy of the data.
  2. Rupert Murdoch and News International would probably be quite happy if they received such a request (authenticated or not) for a wide range of individuals and "consequentially" had to delete data legally.

As the Chinese would say we live in interesting times.

 

Relevant links which might also be of interest:

Nearly 3 years later deleted facebook photos are still online

Viviane Reding Vice-President of the European Commission EU Justice Commissioner Your data, your rights

The Information Commissioner's Office (ICO) Retaining personal data (Principle 5)

 

All your money belongs to them

Sunday Sunday, February 05, 2012 by Ian Pettman

And they don't have to ask!

None of us want to get fooled into giving away our bank details to Nigerians, Russian or some spotty but talented 15 year old just seeing what they can do with what is available out there on the big bad bandit's part of the Interweb.

It doesnt matter if we pride ourselves on keeping our anti -virus up to date and never having any complete (important) passwords stored in any one place. Or, if we are just average users who have come to use Internet Banking because its easy and convenient and the banks have encouraged us to use it because what ever its faults, its a lot cheaper for them to run than a local branch. Then this latest edition of the BBC news magazine "click" will be quite, but not entirely, comfortable viewing. Is your Antivirus on the left hand side (good) or right hands side (a bit of a failure)?

https://news.bbc.co.uk/1/hi/programmes/click_online/9692842.stm

full programme

https://www.bbc.co.uk/programmes/b01c12nz

Contact Information

To find out more about Ava solutions you can contact us in a number of ways:
Follow Us...