Ava Blog

Face-crook up to their old tricks again

Monday Monday, June 11, 2018 by Administrator

Any similarity between Face-crook and a well known social media platform is purely intentional!

 

Is Facecrook wilfully misleading people to gain access to their personal data? I received a message from someone I know as an email together with a "personal" invite to log in to Facecrook messenger and download it onto any devices I had. The message said it was a personal invite from them (twice). They said they had not made the invitation!

 

 

2018 06 11 19 32 40 Messenger

 

The legal framework for the information provided on a payslip is changing.

Wednesday Wednesday, June 6, 2018 by Administrator

The legal framework for the information provided on a payslip is changing.

If you work out totals from the hours and holidays then and just supply the total amount to your payroll package, be it Sage, QuickBooks or any other this will not be enough for a legal payslip.

Ours software has been compliant with the new legal payslip standard for the last two years. So if you want to avoid yet another disruptive upgrade our integrated solution is you answer.

Use this page to contact Added Value Applications the industry’s most cost effective Temporary Staff Management Solution

All these QWERTY GDPR emails what should I do...

Monday Monday, May 21, 2018 by Administrator

Don't open, (if you didn't already) just delete or mark as spam.

 

If you don't recognise the sender's name, delete the email without opening it. It is a little known fact that email tracking systems know when you open an email (to read it or to immediately delete it). The sender can then identify the email address that have sent that email to as being a "live" address with a person who opens emails at the end. Simply they were trawling for "live" email addresses. you will be added a someone who has expressed an interest in receiving emails from them.

GDPR video and probably the lowest cost solution including Payroll and Invoicing

Sunday Sunday, May 20, 2018 by Administrator

GDPR video and probably the lowest cost solution including Payroll and Invoicing

 

In case you were not aware BBC News has a program called “Click”. It’s a reasonably non tech and entertaining guide to tech. This week’s edition gives a light guide to GDPR especially relevant to staffing agencies.

 

Fines for data breaches are only limited by €10 million or 2% of the company’s global annual turnover (whichever is greater).

 

To sum up, by default you are required by the legislation to ensure that by default you give the highest reasonable approach to keeping peoples’ data (employees or workers) secure. Simply this is the approach adopted by Microsoft Data Centres. It’s why we use them exclusively. Unfortunately in our understanding these same levels are not automatically and historically implemented by Amazon Web Services or indeed local servers maintained by your (probably very expensive) IT guys.

 

We can provide GDPR compliance at a stroke and our current, fully automatically generated, payslips already meet the requirements for the upcoming legislation the new standard of Payslips as well.

 

Links you may find helpful

 

BBC Click guide to GDPR implications

Information Commissioners Office (ICO) blog

Upcoming Payslip legislation

 

 

General Data Protection Regulation (GDPR) enforcement date 25 May 2018

Wednesday Wednesday, May 2, 2018 by Administrator

Our services are hosted by Microsoft who were the first company to adopt and achieve the stringent ISO 27018 standard for GDPR. This is the standard for government organisations and suppliers to government organisations such as NHS trusts. Microsoft cloud services will include commitments to maintain GDPR compliance when enforcement begins.

Your “people” data comes into two categories.

  • People you have employed: in which case you have a duty to retain all relevant employment data for six years or possibly more.
  • Those whom you have not yet employed or will, for whatever reason, not employ: in which case you should obtain a limited agreement via your own terms and conditions to retain their application for a reasonable period in case they wish to reconsider. You must also delete all their data on their explicit request. You can (and probably should for transparency) publish these on an employee T&Cs page on your own web site listing the data you will retain (for example Name, Address, email, phone, dob, NI, date of application etc.) and that it can be explicitly deleted on request.

We are providing hosting for such information. As long as there is a valid agreement between us, we will maintain your data, backed up every 5 minutes (via Microsoft services) with what is acknowledged as the highest level of security available and reasonably achievable.

We are legally obliged to delete any Microsoft hosted data once such agreement is terminated by you. Microsoft requires that their services are paid in advance. It is therefore essential that your customer account is always fully up to date. Ceasing licence payments implies you have actively terminated your contract. If for any reason your account is not up to date (for example your bank is experiencing technical difficulties), you need to contact us immediately. Especially if you are a start-up we will do our best to help. We can only maintain your data as long as you are a current valid customer. This is a direct consequence of GDPR.

You can and should use the reports available to maintain copies of employment data.

 

How secure is your data? Here are links to Microsoft's extensive compliance with GDPR

 

Microsoft and Compliance with ISO/IEC 27018 personal data protection

Trusted cloud: more certifications than any other cloud provider

Microsoft compliance ISO/IEC 27001 Information Security Management Standards

 

The US Sentate hearing, Mark Zuckerberg, owning or running a staffing agency

Thursday Thursday, April 12, 2018 by Administrator

Zuckerberg to US Senate “Senator we run ads”. Ah: the truth, the whole truth and nothing but the truth the American way!

 

Senate And Zuckerberg

 

Zuckerberg smirks after answering “How do you sustain a business model in which users do not pay for your services?”

Zuckerberg to US Senate “Senator we run ads”

The Senator missed the chance to ask what was the basis of the value of the ads, and more importantly did this value rely on them being targeted in a highly specific manner?

 

So how is this relevant to someone owning or running an Agency?

So how much can Facebook know about your company (that you probably dont want them to know)?

For example for a typical Temp Agency: can Facebook have a reasonably complete list of your current and past workers, their names, email addresses and  phone numbers. Oh and commercially sensitve information like where and when they worked (your customers and their addresses)?

 

This article will explain how your prized company data is for sale on the internet and it’s going to be very easy to understand.

There are three aphorisms that apply to the current Cambridge Analytica and Facebook saga.

  • Knowledge is power.
  • If the service is free then you are the product.
  • It’s not what you know, it’s who you know.

Mark Zuckerberg has an acknowledged; some would say impressive and admirable record of pushing the boundaries on the use of freely supplied personal data to generate substantial wealth. Up till now those boundaries have been virtually non-existent.

Would this worry you if your employee list or customer list were legally for sale?

Well it is and as we will shortly see, it’s not limited to Facebook. All social media apps such as Facebook messenger, WhatsApp (also owned by Mr Zuckerberg), or competitors like WeChat, Line, Viber, KakaoTalk etc. can distil these lists.

How is this possible? As a temping agency, your employee list is basically your asset list. It needs to be protected.. Ok so your IT guys have assured you that your company data is on a secure server behind a firewall, password protected etc. They are not lying. Your company may not have been hacked (in the traditional sense). Zuckerberg et al (and you can pay to be Mark’s friend) still have these lists and they are easily and legally purchased on the internet.

 

So how do these lists become available?

Let’s take two simple and personal examples.

The other day I was looking for a new event location. I entered the details on my phone and Google very helpfully came up with a map. The Android app asked me if I would turn on location access to guide me there. I did and it did, straight to the (enjoyable) event. The kicker is the next day I was having a meal out and Google popped up and asked me to rate the “Loch Fyne Seafood & Grill” restaurant. So Google knows where by name (and when) I visit, my name, my mobile number and my email. This could equally be where someone works on temping assignments. So in that case they have a list of the customers where that person worked as well. It’s simple to distinguish or filter out the “eight hour” shifts from the coffee shop / restaurant visits, going to the shops or visiting friends at (private) addresses, probably one line of code: (WHERE Location.PropertyType = “Hospital or “Care Home” or PCT” and LengthOfStay more than 4 hrs).

Example 2. The other day I was driving to another event. I was stopped at a traffic light, in “Park”, engine off and I put my finger on the menu of my iPhone. The phone “said” you will not receive alerts whist driving. Clever when you think about it, but easy if I am moving a 50mph along a road then the phone can figure that out. Except in this case I did not turn on location services, they are on by default.

So if someone has an Android or an iPhone, then where and when someone works is “freely” available to any app they have installed. Add this to the other data about the phone owner “et voila! As the French would say” Name, Address, email (security checks) address, correct name, employment history.

If you use Facebook, Facebook messenger or WhatsApp to message your staff, then Mark Z knows a list of your staff without actually reading the messages. (There was not any in the two examples here).  He already has an email, phone number, proper name etc. assuming he can put two and two together.

Facebook is actually more powerful than a simple list of your employees, addresses, phone numbers. By simply repeating the analysis over time, they can find those people that move jobs more often. Those people that like cats, those that like dogs, gardening, music, knitting etc..

 

So is liking cats and dogs important?

It’s simple to have an advert with an apparently irrelevant picture of a cat, dog, flower, band, ball of wool etc. and an appropriate phrase: “Want more time for your cat, dog, gardening, apply to xyz agency”. How much more likely is it that the targeted person will follow the link in the ad when it contains something about their favourite hobby or pet? They have just had their favourite interest or love spot massaged. How much more likely is the subsequent approach going to be successful?

So in your workers “regularly updated” Facebook privacy setting, how important is the fact that they like cats? That’s not important? Just Google “cambridge analytica personality test” because it goes much deeper than that.

Actually all this is not news. What is current news is that Politicians just have woken up to the fact that using these actually very simple tools for direct news, fake news and adverts, nerds in offices have more power and control than the politicians themselves.

What may also be news to you is that your company data is equally at others fingertips and for sale. What may also be news is how simple this is in a connected society.

 

Almost the bottom line

This is why Facebook encourages everyone to download the Facebook app on to their mobile phone. It is a mine of personal information. That is mine as in treasure trove, not mine as in personal possession.

 

The bottom list is taken from the Google play store Facebook App permissions list. Some like making the phone vibrate are innocuous, others... not so much!

Links you might also find interesting:

 

Facebook says that, even if I limit access to my interests, it will still show me ads based on the following (including location)

UK Businessinsider: how to control your data on facebook like mark zuckerberg says you can

What is the secret behind mining this data also known as  "traffic_analysis"

 

The Facebook app demands access to and will mine your phone for data regarding:

 

Device & app history
    retrieve running apps
Identity
    find accounts on the device
    add or remove accounts
    read your own contact card
Calendar
    read calendar events plus confidential information
    add or modify calendar events and send email to guests without owners' knowledge
Contacts
    read your contacts
    modify your contacts
Location
    approximate location (network-based)
    precise location (GPS and network-based)
SMS
    read your text messages (SMS or MMS)
Phone
    read phone status and identity
Photos / Media / Files
    read the contents of your USB storage
    modify or delete the contents of your USB storage
Storage
Camera
    take pictures and videos
Microphone
    record audio
Wi-Fi connection information
    view Wi-Fi connections
Device ID & call information
Identity
Contacts
Phone
    directly call phone numbers
    read call log
    write call log
Location
    precise location (GPS and network-based)
Identity
Photos / Media / Files
Storage
Other
    download files without notification
    receive data from Internet
    adjust your wallpaper size
    view network connections
    create accounts and set passwords
    read battery statistics
    pair with Bluetooth devices
    access Bluetooth settings
    send sticky broadcast
    change network connectivity
    connect and disconnect from Wi-Fi
    full network access
    change your audio settings
    read sync settings
    run at startup
    draw over other apps
    control vibration
    prevent device from sleeping
    modify system settings
    toggle sync on and off
    install shortcuts
    read Google service configuration
    expand/collapse status bar
    reorder running apps
    set wallpaper
    reorder running apps

 

Ian Pettman is the managing director of Added value application which provides staff booking software which does not use social media for sending messages or appointments.

 

If the service is free then you are the product (or your agency is) a $60 billion question.

Sunday Sunday, March 25, 2018 by Administrator

If the service is free then you are the product (or your agency is) a $60 billion question.

This means trouble for your staffing agency i.e. Facebook harming staffing agencies? I think the answer is yes and I’ll tell you why.

This (you are the product) aphorism is well known in the Internet marketing world. One of the best known proponents of marketing your freely provided information is generally acknowledged as Mark Zuckerberg. Actually it does not matter: Facebook, Facebook messenger, Whatsapp, one of the other services he owns or one of his competitors like WeChat, Line, Viber, KakaoTalk etc. They all are based on the principle of selling your personal or business information that you have freely given them by using their services. You have assented to this by ticking the “I agree” box.

Even assuming none of these organisations actually read the messages going back and forth, if you communicate with your employees using these free apps then each of those employees has a registered (real name and email address). This is valuable information. Just the timing and volume of the messages can give a clear indication which are business messages and which are non-business ones.

So the calls by politicians and the press that “social” media providers are more transparent with their use of “personal data” is to a degree wide of the mark. Certainly Names, addresses, emails are important (and essential for communicating with friends) but it’s just as important (and profitable for them) when and with whom you communicate. It is a close parallel another aphorism: to “It’s not what you know, it’s who you know."

It is kindergarten coding for these guys to generate a list of names and email addresses with say 95% accuracy of those people who have “opted in” to one of these services (by simply using it) and are your employees (because you are the focus of the messages).

This is not new news (its called traffic analysis) it was productively used in the second world war and is still subject to security notices from the CIA,NSA, GCHQ, SIS  etc.

No wonder Face book shares have gone from $184 to $163 in 3 days or a drop of over 10% or over 60Bn in total worth.

There was a very relevant deposition made to the House of Commons Committee this week when an exe-employee of Facebook said that Facebook’s security and ring fencing of personal data was excellent and has a very high priority. He also gave the committee the apparent impression that once Facebook possessed the data it had scant regard for the privacy of such data.

You might assume that personal data was simply available to the highest bidder.

So I want a list of Nurses names, emails and phone numbers. How do I do this? Google is a help: I used “targeted uk nurses email database”. Amongst dozens of others there was: europeanlists.com nurses email list (ironically this gived connection is not secure!)

One of their pages is reverse appending . So you can probably guess what reverse appending is.

It really is big business and it’s your business.

Invoice Payments, this week, next week, sometime? Cash flow a limiting factor? Simple steps to improve cash flow.

Tuesday Tuesday, March 13, 2018 by Administrator

No matter if you are starting an agency when cash and cash flow can be major issues. Or, slightly more difficult if you are already running an agency wanting to improve profitability. There are number of steps that can considerably improve your cash flow and consequential the bottom line.

Do’s and don’ts simple rules work to ensure you borrow the minimum amount of money for the minimum time.

  • Don’t spend it if you don’t have to. Sure you have to have somewhere to work, but it does not have to be rented office space. Many very successful companies started in garages, bedrooms or on the kitchen table.
  • Don’t spend it if you don’t have to. This means an expensive web site. You need a web site but you can get one for a few pounds as long as you steer clear of WordPress you should be ok. Make sure your web site is secure: one of those padlock things (it has be secure to get good links).
  • Don’t spend it if you don’t have to. This means not committing to some expensive company setup service or one with hidden future costs. From the gov.uk web site “It costs £12 and can be paid by debit or credit card or Paypal account. Your company is usually registered within 24 hours.”
  • Don’t spend it if you don’t have to. This means not committing to some expensive loan, factoring or payroll service with a low headline rate but much higher APR (what you actually pay for every day you borrow: the bottom line). Borrow as little money as you really need for as short a possible time. Banks are quite good at flexible loans.
  • Don’t borrow if you don’t have to: Sure you need to bridge the gap between paying your staff / ltd company employees and getting your invoices paid. If you can reduce this gap from a month to two weeks or even a week then you can halve or quarter your interest costs.
  • Do have an invoice that includes all necessary information: you must have the word “Invoice” clearly displayed. It must have a unique identification number, your correct Company Name and Address, phone number and email. The Customer’s correct invoice address and usually an Fao line (for attention of), an Invoice date, clear itemised costing of the services  supplied: the employee’s name, shift date, location, times, rate bands, detailed expenses and supplemental charges and reference to your terms and conditions. Bank details (account number sort code, bank name) payment period.
  • Do make clear your payment period terms when you negotiate any contract of staff supply. So what is a reasonable period for payment? Before electronic banking and postal mail, 30 days was considered standard. Don't live in the last century. With modern invoicing systems such as ours then the invoice can arrive at the customer within a few seconds and payment is at worst 3 days via the banking system. So reasonably 14 days is entirely adequate. However, there is no reason why you should not go for 7 days as with our system you can invoice on any day of the week to coincide with the customer’s accounts department. In fact it appears that the majority of small businesses have 14 days or less as a limit in their terms and most request payment in 7 days. So your customers may profess surprise...stick to your guns.
  • Do try have a friendly meet with the customer’s Accounts department (you have met the customer during contract negotiations) if you can, or at very least call them to introduce yourself so “any issues and we will be happy to resolve them quickly for you” to establish a “helpful” bond.
  • Do (courteously) check that the accounts have received the invoice and they are happy with it for the first few weeks, explaining that as your system is new….etc.
  • Do (courteously) check that the accounts have received the invoice and they are happy with it the first time it is late (some companies start of promptly and then slow down). A study showed that typically over 50% of small businesses suffer late payment and a third are overdue by more than 2 weeks. Politely argue your case: are they unhappy with the staff you supply? Are your charges competitive? Point out that to retain those staff and keep those costs, you need to pay your staff promptly, not incur interest charges to pass on (to them) and you are not a bank!

 

It goes almost without saying: invest in low cost software (ours) that helps you do the most tasks so you can make time for taking a step back and for life!

 

Links that may help

Simple step by step guide to limited company formation by the guys that write the rule book

Business discussion on invoicing period in your Ts & Cs

The Guardian how to invoice

The Prompt Payment Code

The Government's prompt payment policy

 

The cheapest and most successful way to start your agency

Tuesday Tuesday, February 27, 2018 by Administrator

Measure Success

Let us face it the success of your start-up agency will be measured in two key ways at the end of your first year: The number of bookings you are making (People Planning) and the balance in your bank account.

The challenge you face is maximising the net profit for however many shifts you supply and one of the major drains on this profit is the cost of paying staff often before the customer pays you. Cost of paying staff? Surely that is their (net) pay plus company NI, statutory company Pension contributions, expenses and the like?

 

Bottom Line vs Headline Rates

In your company accounts bottom line / end of year, the cost of paying staff is the cost of the (optional) accountant who calculates their wages and the cost of borrowing any money (you don’t have) to pay them before the invoices are paid.

You should work out this bottom line cost when considering how to finance the bridge between payroll going out and invoices being paid. Finance companies, umbrella companies and the like are very good at headline rates. Headline rates are often calculated on the total amount borrowed rather than the day by day needs. When you sit down and calculate how much you actually pay them, an approved bank overdraft/loan is often significantly cheaper as you are only paying for each day you need to borrow and there are around 30 of those in a month.

 

Simple Example 1:

Your total wage bill for a month is £10,000.

A finance arrangement charges a headline rate of 2%. So before they pay you they pocket £200 per month. Over 12 months this is £2,400. To calculate the REAL interest rate or annual percentage rate (known as APR) you simply take the total annual charge and the average annual loan and this works out at a whopping 24%.

 

Simple Example 2:

Your total wage bill for a month is £10,000 (the same).

You arrange either a secured bank loan (they have the right to sell your house if you don’t pay it back) or an unsecured loan. Banks normally cream £100 or so off the top as an arrangement fee. They then charge you 7-10% on a secured overdraft or 20% on an unsecured one (you need to shop around the banks for the best deal). So you wage bill is £10,000 for the month, Each week your payroll is £2,500 (ish) and your customers pay you 2 weeks after invoice. Since you run your payroll and invoice at the same time (you can run invoices midway through a week and payroll at the end if you want). You need to borrow two weeks of pay. So that is £5000. So you have borrowed this for a year and you are paying either 10% for a secured overdraft and that comes to £500 or 20% unsecured. So that comes to £1000. This is nearly £2000 less than the finance arrangement on a secured overdraft or £1000 in your pocket on an unsecured overdraft.

It gets better: If your net margin (invoice value minus payroll, payroll costs and other overheads) is 10%. This means (for example 2) you have £1000 profit, so actually the following month you only need to borrow £4000. Your overdraft interest is now only £400 secured or £800 unsecured. The month after that £300 and £600. After about 6 months you should not need an overdraft. You borrowing costs may be as low as £200 secured or £500 unsecured. Of course you may want to grow a bit, but you can double (or more) your staff and still stay within the overdraft agreement.

 

Small print when dealing with Neutral Vendors.

You can legally charge them interest after 2 weeks and any T&Cs you sign cannot invalidate this legal right You should point this out to any intermediary neutral vendor when signing a contract with them which states any variable period in excess if 14 days. If you don’t: it doesn’t matter (it’s a legal right as a small company and they know that). If they argue then you trump that taking it up with the organisation they are contracted to supply that they (the Neutral Vendor) are operating outside the law. Always remember that you have the staff they need.

 

Millage may vary

 

The figures in this article are examples only. Interest rates and charges do vary with time and from bank to bank and across payroll and factoring services.

 

We hope this article helps you start a successful agency. Our software can help you keep your costs at a minimum once free PAYE software is not an option and Invoice and Pay calculations are taking you a lot of time. Or we can help you when messaging employees and customers and compliance checking becomes time consuming.

 

Why you shouldn’t use WhatsApp for your business messaging if you value your business….

Wednesday Wednesday, February 7, 2018 by Administrator

 

So you’re using WhatsApp for messaging your agency workers jobs and stuff. You have set up a WhatsApp “private” network. WhatsApp is free. So what could possibly go wrong?

 

First a bit of background (because we have to be quite careful but I’m sure you can read between the lines!): WhatsApp used be a subscription service: a huge $1 per user per year. Now admittedly there were about 700 million reported users so that’s $700M per year revenue. Probably only the likes of Mark Zuckerberg would describe this as “limited”. So Facebook made the app free and now there are reportedly 1.7 Billion users.

 

Let’s face it Mark Zuckerberg is no slouch when it comes to monetising “free” apps such as Facebook. Does he know something about WhatsApp data security that we don’t or is there something else hidden away in the small print?

 

Monetising apps can be done in quite a few ways.

 

One seldom highlighted way to monetise a service is to use an analysis of who communicates with whom and thus determine “valued” groups or networks.

This is known as “Traffic analysis”. It’s a way of extracting information from messages without knowing the content of the message. Sounds bizarre: is this unrealistic or low value? Consider: “Traffic analysis” goes back over seventy years in espionage terms: when the Germans listened to Radio operators in the Allied Bomber force making test transmissions from their aircraft radios. So what? Well it turned out radio operators only warmed up their sets and made test transmissions when they were due to fly that day: essentially this test warming up of radios gave a couple of hours warning and said “prepare for a bombing raid” i.e. please prepare you fighters!

Of course Bletchley park did much the same in reverse when they could not read enemy messages.

To the best of our knowledge “Traffic analysis” is so valuable that still subject NSA non-disclosure agreements.

Another example is very recent. From this headline: Fitness app Strava lights up staff at military bases (in this case individuals were communicating with themselves).

So how does this affect any employment agency communicating to its staff via a private WhatsApp group?

Whist a message carrier (such as WhatsApp) may not divulge or break secure messages; there is certainly information to be garnered from the identity of the participant members in any group. Could through your use of WhatsApp group could Facebook determine a list of your staff? If they can determine a list of your staff could WhatsApp monetise that list by hitting your staff’s Facebook pages with overly well targeted job adverts for rival agencies? Would a rival Agency pay for such targeted advertising? Not a message decoded: just who communicates with whom also know as  “Traffic analysis”!

 

Recent examples of Traffic Analysis

 

Fitness app Strava lights up staff at military bases:

 

Image copyright Strava Image caption The movements of soldiers within Bagram air base - the largest US military facility in Afghanistan

 

Strada 2

 

An image of the Pentagon on the Strava heatmap: here is the Pentagon and there is frequent traffic to these buildings.

 

Strada 4

 

Ditto GCHQ Cheltenaham

 

Strada 3

 

 

 

Links for more information

 

Fitness app Strava lights up staff at military bases: The BBC 

Traffic Analysis

Strava fitness app 

Fitness tracking app gives away locations of top secret Military basis The Gardian

Strava users, in midst of privacy problems, are reporting that one of the app’s top features has been disabled: The Verge

Bletchly Park

 

 

Contact Information

To find out more about Ava solutions you can contact us in a number of ways:
Follow Us...