Ava Blog

Why you shouldn’t use WhatsApp for your business messaging if you value your business….

Wednesday Wednesday, February 7, 2018 by Administrator


So you’re using WhatsApp for messaging your agency workers jobs and stuff. You have set up a WhatsApp “private” network. WhatsApp is free. So what could possibly go wrong?


First a bit of background (because we have to be quite careful but I’m sure you can read between the lines!): WhatsApp used be a subscription service: a huge $1 per user per year. Now admittedly there were about 700 million reported users so that’s $700M per year revenue. Probably only the likes of Mark Zuckerberg would describe this as “limited”. So Facebook made the app free and now there are reportedly 1.7 Billion users.


Let’s face it Mark Zuckerberg is no slouch when it comes to monetising “free” apps such as Facebook. Does he know something about WhatsApp data security that we don’t or is there something else hidden away in the small print?


Monetising apps can be done in quite a few ways.


One seldom highlighted way to monetise a service is to use an analysis of who communicates with whom and thus determine “valued” groups or networks.

This is known as “Traffic analysis”. It’s a way of extracting information from messages without knowing the content of the message. Sounds bizarre: is this unrealistic or low value? Consider: “Traffic analysis” goes back over seventy years in espionage terms: when the Germans listened to Radio operators in the Allied Bomber force making test transmissions from their aircraft radios. So what? Well it turned out radio operators only warmed up their sets and made test transmissions when they were due to fly that day: essentially this test warming up of radios gave a couple of hours warning and said “prepare for a bombing raid” i.e. please prepare you fighters!

Of course Bletchley park did much the same in reverse when they could not read enemy messages.

To the best of our knowledge “Traffic analysis” is so valuable that still subject NSA non-disclosure agreements.

Another example is very recent. From this headline: Fitness app Strava lights up staff at military bases (in this case individuals were communicating with themselves).

So how does this affect any employment agency communicating to its staff via a private WhatsApp group?

Whist a message carrier (such as WhatsApp) may not divulge or break secure messages; there is certainly information to be garnered from the identity of the participant members in any group. Could through your use of WhatsApp group could Facebook determine a list of your staff? If they can determine a list of your staff could WhatsApp monetise that list by hitting your staff’s Facebook pages with overly well targeted job adverts for rival agencies? Would a rival Agency pay for such targeted advertising? Not a message decoded: just who communicates with whom also know as  “Traffic analysis”!


Recent examples of Traffic Analysis


Fitness app Strava lights up staff at military bases:


Image copyright Strava Image caption The movements of soldiers within Bagram air base - the largest US military facility in Afghanistan


Strada 2


An image of the Pentagon on the Strava heatmap: here is the Pentagon and there is frequent traffic to these buildings.


Strada 4


Ditto GCHQ Cheltenaham


Strada 3




Links for more information


Fitness app Strava lights up staff at military bases: The BBC 

Traffic Analysis

Strava fitness app 

Fitness tracking app gives away locations of top secret Military basis The Gardian

Strava users, in midst of privacy problems, are reporting that one of the app’s top features has been disabled: The Verge

Bletchly Park



Pension enrolment

Thursday Thursday, January 18, 2018 by Administrator

Happy New Year


We have a new FAQ answer concerning Auto enrolment pensions and how they work within our software. The answer is here

How to recover a password.

Monday Monday, November 20, 2017 by Administrator

How to recover a password.

Password recovery is a sensitive subject especially with a substantial and severe increases in the fines for security breaches potentially incurred under the (new) 2018 data protection legislation known as GDPR.

The Ava service resides on the side of caution in these matters.

If a user tries an incorrect password more than five times with a valid user name, their account is disabled. Simply this is considered an unauthorised attempt to gain access.

A user who has attempted to login more than 5 times needs to be re-enabled: they will have received a changed message:

How To Recover A Password

The administrator is the company or organisation that is providing your work.

They will call you back.

They will establish your identity, unblock your account and allow you to re-set your password.

Please understand that if you attempt to reset your password multiple times, then only the last email for re-setting your password is the one that works.

Optionally your administrator may ask you to go through the re-set password process and then (without you trying to log in) re-set your password for you to a password which as a consequence you both know. The administrator cannot know your password unless you agree to this process.

How to unlock a user:

Check for and re-set a blocked account

How to find a username:

Simply go to the “configure users” page and search for the user by first or last name

Recurring issues with HMRC accepting valid submissions

Tuesday Tuesday, July 11, 2017 by Administrator

We have received the following advice from HMRC. Earlier in the week we or our customers experienced RTI submissions giving a partial failure. The HMRC site allowed software to acknowledge and upload submissions. It then failed to give the appropriate response. As far as we can determine the HMRC site was partially unresponsive for the entire morning. It appears that the problem is re-occurring:


11th July 2017:


Corporation Tax: HM Revenue and Customs (HMRC) are aware of problems processing receipt of some Corporation Tax online message submissions. This is under urgent investigation. Please do not resubmit.

PAYE: HMRC are aware of problems processing receipt of some PAYE message submissions. This is under urgent investigation. Please do not resubmit.

Self Assessment: HM Revenue and Customs are aware of problems processing receipt of some Self Assessment message submissions. This is under urgent investigation. Please do not resubmit.

Your EU agency workers: where do they stand with Brexit?

Tuesday Tuesday, June 27, 2017 by Administrator

The Government (Home Office Communications) has just published a paper setting out their offer to the EU for EU citizens in the UK, and UK nationals in the EU.

Currently, the UK is a full member of the EU and all the rights and obligations of EU membership remain in place until the withdrawal process is complete. This means that there will be no change to the rights and status of EU citizens living in the UK, nor UK nationals living in the EU, during this time. There is no need for EU citizens to take any action or apply for any documentation now to confirm their status or right to be here.

Status of EU citizens in the UK: what you need to know


The full policy paper: is here  Safeguarding the position of EU citizens living in the UK and UK nationals living in the EU



NHS Ransomware cyber attack: what you need to know: the simple truth

Tuesday Tuesday, May 16, 2017 by Administrator

What is behind the scenes? How can this hurt us?

Last weekend the 61 organisations in the NHS were the victim of a ransomware attack.

So a customer asked us: is my business at risk?

The simple answer is yes to a degree: we all are. Here is why and here is how to insure against it.

This attack used an “accidental” loophole that (I say this for legal reasons) in my educated opinion was put in Windows XP by Microsoft under orders from the US Government. It was for spying or other military purposes. Microsoft had to keep it there. It’s why it remained and Microsoft issued a statement (see link below).

It’s also why there was a “kill switch” which was found “by accident”.

About 2 months ago a set of “tools” as they are known were leaked. These tools make assembling such an attack about as complicated as assembling toy bricks in the wrong hands.

The bad guys are just in it for the easy money and that’s a good thing. If they were more skilled or dedicated, they would have analysed the code, removed the kill switch and (as is sure to happen sometime soon) re-released the attack. It is simpler, much much easier just to assemble the code blindly. This option has been around for probably over 15 years. Greed meant that the attack was built without any in-depth analysis at the lowest possible cost in effort. It would never have happened if Alan Turing was in charge.

So now we all know about it. IT specialists have zipped up the loophole. What can we do for the future, the next attack?

Added value applications has been in business for nearly 20 years and never (to date) suffered from a cyber-attack or virus.

When we had notice of the attack, I instituted a check of all our defences. We have three layers of defence. We (purposely) have systems with all flavours of windows and apple operating systems.

Some years ago we decided to move our services to the web. They are now there. If you are using our services and your computer gets hit (or just simply breaks) all you do is use another. You get it repaired, replace or reset (known as reformatting) and carry on without hardly skipping a beat.

Your data is a safely stored away at Microsoft’s data centre in the UK.  Microsoft are constantly under attack and as a result are the hardest target to dent, They have the state of the art defences in place and as they designed and added the loophole in the first place (for everyone else) you can be sure they will have plugged it to stop it being used against them.


Related Links


Global cyber-attack: How roots can be traced to the US

Microsoft statement: The need for urgent collective action

"Accidental hero" halts ransomware attack and warns: this is not over

Alan Turing

Wikipedia Alan_Turing






How to upload compliance documents pdf, doc, docx, rtf, jpg and png images

Friday Friday, April 28, 2017 by Administrator

How to upload documents pdf, doc, docx, rtf, jpg and png images as part of any compliance record or profile


The web based agency staffing system can store an almost limitless amount of compliance data, documents and images for your HR needs.

You can freely create new compliance checks, general data or skill types. These can be organised to meet your exact needs by dragging and dropping them to excatly where you want them.

Each check can have start dates, end dates, text entries and images or documents attached.

  • The compliance checks can be set to apply be across the board for everyone employed: e.g. right to work, proof of identity, recruitment process etc.
  • Or job specific and apply only to one or more of the types of skilled people you are providing or indeed intend to provide though your bank or agency.

The images or documents are securely uploaded and stored, They can be attached to emails you create through our custom email designer. The emails (or texts) are automatically sent during a wide range of placement situations:

  • offers,
  • confirmations,
  • cancellations,
  • booking times changing,
  • etc.

Documents can be (word) doc, docx, rtf, pdf types. Images can be png or jpg.

Its easy to set up: just tick the appropriate box. How to set this up is here:

Attaching documents and images to record card (profile) information


Call us now on 01491 845 400 to find out how you can transform your agency or staff bank.


HMRC RTI and PAYE recognition and listing for 2017 2018

Tuesday Tuesday, April 11, 2017 by Administrator

HMRC RTI and PAYE recognition has been much more difficult to obtain this year. There are a few good reasons for this. The PAYE rules for Scotland are now different to those for England, Wales and Northern Ireland. This means much more than twice the number of tests to pass. Our software now accommodates PAYE for someone switching from Scotland to England, Wales and Northern Ireland or back again. Auto-enrolment Pension provision adds another twist.


If I'm not mistaken the list is a little short than it was immediately prior to this 2017 / 2018.


HMRC paid for Payroll PAYE and RTI software official web site


Our confirming email reads:

As promised action has been taken to check all the documentation supporting your request for “Recognition” for “Ava Advanced Agency Web System with RTI" and congratulations are in order as HMRC “Recognition” awarded for 2017/18.


We Googled "HMRC RTI software suppliers" and not unexpectedly quite a few paid adverts came up. Reviewing the prices, we found that our software costs were similar to or even lower than advertised pay packages. Considering our software also provides compliance checking, messaging, invoicing, and lots of useful reports, it make more than a little sense to adopt our system and save on payroll and possibly Factoring or Umbrella company costs. If you are a temp staff agency, it makes a lot of financial logic to use our system as effectively you get all your payroll needs for free.


Call us now on 01491 845 400 to discuss how much you can save on your PAYE, RTI, Auto-enrolment invoicing and other management costs.








Security, your bank account details and the bad guys

Monday Monday, April 10, 2017 by Administrator

Data breaches (Name, Payroll details, bank details etc) are being reported in the press almost every week. Fraudulent Bank transfers also. It’s happening so often there is certainly a degree of fatigue and a “so what can we do about it?” numbness.

We take the view that it may be our data that is distributed far and wide with a resultant negative impact on our bank account. We treat your data as if it were our own.

If someone tries to log into an account more than a few times we assume the worst: it is a bad guy trying to steal your details. We block them immediately. Even the re-set password process is blocked. Re-enabling that profile requires the user to prove to you that they are who they say they are.

The message the user gets changes when they have tried too many times but does not indicate what is wrong.


Message When Too Many Incorrect User Attempts


To suggest what is wrong is the equivalent of saying the front door is locked, but if you go round the side of the building you will find an unlocked floor level window that you can climb in.

They will be asked to contact you.


How to re-set blocked accounts.


Whe  a user contacts you, log in.

You can then go to the web user information page.


User Information Page


Use this to re-enable their account and then get them to go through the re-set password procedure.


Blocked User


It is a little more arduous than re-setting your Twitbook account, but how many times do we hear that somebody’s Twitbook account has been hacked? You have a much smaller user base than Twitbook and (hopefully) Twitbook just has nice pictures and not bank details.

Pay, RTI and invoices - very easy

Thursday Thursday, March 23, 2017 by Administrator


Pay, RTI and Invoices are all very easy with the Ava Advanced Agency Web System: they can depend on the following:


  • Time of day, start end and breaks.
  • Shifts though midnight.
  • Number of hours worked.
  • Number of hours originally scheduled (Full NHS permutations).
  • Breaks taken (Including Periods of availability PoA).
  • Minimum payments (Shortened work periods and fixed appointment payments or visits).
  • Total number of hours in week.
  • Skill involved in the job type, grade or pay band.
  • Notice period for working (short notice of vacancy).
  • Customer worked at (differing rates for one or more customers grouped across customers for easy entry).
  • Department (Ward, depot, location) worked at.
  • London weighting.
  • National (Bank) holidays.
  • User defined special days.
  • Personal employee rates.
  • Employee self-invoicing (Limited companies).
  • Totally free ad hock rates for any shift.
  • HMRC codes (tax point or code).
  • VAT ratings.
  • AWR compliance.
  • From and to date ranges (e.g. rates changing on an annual basis).
  • Manadatory Pension contributions (auto enrolment).
  • Exceptions.

There are automatically configured reports that show the pay and invoice rates for the conditions set. Here is an example (click on the image to show an expanded example):


Rate Card Example

These can be exported and form the basis to Terms and conditions. Amounts can be sent to Banks for bulk payments, HMRC for RTI, 3rd party accounting packages, umbrella companies, factoring companies and pension funds as required. So if you feel you are being overcharged for any of these services Ava Advanced Agency Web System is an excellent way of reducing these costs and will pay for its self in hours, dramatically improving your bottom line as well as improving productivity.

Call 01491 845 400 now to start saving your company money.




Contact Information

To find out more about Ava solutions you can contact us in a number of ways:
Follow Us...