Blog posts written during 2014

VAT rules change on January 1st 2015

Friday Friday, December 5, 2014 by Administrator

It hasn’t received a lot of coverage in the press, but to combat the likes of Amazon and other on line retailers using tax avoidance techniques, the EU has changed the VAT tax rules.

This is becoming known as VATMOSS short for VAT Mini One Stop Shop.

If the customer is a private individual, then suppliers will be required to account and charge VAT in the (Member) State where the customer resides.

This does not affect Ava customers as they come under the B2B heading.

 

For further information:

Register-and-use-the-vat-mini-one-stop-shop (Gov UK web site)

the Guardian comment

 

 

How can and do Cybercrimes affect us

Sunday Sunday, November 2, 2014 by Administrator

It’s true that a significant proportion of adults in this country feel they have a poor understanding of the internet. Even as an IT professional in a world where detailed knowledge is becoming more fine grained and specialist, there are areas where personally I know I have only a superficial understanding. So even a superficial (but correct) understanding can be helpful to us or our businesses avoid becoming victims of Cybercrime.

The BBC has commissioned a series of programmes tucked away on the BBC News channel; which are delving into the murky and nefarious world of Cybercrime.

 

I watched the first episode yesterday and can say it’s entertaining, informative and couched in terms most people should be able to understand.

bbc.co.uk/iplayer/episode/b04p23mv/cybercrimes-with-ben-hammersley-1-darknets

 

It’s available for another 6 days. There is a programme web site

bbc.co.uk/programmes/b04p2l66

 

And to find out more there is some help on the Open University web site (ironically you may get a security warning as we can only link to secure sites from our secure site).

open.edu/openlearn/whats-on/tv/ou-on-the-bbc-cybercrimes-ben-hammersley

 

 

 

 

Security and server reboots

Saturday Saturday, October 25, 2014 by Administrator

As most of you will no doubt know, it is essential to host personal data on a secure (https) certified web site, as opposed to a standard http site.

This is mandated in the UK by the Information Commissioner’s Office (ICO).

It’s also important not to just pay lip service to security concerns. Over the past few months, we have applied about a dozen security patches to the various software packages that provide our services.  Unfortunately this usually requires restarting our servers for the updates to take effect. So we had to do this again this week.

Our servers were down for about one minute between 3pm and 4pm on Saturday whist this rebooting took place (25th Oct 2014).

Our apology if this has caused any inconvenience. Unfortunately these reboots seem to be required more regularly in our efforts to keep the bad boys out.

 

Data protection in the UK: Information Commisioner's Office


 

Ava unable to open mail merge templates after domain move

Friday Friday, September 19, 2014 by Administrator

Moving the windows version of Ava from one domain to another is generally a very simple task. However there can be security issues if the appropriate permissions are not granted.

This is especially true of access to mail merge templates. Microsoft has an article here on setting up trust for shared folders.

http://office.microsoft.com/en-us/excel-help/create-remove-or-change-a-trusted-location-for-your-files-HA010031999.aspx

 Please ensure shared folders are consistently mapped for all Ava users as both read and write and that any other necessary domain security permissions are granted as appropriate.

 

 Steps to check for sucessful mail merge:

  • Update and Template drives are available for the user and they have the correct letter or unc paths are being used.
  • The user has the sufficient permissions to open the documents needed.
  • The documents open and the user can edit the file.
  • The template documents are in a trusted (folder) location.

 

 

 

Why you should use different passwords for different accounts

Wednesday Wednesday, May 28, 2014 by Administrator

A significant number of users have received ransom notices to get the use of their iPhones back. 

This sort of thing is not the first time this has happened to iPhone, iPad, Mac products. It seems the most likely path to them being hijacked is hacking of other accounts where they used the same password.

Read more: cut and paste to your browser

 

www.infoworld.com/d/mobile-technology/apple-devices-held-hostage-using-find-my-iphone-243133

 

 

Getting free security updates for windows xp until 2019

Tuesday Tuesday, May 27, 2014 by Administrator

Ok well we are still testing for compatibility with Windows XP and indeed Internet Explorer 7. Our customers in the NHS use this technology so we have to test against it. We would like it to be a secure as possible.  In fact the systems we test against are "Virtual" machines. They are run on known virus free fully patched PCs. Still it was interesting to find that there was a simple way to maintain the robustness of the XP testing machines against future threats.

 

If you would like to know too then here is the link to copy and paste into your browser:

http://betanews.com/2014/05/26/how-to-continue-getting-free-security-updates-for-windows-xp-until-2019/

and here it is again complete with the Microsoft response:

www.zdnet.com/registry-hack-enables-continued-updates-for-windows-xp-7000029851/

 

 

 

Phone and your agency: a change in the law

Tuesday Tuesday, April 29, 2014 by Administrator

There is a law and it’s called the Distance selling Act or to give it its full name The Consumer Protection (Distance Selling) Regulations 2000. Under EU impetus (who else?), it’s due to change on the 13th of June.

There are many good things such as banning premium rate lines for customer support. In all probability very little will apply to you as a staffing agency, mainly because you operate mainly in the B2B (Business to Business) environment. However where you use our software for providing consumer services, you should be aware of these changes.

You may decide you want a non-premium rate number for your business. Probably the lowest cost way is to have a telephone number connected to an internet telephone. It may sound difficult, but it’s not and it is quite inexpensive and very flexible.

If you want to know more about the changes to the Act, the full interpretation can be found here:

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/266525/bis-13-1368-consumer-contracts-information-cancellation-and-additional-payments-regulations-guidance.pdf

If you want a land line number of your business then we recommend VOIPFONE. http://www.voipfone.co.uk/

Your security, our security

Thursday Thursday, April 10, 2014 by Administrator

If you follow these things or even if you don’t, you may be aware of a flurry of IT geeks telling you to reset you passwords.

It’s good advice.

Without getting too technical why? Well to make your on line communications secure and not tell your passwords to the bad guys out there. Those same bad guys who would clean out your bank account. There are one of two major systems used. One you may have heard of is Microsoft and they are good, solid as a rock, as secure as you can get. The one you may not have heard of is “OpenSSL”. It’s just been revealed OpenSSL has been vulnerable (it’s been  called “Heartblead”).

Unfortunately you don’t know which you are using: Microsoft OK, “OpenSSL” not so. We do know what we use and where and it’s overwhelmingly Microsoft. So no need to change passwords when you are using Ava or our hosts Rackspace. In the one area we do implement OpenVPN (and consequentially OpenSSL) the version in use is not any of the versions which have the  Heartblead issue.

 

Elsewhere, please change your passwords!

 

There is a list of popular web sites, if they were affected, have they been fixed (safe to change your password) here

A list of the top 630 sites that have been or are vulnerable and the top 3687 that are not vulnerable

 

You can test individual sites here (example Ava.co.uk) paste the following link into your browser. Unfortunately at the time of writing, there is not a secure link to this test site: 

 

http://filippo.io/Heartbleed/#ava.co.uk

more here http://mashable.com/2014/04/09/heartbleed-nightmare/

 

 Further to the above posts, the issue has been raised that it is (apparently) illegal under UK law to probe 3rd party sites for security purposes. So you should not "test" sites that you don't already have a relationship with. 

 

Heartbleed health checking services may be illegal?

 

BBC re-boadcast original Hitch Hikers Guide radio series

Sunday Sunday, March 16, 2014 by Administrator

 

Just replace "digital watches" with "wrist phones" and it’s completely up to date !

Douglas Adams five part trilogy quantum tunnels out of the BBC archives to appear on the iPlayer 

Not only that but the Vogon’s “Resistance is useless” made is appearance over five years before “Resistance is futile” with the Borg.

I first heard the Hitch Hikers Guide when as a young BBC engineer I was asked to play the tapes down the line to a local BBC Radio station that had missed the original transmission. I put the tape on and set it going with (not knowing any better) the thought of getting back after I had gone to get a coffee… When it started with the dulcet tones of Peter Jones as the Guide, the coffee trip was put on hold.

 

Half an hour later Douglas Adams genius had worked its magic.  Treat yourself here.

www.bbc.co.uk/programmes/b007jm03

 

 

 

Hacking and health £200,000 cost for 10,000 coughs

Saturday Saturday, March 8, 2014 by Administrator

 That works out at £20 per cough!

Expensive for failing to use the correct box of tissues to clean up.

Actually this is about a hacker who sought to extort money from the the British Pregnancy Advisory Service having performed a simple examination of their web site: he discovered 10,000 customers without the correct protection for their er… records.

Make up your own joke and insert here!

Apparently the Information Commissioners Office does not feel charity begins at this particular organisation’s home. It is one of the first major publicised fines raised. It suggests that various excuses including charitable status and lack of knowledge are no defence. It also indicates that the “going rate” is a fine of around £20 per coughed up or incorrectly stored address and contact details used without adequate protection.

It brings into perspective:

  • Our insistence on ensuring all the data we store is in a separate database from the web site.
  • Web site access is always protected by https certificates. 
  • Personal information is split from web profiles.

And many other bits of careful design that meet the criteria for good web security.

The extortionist received a 32 month sentence.

Dave Smith of the Information Commissioner's Office said:

"There's a simple message here: treat the personal information you are holding with respect. This includes making sure you know just what information you are holding and that it's subject to up-to-date and effective security measures."

 

Related links here


BBC article
Information Commissioner's Office (ICO) Ruling

British Pregnancy Advisory Service 

How much could your agency rostering web site cost you?

 

 

Contact Information

To find out more about Ava solutions you can contact us in a number of ways:
Follow Us...