Wednesday, 30 September 2015

Self-employed law changes – 1st October 2015

Health and safety law will no longer apply to 1.7 million self-employed people tomorrow, following a recommendation from Professor Löfstedt in his review of health and safety law in the UK.

In 2011, the Löfstedt Review recommended that self-employed people whose work activities pose no potential risk of harm to others should be exempt from health and safety law.

The Government accepted this recommendation and from Thursday 1 October health and safety law will no longer apply to the 1.7 million self-employed people including novelists, journalists, accountants, confectioners and more.

Who is exempt?
  • Agriculture;
  • Asbestos work;
  • Construction;
  • Gas work;
  • Genetically modified organisms; and
  • Railways.
For health and safety law purposes, ‘self-employed’ means that you do not work under a contract of employment and work only for yourself.

If you’re self-employed and employ others the law will apply to you. You may be self-employed for tax purposes, but this may not be so for health and safety. This is a complex area and HMRC have produced employment status guidance.

What is a ‘risk to the health and safety of others’?
This is the likelihood of someone else being harmed or injured (eg members of the public, clients, contractors etc) as a consequence of your work activity.

Most self-employed people will know if their work poses a risk to the health and safety of others. You must consider the work you are doing and judge for yourself if it creates a risk or not.

For example if you operate a fairground ride for the public to use then your work could affect the health and safety of other people and you must take appropriate steps to protect them as the law will apply to you.

Find out more about ‘risk’
Guidance on risk management explains more about the risks your work activity may create and how best to manage these.

Monday, 28 September 2015

How to make a difference and make money

Running a business with a social impact doesn’t mean that you have to run it as a non-profit. Jo Burston explains why doing good and making money is the business mode of the future.

There is a common misconception that when entrepreneurs seek to create sustainable change, it has to be purely capital driven or not for profit. Realising a business run for social good wasn’t a common model in Australia, I coined the term “profitable smart heart”, an organisation that seeks to make money and has social and economic impact.

Founders of “smart heart” organisations are more widely referred to as social entrepreneurs, and are driving a business model that will only grow in the near future. The younger generation want to make a social impact at the beginning of their entrepreneurial journey, rather than as an add on further down the track.

But what exactly is a social entrepreneur? Among all of the buzzwords about startups and entrepreneurship, social entrepreneurship can be a tricky concept to define. According to Ashoka, a global pioneer in the field, a social entrepreneur is an individual with an innovative solution to society’s most pressing social problems. They are ambitious and persistent, tackling major social issues and offering new ideas for wide scale change.

Over the past few years, social entrepreneurship has become recognised as a business model in its own right, and acknowledged by world leaders. In 2008, President Barack Obama used the term to express how he hoped to support small not for profit organisations. There’s clearly a demand and a place in the world for social entrepreneurs, however, many people still struggle to accept that you can be a driver of social change, while also making money.

When we launched Inspiring Rare Birds, many people instantly assumed that because it was an organisation that aimed to have large social impact, it was a not for profit or a philanthropic venture. A comment I received early on from an industry corporate was, “it would be much easier to help you if you were a not for profit”.

Aside from investors not taking social entrepreneurs seriously, there is also a common misconception that being a female who helps other people in their businesses means that my work must be charitable in nature, rather than a highly scalable commercial business model.

This was the reason I coined the phrase ‘profitable smart heart’. Entrepreneurs can neatly sit as conduits and enablers between industry and philanthropy, industry and academia, or even industry, philanthropy and academia. Social entrepreneurship organisations such as Rare Birds are a proof point for this new model and we will continue to shift traditional assumptions as we grow.

My advice to aspiring social entrepreneurs:
  1. Start with the end in mind — what is the real problem that you are seeking to change with impact? This should be huge enough that it would take a lifetime to achieve and will create a lasting legacy.
  2. Create a succession plan early on. It takes an army to change the world and a leader to start it. You can’t do it all, but you do need to have people on board that are willing to share the vision and the heavy lifting.
  3. Be 100% committed. Your commitment needs to be driven by passion, purpose and a real desire to make a mark on the world.
  4. Be clear that your organisation aims to be profitable — whether that’s with your supporters, within the industry, the government, the media, or other entrepreneurs. Be proud of the fact that by driving a profitable smart heart business, you can be sustainable and still create mutual value financial and philanthropic supporters.
  5. Always work on the win-win with supporters. Like any form of entrepreneurship, social entrepreneurship requires creativity, innovation and value creation, for all stakeholders.

Friday, 25 September 2015

What do dividend tax changes mean for SMEs?

Incoming tax changes affecting dividend payments could encourage more small and medium-sized businesses to consider using an employee share scheme to reward and retain talented staff.

A growing number of employers are recognising that they need to reward key staff, or risk losing them, as job market competition steps up. While employers are reluctant to introduce blanket pay increases, the incoming changes to dividend taxation, which were announced in the Summer Budget, are encouraging some to consider introducing an employee share scheme.

Take up of employer-backed sharesave (SAYE) schemes and share incentive plans (SiP) has been growing steadily as the job market has improved and the incoming changes to dividend taxation could emphasise this further.

As part of the changes, which will take effect in April next year, a new £5,000 dividend income allowance will be introduced. This allowance means that any dividend payments received by individuals after this date, up to a value of £5,000 in any tax year, will be completely tax-free. Recognising the incentive this could provide for those benefiting from employee share schemes, some employers are considering introducing them for the first time.

However, the tax changes affecting dividend payments are not going to be widely beneficial and business owners, or those with a significant shareholding, may need to rethink the way they extract cash from the business. For example, the rate of tax that will apply to dividends paid to higher rate tax payers is rising to 32.5p for every pound.

The majority of business owners prefer to take cash out of the business in the most tax-efficient way possible and traditionally, dividend payments linked to their shareholding have been regarded as preferable to drawing a salary. While they will remain a tax-efficient option for many, the increased tax liability that will apply to dividends paid to higher rate and additional rate tax payers means that there is now less difference compared to the current rate of income tax.

Another area where care needs to be taken is when sole traders are considering incorporating their business. Currently, one of the main reasons for incorporation is to reduce the business owner’s personal tax liability by opting for remuneration consisting of a mix of salary and dividends based on their shareholding. This can have the effect of reducing the overall ‘take’ from the business as it grows.

Incorporation may still be the right route for a fledgling business set on growth and any decision to incorporate should not be based on tax considerations alone.

Tuesday, 22 September 2015

Are you ready for the payments revolution?

The way that customers pay businesses is changing fast. From wearables to contactless technology, are you ready for the payments revolution?

Over the last couple of years, the UK payments landscape has seen a huge amount of change. This looks set to continue as consumers believe that conventional cash will be ranked as the 5th most popular payment type in 2020. 

It demonstrates how consumers are open to alternative methods and how innovative payments methods are pushing out the more traditional forms.

Recently, we saw the launch of Samsung Pay in South Korea and the announcement that the Apple Pay rival will hit US shores in September. It’s yet another new technology in a long line of payments tech that has recently entered our lives. 

Wearable to contactless
From wearable tech to contactless, the ways for us to pay are growing. It’s also clearly a very lucrative market with numerous tech giants such as Apple, Google and now Samsung all vying for a slice of the payments industry pie.

To add another layer of complexity, we’re beginning to see some very successful startups enter the payments scene. Take Zapp for example – the mobile payments app has now partnered with major UK banks and is proving itself as a key player in the industry.

Despite this very crowded market, consumers are keen to adopt innovative payments technologies. Already, 22 per cent of consumers are set to adopt contactless next year after a 275 per cent growth since 2014. This demand for contactless has led to a ban on the £5 minimum spend to come into effect by 2020 and the £20 cap has recently been increased to £30.
In addition to this, mobile spending is growing at a rate of 36 per cent. It’s clear that the need for all businesses to embrace the innovative technology we see within the payments industry has never been greater. 

Embrace new payment methods
This means that new payments methods are, and will continue to be, an integral part of any business. Business owners need to ensure they’re providing a wide range of payment options to meet their customers’ varied payments demands and making the payments experience as painless and as easy as possible.

For Angelo Alexandrou, Managing Director of small, London-based pharmaceutical business Dermacia, ensuring his payments technology is up to date is a top priority. Not only does it mean his business can accept payments in whichever form the customer so desires, the payments process is also quicker and more streamlined.

“Our customers are starting to use more recent payments methods like contactless,” explains Alexandrou. “This new payments technology cuts down queue time for our customers and we will certainly be on the look out to offer any new payments methods in our store in order to attract more business.”

For small businesses especially, being able to offer customers the option to pay in whichever way they want is vital to building good customer relations and loyalty.

At the moment, the UK payments landscape is certainly an exciting radically changing marketplace. However, it’s imperative for businesses to realise that despite the confusion, consumers are keen to adopt these innovative payments types. 

Therefore, businesses need to embrace them as well and ensure they’re meeting customer demand when it comes to payments or risk losing out on revenue to those that do.

Monday, 21 September 2015

Government to clamp down on bogus training courses

A family firm of electricians in Milton Keynes and the building company Balfour Beatty told a Government consultation they found students being lured into apprenticeships which offered low-level training. At the end of the training programme the students were severely underqualified and were not in a real job.

The cases came to light as the Government introduces new powers to prosecute training providers misusing the term ‘apprenticeship’. In the future, anyone offering fake or low-quality apprenticeships training could face the possibility of a fine and prosecution in a Magistrates Court. The Government is committed to giving apprenticeships similar legal protection as university degrees.

Skills Minister Nick Boles said: “Everyone knows what a university degree means. It’s an official title. Young people doing apprenticeships should get the same level of distinction.
“I’m supporting working people by defining the word ‘apprenticeship’ in law. This will ensure people get the best training and opportunities.”

Balfour Beatty, who currently recruits approximately 150 apprentices a year, welcomed the protection.

Leo Quinn, Balfour Beatty Group Chief Executive said:
“Protecting and enhancing apprenticeships as proposed by the Government’s Enterprise Bill will further build the status of apprenticeships and help to encourage business to invest in them.

“Our industry needs talent and skills, therefore it is crucial that apprenticeships remain world-class so that we can continue to attract the best and brightest individuals.”

SJD Electrical, a family-run business in Milton Keynes, also welcomed the proposals, highlighting the negative impact of low-quality training courses.

Ruth Devine, Director at SJD Electrical said: “Protecting the term ‘apprenticeship’ will help us attract the most able individuals and offer a guarantee to apprentices that they will receive world-class training.

“A number of applicants applying for jobs at SJD who thought they had completed apprenticeships, were surprised to find that they were not fully qualified. Low quality training courses contribute to the many instances of poor workmanship we come across.”

Apprenticeships have proven crucial to provide businesses with the talent and skills they need to grow and the Government is committed to supporting three million new apprenticeships by 2020.

Thursday, 17 September 2015

We’re on Pinterest

We’re delighted to announce that Dotty Directory is now available on Pinterest.

Pinterest is one of the largest social media platforms and is especially suited to pictures. For those people not familiar with Pinterest Wikipedia describes it as:

“Pinterest is a free website that requires registration to use. Users can upload, save, sort, and manage images—known as pins—and other media content (e.g., videos and images) through collections known as pinboards. Pinterest acts as a personalized media platform. Users can browse the content of others in their feed. Users can then save individual pins to one of their own boards using the "Pin It" button, with Pinboards typically organized by a central topic or theme. Users can personalize their experience with Pinterest by pinning items, creating boards, and interacting with other members. By doing so, the users "pin feed" displays unique, personalized results.”

We’ve started by including information and links to a number of our local websites and we will add all our local websites over time.

Please click here to visit the Dotty Directory Pinterest board https://www.pinterest.com/dottydirectory/

We hope you will follow us on Pinterest and of course we would love to hear what you think about our board, please click here to contact us http://www.dottydirectory.com/contact/

Wednesday, 16 September 2015

Three quarter of all SMEs have no human contact with their bank

The relationship between banks and their SME customers is weakening with most having little dialogue either face to face or via digital channels.

Research from SMEs demonstrates that the shift to digital services has increased the risk of switching financial service provider, and that banks must move towards a model that drives engagement through business critical insight and services to defend against SME churn.

Banks have little dialogue either face to face or via digital channels, with 73 per cent of SMEs having no contact with a relationship manager.

Two thirds of UK SMEs are now happy to look elsewhere for financial services and more than half are tempted to switch banks.

Despite this disengagement, 49 per cent of SMEs have been with their current bank for more than five years and 67 per cent would feel more engaged with their bank if they offered tools and advice to help with day-to-day business tasks, future planning and general efficiency.

John Davis, managing director of BCSG, who commissioned the research, says that banks are under enormous pressure to reduce costs while increasing their bottom line.

‘The majority are adopting a digital-first approach as they pursue cost efficiencies and adapt to changing customer preferences. But this has had unintended consequences,’ he comments.

‘Banks are now acting as reactive customer service outlets, providing basic services when asked, rather than proactively providing the advice and guidance that their customers require. The result is that many SMEs are now shopping around for financial services.’

However, Davis adds that banks are in a strong position given they have, effectively, a captive client base, with nearly half retaining the same bank for over five years.

‘By utilising their digital infrastructure better to deliver guidance, insight and tools to their SME customers, forward-thinking banks can combat churn, cement a highly valuable stream of revenue and move from a basic transaction provider to a trusted business partner.’

Tuesday, 15 September 2015

Brits to spend £60bn online in 2016, supported by increased mobile transactions

UK ecommerce is set to thrive in 2016 as British shoppers are set to pay out £60bn online, according to RetailMeNot, with an average spend of £1,372.

The face of traditional retail as we know it is changing, and it has been for some time. Indeed, figures published on 14 September highlighted continued declining footfall on the UK's high streets.

But the world of ecommerce is also changing significantly too. Real Business highlighted this during an interview with Runar Reistrup, CEO of Depop – an app described as the baby of eBay and Instagram, based on its fusion of online shopping and social media.

With these trends in mind, a study from Vouchercodes.co.uk parent company RetailMeNot and the Centre for Retail Research has discovered the proliferation of smartphones and tablets as a means to make purchases will result in Brits spending £60bn online in 2016.

The report revealed mobiles will account for £8.9bn, which demonstrates how lucrative the channel can be for businesses. Both Facebook and its subsidiary Instagram introduced new ways for SMEs to market to customers via the devices in September, so that it's not just the large players that can capitalise on the mobile movement.

Breaking figures down further, shoppers are set to spend an average of £1,372. However, multichannel shoppers – those using PC and mobiles – are set to spend almost twice as much as PC-only users, at £1,962 and £1,014 respectively.

“Retailers that have been quick off the mark to improve and more efficiently personalise the multichannel shopping experience are now seeing their investment pay off. Comparatively, retailers that have yet to fully embrace mobile and tablet devices are at risk of falling further behind the competition if they do not act quickly,” said said Giulio Montemagno, senior VP of International, RetailMeNot.

The amount spent by both multichannel and PC-only shoppers, meanwhile, has increased significantly from respective spends of £1,531 and £566 in 2014 to suggest that consumers are becoming more comfortable with ecommerce.

In terms of average spent per transaction, PC users still spend more at £57.53, but, of course, PC-only users make fewer purchases. As for mobiles, an average tablet sale is £51.71 while an average smartphone payment amounts to £47.01.

Further growth per transaction is expected next year, meanwhile, with increases of 2.7 per cent, 5.7 per cent and 12.5 per cent expected across PCs, tablets and smartphones, with respective averages of £60.45, £54.91 and £52.02.

Montemagno added: “Mobile shoppers typically spend longer researching and comparing products before making a purchase, but as the mobile shopping experience improves we are seeing mobile and tablet users shop online more frequently and spend more each time.”

Monday, 14 September 2015

Rugby World Cup: 5 tips for managing employees during the competition

In advance of the 2015 Rugby World Cup, here are five top tips to help employers prepare for time off demands and performance issues.
The 2015 Rugby World Cup will take place in the UK from Friday 18 September to Saturday 31 October.
In preparation, employers and small businesses should have agreements in place that cover any requests for time off, sickness absence, website use during working hours and to be fair and consistent throughout.
“The Rugby World Cup is an exciting event for fans but staff should be prepared to avoid getting into an unnecessary scrum as they push for time off to see a match," says Acas head of information and guidance Stewart Gee.
“Many businesses need to maintain a certain staffing level to run smoothly. Employers should have early discussions with staff to tackle any potential issues ahead of kick off. This will help to ensure that businesses remain productive whilst keeping their staff happy too."
Here are some top tips for employers to consider for the 2015 Rugby World Cup:
1. Think ahead before approving time off
Consider ways to avoid any perceived favouritism shown to those with sporting interests.
Speak to employees in advance and see who is thinking of booking time off and remember employees should book annual leave in the normal way, as set out in the company holiday handbook / policy. 
Leave should be booked well in advance of the event, although during the games the company may, at its discretion consider late requests for time off work.
2. Consider the impact of sickness absence
Employers may wish to consider whether they will make special efforts to monitor sickness absence during this period, ensuring that any action is in accordance with the company’s attendance policy. 
This could include the monitoring of high levels of sickness or late attendance due to post match hangovers.
3. Have more flexibility
One possible option is to have a more flexible working day. Employees could come in a little later or finish sooner and then agree when this time can be made up. Allowing staff to listen to the radio or watch the TV may be another possible option. 
Employers could also allow staff to take a break during match times. Another option is to look at allowing staff to swap shifts with their manager's permission.
4. Refer to your policy on social media and websites
There may be an increase in the use of social media such as Facebook, Twitter or websites covering the Rugby. 
Employers should have a clear policy on web use in the workplace that is communicated to all employees. If employers are monitoring internet usage then the law requires them to make it clear that it is happening to all employees.
5. Be fair and consistent
Try and be fair and consistent when making allowances during this time, and remember not everyone is a sporting fan. 
When considering requests don’t forget any temporary changes to rules and policies should be non-discriminatory. For example, any change in hours or flexibility in working hours should be approved before the event.


Friday, 11 September 2015

European Court decision could result in changes for all UK firms with mobile staff

UK businesses which employ workers who have to travel to appointments throughout the day will be significantly affected by a European Court of Justice (ECJ) decision made yesterday.

The case relates to a Spanish-based security system installation company called Tyco Integrated Security SL. The firm’s technicians use company vehicles to travel to appointments across Spain, but the employer does not treat the first journey of the day (from home to the first appointment) or the last journey of the day (from the last assignment to home), as ‘working time’. Instead they regard this travel time as “rest time” under the Working Time Directive.

Following a claim brought by technicians, the Spanish courts referred the case to the ECJ to consider how this travel time at the start and end of the day should be treated.
When handing down his opinion on the case earlier this year, the Advocate General (AG) said that the travel time should be classified as working time.

The ECJ has agreed and declared that where workers do not have a fixed or habitual place of work, the time spent by workers travelling each day between their homes and the premises of the first and last customers designated by their employer constitutes “working time” within the meaning of the Directive. Workers in such a situation (who are travelling as a requirement by their employers) should therefore be considered to be carrying out their duties over the whole duration of those journeys.

The ruling means that Courts and Tribunals in the UK will now have to treat such travel time as working time.

The European Working Time Directive provides employees with a number of rights including limits on the number of hours they can work, and entitlements to rest breaks, breaks between working days and holiday entitlement. The Directive states that unless employees opt out, they can only be required to work a maximum of 48 hours per week.

Chris Tutton, an employment partner at national law firm, Irwin Mitchell said: “This ruling will have significant implications for companies that employ mobile workers who spend a lot of their time travelling to different appointments. It is not just relevant to maintenance technicians, it could apply to salespeople or care workers who visit those that they look after in their homes or even employees who travel regularly overseas through work.

“Many UK companies do not consider travel time outside normal working hours as working time, but now that the ECJ has said that it should, thousands of companies may need to make changes, for example, by ensuring that assignments at the start and end of the day are near employees’ homes, adjusting working hours generally or asking employees to opt out of the 48 hour working week. If they don’t, employees could quickly exceed the number of working hours that they are legally allowed to work and bosses could therefore soon find that they are operating illegally and at risk of facing costly claims against them.

“The UK Government will also be under pressure by unions and workers in relation to issues surrounding the National Minimum Wage Regulations to require employers to pay for this time. Currently, travel from a worker’s home to their place of work is not counted and does not have to be paid. Where home is their effective place of work, it will be difficult for the Government to sustain an argument that time that is deemed to form part of a worker’s hours should not be paid for and if employers are required to pay for this, it could dramatically increase the payroll costs of businesses who employ low paid staff.”

Thursday, 10 September 2015

Providers should advertise minimum - not maximum - broadband speeds

Broadband providers should advertise their minimum, rather than maximum, speeds for businesses, so they know what service to expect, the Federation of Small Businesses (FSB) has said.

The suggestion comes as part of a new voluntary code of practice proposed by the FSB to help fix the digital issues that are holding back small businesses.

An FSB report into the health of the digital communications market highlights a gap between what businesses expect from their broadband service, and what they actually get.
According to the federation, its members say the service they get often falls short of what they need or have been told to expect.

It called for the issue to be addressed through a Universal Service Obligation – the legal entitlement to a basic service – of at least 10Mbps, as well as a challenge to providers to advertise minimum speeds, instead of the current practice of advertising maximum possible speeds.

The report, ‘Reassured, optimised, transformed: driving digital demand among small businesses’, found many firms are using better connectivity to improve efficiency and make savings, but some are still frustrated with the quality of service they are getting.

Some have tried to overcome challenges by upgrading to superfast broadband, not necessarily for the advertised top-speeds but to achieve more reliable basic speeds and connectivity, the FSB said.

It found that nearly one in five (17%) small firms believed that even if providers failed to deliver the higher speeds advertised for superfast broadband, they would at least get sufficient speeds to carry out essential tasks.

While many small businesses recognised the opportunities of doing more online, many were not confident they would get a service on which they could build the future of their business.
To address the problem, the FSB is calling for the industry to sign up to a new voluntary code of practice for business customers, and so commit to minimum standards on speeds and reliability.

'Barriers'
FSB policy director Mike Cherry said: 
“Large numbers of small firms are using new digital technology to revolutionise the way they do business, but the market still has barriers stopping firms from seizing these opportunities.

“The success of the digital revolution has led to ever higher expectations from businesses and consumers which at times the market struggles to deliver.”

Business customers feel confused by the complexity of the market and struggle to assess how new services would benefit their business, he said.

“A voluntary code of practice will help simplify matters and build trust between business customers and service providers.

“It will also allow small firms to better understand what services are available and how they can integrate these into their future business strategy."

FSB research has found that 99% of small firms rate the internet as highly important to their business, with more than half (51%) of members already offering services online and another 15% planning to in the future.

Mr Cherry added: “UK businesses and consumers have enthusiastically embraced digital communications, giving us a head start on our international competitors.

“But we cannot afford to be complacent. Consumer expectations and new technology are already overtaking past ambitions.

“We need to do even better, reaching a universal minimum of a least 10Mbps while also building greater trust and reliability.”

The report is being launched at a roundtable event in London today, whose attendees are set to include digital minister Ed Vaizey; FSB policy director Mike Cherry; Bill Murphy, BT managing director next generation access; Andrew Heaney, Talk Talk’s director of strategy; and Virgin Media Business managing director Peter Kelly.

Wednesday, 9 September 2015

Facebook unveils updates to help SMEs interact with customers

Facebook has announced a series of updates to its pages to make it easier for firms and customers to interact, as it revealed there are now 45m active small business pages on the site.

Benji Shomair, director of global partnerships at Facebook, says the new page features and tools are designed to help businesses communicate efficiently with potential customers and to encourage “tighter communication between consumers and businesses”.

He adds that it has been almost three years since any major updates to pages. “The last major update was in 2012, when we introduced timelines on pages,” he says.

The number of small and medium-sized businesses with a Facebook page has risen from 40m in April to 45m in September. “A million new businesses are on Facebook every month,” says Shomair.

With increasing numbers of people accessing Facebook on their phones, the page updates, which were announced on Tuesday, aim to make pages more user-friendly on mobile devices for both businesses and consumers.

The features include new calls to action such as “message me”, “contact us” and “call me”, which will be more prominent on the page. Businesses will also have the option of adding one of the two new sections to their page. The ‘shop’ section, which enables retail businesses to display their products, and the ‘services’ section, which allows businesses to list their services at the top of their page.

New tabs on mobile devices aim to make it easier for people to find the information they are after.

Facebook is also introducing several features to help business owners manage communication with customers. If someone posts a comment, business owners will be able to reply with a private message. “Previously you could only respond to the consumer in the way they reached out to you,” says Shomair.

Business pages that reply to 90 per cent of messages and respond on average within five minutes will now get a green badge. “Our goal is to provide consumers with a signal that a page is responsive,” says Shomair.

When asked whether this will put pressure on busy small business owners to reply straight away, Facebook says the feature is optional. It has also introduced a function where messages to common inquiries can be created and sent automatically.

The social networking company has been meeting with small business owners to discuss how they use the site as part of its ‘Boost Your Business’ workshops. In July it visited five cities across the UK to meet small firms.

Tuesday, 8 September 2015

You’ve got mail

Email is a critical business tool. Without access to email for even a few hours, a company's productivity is severely hampered.

Although email is essential for productivity, if it is not properly managed, it can also cause major headaches, ranging from infected machines and system downtime to embarrassing data breaches and steep compliancy fines.

As much as 70% of all email traffic is estimated to be spam. Even though spam is a major nuisance, most anti-spam products do a fairly good job at blocking most spam. However, there are still some major email security issues that not every company is able to successfully protect themselves against. So what are the biggest email security problems that companies face today and how can they be solved?
  1. Malware:
According to eWeek, 2-4% of all emails contain a virus, which means that 6 million email viruses are sent out every day. A particular nasty variation of malware circulated via email is ransomware, which encrypts all files on the system and demands a ransom to unlock the data. Unfortunately, even if you have an anti-virus solution in place, this will not necessarily protect you from all threats. As Darryl K. Taft wrote in a recent eWeek article: "Many standard off-the-shelf anti-virus solutions do not have the sophistication or capabilities to stay on top of the daily evolution of viruses and malware." To increase protection against email threats and new outbreaks, companies need to implement a multi scanning solution that will scan email attachments with multiple anti-virus engines. By leveraging the power of the different detection algorithms and heuristics of each engine, detection rates are significantly increased, providing robust protection against malware threats.
  1. Spear phishing:
A massive 95% of data breaches start with a spear phishing attack, according to the SANS Institute. Considering that most companies deploy anti-spam and anti-virus solutions, why are these spear phishing attacks still so successful? To avoid detection by regular spam filters, spear phishing emails are only sent to a small number of individuals and considerable effort is put into making the emails look legitimate.

Also, many spear phishing attacks make use of unknown threats or zero-day vulnerabilities that not all anti-malware engines will be able to detect. The solution to spear phishing is to beef up your email security gateway with a multi-scanning solution that increases your protection against known and unknown threats and decreases vulnerability to malware that evades or disables specific anti-malware engines.

In addition, as a precautionary measure, it is a good idea to apply data sanitization to remove any active code from email attachments by changing the file format. Many spear phishing emails include malicious Word or PDF attachments. By changing the format of a Word document to PDF and vice versa, scripts and other possible threats are automatically removed.
  1. Large email attachments:
Many email servers place limits on the size of files, usually 10 MB. If an attachment is too large, the delivery will fail, in many cases without the sender knowing.

Large attachments may also cause mail server problems for both the sending and receiving party. To avoid this from happening, companies must provide employees with a file transfer system for easily sending large email attachments, improving efficiency and productivity, as well as avoiding IT headaches.
  1. Data loss:
Every company has a duty to keep customer and employee records safe. While many companies continue to use email to exchange confidential data, this is strongly discouraged. Email can be intercepted, and confidential information sent through unencrypted email is at risk of being exposed. Companies require a secure file transfer system that automatically encrypts files and can require user authentication before allowing access to files. If possible, the system should be able to automatically intercept emails and send attachments via secure file transfer, minimising the chance of accidental data loss through human error. By implementing such a system, companies can ensure that sensitive data remains secure.
  1. Compliance issues:
Several industry regulations exist that impose data security requirements on companies, such as HIPAA, Sarbanes-Oxley, PCI, FCC, and SEC, as well as EU data protection regulations. 

In order to avoid credit card data or social security numbers being accidentally emailed and exposed, it is advisable to configure email filters to quarantine emails containing these number sequences in the email or attachment.

EU regulations require companies to add a company footer to every email, containing the company address, registration number and owner information. By configuring your email security solution to automatically add these footers to your emails, non-compliance can be avoided. Finally, if you use a secure file transfer system to exchange sensitive data with third parties, and you are able to provide an audit trail for each transfer, your company can prove that it has taken necessary measures to protect confidential information in transit.

Email is a vital business tool for every organisation and as such it is important to properly manage it and ensure that email security issues do not cause unnecessary productivity issues.

By protecting yourself against email security issues, such as those mentioned above, and implementing email security solutions that add an extra layer of protection to your company, you will be sure to avoid any major headaches that can stem from poorly managed email security.

Wednesday, 2 September 2015

Wikipedia rocked by 'rogue editors' blackmail scam targeting small businesses and celebrities

Hundreds of small British businesses and minor celebrities have been targeted by a sophisticated blackmail scam orchestrated by “rogue editors” at Wikipedia, The Independent newspaper reports.

The victims, who range from a wedding photographer in Dorset to a high-end jewellery shop in Shoreditch, east London, faced demands for hundreds of pounds to “protect” or update Wikipedia pages about their businesses. A former Britain’s Got Talent contestant was among dozens of individuals targeted.

Wikipedia has taken action against what it described as the “co-ordinated group” of fraudsters by blocking 381 accounts. An investigation had found that the accounts were controlled by Wikipedia users offering to change articles about companies and private individuals in exchange for payment.

In some cases, the requests for money amounted to blackmail, Wikipedia told The Independent.

The crackdown represents the culmination of a two-month investigation, dubbed “Orangemoody” after the first questionable account was identified earlier this year. It is suspected that many of the suspect accounts were “sock puppets” – meaning they were controlled by the same person. The true identity of the scammers – or scammer – is still unknown.

The scam worked by targeting firms struggling to get pages about their businesses on Wikipedia. They were often told their articles had been rejected due to concerns of excessive promotional content – although in some cases the scammers themselves may have been the ones causing the articles to be removed.

According to a Wikipedia insider, at this stage the scammers would demand a payment of up to several hundred pounds to successfully “re-post or re-surface” the article, and in some cases demanded an on-going monthly payment to “protect” the articles. The fraudster  usually claimed to be a Wikipedia editor or administrator.

Wikipedia, which has grown to nearly five million English articles since 2001, uses a team of more than 250,000 people to protect the authenticity of its content. However the scam has underlined the weakness in the firm’s reliance on volunteers to create and edit its online content, leaving it vulnerable to abuse.

Once the money was paid the article was then “reviewed” by another Wikipedia user – in fact another of the scammers’ “sock puppet” accounts – and moved to the “article space” section of Wikipedia, meaning it is ready for publication.

The scam has resulted in Wikipedia blocking an additional 210 articles, many concerning UK businesses or notable people, on the basis that they “were generally promotional in nature, and often included biased or skewed information, unattributed material, and potential copyright violations.”

But Wikipedia has called on its users to “be kind to the article subjects”, describing them as the “victims in this situation”.

One of the firms targeted was British holiday company Quality Villas, in Berkhamsted, Hertfordshire. General manager Dan Thompson explained how they were duped. He had tried to set up a page about the company earlier this year, and a few days later was contacted by someone he believed to be from or on behalf of Wikipedia.

The individual told Mr Thompson that his attempt to post about his company had been “declined because of lack of notability and the content up there did not meet Wiki requirements”. But the individual added: “I will rewrite the content to make it Wiki acceptable using reliable references available and I will use my privileges to publish it.”

Mr Thompson said: “The latter part, ‘my privileges’, led me to believe I was dealing with someone at Wikipedia. I was grateful at the time that they would rewrite the text to conform to standards and thanked them for doing it. Shortly afterwards, a modified version was posted online. “The ‘editor’ presented me with a charge of $400 [£260] for the work. I duly paid this, then the posting online was deleted again. Maybe I was naïve, but I suspect I am not alone.”

Another small business targeted was the Little Citizens Boutique, an online toy shop based in Holywood, Northern Ireland.

Alicia Peyrano, the website’s founder, said: “My background is in journalism so I tried to write my own entry earlier this year – and it got rejected. Then I was contacted by someone saying she had experience writing in the Wikipedia style, and that she charged $150. She said she was a published author with Wikipedia. I said OK and so she got it published and then asked me for the money.”

Ms Peyrano added: “She must have been impersonating an actual Wikipedia author. I was suspicious about the whole thing. It’s an online scam, and we nearly fell for it – luckily we didn’t pay.”

It is not just companies who have been targeted. Amanda Foster, a stunt double from Chelmsford, Essex, said: “I started a Wiki page over a year ago and tried to get it online but without the knowledge of how to add some of the content needed.” She was then approached with an offer of help. “I was contacted by a lady via my Facebook page, claiming she worked for Wikipedia and that she would do the necessary corrections.” Last week she paid £29 to have a photograph put online. “I will now contest these payments as it is clear I have been taken advantage of. I feel like I’ve been totally robbed. I’m really annoyed by this, I really am.”

Paul Manners, who appeared on Britain’s Got Talent earlier this year, was also targeted. He said: “It’s quite sad that there are a lot of nasty people in this world and I hope that Wikipedia see sense and resolve it.”

In 2011 an investigation by The Independent revealed that the PR firm Bell Pottinger had a team which “sorts” negative Wikipedia coverage of its clients, prompting Wikipedia’s co-founder Jimmy Wales to attack the “ethical blindness” of lobbying firms. In 2013 the firm faced criticism after it took the unprecedented action of blocking accounts of some 250 paid lobbyists and “sock puppets”.

A Wikipedia spokesman said: “Neutrality is key to ensuring Wikipedia’s quality. Although it does not happen often, undisclosed paid advocacy editing may represent a serious conflict of interest and could compromise the quality of content on Wikipedia.”

It is not explicitly forbidden for people to update Wikipedia pages about themselves, their organisations or companies who pay them – especially if this is to correct inaccurate information. But the site has ethical guidelines designed to discourage abuse.