Personal Email at Work

I’ve been asked several times recently about personal emails on work IT systems.

I’ve been doing a bit of work to assemble some information on the issue and cut through some of the assumptions that are made.

I should make it clear that I am not a lawyer, and that even if I was, I wouldn’t be your lawyer, so seek advice if you are unsure or feel that your circumstances are unusual.  This article is intended more as a common-sense guide to the main issues.  I should also make it clear that I am talking about the situation in the UK only.

There is a (mistaken) view in some quarters that – if an employee does something on a work computer then the employer ‘owns’ the data and therefore has an automatic right to read it. In Europe, there is clear case law (derived from article 8 of the European Convention on Human Rights) that allows an employee a degree of privacy – even when using company systems to send personal communication.   Especially if they haven’t been told that monitoring may take place (and therefore have a greater expectation of privacy that might lead them to be less cautious about what they say).

http://news.bbc.co.uk/1/hi/wales/6559873.stm

http://plc.practicallaw.com/1-369-8081

Needless to say – there are grey areas. There is no one single clear statute that sorts it all out for us!   Instead, you have to navigate the interactions of:

  • Human Rights Act 1998,
  • The Data Protection Act 1998,
  • The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000,
  • Regulation of Investigatory Powers Act 2000  (RIPA)

As an employer, you do NOT have an absolute right to read an employees personal emails.  In fact RIPA now actually makes it a criminal offence to intercept (i.e. read) emails without ‘lawful authority’ (Yes, even when you own the email system on which the communication is taking place).

‘Lawful authority’ in this case basically falls into two groups:

  1. The permission of the sender and recipient
  2. An assortment of specific activities such as prevention of crime, ensuring regulatory compliance, etc.

Note that the second group only appears to apply to business-related communications, so they are not a carte blanche to intercept personal emails – you’d need to be able to justify your actions.

http://plc.practicallaw.com/9-101-3059

In essense – if you want the option to intercept employees personal emails – you categorically need their permission – most likely in the form of a clause in their employment contract and/or a clearly worded ‘internet use policy’ that states that personal communications may be subject to monitoring.  In the absence of that permission, you will leave yourself open to legal action.

Conclusions
Decide, as a matter of principle, if you are happy for your staff to use the firm’s systems for personal communication at all.

Decide if this means they can use the firms email system, or if you prefer them to use personal email addresses via web-mail systems like Hotmail.  (Pro:dodgy personal emails aren’t emblazoned with your company’s name.  Con: Web mail won’t go through your central email filters, so it could be a source of viruses).

Once the decision has been taken to permit personal use – then it all comes down to the practical aspects of constructing the policy and communicating it to employees.  There are lots of examples out there, so I won’t go through the chapter and verse, but I will suggest a few points for consideration:

  • Clearly state that all messages in and out of the system MAY be subject to monitoring, and WHY (compliance, reputational risk to the firm, etc.)
  • Remind users that emails may be archived for extended periods of time on servers, backup tapes, and the like – even if they have been deleted from the user’s own desktop software.
  • Point out that using web-mail systems may result in some content being stored in temporary folders on desktop PC’s or on the firm’s internet firewall.  This could include logon information such as passwords.

At the end of the day, you need to make it clear that if your employees are THAT concerned about their privacy, then they shouldn’t use the firms IT systems.  They can then make informed decisions on the level of risk they are taking.

One approach I have seen recommended is to establish a clear protocol for personal messages – so that if, for example, you need to access an employees mail while they are away or off sick – you can distinguish work from personal without actually opening the message.   Ask employees to put ‘PERSONAL’ in the subject line of the email, for example, or get them to create rules in Outlook that move all incoming personal messages to a seperate folder.  You may want to also ask that staff use a different signature when composing personal emails (excluding mention of their job-title or other corporate branding).

As a final point:- if you do allow personal email traffic, then once it’s on your systems it becomes your responsibility to protect it under the Data Protection Act – make sure that access to staff emails is suitably protected so that the messages can be accessed only with a valid reason.

White Paper – “Retiring Singleview”

Good old Singleview – which has been around in one form or another for the best part of a decade – is now in ‘maintenance’.   This is another way of saying that it’s no longer being developed.   It’s not dead yet, as there are more than a hundred organisations using it every day, but CCH are starting to make noises about migration to their new product: CCH Document Management.

CCH have put a fair bit of effort into ensuring that most (but not all) of Singleview’s features are present in the new product.  Nevertheless, the new software is very different (visually and in terms of the underlying ‘ethos’).

I’ve prepared a free white paper that discusses the differences, and provides guidance on how to start planning for the inevitable.

White Paper – Moving from Singleview to CCH DM  (PDF – 2Mb)

CCH are pretty goood about support for old products – they don’t cut users off at the knees like some software providers.  Nevertheless, the product inevitably starts to age, and  it won’t be updated for future versions of Windows or SQL-Server, making it more troublesome to keep using.  CCH did release an update to resolve an issue with Outlook 2010, but this is going to be the exception rather than the rule in the future.

This white paper was written to compare the final version of Singleview (v4.40) and CCH Document Management v1.3.

The Internet is full! – The sky is falling!

There have been a few stories in the press recently to the effect that the internet is ‘nearly full’.   So – I thought I’d add my two penneth… with an almost completely jargon-free summary of the problem.

At the heart of the internet (and also your office network – unless it’s very old) is something called TCP/IP.  TCP/IP is the means by which computers talk to each other over a network.

With TCP/IP, every computer is assigned an ‘IP Address’.  In simple terms, it can be considered as your computer’s ‘phone number’.  Any computer that wants to talk to any other computer over a network needs this number before it can send any data.

An IP address isn’t a single monolithic number, but is structured into sections to contain what might be considered ‘area codes’ (to extend the telephone metaphor a bit further). An IP address looks something like this –192.168.25.105 (four numbers separated by dots – each of the four numbers can range from 1 to 255).

The design of the IP Address means that there are a total of 4,294,967,296 possible addresses, which probably sounded quite a lot when the thing was designed in 1981 by the US Defence department.

It turns out that it wasn’t nearly enough, and we’re now very close to running out.   What was not predicted was that the internet would become so all-pervasive that your mobile phone has an IP Address, your office printer has one, and your next washing machine, car, and even light switch will probably have them too.

Over the years, there have been various clever approaches to eke out the dwindling stock of numbers – The most successful being Network Address Translation (NAT) which means an office containing thousands of PC’s now only needs a single IP address on the internet (A bit like the way your single office phone number can service lots of telephone handsets in the building via the use of extension numbers – and the metaphor is now stretching to breaking point).

Computers need a bit more structure in their lives than humans, so we can’t just do what British Telecom does and muck about with area codes in random ways. BT splitting the London area codes from ‘01’ to ‘081’ and ‘071’ for example – was their (unsuccessful) solution to the same fundamental problem.

The answer, which has been in preparation for several years, is a whole new numbering system called IP version 6 (IPv6 for short). (The current system is IPv4, by the way – IPv5 was a specialised project that never really got off the ground).

An IPv6 address looks quite different from current four-part addresses.  It looks a bit like this:  2001:db8:1f70::999:de8:7648:6e8.

Because the IPv6 address is much bigger, it allows for many more addresses than IPv4.  In fact IPv6 provides for 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses – well beyond Billions and Trillions and into orders of magnitude that we don’t even have names for yet.

IPv6 has been around for a while, and most modern kit has been designed to be able to support it – Windows Vista and Windows 7 both have it built-in and installed as standard for example.  You only need to configure and activate it.   Windows XP got IPv6 support in Service Pack 1.

IPv6 also incorporates a whole range of technical changes – incorporating all of the lessons learned over the last couple of decades – to improve the efficiency, reliability, and security of Internet communication.

Why should I care?

At some point in the medium term, the internet will switch over to IPv6, and you WILL need to ensure your IT systems can cope with this change.

Will the sky fall in if I don’t do anything tomorrow?

No.  Most of the planet is in the same boat, so nobody’s going to do anything to rock that boat in the short term.

Will the sky fall in if I don’t do anything in the next year or so?

No.  As a small business, your ISP will eventually do most of the work and sort you out with an IPv6 address, and then do some old-to-new translation so your office network can still access the internet.

Will the sky fall in if I ignore the problem completely?

Ummmm.

Eventually – you may find yourself with a degrading internet connection – possibly even in a position where future clients won’t be able to find you on the Internet or connect to you.

What should I do?

Make sure that future purchases of network infrastructure (Hubs, Switches, Routers, etc) can support IPv6. The transition will be gradual – albeit inevitable.

Spindle Professional

The 2009 Software Satisfaction Award for Paperless Office was won by Spindle. What is it?

In this day and age – any way of saving on the running costs of a business has got to be good – when you can do this by reducing the amount of paper generated – then it becomes dear to my heart. I first heard of Spindle about a year ago, and was enthused enough to sign up as an agent for them.

The best way I’ve found of describing Spindle is as an ‘Intelligent Printer Driver’. When installed, Spindle appears as an extra printer on your PC. When you print something, Spindle analyses the CONTENT of the print job, page by page, and then uses a set of business rules to manipulate or redirect the output in various ways.

– Extract information (client code, date, amounts, etc) from the face of the printed document
– Link to databases on your network and extract data from them
– Apply watermarks and other images onto the printed document
– Re-direct selected parts of the print job into a PDF file and email it
– Re-direct selected parts the print job to fax software and fax it
– Convert the print job into PDF and save it to your network
– do ALL of the above to the same document

All the user does is click ‘Print’, and Spindle then applies all sorts of rules to determine what should happen to the output.

Here’s a practical example of how it can be used….

Every month, you do a traditional debtor statement run. Those statements are printed onto letterhead, folded, and posted to your clients. If you print, say, 500 statements a month, that’s £180 postage plus the costs of an admin person to do all the practical tasks of folding, sticking in envelopes, etc. (plus the paper and print costs).

Now – why not email debtor statements rather than post them? the answer is usually one of practicality – not all clients are happy with emailed statements, so its very unlikely that you’ll reach a position where 100% of your statements are emailed – so you end up wth a need to split the run into paper and electronic.

Most Time and Fees systems can’t be this selective – at the very least you end up generating seperate statement runs for each group of clients, and the process now becomes…

– Generate the electronic versions of the statement
– pick out all the cases where the client insists on paper statements (or where we don’t have an email address) and printing those on paper
– look up the email addresses of all clients
– generate 500 emails – each with the correct attached PDF file

Most people (myself included) would lose the will to live long before the first email had gone out, but Spindle could be configured so that the process becomes…

– Choose the statement option in your software, and click ‘Print’
– That’s it

Spindle can even construct a personalised message within the email, using information from your client database.

Spindle, in essence, makes it practical to perform complex operations with print jobs that would otherwise be impractical.

Spindle can perform a whole range of clever tasks against a print run – entirely automatically..

– Print an ‘Overdue’ stamp on statements that are aged past a certain point
– CC certain statements to the appropriate partner
– Apply your firm’s letterheading design to printed output

The database integration within the software means you can ask it to ‘read’ the client code on a printed letter, cross reference with your Practice Management system, and then automatically ‘decide’ which delivery method (paper, email, fax) is the best option for that client. If email is chosen, it can turn the letter to PDF, overlay your letterhead, attach it to an email, and send it. If fax is the best option, it can add a header page, apply a black & white version of your letterhead, and send it to the fax number in your client database via your fax software.

Spindle has specific integration features for Sage bookkeeping products, and can also file printed documents to SharePoint or INVU document management systems.

It’s a genuinely unique product – well worth a look.

Client Books & Records – The Next Big Thing?

We’re now at a point when most compliance packages have about as many bells & whistles as they need (and most people could want).   Everything that can be automated has been automated and the future of these packages is one of consolidation (with occasional flurries of activity for externally imposed events like iXBRL).

In the last few weeks, I’ve encountered TWO developing products that suggest to me that technology is at last ready to have a stab at the last bastion of manual faffing about – Client books & records.

Firstly, a new SaaS business called ‘LedgerScope‘ is preparing for launch.   This is genuinely new, and, if it all works as planned, could be a real time and hassle saver.

Ledgerscope will, in essense, automate the process of transferring client bookkeeping data files to the practice at year end – reducing the amount of work the client has to do, AND reducing the practice’s need to manage a wide variety of different bookkeeping products (multiple versions of Sage, etc) on their own systems.

From what I’ve gathered so far, the process works like this….

  1. The practice, via Ledgerscope’s website, sends a ‘Books In’ reminder email to their client.  This email gives the client a hyperlink to click, which walks them through a simple process for linking Ledgerscope’s systems to their Sage/Quickbooks/Xero data files.
  2. The client bookkeeping data file is uploaded to Ledgerscope (not to the practice)
  3. Ledgerscope does some analysis of the client’s data, and supplies the practice with some nice reports – highlighting possible issues for attention.
  4. The practice can use Ledgerscope’s web-site to work with the client data files (adjustments, etc).  You never need to bring the data file down to your own systems, and you don’t need to own a copy of Sage/Quickbooks on your own network.
  5. Ledgerscope can then deliver a data-extract for import into the practice’s Accounts Prep software.

I can’t even count the number of practice file-servers I’ve seen which are clogged up with client datasets, and when you add in the hassle of trying to keep up with endless different versions of Sage, etc, that accounts departments then have to juggle, you have a real ‘pain point’ for accounts departments up and down the land.

What a great idea.  Keep an eye on them.  ( http://ledgerscope.com ).

The second thing was for Personal Tax departments, for whom CCH are also on the verge of releasing something interesting.

A few months ago CCH started offering a product called ‘CCH Scan Management‘.   This was a utility to help organise and collate source documents for Personal Tax jobs.   You can scan stuff into the software, and the product then has a stab at identifying the document (based on the text on the face of the document) and moving into the correct file-section (Employment, Investments, Pensions, etc).

The idea was that, this eliminated much of the paper shuffling, and gave tax fee earners a paperless way of assembling and organising their source data before embarking on the job.

Jon Stokdyk did a review of this a while back…

http://www.accountingweb.co.uk/topic/review-cch-scan-management

Anyway – this product had a number of limitations: It really needed a copy of Adobe Writer (expensive) to work fully, and it worked in isolation from the rest of the CCH product range.  It was very cute, but not really going to set the world alight.
Now things have moved on a bit…

CCH are working towards a release of the software that not only identiifies the source document, but then extracts key data from that document and populates your CCH Tax software with that data.  This offers the potential, then, for eliminating manual data-entry for many routine tax jobs.

Some key things that struck me with the software were:-

  • It works not by looking at particular areas of the page, but by looking for close associations of text and data (The words ‘Gross Pay’ for example), so it should be tolerent of different P60 form layouts from different payroll packages.
  • A facility to ‘teach’ the software to recognise particular forms. (If it has trouble with a particularly idiosyncratic P60 layout, for example).
  • Automatic detection and removal of commas, pound signs, etc from the data.
  • An on-screen review process for the fee earner – who can compare the scanned image with the software’s efforts.  The fee earner can then deal with any corrections or additions.
  • Full integration with CCH Personal Tax (PerTAX.NET as was), so the data gets delivered to your software with a mouse click.
  • It doesn’t need Adobe Acrobat any more, as it can natively manipulate and create PDF output to store the scanned documents in your filing..

This is NOT an easy thing to do, and it’s inevitable that not every document will be sucessfully identified (even allowing for clients who send in hand-written stuff).  But even if it only works 70% of the time – that’s still a huge potential time saving on the dreary task of bashing data into PerTAX from a pile of client paperwork.

Both these examples are of products that are not yet available, but which are close enough to be of more than academic interest.  If they work as advertised, and the pricing is right, then it could be the start of a completely new product category.

IE6

Recently, there have been some news stories floating about regarding the security of Internet Explorer (and version 6 particularly).

Internet Explorer 6 was released in 2001, which makes it practically an antique in computing terms.  In its day it was fine (and an improvement on both its predecessors and the competitors of the day).

However, as technology has moved on, IE6 has not aged well – the increasing sophistication of security threats over the last decade have highlighted IE6’s limitations and vulnerabilities.

IE6 also has more than a few..er…idiosyncrasies…that web-designers are forced to address when writing new web-sites (otherwise the web-sites just don’t work properly).  Most web-sites are therefore more complex than they really need to be, which annoys the web-site owners and adds to their costs.

Recently, there has been a groundswell of support for eliminating it completely.  Both Google and YouTube have announced they are not going to pander to IE6’s funny little ways in future.  I can’t say I blame them.  (Actually, AccountingWEB itself doesn’t seem to play that well with IE6 any more).

Why didn’t Microsoft do anything?

They did.  They regularly issued patches and updates, and (belatedly) re-started their development efforts to produce Internet Explorer versions 7 and 8, both of which are dramatically better than IE6.

Of course, life is never that simple, and there are far too many people out there who failed to apply the patches and updates that would have kept them safe.

Microsoft even created a website to track the declining usage of IE6 and encourage users to switch.

http://www.ie6countdown.com

Do I have IE6?

Open the’Help’ menu in Internet Explorer and select ‘About Internet Explorer’ – The version will be shown there.

If I do…should I panic?

No.  In a business environment, your systems should already be behind a nice firewall, which helps hugely.  You should also have Internet-usage policies to ensure your staff aren’t visiting the dodgier corners of the Internet using office PCs (No, not just porn, but also sites offering pirated music or videos, or free software, games, etc)

As a business, your choices are not as simple as they are for a consumer – you may have applications that rely on Internet Explorer to work properly (any Intranet element that uses ‘ActiveX’ for example will only work in IE – MYOB/CCH’s Singleview is a case in point).  If you are a SharePoint user, then again IE remains the best option (although with a bit of fiddling, Firefox can be made to behave with SharePoint).

I have Windows 95/98/2000 – I can’t use IE8

Your IT systems need upgrading…badly.  If you approached cars like this, you’d be driving a Morris Marina and wondering why you were the only one in your street still struggling to start your car on a cold morning.

Should I upgrade?

My STRONG recommendation is to upgrade to Internet Explorer 8.  Earlier versions are significantly less secure, and many of the problems encountered and reported in the press would NOT have happened if users had done this.

IE8 even has a ‘Compatibility View’ that makes it behave like earlier versions (in a good way…not by reopening the security holes!).  So if you find a web-site that demands IE6 to work (very unlikely), then you can still access it.

www.microsoft.com/uk/ie

I would, however, advise that you verify you can access any on-line banking services you normally use.   For some reason, several banks’ sites seem to demand IE6 (something I can only put down to sheer laziness – there are no possible security arguments).

Should I switch to something else?

Well, that’s clearly an option, there is MUCH more competition that there used to be.  (Firefox, Opera, Chrome, and so on).  They are all faster and more standards-compliant than Internet Explorer 8, although I class some of this as being in the ‘Top Gear’ mould of comparing lap times of the latest supercars – something most mere mortals can safely ignore for any practical purpose.

In a business environment, however, you need to ensure that everything works, and IE for all its faults, is the baseline that most software companies will work to.   I’d stick to IE.

Windows Home Server

ANY business, regardless of its size, should invest in some basic minimums on the IT side of things.  One important investment is a server – good quality data-storage that lives in your office – keeping your core records safe and isolated from the day to day issues that can beset a laptop or desktop PC.

Many small/sole businesses (with maybe one or two employees), see this as something that’s all a bit too complicated or expensive – particuarly if the technical aspects of getting it all set up looks a bit daunting, Microsoft does have a product called ‘Small Business Server’ which bundles a set of products in a single box for up to 25 users, but even SBS can require a fair amount of time and effort to get running properly.

There is, however, a Microsoft product called ‘Windows Home Server’ which, despite its name, can be ideal for small/sole-trader businesses. I’ve been experimenting with a copy.

Windows Home Server is designed to be as simple to manage as possible – while providing a genuinely useful set of features that some more expensive systems would have trouble matching.

It stores stuff – and that’s it.
WHS is about safe, centralised storage of data, and that’s it.   It won’t run big databases or Microsoft Exchange, but that’s not really what one-man bands are after from their first server.

It automatically creates a series of ‘shares’ that are given friendly names such as ‘Music’, ‘Pictures’, etc.   For use as a business device, you can easily remove these and create your own (maybe called ‘Clients’, ‘Accounts’, ‘Personal’ and so on).

Simple, effective, security
While a ‘proper’ server requires you to delve into Windows Active Directory, domains, and so on, WHS users can be added via a very simple administration screen, which asks little more than a user name, a password, and a choice of three levels of access rights to the different shared areas of the server’s storage.

To connect your laptop or desktop PCs to the WHS server, you install a small ‘WHS Client’ on each machine, which ensures that WHS knows about your other computers.

Self-managing data-storage
Windows Home Server automatically organises all of its disk-drives into a single, unified storage area.  If your server, for example, has 50 Gigabytes of space, and you find yourself running low, you might install a second (100Gb, say) disk drive and Windows Home Server automatically merges the the two drives together into a single, 150Gb storage area).  This means you never need to worry about whether your data is on drive C: or drive D: – because all of that is hidden from view – WHS takes care of putting data wherever there is space, across whatever motley collection of disk drives you happen to have installed.

If, at a later date, you decided you wanted to replace that 100Gb drive with a 500Gb drive – Windows Home Server will even help you to shuffle all the data about so that the old drive is emptied of data for safe removal (It’ll tell you in advance if you have enough free space on the other drives to do that).

Duplicate data-storage
The only moving parts on most servers are the spinning disk drives.  Inevitably, these are the parts that are most subject to failure.

One of the most effective answers to this is to automatically store TWO copies of everything on two different disk drives inside the server (This is called ‘Mirroring’ or RAID1).  If one drive fails, you still have your data safe on the other one, and you can then replace the faulty device at your leisure while the server runs happily on one drive for a few days.  (The chances of BOTH drives failing at the same time are miniscule).

Normally, setting up this kind of system demands that you purchase two identical drives, and carefully configure your server.  Windows Home server, however, offers a very simple but effective version of this that takes all of the hassle out of the process. All you do is decide which areas of your data storage are vital, and tick a box for ‘File Duplication’.  WHS then ensures that a copy of your files is placed on one of the other disk drives (it doesn’t matter which one – the system takes care of it for you).  If one drive fails, then you can simply access the copy on the other disk without missing a beat.

This feature uses up double the amount of your disk space, of course, but remember you can just add another disk at any time.  (External disk drives are fully supported, so you can buy an external drive, plug it in and see your extra space appear- all without even turning the machine off)

Automatic backups
WHS includes a feature that will automatically take full backup copies of the data on any laptop or desktop PC on your mini-network – putting all of the files onto its own drives.  This process can be entirely automated.  If you leave your PC on overnight, then WHS will connect to the laptop and trigger a backup automatically at an agreed time.   If your PC has ‘gone to sleep’, then WHS can even wake it up, carry out the backup, and let it go back to sleep afterwards.

Remote Access
WHS includes a facility for remote access over the Internet.  If you are away from the office or home, and suddenly find yourself in need of a piece of data or document, WHS lets you access your files from your laptop PC over the Internet.  Needless to say, the system includes a range of security settings to protect your data, and the feature is not activated until you decide you want to start using it.

What DOESN’T it do?
WHS is designed to act as a simple but effective data-repository for domestic use (music, photos, etc), but it has found a niche in very small businesses as well. As long as you don’t need it to run big databases, or handle your email traffic, or any of the other things that ‘proper’ servers can do, then it can be very effective.

Getting One
The WHS software can be purchased for use with existing hardware for about £65. This will support up to ten users.  It took me about half an hour to set up, most of which was spent watching the installation process, and occasionally pressing ‘Next’.

A number of manufacturers are now offering ready-built Windows Home Server systems that can just be unpacked and switched on.  Hewlett Packard offer a ‘MediaSmart’ server, wiith 1 Terabyte of storage (and space for more) for £500.  The picture at the top of this article is an HP MediaSmart, and it really is small enough to go on a bookshelf (no screen or keyboard needed).

If you are a sole trader or a freelancer, keeping all your data on a laptop PC, then WHS is seriously worth consideration as a flexible, low-cost data archive living quietly on a shelf at home.

More information

http://www.microsoft.com/windows/products/winfamily/windowshomeserver/soho/default.mspx