On Wednesday the Fair Work Ombudsman (FWO) announced a joint campaign with the Australian Securities and Investment Commission (ASIC)  to visit 50 businesses in the Melbourne CBD, checking up on records and time sheets to ensure employers are on top of their compliance.

ASIC officials are also involved in the Melbourne audits, hoping to “raise awareness” around the role of the corporate regulator for small businesses. The joint effort is also aimed at reducing the time needed for SMEs to comply with the audit, noting typically both bodies would visit the business at different times.

Following this, the FWO today revealed it would look into 200 business in the south west Sydney region, specifically targeting the manufacturing, retail, and construction sector in a region the FWO said was “particularly vulnerable to exploitation”.

“We are conscious that workers in this region may face barriers to understanding workplace laws and to taking action to address workplace issues. This potentially makes them more susceptible to accepting sub-standard working conditions,” Ombudsman Natalie James said in a statement.

“Through our proactive compliance and education campaigns, we are seeking to ensure that employers fully understand Australian workplace laws and are well equipped to build a culture of compliance in their workplaces.”

Despite the ongoing work by the FWO towards a simplification of processes for SMEs, Australian Small Business and Family Enterprise Ombudsman (ASBFEO) Kate Carnell says random audits to ensure compliance are “yet another thing for businesses to worry about”.

“While businesses who are trying to screw other businesses or employees deserve what they get, it’s important with random audits that a measured approach is taken towards businesses who are reasonably attempting to comply with the FWO”, Carnell told SmartCompany.

The FWO has also recently released a follow-up report on 891 businesses audited by the regulator who were found to be non-compliant, reporting that audits from the FWO have a positive effect on compliance.

Out of that number, 83% of businesses who were found to be non-compliant are now paying workers correctly, and a further 81% were now correctly complying with recordkeeping and payslip laws. Overall, 69% of previously non-compliant businesses were found to be fully compliant.

“It is clear that after their initial interactions with my agency, most of these businesses have taken our advice on board and put in place systems and processes to ensure they are compliant into the future,” James said.

“Many of these businesses are small businesses that often do not have the benefit of dedicated human resources or payroll teams, meaning that the advice and guidance they receive from my agency is vital.

“The positive results of this campaign show that non-compliant businesses are often genuinely trying to do the right thing, but may lack an understanding or awareness of their obligations.

SMEs want to do the right thing

Carnell says while the “vast majority” of businesses are wanting to do the right thing, the complexity of the Fair Work Act and awards system results in “lots of bureaucracy” in the space, and is calling for simplification and safe-harbour provisions for SMEs.

“Some of the non-compliance issues for those businesses is because they didn’t include their ABN on a payslip. I accept that’s the law and you have to have it, but it’s unnecessarily complex,” she says.

“Businesses are making an effort to comply, but the smaller the business the harder that is, and the Fair Work Act applies to all businesses, whether it’s BHP or the cafe on the corner.”

Carnell is pushing for a simpler approach to compliance for SMEs, and a set of safe-harbour provisions businesses can comply with to ensure they’re protected from complex legislation.

“There should be a clear set of things SMEs must comply with, and if they do all these things they’ll be fine, and they won’t have to face the huge price of legislation and all the other sorts of issues,” she says.

“I know the FWO is very positive towards simplification and is attempting to give SMEs the tools to be able to comply, but it’s important to put yourself in the shoes of a small business owner, working 60-70 hour weeks and then doing all their wages and BAS after hours.”

“They’re trying to keep their business afloat, and the growing complexity of the Fair Work and Tax Acts aren’t making it any easier.”

Original article (and many others!) found at SmartCompany.

In the often hectic world of business, not every situation can be resolved amicably.

Entrepreneurs will encounter arguments, and when those arguments get heated it can be hard to diffuse the situation.

The co-founder of business advisory firm 3COze Liane Davey has written on this truth for Harvard Business Review and provided entrepreneurs and business owners with her hot tips when it comes to dealing with a heated argument.

“Although productive conflict is a hallmark of high-performing teams, many teams struggle to communicate dissenting opinions without triggering resistance and defensiveness. They fall into unproductive conflict by invalidating one another as they argue,” Davey writes.

She outlines a series of common mistakes made by teams when arguing, including passive-aggressive behaviour, questioning co-workers competence, and taking increasingly polarised points as the argument progresses and consequently devolves.

Solving these issues boils down to one point, believes Davey: Validating and acknowledging what your verbal sparring partner has to say. She recommends business owners “approach a conflict by validating rather than invalidating”.

“Validating someone you’re having an argument with simply means giving credence to the debate and to the debater,” she says.

“Rather than negating the other person’s perspective, you accept two things: 1) it’s valuable to hear different perspectives and to ensure the team is thinking an issue through fully, and 2) the person you’re arguing with is adding value by presenting a unique point of view.”

Here are three tips for dealing with a fiery argument.

1. Change your language

Small changes in your language while arguing can dial down a heated argument to a polite disagreement. Davey says “small changes in the language you use will demonstrate that you value the other person and her perspectives”, and she recommends using language such as:

“I think this is a really important issue that we need to talk through openly,” or;

“Thanks for raising this issue. I’m uncomfortable with where we’re heading and would feel better if we could talk it through as a team.”

2. Cover their points

Diffusing an argument can also be achieved by repeating someone’s points as part of your retort, Davey advising terms such as, “What you want us to factor into the plan is ____” or “What I heard you say is ____; is that accurate?”

“The important thing is that your words and body language demonstrate that you value the conflict and the person involved. That doesn’t mean you agree with his point. It does mean that you’re listening and adapting what you think based on his contribution,” she says.

3. Re-introduce your perspective

“The next stage is to pivot the conversation to introduce your perspective,” says Davey, proffering these lines as suggestions:

“Thanks for raising this issue, because I’m uncomfortable with where we’re heading. My discomfort stems from…” or;

“You come at this from a very different perspective than I do, so it’s natural that we see it differently. My perspective is based on…”

“If you go first in validating the importance of the debate and the value of the person you’re debating with, you will reduce defensiveness, keep things issue-focused, and greatly increase the speed with which you get to a mutually agreeable solution,” she says.

This article and more found at SmartCompany.com.au

Collapsing “connected toy” company did nothing while hackers stole millions of voice recordings of kids and parents

Spiral Toys — a division of Mready, a Romanian electronics company that lost more than 99% of its market-cap in 2015 — makes a line of toys called “Cloudpets,” that use an app to allow parents and children to exchange voice-messages with one another. They exposed a database of millions of these messages, along with sensitive private information about children and parents, for years, without even the most basic password protections — and as the company imploded, they ignored both security researchers and blackmailers who repeatedly contacted them to let them know that all this data was being stolen.

Even as the millions of records were stolen and shared online, the company was fielding its last-ditch, hail-mary product: an Internet of Things piggybank (it flopped).

Breach researcher Troy Hunt (proprietor of the essential Have I Been Pwned service), discovered all this by poring through the leaked data that his sources came to him with, finding ransom notices from multiple, independent criminal gangs who had stolen the company’s user-records and were seeking hush money not to release them.

This is the latest in a series of high-profile breaches and security revelations about “connected toys”: most recently, the German government advised people to destroy Cayla, an internet-connected doll that could be converted into a covert listening device; in 2015, the Hong Kong kids’ crapgadget empire of Vtech was shaken by the revelation that the company had lost 6.3 million customers’ data, then lied about it, then changed its EULA to make you agree not to sue them over it, then tried to pivot into the home security market (!); then the Hello Kitty website was revealed to have leaked 3.3 million kids’ data; then we learned that Hello Barbie sent recordings of your children to a notorious military contractor.

As I’ve argued before: there is no IoT business model. Hardware starts at a 2% margin and falls from there. IoT companies get capital by promising to monopolize an “ecosystem” — controlling app stores, service, parts, and consumables, and by collecting as much data as possible in case they might get an exit by selling the company to someone who wants access to it. These firms have no incentive to invest in any but the most cursory security measures (because by the time a breach occurs, they will either be a division of a larger company or out of business), and anything they spend it money they can’t use to keep the doors open while they look for an exit or a profit.

The best way to monopolize ecosystems is by using DRM. Laws like Section 1201 of the DMCA make it a felony to break DRM, even for a legal purpose. By designing a product so that using someone else’s apps, or parts, or consumables, requires breaking DRM, you can turn these otherwise normal, legal, competitive activities into felonies.

And because courts have interpreted DMCA 1201 as a ban on reporting security vulnerabilities (because telling someone about a defect in DRM helps them figure out how to defeat it), the devices that are designed to be as insecure as feasible, as spying as possible, and to treat their owners as their enemies are no-go zones for prudent security researchers.

Spiral Toys is the beginning, not the end.

Like the earlier image, these are yet more indicators of compromise (IOC) consistent with the ransom demands that were going around for MongoDBs in early Jan. Niall called them out later that month as part of his commentary on how the whole saga was unfolding:

There were many malicious parties taking action against exposed databases during this period and we frequently saw the same system accessed multiple times by different actors, each demanding their own ransom. It wasn’t until Jan 13 that Shodan reported no publicly accessible databases remained on CloudPets’ IP Address. The CloudPets data was accessed many times by unauthorised parties before being deleted and then on multiple occasions, held for ransom.

Article from http://boingboing.net/2017/02/28/internet-of-shitty-toys.html