Massive losses as criminals target UK lawyers’ insecure transactions

Unsurprisingly, more evidence is emerging all the time of fraud perpetrated by criminal gangs against law firms who do not manage transactions involving financial transfers securely. This article, published in The Times on Friday 4 September, highlights some of the causes.

As ever, one of the root causes is the use of email to transfer confidential information. Law firms should be insisting that their clients do not allow any sensitive or potentially high-risk information to be carried by email. The article referred to above highlights yet another instance of theft through email penetration. However, 70% of UK law firms still use email to communicate confidential information, risking their not only clients’ funds but also potentially their own existence.

Safe4 have gone to great lengths to provide a service which offers completely confidential transfer and storage of information. As well as being SRA-compliant, all Safe4 information is held in UK-based data centres that are accredited to the ISO 27001 security standard.

If you would like more detail on how Safe4 can assist with the secure handling of critical information, please contact us. We will be delighted to speak with you.

A real heart stopping lesson about data security

I imagine the very recent news that customer data has reportedly been stolen from Ashley Madison, a dating website, will send a few hearts fluttering and pulses racing.

Without wishing to pass judgement on the company or people who use it, how much longer will it take for all manner of organisations to realise they have to take data security seriously? Regardless of what Ashley Madison actually does and if the reports are true about data being stolen, they will rue the fact that they have not paid more attention to this issue.

Not taking data security seriously is asking for trouble and is as certain to limit the future of a business as would be mistreating customers in any way.

For anyone looking into this issue for the first time it is important to be aware that ISO 27000 is a family of standards that helps organisations keep information secure. These standards help manage the security of customer information, financial data, intellectual property, employee details and other information entrusted to them by third parties.

Safe-4 uses a UK-based data centre accredited to ISO/IEC 27001, the best-known component in the family of standards providing requirements for an information security management system (ISMS) which is an exacting and systematic approach to managing sensitive company information so that it remains secure.

It does not matter if a business is large, medium or small in size; using these standards and working with other businesses that also use them will help companies in any sector keep highly sensitive information secure.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

3 of the major benefits Safe4 delivers …

Customers across a number of different business sectors are using Safe4 to increasingly positive effect, both within their own businesses, and more importantly to get confidential information to external parties without risking the use of email.

In addition to the overriding value to be gained by avoiding the inappropriate use of email, Safe4 customers are gaining other significant advantages.

  1. Using Safe4 saves money, and improves internal efficiency. When confidential information has to be transferred to other parties, traditional hard-copy methods are slow and expensive. In several specific instances, Safe4 clients have had to transfer files which not only contain highly confidential information but also are too large for email. Other customers have saved the annual cost of a client vault in postage and stationery within the first few weeks of using Safe4. The ability to gain immediate access to information whilst travelling is also valuable, and allows potentially difficult situations to be dealt with quickly and effectively.
  2. Safe4 can significantly improve regulatory compliance. Today’s business environment is increasingly heavily regulated, and the ability to prove good practice and adherence to specific codes and standards is of great importance. The comprehensive audit trails and reporting facilities that Safe4 provides allow evidence of all document-related activity to be offered in support of any claims or disputes that may arise.
  3. The use of Safe4 can help to improve client service, and can also assist with the development of a different, more interactive relationship with clients and other external parties. The white-labelling and branding capabilities of Safe4 support consistent brand and image presentation, and allow external parties to receive and use information instantaneously.

The UK-hosted service offered by Safe4 will also add to the confidence that foreign authorities or jurisdictions cannot interfere with customers’ confidential information. Because Safe4 is a UK company operating under the law of England and Wales, further potential risks to security are avoided.

For more information on how Safe4 can help to add value to your business, please contact us. We will be delighted to hear from you.

Another record month for Safe4

July 2015 saw yet another record month for Safe4, with the highest monthly number of new users so far, and 100% availability. Average page response times were well under half a second, meaning that Safe4 customers and their clients were able to gain very rapid access to the service at all times. Safe4 remains one of the safest sites on the internet, as several more security improvements were made during July.

For more information on how Safe4 can assist your business to save money, improve compliance and achieve enhanced customer service, contact us.

How safe is cloud computing? It depends who you work with …

Much has been made in recent times of the benefits that can be derived from cloud computing. In fact the speed of growth in use of “the cloud” has been one of the major factors in the IT industry for most of the last decade. But how safe is cloud computing?

Traditionally a profession that has adopted a cautious approach to new technologies, the legal sector are showing increasing signs of understanding the financial and operational benefits of using the cloud as a resource for managing different types of information. The Solicitors Regulation Authority has highlighted this in recent publications, expressing the view that “Cloud computing is continuing to increase in popularity, with low cost and flexibility the key advantages. Cloud users do not have to maintain their own data storage or multiple site licenses for software. The cloud works out cheaper than direct data and program storage, and permits true mobile working with no need for data sticks or email transmission of files, both of which are key risks for data loss. Email is not inherently secure, while data sticks are easily lost and provide ready systems access for virus programs.”

However, there are of course risks. The SRA also points out that when a cloud-based service is implemented, control of data is effectively handed over to a third party service provider, and the ability of that provider to protect confidential information can represent an area of risk. Careful selection of the cloud system provider can effectively mitigate this risk, as there are very wide variations in the level of security that different companies offer.

Safe4 Information Management have made major investments in ensuring that the security of their customers’ data is given the highest possible priority. This is reflected in the way Safe4 have addressed the issues raised by the SRA. The measures Safe4 have taken include such key areas as ensuring that all data is held in ISO-27001 approved data centres in the UK, confidential information is never transmitted by email, all stored data is encrypted using highly secure ciphers, and that all contractual engagements are undertaken according to English law. Rigorous penetration tests, carried out by independent UK Government-certified agencies, also ensure that any areas of vulnerability caused by new internet threats are addressed as a matter of urgency.

The SRA also points out that “sound cloud computing providers offer better encryption and security than would be possible for a small or medium-sized solicitors’ practice storing its data locally.” Due diligence applied in the selection of the cloud service provider can help to bring the law firm the financial and operational benefits of this highly effective resource while making sure that its stored information is given the maximum protection possible.

The views of the SRA are echoed by the Law Society, which has also published guidance for law firms wishing to use the cloud.

A number of law firms in the UK have for some time been making use of the highly secure document delivery and storage service offered by Safe4 to share confidential information with their clients and other external parties. One law firm in Leeds is now in the process of introducing the use of Safe4 as a direct result of the way the SRA guidance has been interpreted and implemented.

For more information on how using Safe4 can benefit your law firm, please get in touch.  We will be very pleased to assist you.

Ben Martin

benmartin_square

 

 

 

Ben Martin is a Director and founder of Safe4 Information Management

More new security and reporting features for Safe4

Safe4 has been enhanced again by the addition of stringent password strength checks for new users, and the ability to download some system reports directly into a .csv file for further analysis and manipulation. This will be further improved by extension to all reports in the near future.

At Safe4 we are constantly seeking ways to make the service more secure, and more flexible in the way it can be used. As always, this is largely based on customer feedback and the need to maintain vigilance in the face of an ever-increasing array of security threats.

For more information on how Safe4 can assist your business to manage confidential information more securely and efficiently, please get in touch with us.

Information security insights from McKinsey

Anyone who has an interest in the issue of cybersecurity should read the book excerpt ‘Repelling the Cyberattackers’ in McKinsey’s Quarterly, July 2015, by Tucker Bailey, James M. Kaplan, and Chris Rezek – click here to read the article.

However, as good as this advice is, especially as the world rushes at ever increasing speed towards digitising everything, we forget at our peril the need to concentrate on the basics. Having a secure online communication, document delivery and storage capability is a vital requirement and it is the place to start the whole process of planning a cybersecurity strategy.

Next comes getting everyone in the organisation into the habit of executing standard hygiene controls: regularly changing passwords, choosing a password methodology that has absolutely no connection to your personal life and only opening emails and especially attachments from people you know. Failure to adopt these simple rules is asking for trouble.

As ever, the human factor can be the weak spot – it is not just about putting secure IT solutions in place.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Beware of public Wi-Fi!

Paul Holland has published an interesting post on LinkedIn, highlighting the risks associated with using public Wi-Fi.  To quote Paul’s post:

“An investigation conducted in London has shown the ease with which personal data can be hacked when the target is using public Wi-Fi. Security and privacy software company F-Secure teamed up with penetration testing expert Mandalorian Security Services and the Cyber Security Research Institute to conduct the test – in this case, hacking into the devices of three politicians.

The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.”

It is important to note that when using Safe4, all interaction with our service is fully encrypted, including the internet link from your device.  Even when using public Wi-Fi, Safe4 communications cannot be intercepted – as opposed to the huge risks that exist when using open email systems.

Is our health and wealth sufficiently protected?

The current spate of publicity about how poorly some charities seem to care for the personal information they keep about the donors who support their respective causes is yet another reminder of just how vulnerable organisations are when it comes to keeping customer information safe. After all if you give information to any business and especially to your doctor, your lawyer or your financial adviser you expect it will be kept safely.

The principles on which the very foundation of all businesses enterprises should be built has not changed since we all lived in the fields and we bartered to get what we needed to survive. Harnessing our resources to satisfy the needs and wants of our customers is the bedrock of all economies as all truly successful companies have proven. Yet of all the sectors in our economy the medical, legal and financial sectors are built upon another key driver. They have to deliver absolute client confidentiality because nothing is more private to us as individuals then our health and our wealth.

The General Medical Council, The Law Society and the Solicitors Regulation Authority produce a lot of sensible guidance on best practice for keeping client information safe, cyber security, and use of cloud computing etc. However, like many things in real life we are all spurred into action when something goes wrong, when the company’s system is hacked into or when there is a proven breach of confidentiality rules about which the injured party often complains most noisily.

So, why do we prevaricate about taking such action? Why are we so inclined to believe ‘it will not happen to us’? Well, it is just human nature I suppose, just like the fact that we all know we are going to die but none of us believe it is going to happen today. Many of us do lots of little things to put off that fateful day like take exercise, eat and drink sensibly so, why don’t we do a similar number of little things in our businesses to protect customer information?

The probability is that so much is not done to ensure client confidentiality because we either do not see where the holes are in our respective enterprises, or we do not know what to do – or if we do know what to do – we see it as simply too big and too complicated to handle. The answer has to be we must start somewhere and starting to do a small number of little things is the only way to get to that place where we are absolutely certain that we could not have done more.

So, come on then get in touch with your local information security expert and ask them to advise where you should begin. It may turn out to be a journey of a thousand steps but you have to start somewhere.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Another bumper month for Safe4

June 2015 proved to be another successful month for Safe4, with a record number of new users registering for the service, and 100% availability once again.  The uptime record of Safe4 is now amongst the best in the industry, and coupled with very high levels of security this makes Safe4 the ideal choice for any organisation that needs to deliver information securely to parties both internally and outside its own IT domain.

For more information on how Safe4 can help you to achieve total security combined with 100% reliability, please contact us.  We will be very pleased to assist.