Safe4 and Jermyn Consulting to work together

Safe4 Information Management and information security experts Jermyn Consulting have agreed to work together to bring the benefits of highly secure document storage and delivery services into the market sectors addressed by Jermyn.

Jermyn Consulting and Safe4 are natural partners, addressing many aspects of information security. Jermyn specialise in ISO 27001 consulting, and assisting with development and management of business continuity and disaster recovery plans. They have developed structured methodologies that assist their customers to achieve higher levels of resilience in their businesses.

George Hall, founder and managing director of Jermyn Consulting, believes that the combination of their knowledge and experience with the proven security and flexibility offered by Safe4 will add value to the work that is being carried out on behalf of their customers: “I am confident that working with Safe4 will enhance the excellent relationship we have developed with many of the organisations we provide services for, both by managing our communications securely and by providing a strong and effective platform for the creation and management of disaster recovery plans.”

Ben Martin of Safe4 sees great benefits for all parties in this relationship.  “We are excited at the opportunities offered by working with Jermyn Consulting.  Their long experience and proven expertise in the field of information security complements the fundamental purpose of Safe4 perfectly – to provide a cost-effective, highly secure and customer-friendly service to deliver and manage confidential information.  We look forward to working closely with them to develop offerings aligned with their specific market sectors.”

Careless use of email continues to lead to security breaches

As in previous years, global accounting and consultancy services provider pwc has released its 2015 report on information security breaches, and the impact that they have on businesses of all sizes.  The costs of such breaches are huge, both in financial terms and from a reputational perspective.

Interestingly, a significant number of breaches are caused by employee behaviour rather than technology-related issues.  Companies that allowed their staff to access social networking services and peer-to-peer file sharing sites suffered higher levels of information leakage. Following on from the Bank of England’s experiences relating to “auto-complete” of email addresses, careless or uncontrolled use of email remains a damaging cause of security failings.  This was commented on last week by Safe4.

The approach adopted by Safe4 can help to eliminate such security breaches.  By placing confidential information into a secure vault, only approved and authorised users are permitted to gain access, and all actions are comprehensively recorded in audit trails. Email need never be used to carry confidential files as attachments.

For further information on how your organisation can benefit from using Safe4, please contact us.  We will be very pleased to assist.

Bank of England moves to stop email errors

The Financial Times has recently reported on a new security measure being implemented by the Bank of England – disabling the auto-completion of email addresses to lessen the risk of emails being sent to the wrong addressees.  This follows an email about research into Britan’s exit from the EU being accidentally sent to a member of the media by the private secretary of Sir John Cunliffe, the Bank’s deputy governor for financial stability.  The email itself explicitly stated that it should not be sent to the media.

Auto-completion of email addresses is a useful tool, but time and time again it has been responsible for confidential information being sent to the wrong recipients.  Several UK law firms have reported this problem, but it keeps on happening.  Staff at the Bank of England have commented that switching this facility off might have an adverse impact on productivity. As far back as 2007 the then Financial Services Authority was recommending that auto-complete in email systems be disabled by members of the financial services community.

This problem can be eliminated by using Safe4 to store confidential information and share it with external parties.  The internal controls built into Safe4 will ensure that documents or messages will never be sent to the wrong people; only authorised parties will be able to receive communication about documents held within the system, and subsequently view such information.  Using the comprehensive audit trails and records maintained by Safe4, it is possible to make sure that only the right people have had access to confidential information.

So you think your client information is safe?

If you are a lawyer born before say 1980 you can be forgiven if you find much of today’s technology a bit baffling and difficult to keep up with, given that it seems to change on a daily basis.

On the other hand if you were born after 1980 it is highly likely that you are pretty comfortable with technology and the pace of change – you know you will not break anything if you press the wrong button. There again it is also likely that your attitude toward technology and the data you put in and take from it is a lot more relaxed – and there lies the danger.

Last year the Department for Business Innovation & Skills published its 2014 Information Security Breaches Survey. You only have to look at these headline findings from this survey of 2013 to realise that challenging times lie ahead:-

  • 81% of large organisations had a security breach
  • 60% of small businesses had a security breach
  • 59% of respondents expect there will be more security incidents in the next year than last

Lawyers should not need reminding about how much client information they hold and how damaging much of that information can be in the wrong hands. They should fear the day that highly confidential documents and information are intercepted by hackers; the subsequent lawsuits and reputational damage will be expensive and could well put them out of business altogether.

So, notwithstanding the need to be constantly updated with what to do and what not to do when going through one’s inbox, sometimes, just sometimes perhaps a whole fresh look is needed. The issue of security should be high on everyone’s business development agenda. Lawyers must do all they can to ensure their client communications and documents are safe and accessible to no one but those for whom they are intended.

Of course, nothing is absolutely 100% secure in this world but our collective challenge is to make accessing confidential client information and data as continually difficult as it can possibly be for the criminally minded. The trouble is – more than 70% of lawyers in the UK still use email to carry confidential client information!

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – May 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

100% availability for Safe4 again in April 2015

Safe4 continues to record the highest possible availability levels for its secure online document delivery and storage service, with 100% availability for April 2015.  This means that the law firms, will writers, accountants, financial advisers, insurance brokers and their clients who are now using Safe4 in ever-increasing numbers to deliver and manage confidential information are enjoying completely uninterrupted access to the system, wherever they are based.  Safe4 is also used extensively in the health sector and by very high-profile groups within the UK public service, which again means that the information that they provide is available whenever it is needed.

As well as recording such high levels of availability, response times for displaying information held in Safe4 have been falling.  Information is therefore being accessed more quickly and effectively – average page display times have fallen to 477 milliseconds.

If you would like more information about Safe4, please get in touch.  We would be delighted to help you to manage confidential information with complete security.

Safe4 achieves 100% availability again in March 2015

Based on figures from an independent agency, Safe4 has been given a 100% availability rating for March 2015.  This means that not only is Safe4 among the most secure services on the internet, is is also available at any time, from anywhere.  Safe4 aims for 99.99% availability, and has reached 100% on many occasions since its inception in 2010.

Added to an average page delivery time of half a second, this makes Safe4 a fast and safe option for the delivery and management of confidential information.  This performance rating has been achieved in conjunction with ever-increasing numbers of users and volume of information stored.

For more information on how Safe4 can help your business to get information to clients and other external parties faster and more securely, please get in touch with us.  We will be very pleased to assist.

More uptime availability and performance success for Safe4

During January 2015 Safe4 maintained 100% availability of the service except for a short period  when our hosting partner applied a critical security patch to the infrastructure.  Since we take the security of our customers’ information very seriously it was felt that applying this patch was essential. The downtime was scheduled for overnight at a weekend, so it is hoped that it did not impact any of our users. Please accept our apologies if you were unable to access the service during this time.

Availability

We hope you are pleased with the performance you are seeing when using the system. In order to help target improvements Safe4 tracks the time taken to display pages in the system. Since there are a number of factors that can cause performance problems we have implemented an approach which measures the time it takes for you to be able to use a page. This is the most realistic measure we can find.

When developing Safe4 the team treat any page that takes longer than 2 seconds to load to be a defect. This is our performance target.

We are pleased to advise that during January the average (median) page load time experienced was 0.89 seconds. This is well under our target so it is hoped that we are meeting your performance expectations.

Performance

If we examine individual geographies we can see the impact of the internet on the performance.

  • Performance in the UK, where our data centre is based, is averaging out at 0.78 seconds.
  • Performance in South Africa is averaging out at 1.5 seconds, despite the extra network connections we are pleased to be getting great performance here.
  • The slowest average performance at 1.6 seconds seems to be for users in the United States where increased network delays seem to be adversely affecting performance.

Safe4 will continue to monitor performance and availability of the service to ensure that we meet the demands of your businesses. Look out for updates to these charts in the coming months.

Safe4 achieves Cyber Essentials accreditation

Cyber Essentials Badge Medium (72dpi)

The Cyber Essentials accreditation scheme was implemented by the UK Government to establish criteria for the management of information in order to prevent intrusion from external attackers.  Accredited organisations are entitled to display the Cyber Essentials logo, which confirms that they have met the standards required.

Safe4 have received this accreditation, and we are now able to display the Cyber Essentials badge on our website and our secure cloud service.

This is part of an ongoing process to ensure that Safe4 remains one of the most secure sites on the internet.  It is accompanied by annual penetration testing, performed by licenced external laboratories, and constant surveillance of the ever-growing range of internet security threats.

The objective is to ensure that Safe4 customers’ data is protected to the highest standards available, and that our user community in the legal, financial, insurance, health and government sectors can trust their confidential information to Safe4.

For further information, please refer to the Contact page on our website.  We would appreciate an opportunity to speak with you.

Safe4 Information Management Limited

February 2015

UK Legal Profession warned of the importance of information security

A number of sources have recently published some salutary information on the need for improved security among the UK’s professional practioner community.  Digital Law have highlighted this in a fairly damning article, which can be viewed by clicking here.  The UK Information Commissioner’s Office has pointed out the need for solicitors and barristers to take greater note of poor security standards, and to draw attention to these when possible.  At present more than 50% of UK law firms use open email services to transfer confidential information.

Whilst not everyone will regard US whistle-blower Edward Snowden as their favourite source of advice on security matters, his recent comments on data security, and in particular the use of Dropbox, make interesting reading.  A number of leading UK security specialists have strongly supported his views.  His comments can be viewed by clicking here.

By providing a highly secure document delivery and storage service, Safe4 overcomes all of these concerns.  Using UK-hosted data centres accredited to ISO-27001, Safe4 is among the most secure services on the internet according to independent testing laboratories.  Annual penetration testing under the auspices of GCHQ through the UK Government’s IT CHECK scheme also helps to ensure that confidential information is managed using the highest standards possible.

If you would like more information on how Safe4 can assist your firm, please use the Contact Us link on this website.

Safe4 keeps POODLES at bay

You may have seen in the press this week that Google have discovered another vulnerability – POODLE – that could enable a hacker to access information from a secure (https) web connection. The vulnerability only applies to an old version (SSLv3) of the protocol used to secure the communication between a users browser and the web site. The reality is that in the overwhelming majority of cases (>98%!) communication between the browser and web site uses a newer version of the communication protocol (TLS) which is not affected.

Your information is only vulnerable if the web site you access supports SSLv3, AND if the browser can be convinced (using a malicious web site or virus) to use SSLv3 instead of the new TLS protocols AND if the hacker has network level access to the communication channel between the browser and web site. It is therefore somewhat challenging (but not impossible) to exploit and Safe4 consider it to be a relatively low risk in respect of typical business information.

What has Safe4 done to protect your information?

You will be aware that in April this year, following the Heartbleed announcement, Safe4 undertook a comprehensive review of the security protocols used and the configurations of the web servers. Although Safe4 was never vulnerable to Heartbleed we did make some changes to our security configurations earning Safe4 an A+ rating on independent tests. The changes we made in April included disabling the SSLv3 protocol which was not being used by any of our clients. Safe4 is therefore not vulnerable to the POODLE vulnerability.

What you can do to protect your information?

Safe4 expect that over the coming months many other websites will follow our lead and disable support for SSLv3 – however you can also protect yourself by disabling SSLv3 in the browser. It is suggested that you speak to your network managers about how to do this – Safe4 can provide advice if required.

Finally

Remember that the majority of information exploits rely on some form of human intervention, e.g. visiting a malicious web site, your first line of defence needs to remain robust virus protection and effective firewalls and web protection. Safe4 can also provide a 3 hour training session for your staff to gain a better understanding of information security on the web and provide simple approaches that everyone can take to improve their online security both at work and in personal life.

Safe4 will continue to monitor developments and threats to information security and will provide updates as items develop.

Email us at [email protected] or call us on 0845 094 8045 to find out more.