Articles about security – will be highlighted on the security page.

Major upgrade for Safe4

2024 sees a major upgrade for Safe4

With the new year has come a major upgrade for Safe4. The highly secure information management and sharing service now has an enhanced user interface, with the ability to introduce a colour scheme of the customer’s choice.

The revamped user interface reflects a more modern and functionally rich experience for the user:

major upgrade for safe4, with document watermarking and enhanced branding

This new version of Safe4 is not just about cosmetic appearances, however. There are several significant changes to the functionality of the system…

This new version of Safe4 is not just about cosmetic appearances, however. There are several significant changes to the functionality of the system…

Documents can now be Watermarked

A highly configurable watermarking capability has been added as part of this major upgrade for Safe4. Any PDF file can show any chosen message, as well as a record of who has opened the document.

Documents in safe4 can be watermarked

This function also permits PDF files to be controlled, to help to reduce improper use of the information held in Safe4. Individual documents can be password controlled, and there are tools to support marking up PDF files, as well as preventing functions such as printing.

New user registration

New users will no longer be required to think of a username when accepting their invitation to register for Safe4. The system will apply the user’s email address as the username, simplifying the process and making it easier to remember usernames. If a user is invited to become a member of multiple vaults, they will simply have to enter a password and the system will automatically add them to the new vault.

Safe4 s hosted in the UK, on data centres accredited to ISO 27001. It complies with the Solicitors Regulation Authority guidance for cloud-based systems, and provides granular permissions, and a comprehensive audit trail and reporting capability.

If you would like more information on how the upgraded version of Safe4 can be of value to your business, please contact us. We will be delighted to assist.

MI5 warns of massive intellectual property theft

As featured on the BBC website on 18 October 2023, the head of MI5 in the United Kingdom has warned of the massive scale of intellectual property theft by Chinese agents approaching UK businesses.

Ken McCallum, the Head of MI5, speaking at Stanford University in California at a meeting of the Five Eyes alliance, has warned of the risk that penetration of UK businesses by hostile agents now presents. Read the article on the BBC website in full here.

The UK is known internationally as the source of much original thinking and innovation in product and service design. This naturally makes UK a target at many levels for unlawful penetration and theft of data. Whilst this clearly affects businesses who are generating and managing confidential information, the risk is also a major issue for universities, from which many UK startup companies originate.

The Solution?

Safe4 Information Management was set up in 2010 to provide a highly secure service to allow organisations of any size and type to share confidential information securely. The unique architecture of Safe4 allows the creation of secure vaults in the cloud to which users can be invited selectively. Granular permission and access controls ensure that sensitive information cannot be accessed by unauthorised parties. This differs radically from most other online file sharing systems, which are simply ways of sharing folders. Safe4 uses UK-only hosting in ISO 27001 accredited data centres, and sophisticated file encryption. Comprehensive audit trails and reporting facilities support business best practice and good governance. Safe4 offers a genuinely safe and secure facility for managing confidential documents and structured data.

Intellectual capital is one of the UK’s prime national assets, and should be managed in the most secure way possible. The core design of Safe4 makes this simple and affordable for any organisation, whether public or private sector, and of any scale. Safe4 is used effectively by small specialist consultancies as well as large corporates and public sector customers.

Safe4 has been adopted by a range of different organisations across many different business sectors. If you would like to learn how using Safe4 can reduce the risk of intellectual property theft, please contact us. We will be delighted to assist.

Updated look and feel for Safe4 – new upload options

As part of an ongoing process of refreshing the user interface, there is now an updated look and feel for Safe4. This is most apparent on the files and folders page, which is the most commonly used part of the system.

The screen has been redesigned to offer a clearer layout, with some of the buttons having been relocated and new icons introduced. Functionality remains the same, although an important change has been made to the way in which information can be uploaded to the system. As well as uploading files into a specific folder, Safe4 now supports the upload of complete folder structures in a single action. This includes complex sets of nested folders, with files at different levels. Safe4 will now create all of the folders and subfolders, and will position the file contents at the appropriate level.

This change in the upload process will allow new projects or data rooms to be added very quickly directly from Windows, without having to manually create subfolders and subfolders. As before, users who have access to the vault in question will receive automatic notification of all new uploads.

As always, this updated look and feel for Safe4 is accompanied by further security enhancements.

For more information on how Safe4 might be able to assist your organisation to manage and share information securely – without using email to transfer confidential documents or data – please contact us. We will be delighted to assist you.

Risk of using email for the transfer of confidential information

The risk of using email for the transfer of confidential information has been highlighted yet again. In today’s edition of The Times, the penetration of an email system with criminal intent has led to the loss of confidential information.

The Safe4 system has been designed specifically to avoid the use of email for the transfer of confidential information. The secure vault, which is at the heart of the Safe4 architecture, can be used for a wide range of different applications. In order to access the contents of a vault, users have to have been specifically invited to do so, and must authenticate themselves with username, password and 2-factor authentication. Confidential information is never transferred by email.

Safe4 follows guidance from the UK National Cyber Security Centre for matters relating to password length and strength, and is regularly penetration-tested by UK Government accredited services. Combined with comprehensive reporting and audit trails, and UK-based hosting in data centres accredited to ISO 27001, Safe4 offers a secure alternative to the use of email to transfer confidential information.

For more information on how Safe4 can assist your organisation to reduce the risk of unauthorised access to your information, please contact us.

NCSC warns of cyber threats to UK law firms

The United Kingdom National Cyber Security Centre (part of GCHQ) has warned again about the cyber threats to UK law firms. The renewed threat is largely being driven by legal practices adopting hybrid working patterns resulting from the pandemic, with staff increasingly spending more time working from home. More background is available in an article published in The Register on 26th June 2023.

Since law firms by definition handle highly confidential information, and are increasingly dealing with very large sums of cash on behalf of their clients, the opportunity for criminals to interfere with the transfer of information is enormous. In the words of NCSC, law firms are “particularly attractive targets to attackers”.

Cyber threats to UK law firms are not new – Safe4 Information Management was formed in 2010 specifically to allow organisations to exchange information with external parties without compromising the confidentiality of the information in question. Safe4 works with a number of law firms, both large and small, and has provided its secure vault-based service to legal practices across the UK. One of the key elements in the approach adopted by Safe4 is that confidential information is NEVER transferred by email. Invitations and notifications are sent by email, but users have to authenticate themselves with a username, password and optionally 2-factor authentication before any confidential information is made available.

One of the instances where this is most valuable is with the provision of bank details by clients. Using the structured data capabilities of Safe4, clients can be invited to enter their bank details into an online form, which when completed notifies the professional practitioner that the data has been provided. The practitioner, or fee-earner, will then have read-only access to this information after they have carried out the necessary authentication. The bank details can then be used for their intended purpose, and optionally transferred into other internal systems by API.

The Register article makes the point that some of the attackers are nation states, with access to very sophisticated tools. In particular, brute-force attack technologies are being used to penetrate systems by exploiting weak passwords. To mitigate this risk, Safe4 has implemented NCSC recommendations relating to password length and strength.

All of the information held in Safe4 is stored in UK-only data centres accredited to ISO 27001. Safe4 is penetration tested regularly, and is accredited under the UK Cyber Essentials scheme by Government approved organisations under the CHECK protocol.

If you would like more information on how Safe4 can help with the battle against cyber attack, please contact us. We will be delighted to assist.

Safe4 renews Cyber Essentials accreditation

Safe4 has renewed its Cyber Essentials accreditation through the IASME Consortium for the year ending August 2023. This forms an important component in the company’s internal governance and compliance programme, which also encompasses the Cyber Primed information security standard. The accreditation of Safe4 is now featured on the National Cyber Security Centre’s website.

As well as providing a class-leading level of security in the handling of customers’ information, Safe4 recognises the need for a diligent approach towards the management of its own internal activities and processes. An extensive series of information security policies has been implemented, to form the basis of a comprehensive programme of best practice measures.

The requirements for Cyber Essentials accreditation have been updated by the NCSC, and since April 2022 a different set of criteria have been applied. Safe4 has followed NCSC guidance for many years, notably in the case of password strength requirements, which allow passwords of up to 150 characters in length to be selected by users of the secure cloud-based Safe4 service.

For more information on how Safe4 can assist your organisation to manage confidential information safely and securely, please contact us. We will be delighted to assist you.

Safe4 has passed 250,000 users

During April 2022 Safe4 has reached the quarter-of-a-million user mark. The fact that Safe4 has passed 250,000 users is significant in many ways – not least because it demonstrates the stability and reliability of the system.

The principal benefit that Safe4 brings is, of course, security. Many of the users who have created accounts in Safe4 have received vital health information through their vault, and can rest assured that their confidential personal data has not been compromised by being sent using open email. The ability to offer the highest standard of protection of personal data distinguishes Safe4 from many other systems that have been used to handle the result of Covid-19 tests, for example.

Safe4 offers the same security benefit for corporate and small business users, and is now being used extensively by many professional practitioners and service providers to manage a wide range of information safely and securely.

For more information on how Safe4 can assist your organisation to reduce costs, improve compliance and enhance client service, please contact us. Safe4 utilises UK-only data centres accredited to ISO 27001, and has been designed from first principles to maximise security and confidentiality.

 

July 2021 – A record month for Safe4

July 2021 saw a record number of vaults being created in Safe4 in a single month. During July, 19,468 new vaults were created, bringing the total in the system to well over 165,000.

The rapid recent growth in the number if vaults is partly a result of Safe4 being used to handle highly personal health information, primarily related to Covid testing. The flexibility and security of Safe4 makes it an ideal solution to the problem of providing patients with critical medical information rapidly and safely, without risking the use of open email.

Safe4 also recorded another milestone in July, with over 150,000 users being registered in the system. These users enjoy highly secure access to information, whether for personal or business use. Safe4 stores all information in the system in UK-only data centres, accredited to ISO 27001.

If you would like more information on how Safe4 can help to improve the security of movement and storage of critical information, please contact us. We will be delighted to assist.

Safe4 passes 100,000 users

User numbers in Safe4 have been growing steadily over the years, and a significant milestone has been reached in April 2021. Safe4 now has more than 100,000 users, each of which is able to enjoy the benefits of highly secure cloud-based storage and management of confidential information.

Initial usage of Safe4 was concentrated primarily in commercial and corporate applications. Recent trends, however, have seen the system becoming increasingly used as a secure personal vault, holding information on behalf of private individuals who are clients of service providers in different sectors. These range from clients of international banks to patients of health testing and screening companies. Integration of the Safe4 vault into other business applications using the system’s restful API has provided many users with a convenient and safe facility for holding their personal information.

Full compliance with the UK Data Protection Act, following the introduction of the European GDPR in 2018, gives customers and their clients additional comfort and protection, as does the knowledge that Safe4 uses UK-only data centres accredited to ISO 27001.

For further information on how using Safe4 can potentially add value to your business, please contact us. We will be delighted to hear from you.

Safe4 completes development of Covid-19 Testing application

The challenge

The Covid-19 pandemic has challenged many businesses globally by making it extremely difficult for their workers to carry out their duties normally. Whilst many organisations have been able to function by assisting staff to work from home, there are many for whom physical attendance in a specific workplace is essential – construction, property maintenance, care for the elderly, retail, hospitality, to name but a few. In order to help such organisations deploy their workforce with minimum risk to health, we have completed the development of the Safe4 Covid-19 Testing application.

The solution

The application developed by Safe4 is based on 5 key elements:

  • The creation of a secure vault in which each individual’s identity and test result data can be held
  • Biometric identity verification using smartphone technology to ensure that the people involved are who they say they are
  • Facilitating an on-site Covid-19 antibody or PCR antigen test using a world-leading testing partner and PHE and MHRA approved laboratories and testing processes
  • Capturing the test result in the individual’s personal vault and providing a facility for this to be downloaded as a pass to a smartphone, so that it can be shown in a wallet bearing a QR code
  • The ability to present a landing page direct from the secure Safe4 site when the QR code is scanned, to allow the individual to be verified visually

The pass in the smartphone wallet presents the individual’s test result. When the QR code is scanned, the landing page allows both the identity of the individual and the test result to be verified visually.

Safe4Work

The service is aimed primarily at organisations with more than 20 employees, although it can accommodate businesses of any scale.

All of the data captured in this process is held in secure UK-based data centres accredited to ISO 27001, and is managed in accordance with well-established Safe4 standards, offering class-leading security and availability.

Please contact us if you would like any further information on how the Safe4 Covid-19 testing application can assist your organisation to get its staff back to work safely.