Articles about security – will be highlighted on the security page.

Safe4 announces the release of version 4.6

/in , ,

Further upgrades and enhancements to Safe4 are being introduced, as version 4.6 of the secure document delivery and storage service is released. As well as a series of significant improvements to both security and performance, the new release also provides a comprehensive refresh to the user interface for most parts of the system.

The key changes relate to responsiveness when used on mobile devices. Safe4 already provides a means of uploading photographs from smartphones and tablets directly into folders in the system, and this has now been extended to support the upload of multiple photographs or videos in a single action.

Among the changes are:

  • Completely rewritten upload and download routines, to make the system faster and more secure to use. The use of Flash in the multi-file upload process has been removed, resulting in a smoother and quicker user experience.
  • Re-organisation of the provider administration functions, with better control of system configuration options.
  • Re-scaled input screens for usernames, passwords and PINs, to make logging into the system from smartphones much easier.
  • Changes to the way in which the Public Folder facility works, to allow more flexible movement of files within a vault, and to support access from WebDAV connections through Windows and iOS.
  • A completely re-engineered development environment, to lay a flexible platform for some major functional enhancements planned for the first quarter of 2017.

This release of Safe4 underlines our commitment to offer the best possible service to our customers and their employees, clients, partners, suppliers and associates. The number of external threats to online security has never been greater, so the pressure to maintain a secure environment for confidential information is unrelenting. For more information on Safe4 and how it can make a difference to your business, please contact us.

Email phishing scams increasing rapidly – what is the answer?

/in , ,

Almost everyone who has an email account will have received large numbers of unsolicited emails from an unknown sender requesting that the recipient “click here” to gain access to a website or service that offers something of interest or value. Some of these are laughably inept, and are so obviously scams that they can be deleted immediately. However, an increasing number are from criminals who purport to represent a reputable and trusted party, often cleverly formatted in a way that makes it very difficult to differentiate between the scam and the real thing.

In 2015, the last full year for which there is appropriate data, instances of phishing emails of this type rose by 21% in the UK, as reported in the media by Silicon.  As the article suggests, the organisations that have been falsely represented most often in the UK are BT, Apple and HMRC. The Apple emails in particular are very realistic. Clicking the link as requested will normally result in ransomware or some other form of malware being downloaded on to the recipient’s computer, leading to problems that can be very damaging and difficult to deal with.

Increasingly the criminals have turned their attention to banks and their clients, and social media services such as LinkedIn. Safe4 have recently worked with Investec, one of the financial sector’s most respected specialist banking and asset management service providers, to offer solutions to this ever-worsening problem. This involves using the Safe4 service to create a highly secure vault, into which clients can place their own important documents, and which can also be used as a means of distributing bank-generated documents to clients. It will thus become possible to inform clients that if any unsolicited email is received bearing the bank’s branding, it should be deleted immediately.

Investec, headquartered in Johannesburg, South Africa, also have a substantial presence in the UK and in other locations internationally. The Safe4 integration project was carried by the Investec Digital team in Johannesburg, who worked closely with the Safe4 developers in the UK and South Africa. Investec are no strangers to innovation, and are constantly seeking ways to improve their clients’ banking experience, and importantly to increase the level of protection offered to clients.

Safe4 offers a highly secure facility for distributing documents to any recipient outside the sender’s own IT domain. Using UK-located data centres only, accredited to the ISO 27001 international security standard, Safe4 has been independently ranked among the 0.8% most secure site on the internet, out of millions tested.

Contact us for more information on the Safe4 service, and for ideas on how using Safe4 can enhance the security of your communication with the outside world.

Christine Andrews of DQM GRC to present at Safe4 Conference

/in , ,

GDPR (General Data Protection Regulation) is looming. This EU-originated legislation will come into force in 2018, and already many UK organisations are becoming aware of the impact that the new regulation will have. The imposition of heavy fines and the more onerous responsibilities placed upon data controllers and data processors are concentrating the minds of data protection officers in organisations large and small, in all sectors of business.

Safe4 are delighted to announce that Christine Andrews, Managing Director of DQM GRC, will be presenting at the Safe4 Conference in London on 17 November. Christine has many years’ experience in the field of regulation and compliance, and offers a deep understanding of what this means to different types of organisation. As well as appreciating the need to get to grips with the impact of GDPR, Christine and her team are skilled at advising on positive solutions and good practice that will allow data protection officers to have confidence that risks to their organisations are being minimised and compliance enhanced.

Ben Martin, director of Safe4, believes that “many of our customers have shown that they take data protection very seriously, and are making extensive use of the secure information management capabilities that the Safe4 system provides. Christine’s presentation will add valuable insight to the opportunities for improvement in current practice to ensure that the additional demands of GDPR are being met”.

Safe4 to unveil the new Asset Register at the Society of Will Writers Conference

/in , ,

Safe4 launched the Digital Inheritance Vault at the Society of Will Writers Conference in October 2015, and this has subsequently been presented at many of the Society’s regional group meetings.  Members have been taking up the vault as a means of helping their clients to manage their inheritance plans and digital legacy, and many are actively promoting the facility.

At the Society’s Conference in October 2016, Safe4 will be announcing and demonstrating an important enhancement to the Digital Inheritance Vault.  Described as the Asset Register, this will provide a means for each client to manage critical information that will be essential when probate is being carried out, and importantly will allow the will-writer to set up different asset classes to manage information about the appropriate elements of their client’s digital legacy.

Strict security settings will be applied to the Asset Register to ensure that no unauthrised access can be gained.  Upon the death of the testator, and after suitable steps to prove identity, the client’s executor will be given read-only access to the Asset Register and the Vault, thus providing all of the requisite information required for probate in one place.

Different asset classes will include basic identity information about the client – NI number, NHS Number, etc – as well as online account details.  Physical assets such as property, jewellery, motor vehicles, works of art and others can also be identified in the register, as can details of accounts with organisations such as PayPal, gambling accounts, store cards, and others that may have credit balances that would add value to the estate.  Of great value will be the ability to record access details for the client’s digital devices, such as iPads, computers, telephones and others that may contain treasured memories, as well as information relating to email and social media accounts.

Ben Martin, Director of Safe4, believes that the Asset Register will add significantly to the value that the Digital Inheritance Vault brings to the end client.  “Until now, the vault has been a highly effective way to store the confidential documents that make up the client’s estate plan.  This in itself will have a major impact on the way in which probate is handled, reducing the time taken by 2 months or more by making all of the critical documents available in one place.  The Asset Register will enhance this considerably by providing a means to store a wide range of information that may not be represented in documents, but will nevertheless be of great importance to the client’s executor and family.  Unlocking social media and email accounts, allowing access to be gained to physical devices that may contain irreplaceable memories, and generally summarising a wide range of online activities in a facility that can be easily and safely updated and maintained during the testator’s lifetime will give the family a means to recover vital information that can so easily be lost.”

Personal email systems still being used to carry confidential information

/in , ,

It is no major surprise to learn that a major email service provider has been hacked – again – and that millions of people have had their personal information exposed to criminals. This is highlighted in an interesting article in The Times, published today.

What is still very unfortunate, however, is that a large number of professional practitioners in the UK are still failing to acknowledge that email is the leading source of computer crime and online fraud. Time and again personal financial information is being passed between lawyers and their clients, in residential property transactions for example, using the client’s personal email account. Repeated examples of these emails being hacked and bank account details being changed have not deterred some high-profile UK law firms from continuing this practice, irrespective of severe financial losses being experienced by their clients.

Also worrying is that it is common practice in some firms for lawyers and others to send confidential documents to their own private email accounts so that they can be worked on outside business hours or away from the office.

The Safe4 service was launched in 2010 to offer a highly secure alternative to email, not just for document transfer, but also for medium-term or permanent management of information. Based on UK-only storage in data centres that are accredited to the ISO 27001 international security standard, Safe4 offer a service that complies with the Solicitors Regulation Authority guidance on the use of cloud computing. Accessible at any time, from anywhere, it eliminates the need to trust confidential information to high-risk systems.

For more information on how Safe4 can assist your firm to minimise the risk of information loss or interception, please contact us.

Does it matter where your cloud data is stored?

/in , ,

Many millions of people now are using online systems that are hosted in the cloud. However, do we all know what that means, or the location where our vital information is being held?

The dramatic rise in the use of social media in the last decade has meant that a vast amount of personal information is being stored in cloud-based platforms, not all of which regard personal security or privacy as their top priority.

A recent article on the BBC website helped to highlight this – click here to read the article. The uncertainty over the location where data is stored, and the privacy laws in the jurisdiction that governs the use of that data, gives rise to a potentially major concern.

For this reason, Safe4 decided back in 2010 that ALL data stored within its servers would be held securely in a UK location. Because Safe4 does not allow its service to be used for advertising or any other form of promotional activity, the content of stored data and documents is completely safe. Unlike several of the major providers named in the BBC article, the business model of Safe4 does not permit the penetration of “confidential” information in customers’ accounts so that it can generate advertisements to the user based on their content.

The hosting partner of Safe4 was selected using different criteria. Because we know our customers need to be able to trust us to keep their information safe, we chose to work with a world leader in the provision of highly secure services, with an excellent record of 24/7 availability and reliability. Using ISO 27001-accredited data centres in the UK only, Safe4 has built a reputation for high quality of service and security levels which are among the highest in the industry.

For more information on how Safe4 secure information delivery and storage services can assist your organisation, please contact us.

Proposed successor to Safe Harbor is “inadequate”

/in , ,

The EU has indicated that the replacement to the US – EU Safe Harbor data privacy arrangement, known as Privacy Shield, is inadequate, and does not offer sufficient protection for confidential data being shared by organisations who operate on both sides of the Atlantic. More detail is available: click here.

The risks associated with holding confidential information in jurisdictions that do not apply the same data privacy approach as the UK was the primary reason why Safe4 hosts all of its data in UK data centres only, accredited to the ISO 27001 security standard. Together with annual penetration testing performed under the UK Government’s CHECK scheme, and sophisticated encryption of all stored data, Safe4 offers a highly secure environment for the sharing and storage of confidential information.

For more information on the security measures taken by Safe4 to protect customers’ information, please contact us.

Health data services moving to the cloud?

/in , ,

Discussions over the suitability of the cloud for the storage and management of confidential information have grown in intensity in recent years, as the use of cloud-based resources has increased dramatically.

There has long been resistance to the use of cloud data services to handle clinical information relating to individuals’ health, based on concerns over the levels of security that cloud service providers offer, despite some cloud services being demonstrably more secure than many internally hosted systems. There is indeed an argument that maintaining health data relating to certain conditions in the cloud can help to save lives. This concept is being trialled internationally, with interesting results – click here for more information.

Safe4 provide cloud-based information management services for a number of organisations in the UK and internationally for whom security is of paramount importance – using only UK-located data centres accredited to the ISO 27001 security standard.  For more information on how using Safe4 might benefit your organisation, please contact us. We would welcome an opportunity to talk with you.

Safe4 achieves Cyber Essentials accreditation and recognition against the IASME standard

/in , ,

IASME selfcert badge

In March 2016, Safe4 Information Management achieved further recognition for its safe and secure delivery and storage of customers’ documents. By achieving certification to the IASME governance standard, recognised by the UK Government as the best cyber security standard for small companies, Safe4 demonstrated continuing capability to provide a secure and trusted environment for customers and their clients to manage documents online.

At the same time, Safe4 successfully renewed its government Cyber Essentials accreditation and, with its continuing use of UK based ISO 27001 accredited data centres, is compliant with UK Government requirements for online document management and with the requirements of regulatory bodies in the professions.

The IASME (Information Assurance for Small and Medium Enterprises) standard links with international ISO/IEC 27001 standards and represents best practice for SMEs in this sphere.  It is derived from UK Government guidance, international standards, as well as best practice from the EU, USA, and significant engagement with a wide variety of SMEs and other sources.

Safe4 is committed to maintaining the highest levels of security in the management of all customer data, and plans to enhance the level of compliance with recognised standards during 2016. To find out more about the security measures Safe4 undertakes, and how this can benefit your business, please contact us.

Not all providers of cloud-based services are the same …

/in , ,

An increasing number of major IT companies are now offering cloud-based computing services. Many of them are household names, often associated with the technologies we all use every day such as email, online shopping, and search engines. But are they ideal places to manage and store critical or confidential information?

Another instance of non-availability of cloud services has been highlighted in the media this week. Whilst every service provider may occasionally suffer from problems caused by human error, offering a high level of availability in conjunction with exceptional standards of security demands a different approach from that provided by many of the industry’s leading names. This approach is one of many factors that differentiates Safe4 from the majority of service providers who use cloud-based facilities.

Holding all customer data in UK-based data centres accredited to the ISO 27001 international standard for information security is not the cheapest way to make cloud-based services available, but that is the approach taken by Safe4. Equally, compliance with the requirements of regulatory bodies such as the UK’s Solicitors Regulation Authority is not easy or straightforward – but again, this is the path Safe4 has chosen to follow.

We would be delighted to provide you with more detail on how Safe4 can assist your business to manage confidential information safely and securely; please get in touch with us.