Articles about security – will be highlighted on the security page.

UK Watchdog makes some cloud service providers think again – it’s about time!

/in , ,

The UK watchdog, the Competition and Markets Authority, has decided to crack down on some of the biggest names in cloud data services by enforcing a stipulation for fairer and more transparent contracts. By recognising the the need for improvements in the contractual terms that the major providers offer, the CMA has given a boost to the protection that users of these services can expect. Click here for more detail.

The majority of them, of course, are still opaque as to where their data is stored. Even those that claim to hold their customers’ data in the UK are still very vague as to whether backups are held exclusively in the UK, or shipped to overseas data centres where capacity may be more readily available or less expensive. If data is moved outside the United Kingdom it can fall under the jurisdiction of countries whose data privacy laws do not offer the same level of protection.

Since 2010 Safe4 has provided a highly secure UK-only data storage service, making use of ISO 27001-accredited data centres. As well as levels of security and availability that are among the best in the industry, Safe4 customers enjoy the certainty that their data does not leave the UK. And Safe4 has not needed a market watchdog to enforce the offering of fair and transparent contractual commitments to its customers. Contact us for more information.

US may be set to change data privacy laws – again!

/in , ,

The Safe Harbor data privacy agreement between the US and the EU was deemed to be ineffective in 2015, and was subsequently replaced with a Privacy Shield arrangement – which is still considered by many to be inadequate. Recent announcements by the new US administration suggest that the internal data privacy laws in the US will be subject to further change, affecting those who are not US citizens or permanent residents in the US. Please click here for more background on this development.

Safe4 decided back in 2010 that all of the data held within its secure document delivery and storage service would be stored in UK-located data centres, accredited to ISO 27001. This offers maximum protection to our customers and their clients, employees, suppliers, partners and associates. Reliance on US-hosted data storage could be seen to carry unnecessary risk of misuse or disclosure of personally-identifiable information, hence the benefit of keeping all stored data onshore within the UK.

For more detail on the measures that Safe4 applies to keep information secure, please contact us. We would be very pleased to speak with you.

Safe4 announces the release of version 4.6

/in , ,

Further upgrades and enhancements to Safe4 are being introduced, as version 4.6 of the secure document delivery and storage service is released. As well as a series of significant improvements to both security and performance, the new release also provides a comprehensive refresh to the user interface for most parts of the system.

The key changes relate to responsiveness when used on mobile devices. Safe4 already provides a means of uploading photographs from smartphones and tablets directly into folders in the system, and this has now been extended to support the upload of multiple photographs or videos in a single action.

Among the changes are:

  • Completely rewritten upload and download routines, to make the system faster and more secure to use. The use of Flash in the multi-file upload process has been removed, resulting in a smoother and quicker user experience.
  • Re-organisation of the provider administration functions, with better control of system configuration options.
  • Re-scaled input screens for usernames, passwords and PINs, to make logging into the system from smartphones much easier.
  • Changes to the way in which the Public Folder facility works, to allow more flexible movement of files within a vault, and to support access from WebDAV connections through Windows and iOS.
  • A completely re-engineered development environment, to lay a flexible platform for some major functional enhancements planned for the first quarter of 2017.

This release of Safe4 underlines our commitment to offer the best possible service to our customers and their employees, clients, partners, suppliers and associates. The number of external threats to online security has never been greater, so the pressure to maintain a secure environment for confidential information is unrelenting. For more information on Safe4 and how it can make a difference to your business, please contact us.

Email phishing scams increasing rapidly – what is the answer?

/in , ,

Almost everyone who has an email account will have received large numbers of unsolicited emails from an unknown sender requesting that the recipient “click here” to gain access to a website or service that offers something of interest or value. Some of these are laughably inept, and are so obviously scams that they can be deleted immediately. However, an increasing number are from criminals who purport to represent a reputable and trusted party, often cleverly formatted in a way that makes it very difficult to differentiate between the scam and the real thing.

In 2015, the last full year for which there is appropriate data, instances of phishing emails of this type rose by 21% in the UK, as reported in the media by Silicon.  As the article suggests, the organisations that have been falsely represented most often in the UK are BT, Apple and HMRC. The Apple emails in particular are very realistic. Clicking the link as requested will normally result in ransomware or some other form of malware being downloaded on to the recipient’s computer, leading to problems that can be very damaging and difficult to deal with.

Increasingly the criminals have turned their attention to banks and their clients, and social media services such as LinkedIn. Safe4 have recently worked with Investec, one of the financial sector’s most respected specialist banking and asset management service providers, to offer solutions to this ever-worsening problem. This involves using the Safe4 service to create a highly secure vault, into which clients can place their own important documents, and which can also be used as a means of distributing bank-generated documents to clients. It will thus become possible to inform clients that if any unsolicited email is received bearing the bank’s branding, it should be deleted immediately.

Investec, headquartered in Johannesburg, South Africa, also have a substantial presence in the UK and in other locations internationally. The Safe4 integration project was carried by the Investec Digital team in Johannesburg, who worked closely with the Safe4 developers in the UK and South Africa. Investec are no strangers to innovation, and are constantly seeking ways to improve their clients’ banking experience, and importantly to increase the level of protection offered to clients.

Safe4 offers a highly secure facility for distributing documents to any recipient outside the sender’s own IT domain. Using UK-located data centres only, accredited to the ISO 27001 international security standard, Safe4 has been independently ranked among the 0.8% most secure site on the internet, out of millions tested.

Contact us for more information on the Safe4 service, and for ideas on how using Safe4 can enhance the security of your communication with the outside world.

Christine Andrews of DQM GRC to present at Safe4 Conference

/in , ,

GDPR (General Data Protection Regulation) is looming. This EU-originated legislation will come into force in 2018, and already many UK organisations are becoming aware of the impact that the new regulation will have. The imposition of heavy fines and the more onerous responsibilities placed upon data controllers and data processors are concentrating the minds of data protection officers in organisations large and small, in all sectors of business.

Safe4 are delighted to announce that Christine Andrews, Managing Director of DQM GRC, will be presenting at the Safe4 Conference in London on 17 November. Christine has many years’ experience in the field of regulation and compliance, and offers a deep understanding of what this means to different types of organisation. As well as appreciating the need to get to grips with the impact of GDPR, Christine and her team are skilled at advising on positive solutions and good practice that will allow data protection officers to have confidence that risks to their organisations are being minimised and compliance enhanced.

Ben Martin, director of Safe4, believes that “many of our customers have shown that they take data protection very seriously, and are making extensive use of the secure information management capabilities that the Safe4 system provides. Christine’s presentation will add valuable insight to the opportunities for improvement in current practice to ensure that the additional demands of GDPR are being met”.

Safe4 to unveil the new Asset Register at the Society of Will Writers Conference

/in , ,

Safe4 launched the Digital Inheritance Vault at the Society of Will Writers Conference in October 2015, and this has subsequently been presented at many of the Society’s regional group meetings.  Members have been taking up the vault as a means of helping their clients to manage their inheritance plans and digital legacy, and many are actively promoting the facility.

At the Society’s Conference in October 2016, Safe4 will be announcing and demonstrating an important enhancement to the Digital Inheritance Vault.  Described as the Asset Register, this will provide a means for each client to manage critical information that will be essential when probate is being carried out, and importantly will allow the will-writer to set up different asset classes to manage information about the appropriate elements of their client’s digital legacy.

Strict security settings will be applied to the Asset Register to ensure that no unauthrised access can be gained.  Upon the death of the testator, and after suitable steps to prove identity, the client’s executor will be given read-only access to the Asset Register and the Vault, thus providing all of the requisite information required for probate in one place.

Different asset classes will include basic identity information about the client – NI number, NHS Number, etc – as well as online account details.  Physical assets such as property, jewellery, motor vehicles, works of art and others can also be identified in the register, as can details of accounts with organisations such as PayPal, gambling accounts, store cards, and others that may have credit balances that would add value to the estate.  Of great value will be the ability to record access details for the client’s digital devices, such as iPads, computers, telephones and others that may contain treasured memories, as well as information relating to email and social media accounts.

Ben Martin, Director of Safe4, believes that the Asset Register will add significantly to the value that the Digital Inheritance Vault brings to the end client.  “Until now, the vault has been a highly effective way to store the confidential documents that make up the client’s estate plan.  This in itself will have a major impact on the way in which probate is handled, reducing the time taken by 2 months or more by making all of the critical documents available in one place.  The Asset Register will enhance this considerably by providing a means to store a wide range of information that may not be represented in documents, but will nevertheless be of great importance to the client’s executor and family.  Unlocking social media and email accounts, allowing access to be gained to physical devices that may contain irreplaceable memories, and generally summarising a wide range of online activities in a facility that can be easily and safely updated and maintained during the testator’s lifetime will give the family a means to recover vital information that can so easily be lost.”

Personal email systems still being used to carry confidential information

/in , ,

It is no major surprise to learn that a major email service provider has been hacked – again – and that millions of people have had their personal information exposed to criminals. This is highlighted in an interesting article in The Times, published today.

What is still very unfortunate, however, is that a large number of professional practitioners in the UK are still failing to acknowledge that email is the leading source of computer crime and online fraud. Time and again personal financial information is being passed between lawyers and their clients, in residential property transactions for example, using the client’s personal email account. Repeated examples of these emails being hacked and bank account details being changed have not deterred some high-profile UK law firms from continuing this practice, irrespective of severe financial losses being experienced by their clients.

Also worrying is that it is common practice in some firms for lawyers and others to send confidential documents to their own private email accounts so that they can be worked on outside business hours or away from the office.

The Safe4 service was launched in 2010 to offer a highly secure alternative to email, not just for document transfer, but also for medium-term or permanent management of information. Based on UK-only storage in data centres that are accredited to the ISO 27001 international security standard, Safe4 offer a service that complies with the Solicitors Regulation Authority guidance on the use of cloud computing. Accessible at any time, from anywhere, it eliminates the need to trust confidential information to high-risk systems.

For more information on how Safe4 can assist your firm to minimise the risk of information loss or interception, please contact us.

Does it matter where your cloud data is stored?

/in , ,

Many millions of people now are using online systems that are hosted in the cloud. However, do we all know what that means, or the location where our vital information is being held?

The dramatic rise in the use of social media in the last decade has meant that a vast amount of personal information is being stored in cloud-based platforms, not all of which regard personal security or privacy as their top priority.

A recent article on the BBC website helped to highlight this – click here to read the article. The uncertainty over the location where data is stored, and the privacy laws in the jurisdiction that governs the use of that data, gives rise to a potentially major concern.

For this reason, Safe4 decided back in 2010 that ALL data stored within its servers would be held securely in a UK location. Because Safe4 does not allow its service to be used for advertising or any other form of promotional activity, the content of stored data and documents is completely safe. Unlike several of the major providers named in the BBC article, the business model of Safe4 does not permit the penetration of “confidential” information in customers’ accounts so that it can generate advertisements to the user based on their content.

The hosting partner of Safe4 was selected using different criteria. Because we know our customers need to be able to trust us to keep their information safe, we chose to work with a world leader in the provision of highly secure services, with an excellent record of 24/7 availability and reliability. Using ISO 27001-accredited data centres in the UK only, Safe4 has built a reputation for high quality of service and security levels which are among the highest in the industry.

For more information on how Safe4 secure information delivery and storage services can assist your organisation, please contact us.

Proposed successor to Safe Harbor is “inadequate”

/in , ,

The EU has indicated that the replacement to the US – EU Safe Harbor data privacy arrangement, known as Privacy Shield, is inadequate, and does not offer sufficient protection for confidential data being shared by organisations who operate on both sides of the Atlantic. More detail is available: click here.

The risks associated with holding confidential information in jurisdictions that do not apply the same data privacy approach as the UK was the primary reason why Safe4 hosts all of its data in UK data centres only, accredited to the ISO 27001 security standard. Together with annual penetration testing performed under the UK Government’s CHECK scheme, and sophisticated encryption of all stored data, Safe4 offers a highly secure environment for the sharing and storage of confidential information.

For more information on the security measures taken by Safe4 to protect customers’ information, please contact us.

Health data services moving to the cloud?

/in , ,

Discussions over the suitability of the cloud for the storage and management of confidential information have grown in intensity in recent years, as the use of cloud-based resources has increased dramatically.

There has long been resistance to the use of cloud data services to handle clinical information relating to individuals’ health, based on concerns over the levels of security that cloud service providers offer, despite some cloud services being demonstrably more secure than many internally hosted systems. There is indeed an argument that maintaining health data relating to certain conditions in the cloud can help to save lives. This concept is being trialled internationally, with interesting results – click here for more information.

Safe4 provide cloud-based information management services for a number of organisations in the UK and internationally for whom security is of paramount importance – using only UK-located data centres accredited to the ISO 27001 security standard.  For more information on how using Safe4 might benefit your organisation, please contact us. We would welcome an opportunity to talk with you.