Articles about security – will be highlighted on the security page.

Problems originated by email continue – often with costly and damaging consequences

The ransomware attack on Lincolnshire County Council last week has now been resolved, but once again the dangers that may lurk within email messages have been highlighted. When members of any organisation are accustomed to using email to transfer information that is critical or necessary for the business, the likelihood of inadvertently opening messages that contain harmful malware is increased. A county council will recover from the damage caused by such a problem; a small or medium sized business may not.

One of the sectors that is potentially exposed to such risks is the legal profession. It is estimated that more than 70% of UK law firms regularly communicate confidential client information in open email systems.

Safe4 offers a secure and reliable service for the transfer of confidential information to anyone with access to the Internet. Flexible configuration options mean that it can be applied to a variety of business requirements. Contact us for more information on how we can help your organisation to reduce costs, improve compliance and enhance customer service.

The need to maintain and protect the digital legacy is highlighted by action against Apple

In October 2015 Safe4 launched the Digital Inheritance Vault at the Society of Will Writers annual Conference in Redditch, UK. Since then, the will writing community have been adopting the service in increasing numbers to offer it to their clients. One of the key benefits that the Vault provides is the ability to keep a record of all passwords and PINs in a completely secure place, visible only to the end client. This not only covers online accounts with banks, building societies, credit card providers, insurers and the like, but also social media accounts and physical devices such as computers, smartphones and tablets. The will-writer cannot gain access to this private information, but it can be released to the executor of the estate after the client’s death.

A recent case in Canada has demonstrated just how valuable such a service can be, as highlighted in the media this week. Whilst in this instance Apple have eventually agreed to open the iPad for the family, it took months of argument and aggravation at a time when the family was grieving. The contents of the iPad will almost certainly have no monetary value, but will contain cherished memories that can be enormously important to the family.

The Safe4 Digital Inheritance Vault makes provision for the recording of such information, and keeps it completely private. For more information on how the service works, please click here, or contact us. We will be delighted to assist you.

Email scam causes loss of £45,000 as conveyancing emails are hacked

The use of email to carry confidential client information is still a significant cause of computer crime in the UK, with more than 70% of law firms persisting with the use of this high-risk means of carrying confidential information.

The latest instance has seen a tragic case involving newly-wed first time buyers lose their life savings, following the interception of emails by hackers who falsified bank details. Please click here for more information.

Using the Safe4 secure document delivery and storage service will radically reduce the risk of fraudulent interception of confidential information. The Safe4 service is SRA compliant, and never uses email to carry documents; by using UK-based ISO 27001 accredited data centres, performing full encryption of all uploaded information, and contracting with customers under English Law, Safe4 offers a fast and effective service that enhances regulatory compliance and offers levels of security that email cannot match. Even “secure” email services are often clumsy and inefficient, and do not offer the comprehensive audit trails and reporting facilities of Safe4.

For more information on how Safe4 can make your client communications fast, efficient and secure, please contact us. We will be delighted to assist you.

Re-emphasising the value of audit trails

Proving that information has been accessed after it has been delivered can be a challenge. That is the main purpose of the detailed File History within Safe4, and it is proving to be of increasing value to customers and their clients.

Whether the activity in question is a complex corporate merger or acquisition, a personal inheritance plan, or updates to an insurance policy, it is often essential to know that the information in question has been received and opened. Sending printed documents in the post cannot provide this feedback, nor can sending documents as email attachments. The read-receipt provided by email systems does not confirm that the attachment has been opened, or even that it has not been deleted altogether.

Another benefit of the Safe4 audit trail is that it provides evidence that a confidential document has NOT been accessed by anyone other than an authorised person. This is especially valuable when deeply confidential information is being assembled in a private inheritance plan – it is impossible to prove that paper records have not been seen by someone they shouldn’t have, for example. The Safe4 Digital Inheritance Vault gives a level of security and confidentiality that can be difficult to achieve using other methods of managing information.

For more information on how using Safe4 can enhance the security of your private information, please get in touch with us. We will be delighted to assist.

“Secure” email services suffer outages – Safe4 records another month of 100% availability

Safe4 has for over 5 years offered a document delivery and storage service that is highly secure, flexible, and exceptional value for money. Still, however, a number of organisations believe that “secure” email is a viable alternative for getting confidential documents safely to clients and other external parties.

Recent events suggest that some providers of so-called secure email services are not as reliable as they would wish us to think.  Click here for some examples of this.

October 2015 saw another month of 100% availability for Safe4, independently verified. October was also a record month for new user registrations for Safe4.

We all use email services every day for a wide range of communication activities, but for getting confidential information to recipients outside your own domain it carries high risks. When the “send” button is pressed we simply hope for the best, and have no way of knowing whether the transmission will be intercepted en route through one of the many servers it may be handled by, or indeed how it will be managed after arrival.

For more information on how Safe4 can help your organisations to avoid the risks of using email to carry confidential information, please contact us. We will be delighted to assist.

EU nullifies Safe Harbour agreement with US: where is your data stored?

Back in 2010, when we launched the company, we decided that all of the information held within Safe4 would be stored in UK-only data centres accredited to the ISO 27001 security standard. That decision has been vindicated on many occasions since, and has been given further weight by a recent ruling at the European Court of Justice. The inescapable verdict: if your data contains confidential or sensitive material, relying on US data privacy laws could put you at risk.

The EU has now been joined by Israel in recognising the flaws in the EU / US Safe Harbour agreement; Israel is now recommending that data containing personal information should not be transferred to the United States – click here to read more.

It is now widely acknowledged that the weakness of data privacy laws in the US can expose many types of organisation to unacceptable and unnecessary risk. In spite of this many businesses in the UK still use data services managed by some of the IT giants who are located in the US. Safe4 stores all of the data it holds within the UK, and does not use any US-located resources for any part of the management of the system.

For more information on how Safe4 can assist your business to maintain your own and your clients’ information in complete privacy, please contact us. We will be very pleased to help.

Dropbox suffers recent outage – but Safe4 scores another month of 100% availability

Dropbox users may have experienced some difficulty and inconvenience following their recent outage. However, Safe4 achieved another month of 100% availability in August. With the exception of very brief periods of pre-planned server maintenance, Safe4 has provided customers with continuous service for nearly 5 years.

Using UK-based data centres that are accredited to the ISO 27001 security standard, Safe4 offers exceptional levels of availability and confidentiality. There are now Safe4 users in many different parts of the world who are enjoying these benefits – if you would like more information on how Safe4 can assist your business, please contact us. We will be delighted to hear from you.

Massive losses as criminals target UK lawyers’ insecure transactions

Unsurprisingly, more evidence is emerging all the time of fraud perpetrated by criminal gangs against law firms who do not manage transactions involving financial transfers securely. This article, published in The Times on Friday 4 September, highlights some of the causes.

As ever, one of the root causes is the use of email to transfer confidential information. Law firms should be insisting that their clients do not allow any sensitive or potentially high-risk information to be carried by email. The article referred to above highlights yet another instance of theft through email penetration. However, 70% of UK law firms still use email to communicate confidential information, risking their not only clients’ funds but also potentially their own existence.

Safe4 have gone to great lengths to provide a service which offers completely confidential transfer and storage of information. As well as being SRA-compliant, all Safe4 information is held in UK-based data centres that are accredited to the ISO 27001 security standard.

If you would like more detail on how Safe4 can assist with the secure handling of critical information, please contact us. We will be delighted to speak with you.

A real heart stopping lesson about data security

I imagine the very recent news that customer data has reportedly been stolen from Ashley Madison, a dating website, will send a few hearts fluttering and pulses racing.

Without wishing to pass judgement on the company or people who use it, how much longer will it take for all manner of organisations to realise they have to take data security seriously? Regardless of what Ashley Madison actually does and if the reports are true about data being stolen, they will rue the fact that they have not paid more attention to this issue.

Not taking data security seriously is asking for trouble and is as certain to limit the future of a business as would be mistreating customers in any way.

For anyone looking into this issue for the first time it is important to be aware that ISO 27000 is a family of standards that helps organisations keep information secure. These standards help manage the security of customer information, financial data, intellectual property, employee details and other information entrusted to them by third parties.

Safe-4 uses a UK-based data centre accredited to ISO/IEC 27001, the best-known component in the family of standards providing requirements for an information security management system (ISMS) which is an exacting and systematic approach to managing sensitive company information so that it remains secure.

It does not matter if a business is large, medium or small in size; using these standards and working with other businesses that also use them will help companies in any sector keep highly sensitive information secure.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

How safe is cloud computing? It depends who you work with …

Much has been made in recent times of the benefits that can be derived from cloud computing. In fact the speed of growth in use of “the cloud” has been one of the major factors in the IT industry for most of the last decade. But how safe is cloud computing?

Traditionally a profession that has adopted a cautious approach to new technologies, the legal sector are showing increasing signs of understanding the financial and operational benefits of using the cloud as a resource for managing different types of information. The Solicitors Regulation Authority has highlighted this in recent publications, expressing the view that “Cloud computing is continuing to increase in popularity, with low cost and flexibility the key advantages. Cloud users do not have to maintain their own data storage or multiple site licenses for software. The cloud works out cheaper than direct data and program storage, and permits true mobile working with no need for data sticks or email transmission of files, both of which are key risks for data loss. Email is not inherently secure, while data sticks are easily lost and provide ready systems access for virus programs.”

However, there are of course risks. The SRA also points out that when a cloud-based service is implemented, control of data is effectively handed over to a third party service provider, and the ability of that provider to protect confidential information can represent an area of risk. Careful selection of the cloud system provider can effectively mitigate this risk, as there are very wide variations in the level of security that different companies offer.

Safe4 Information Management have made major investments in ensuring that the security of their customers’ data is given the highest possible priority. This is reflected in the way Safe4 have addressed the issues raised by the SRA. The measures Safe4 have taken include such key areas as ensuring that all data is held in ISO-27001 approved data centres in the UK, confidential information is never transmitted by email, all stored data is encrypted using highly secure ciphers, and that all contractual engagements are undertaken according to English law. Rigorous penetration tests, carried out by independent UK Government-certified agencies, also ensure that any areas of vulnerability caused by new internet threats are addressed as a matter of urgency.

The SRA also points out that “sound cloud computing providers offer better encryption and security than would be possible for a small or medium-sized solicitors’ practice storing its data locally.” Due diligence applied in the selection of the cloud service provider can help to bring the law firm the financial and operational benefits of this highly effective resource while making sure that its stored information is given the maximum protection possible.

The views of the SRA are echoed by the Law Society, which has also published guidance for law firms wishing to use the cloud.

A number of law firms in the UK have for some time been making use of the highly secure document delivery and storage service offered by Safe4 to share confidential information with their clients and other external parties. One law firm in Leeds is now in the process of introducing the use of Safe4 as a direct result of the way the SRA guidance has been interpreted and implemented.

For more information on how using Safe4 can benefit your law firm, please get in touch.  We will be very pleased to assist you.

Ben Martin

benmartin_square

 

 

 

Ben Martin is a Director and founder of Safe4 Information Management