Articles about security – will be highlighted on the security page.

More new security and reporting features for Safe4

/in , ,

Safe4 has been enhanced again by the addition of stringent password strength checks for new users, and the ability to download some system reports directly into a .csv file for further analysis and manipulation. This will be further improved by extension to all reports in the near future.

At Safe4 we are constantly seeking ways to make the service more secure, and more flexible in the way it can be used. As always, this is largely based on customer feedback and the need to maintain vigilance in the face of an ever-increasing array of security threats.

For more information on how Safe4 can assist your business to manage confidential information more securely and efficiently, please get in touch with us.

Information security insights from McKinsey

/in ,

Anyone who has an interest in the issue of cybersecurity should read the book excerpt ‘Repelling the Cyberattackers’ in McKinsey’s Quarterly, July 2015, by Tucker Bailey, James M. Kaplan, and Chris Rezek – click here to read the article.

However, as good as this advice is, especially as the world rushes at ever increasing speed towards digitising everything, we forget at our peril the need to concentrate on the basics. Having a secure online communication, document delivery and storage capability is a vital requirement and it is the place to start the whole process of planning a cybersecurity strategy.

Next comes getting everyone in the organisation into the habit of executing standard hygiene controls: regularly changing passwords, choosing a password methodology that has absolutely no connection to your personal life and only opening emails and especially attachments from people you know. Failure to adopt these simple rules is asking for trouble.

As ever, the human factor can be the weak spot – it is not just about putting secure IT solutions in place.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Beware of public Wi-Fi!

/in , , , , , , , , ,

Paul Holland has published an interesting post on LinkedIn, highlighting the risks associated with using public Wi-Fi.  To quote Paul’s post:

“An investigation conducted in London has shown the ease with which personal data can be hacked when the target is using public Wi-Fi. Security and privacy software company F-Secure teamed up with penetration testing expert Mandalorian Security Services and the Cyber Security Research Institute to conduct the test – in this case, hacking into the devices of three politicians.

The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.”

It is important to note that when using Safe4, all interaction with our service is fully encrypted, including the internet link from your device.  Even when using public Wi-Fi, Safe4 communications cannot be intercepted – as opposed to the huge risks that exist when using open email systems.

Is our health and wealth sufficiently protected?

/in , ,

The current spate of publicity about how poorly some charities seem to care for the personal information they keep about the donors who support their respective causes is yet another reminder of just how vulnerable organisations are when it comes to keeping customer information safe. After all if you give information to any business and especially to your doctor, your lawyer or your financial adviser you expect it will be kept safely.

The principles on which the very foundation of all businesses enterprises should be built has not changed since we all lived in the fields and we bartered to get what we needed to survive. Harnessing our resources to satisfy the needs and wants of our customers is the bedrock of all economies as all truly successful companies have proven. Yet of all the sectors in our economy the medical, legal and financial sectors are built upon another key driver. They have to deliver absolute client confidentiality because nothing is more private to us as individuals then our health and our wealth.

The General Medical Council, The Law Society and the Solicitors Regulation Authority produce a lot of sensible guidance on best practice for keeping client information safe, cyber security, and use of cloud computing etc. However, like many things in real life we are all spurred into action when something goes wrong, when the company’s system is hacked into or when there is a proven breach of confidentiality rules about which the injured party often complains most noisily.

So, why do we prevaricate about taking such action? Why are we so inclined to believe ‘it will not happen to us’? Well, it is just human nature I suppose, just like the fact that we all know we are going to die but none of us believe it is going to happen today. Many of us do lots of little things to put off that fateful day like take exercise, eat and drink sensibly so, why don’t we do a similar number of little things in our businesses to protect customer information?

The probability is that so much is not done to ensure client confidentiality because we either do not see where the holes are in our respective enterprises, or we do not know what to do – or if we do know what to do – we see it as simply too big and too complicated to handle. The answer has to be we must start somewhere and starting to do a small number of little things is the only way to get to that place where we are absolutely certain that we could not have done more.

So, come on then get in touch with your local information security expert and ask them to advise where you should begin. It may turn out to be a journey of a thousand steps but you have to start somewhere.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Safe4 and Jermyn Consulting to work together

/in , ,

Safe4 Information Management and information security experts Jermyn Consulting have agreed to work together to bring the benefits of highly secure document storage and delivery services into the market sectors addressed by Jermyn.

Jermyn Consulting and Safe4 are natural partners, addressing many aspects of information security. Jermyn specialise in ISO 27001 consulting, and assisting with development and management of business continuity and disaster recovery plans. They have developed structured methodologies that assist their customers to achieve higher levels of resilience in their businesses.

George Hall, founder and managing director of Jermyn Consulting, believes that the combination of their knowledge and experience with the proven security and flexibility offered by Safe4 will add value to the work that is being carried out on behalf of their customers: “I am confident that working with Safe4 will enhance the excellent relationship we have developed with many of the organisations we provide services for, both by managing our communications securely and by providing a strong and effective platform for the creation and management of disaster recovery plans.”

Ben Martin of Safe4 sees great benefits for all parties in this relationship.  “We are excited at the opportunities offered by working with Jermyn Consulting.  Their long experience and proven expertise in the field of information security complements the fundamental purpose of Safe4 perfectly – to provide a cost-effective, highly secure and customer-friendly service to deliver and manage confidential information.  We look forward to working closely with them to develop offerings aligned with their specific market sectors.”

Careless use of email continues to lead to security breaches

/in , ,

As in previous years, global accounting and consultancy services provider pwc has released its 2015 report on information security breaches, and the impact that they have on businesses of all sizes.  The costs of such breaches are huge, both in financial terms and from a reputational perspective.

Interestingly, a significant number of breaches are caused by employee behaviour rather than technology-related issues.  Companies that allowed their staff to access social networking services and peer-to-peer file sharing sites suffered higher levels of information leakage. Following on from the Bank of England’s experiences relating to “auto-complete” of email addresses, careless or uncontrolled use of email remains a damaging cause of security failings.  This was commented on last week by Safe4.

The approach adopted by Safe4 can help to eliminate such security breaches.  By placing confidential information into a secure vault, only approved and authorised users are permitted to gain access, and all actions are comprehensively recorded in audit trails. Email need never be used to carry confidential files as attachments.

For further information on how your organisation can benefit from using Safe4, please contact us.  We will be very pleased to assist.

Bank of England moves to stop email errors

/in , , , ,

The Financial Times has recently reported on a new security measure being implemented by the Bank of England – disabling the auto-completion of email addresses to lessen the risk of emails being sent to the wrong addressees.  This follows an email about research into Britan’s exit from the EU being accidentally sent to a member of the media by the private secretary of Sir John Cunliffe, the Bank’s deputy governor for financial stability.  The email itself explicitly stated that it should not be sent to the media.

Auto-completion of email addresses is a useful tool, but time and time again it has been responsible for confidential information being sent to the wrong recipients.  Several UK law firms have reported this problem, but it keeps on happening.  Staff at the Bank of England have commented that switching this facility off might have an adverse impact on productivity. As far back as 2007 the then Financial Services Authority was recommending that auto-complete in email systems be disabled by members of the financial services community.

This problem can be eliminated by using Safe4 to store confidential information and share it with external parties.  The internal controls built into Safe4 will ensure that documents or messages will never be sent to the wrong people; only authorised parties will be able to receive communication about documents held within the system, and subsequently view such information.  Using the comprehensive audit trails and records maintained by Safe4, it is possible to make sure that only the right people have had access to confidential information.

So you think your client information is safe?

/in ,

If you are a lawyer born before say 1980 you can be forgiven if you find much of today’s technology a bit baffling and difficult to keep up with, given that it seems to change on a daily basis.

On the other hand if you were born after 1980 it is highly likely that you are pretty comfortable with technology and the pace of change – you know you will not break anything if you press the wrong button. There again it is also likely that your attitude toward technology and the data you put in and take from it is a lot more relaxed – and there lies the danger.

Last year the Department for Business Innovation & Skills published its 2014 Information Security Breaches Survey. You only have to look at these headline findings from this survey of 2013 to realise that challenging times lie ahead:-

  • 81% of large organisations had a security breach
  • 60% of small businesses had a security breach
  • 59% of respondents expect there will be more security incidents in the next year than last

Lawyers should not need reminding about how much client information they hold and how damaging much of that information can be in the wrong hands. They should fear the day that highly confidential documents and information are intercepted by hackers; the subsequent lawsuits and reputational damage will be expensive and could well put them out of business altogether.

So, notwithstanding the need to be constantly updated with what to do and what not to do when going through one’s inbox, sometimes, just sometimes perhaps a whole fresh look is needed. The issue of security should be high on everyone’s business development agenda. Lawyers must do all they can to ensure their client communications and documents are safe and accessible to no one but those for whom they are intended.

Of course, nothing is absolutely 100% secure in this world but our collective challenge is to make accessing confidential client information and data as continually difficult as it can possibly be for the criminally minded. The trouble is – more than 70% of lawyers in the UK still use email to carry confidential client information!

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – May 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

100% availability for Safe4 again in April 2015

/in , , ,

Safe4 continues to record the highest possible availability levels for its secure online document delivery and storage service, with 100% availability for April 2015.  This means that the law firms, will writers, accountants, financial advisers, insurance brokers and their clients who are now using Safe4 in ever-increasing numbers to deliver and manage confidential information are enjoying completely uninterrupted access to the system, wherever they are based.  Safe4 is also used extensively in the health sector and by very high-profile groups within the UK public service, which again means that the information that they provide is available whenever it is needed.

As well as recording such high levels of availability, response times for displaying information held in Safe4 have been falling.  Information is therefore being accessed more quickly and effectively – average page display times have fallen to 477 milliseconds.

If you would like more information about Safe4, please get in touch.  We would be delighted to help you to manage confidential information with complete security.

Safe4 achieves 100% availability again in March 2015

/in , , ,

Based on figures from an independent agency, Safe4 has been given a 100% availability rating for March 2015.  This means that not only is Safe4 among the most secure services on the internet, is is also available at any time, from anywhere.  Safe4 aims for 99.99% availability, and has reached 100% on many occasions since its inception in 2010.

Added to an average page delivery time of half a second, this makes Safe4 a fast and safe option for the delivery and management of confidential information.  This performance rating has been achieved in conjunction with ever-increasing numbers of users and volume of information stored.

For more information on how Safe4 can help your business to get information to clients and other external parties faster and more securely, please get in touch with us.  We will be very pleased to assist.