Is our health and wealth sufficiently protected?

/in , ,

The current spate of publicity about how poorly some charities seem to care for the personal information they keep about the donors who support their respective causes is yet another reminder of just how vulnerable organisations are when it comes to keeping customer information safe. After all if you give information to any business and especially to your doctor, your lawyer or your financial adviser you expect it will be kept safely.

The principles on which the very foundation of all businesses enterprises should be built has not changed since we all lived in the fields and we bartered to get what we needed to survive. Harnessing our resources to satisfy the needs and wants of our customers is the bedrock of all economies as all truly successful companies have proven. Yet of all the sectors in our economy the medical, legal and financial sectors are built upon another key driver. They have to deliver absolute client confidentiality because nothing is more private to us as individuals then our health and our wealth.

The General Medical Council, The Law Society and the Solicitors Regulation Authority produce a lot of sensible guidance on best practice for keeping client information safe, cyber security, and use of cloud computing etc. However, like many things in real life we are all spurred into action when something goes wrong, when the company’s system is hacked into or when there is a proven breach of confidentiality rules about which the injured party often complains most noisily.

So, why do we prevaricate about taking such action? Why are we so inclined to believe ‘it will not happen to us’? Well, it is just human nature I suppose, just like the fact that we all know we are going to die but none of us believe it is going to happen today. Many of us do lots of little things to put off that fateful day like take exercise, eat and drink sensibly so, why don’t we do a similar number of little things in our businesses to protect customer information?

The probability is that so much is not done to ensure client confidentiality because we either do not see where the holes are in our respective enterprises, or we do not know what to do – or if we do know what to do – we see it as simply too big and too complicated to handle. The answer has to be we must start somewhere and starting to do a small number of little things is the only way to get to that place where we are absolutely certain that we could not have done more.

So, come on then get in touch with your local information security expert and ask them to advise where you should begin. It may turn out to be a journey of a thousand steps but you have to start somewhere.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Another bumper month for Safe4

/in , , , , , , , ,

June 2015 proved to be another successful month for Safe4, with a record number of new users registering for the service, and 100% availability once again.  The uptime record of Safe4 is now amongst the best in the industry, and coupled with very high levels of security this makes Safe4 the ideal choice for any organisation that needs to deliver information securely to parties both internally and outside its own IT domain.

For more information on how Safe4 can help you to achieve total security combined with 100% reliability, please contact us.  We will be very pleased to assist.

Safe4 and Jermyn Consulting to work together

/in , ,

Safe4 Information Management and information security experts Jermyn Consulting have agreed to work together to bring the benefits of highly secure document storage and delivery services into the market sectors addressed by Jermyn.

Jermyn Consulting and Safe4 are natural partners, addressing many aspects of information security. Jermyn specialise in ISO 27001 consulting, and assisting with development and management of business continuity and disaster recovery plans. They have developed structured methodologies that assist their customers to achieve higher levels of resilience in their businesses.

George Hall, founder and managing director of Jermyn Consulting, believes that the combination of their knowledge and experience with the proven security and flexibility offered by Safe4 will add value to the work that is being carried out on behalf of their customers: “I am confident that working with Safe4 will enhance the excellent relationship we have developed with many of the organisations we provide services for, both by managing our communications securely and by providing a strong and effective platform for the creation and management of disaster recovery plans.”

Ben Martin of Safe4 sees great benefits for all parties in this relationship.  “We are excited at the opportunities offered by working with Jermyn Consulting.  Their long experience and proven expertise in the field of information security complements the fundamental purpose of Safe4 perfectly – to provide a cost-effective, highly secure and customer-friendly service to deliver and manage confidential information.  We look forward to working closely with them to develop offerings aligned with their specific market sectors.”

Careless use of email continues to lead to security breaches

/in , ,

As in previous years, global accounting and consultancy services provider pwc has released its 2015 report on information security breaches, and the impact that they have on businesses of all sizes.  The costs of such breaches are huge, both in financial terms and from a reputational perspective.

Interestingly, a significant number of breaches are caused by employee behaviour rather than technology-related issues.  Companies that allowed their staff to access social networking services and peer-to-peer file sharing sites suffered higher levels of information leakage. Following on from the Bank of England’s experiences relating to “auto-complete” of email addresses, careless or uncontrolled use of email remains a damaging cause of security failings.  This was commented on last week by Safe4.

The approach adopted by Safe4 can help to eliminate such security breaches.  By placing confidential information into a secure vault, only approved and authorised users are permitted to gain access, and all actions are comprehensively recorded in audit trails. Email need never be used to carry confidential files as attachments.

For further information on how your organisation can benefit from using Safe4, please contact us.  We will be very pleased to assist.

Bank of England moves to stop email errors

/in , , , ,

The Financial Times has recently reported on a new security measure being implemented by the Bank of England – disabling the auto-completion of email addresses to lessen the risk of emails being sent to the wrong addressees.  This follows an email about research into Britan’s exit from the EU being accidentally sent to a member of the media by the private secretary of Sir John Cunliffe, the Bank’s deputy governor for financial stability.  The email itself explicitly stated that it should not be sent to the media.

Auto-completion of email addresses is a useful tool, but time and time again it has been responsible for confidential information being sent to the wrong recipients.  Several UK law firms have reported this problem, but it keeps on happening.  Staff at the Bank of England have commented that switching this facility off might have an adverse impact on productivity. As far back as 2007 the then Financial Services Authority was recommending that auto-complete in email systems be disabled by members of the financial services community.

This problem can be eliminated by using Safe4 to store confidential information and share it with external parties.  The internal controls built into Safe4 will ensure that documents or messages will never be sent to the wrong people; only authorised parties will be able to receive communication about documents held within the system, and subsequently view such information.  Using the comprehensive audit trails and records maintained by Safe4, it is possible to make sure that only the right people have had access to confidential information.

100% availability for Safe4 again in April 2015

/in , , ,

Safe4 continues to record the highest possible availability levels for its secure online document delivery and storage service, with 100% availability for April 2015.  This means that the law firms, will writers, accountants, financial advisers, insurance brokers and their clients who are now using Safe4 in ever-increasing numbers to deliver and manage confidential information are enjoying completely uninterrupted access to the system, wherever they are based.  Safe4 is also used extensively in the health sector and by very high-profile groups within the UK public service, which again means that the information that they provide is available whenever it is needed.

As well as recording such high levels of availability, response times for displaying information held in Safe4 have been falling.  Information is therefore being accessed more quickly and effectively – average page display times have fallen to 477 milliseconds.

If you would like more information about Safe4, please get in touch.  We would be delighted to help you to manage confidential information with complete security.

Safe4 achieves 100% availability again in March 2015

/in , , ,

Based on figures from an independent agency, Safe4 has been given a 100% availability rating for March 2015.  This means that not only is Safe4 among the most secure services on the internet, is is also available at any time, from anywhere.  Safe4 aims for 99.99% availability, and has reached 100% on many occasions since its inception in 2010.

Added to an average page delivery time of half a second, this makes Safe4 a fast and safe option for the delivery and management of confidential information.  This performance rating has been achieved in conjunction with ever-increasing numbers of users and volume of information stored.

For more information on how Safe4 can help your business to get information to clients and other external parties faster and more securely, please get in touch with us.  We will be very pleased to assist.

Share files internationally

/in

We are pleased to announce the release of a small – but important – update to Safe4.

Over the last 18 months Safe4 has seen increasing use of the system to share files internationally. Until today Safe4 displayed all dates and times in GMT/UTC. This update has provided the ability to show the dates and times in your local timezone, making it much easier for international users to understand the information presented without needing to do time computations.

Time settings are configured in the “My Account” page, reached by clicking on your name in the top right.

At the bottom of the My Account page you will see three options :-

Screen Shot 2015-03-05 at 15.41.24

 

  • Location – Select the major city closest to you. The system will also take into account daylight saving time at your location if it applies.
  • Date Format – Select the display format for dates.
  • Time Format – Select your preferred format for the display of times.

Safe4 hope this new feature will make it easier for you to share files internationally and for your international clients to easily understand the chronology of the files transferred in the system.

More uptime availability and performance success for Safe4

/in , , , , , , , , ,

During January 2015 Safe4 maintained 100% availability of the service except for a short period  when our hosting partner applied a critical security patch to the infrastructure.  Since we take the security of our customers’ information very seriously it was felt that applying this patch was essential. The downtime was scheduled for overnight at a weekend, so it is hoped that it did not impact any of our users. Please accept our apologies if you were unable to access the service during this time.

Availability

We hope you are pleased with the performance you are seeing when using the system. In order to help target improvements Safe4 tracks the time taken to display pages in the system. Since there are a number of factors that can cause performance problems we have implemented an approach which measures the time it takes for you to be able to use a page. This is the most realistic measure we can find.

When developing Safe4 the team treat any page that takes longer than 2 seconds to load to be a defect. This is our performance target.

We are pleased to advise that during January the average (median) page load time experienced was 0.89 seconds. This is well under our target so it is hoped that we are meeting your performance expectations.

Performance

If we examine individual geographies we can see the impact of the internet on the performance.

  • Performance in the UK, where our data centre is based, is averaging out at 0.78 seconds.
  • Performance in South Africa is averaging out at 1.5 seconds, despite the extra network connections we are pleased to be getting great performance here.
  • The slowest average performance at 1.6 seconds seems to be for users in the United States where increased network delays seem to be adversely affecting performance.

Safe4 will continue to monitor performance and availability of the service to ensure that we meet the demands of your businesses. Look out for updates to these charts in the coming months.

Safe4 achieves Cyber Essentials accreditation

/in ,

Cyber Essentials Badge Medium (72dpi)

The Cyber Essentials accreditation scheme was implemented by the UK Government to establish criteria for the management of information in order to prevent intrusion from external attackers.  Accredited organisations are entitled to display the Cyber Essentials logo, which confirms that they have met the standards required.

Safe4 have received this accreditation, and we are now able to display the Cyber Essentials badge on our website and our secure cloud service.

This is part of an ongoing process to ensure that Safe4 remains one of the most secure sites on the internet.  It is accompanied by annual penetration testing, performed by licenced external laboratories, and constant surveillance of the ever-growing range of internet security threats.

The objective is to ensure that Safe4 customers’ data is protected to the highest standards available, and that our user community in the legal, financial, insurance, health and government sectors can trust their confidential information to Safe4.

For further information, please refer to the Contact page on our website.  We would appreciate an opportunity to speak with you.

Safe4 Information Management Limited

February 2015