VaultConnect appointed as Safe4 distributor

 

As part of the market development programme being undertaken by Safe4, VaultConnect of Manchester have signed a distribution agreement enabling them to offer the highly secure Safe4 information delivery and storage service to professional practitioners across the UK.

Although based in the north of England, VaultConnect will operate nationally and have established opportunities to provide the Safe4 service to organisations in all parts of the country, in sectors such as legal, accounting, financial services and more recently art galleries.  All of these organisations manage highly confidential information on behalf of their clients, and all have the responsibility of transferring funds to and from clients and other parties as business is being transacted.

Steve Edge

Richard Higginbotham

VaultConnect was formed by Steve Edge and Richard Higginbotham, both of whom have decades of experience in sales and digital marketing of software-based solutions.  One of the first areas that VaultConnect will be addressing is the activity of property conveyancing solicitors, who are responsible for transferring significant sums of money between clients and the other parties who participate in property transactions, such as estate agents, mortgage lenders, and other law firms.  Steve Edge believes that “Safe4’s platform enables us to solve a real issue for professional service firms who need to share sensitive information with clients and partners. Conventional email is increasingly seen as an unsafe way to transmit information because it’s easy for fraudsters to intercept. Emails can then be impersonated or impregnated for commercial gain.”

Steve also feels that “Safe4 enables us to realise the mantra ‘don’t transmit, VaultConnect’; we help our clients enjoy the convenience and efficiency of email without the risks. Unlike products that are charged on a per user basis, we are able to make a compelling commercial proposition to our target markets.”

GDPR is coming …

Ben Martin, a director of Safe4, is delighted to be working with VaultConnect.  “This relationship brings an exciting opportunity for Safe4, to enhance our ability to engage with new customers and deliver secure high quality solutions in conjunction with the proven expertise of Steve and Richard in the professional practitioner sector, where the benefits from using Safe4 are immediate.  We welcome their commitment to address these vitally important sectors. With GDPR on the horizon it is becoming more important than ever to ensure that all client information is being handled as securely as possible, and using Safe4 satisfies this requirement and brings a competitive edge to professional practitioners of all types”.

For further information please contact us at Safe4, or Steve and Richard at VaultConnect.

Transport Layer Security still not universally applied

Safe4 implemented Transport Security Layer (TLS) as the successor to Secure Sockets Layer (SSL) back in 2010 as the connection layer that is used when the system is accessed by users, but it seems that there is still some uncertainty as to how this level of security will be deployed in corporate environments, from which users are often accessing the internet through multiple layers of middleware, or middleboxes as they are sometimes known.

Not only has Safe4 implemented TLS, but this connection layer is very tightly configured to offer connected users the highest level of security possible. The configuration was significantly enhanced in 2015, when Safe4 announced a radically overhauled user interface.  Thus when Safe4 is being accessed using a device that is not under the user’s control, such as from a hotel lobby or an airport lounge, the connection is still highly encrypted and thus secure.

Making sure that customers’ information is being managed securely is the primary focus of Safe4, so that users of all levels can be confident that their data is being handled safely. Please get in touch with us if you would like more detail on how the Safe4 service could be of value for your organisation.

More Asset Register enhancements – Safe4 version 5.02 is released

More updates to the Safe4 Asset Register have been released today. These will add further functionality to the existing system, by making it simpler to manage certain types of information.

The enhancements in version 5.02 include:

  • The ability to sort columns by clicking on the heading, into ascending or descending order
  • Drop-down fields, with permission-controlled ability to define the pick-list
  • A check-box field, so that specified actions such as approval or confirmation can be added with a single click
  • The ability to define a regular expression for a field, combined with an error message of the user’s choosing. This will enable the data entered into specified fields to be controlled, for example to allow only eight numeric characters for bank account numbers
  • Display of a history box alongside each record, showing all of the actions that have been carried out on that record, with user and date/time
  • The ability to designate a field as containing a phone number, so that when used from a smartphone the number can be dialed with a single tap
  • Selection of chosen records with a checkbox to permit emailing other users with questions or comments
  • Selection of chosen records with a checkbox to permit multiple record deletion
  • Option to “Open in Excel” on any page displaying a list of records

These changes will be followed by a series of other developments in the near future, in keeping with the continuous improvement policy of Safe4.

If you would like any more information on these changes, or how they can assist with the secure management of information for your business, please contact us.

Safe4 Use-Case Paper: Secure Property Conveyancing

The Safe4 secure information delivery and storage service has been in use by law firms since 2010, but hitherto primarily in support of corporate and commercial property transactions. The introduction of the Safe4 Asset Register in May 2017 has brought new levels of functionality to the system, some of which can be applied to the process of secure property conveyancing.

How can law firms offer their clients better protection of their confidential information?

It is estimated that at least 70% of law firms in the UK use open email systems to transfer confidential information between external parties. This covers a very large number of information types in a variety of departmental activities. Residential property conveyancing, however, is one area where the use of insecure methods of information transfer has been exposed as a primary target for criminal activity.

When a lawyer is engaged by a client to handle the legal aspects associated with selling their home, the final act in the process is for the lawyer to transfer the sale proceeds from their firm’s client account to the client’s bank account. In most cases this is a simple process that is carried out without difficulty, but in recent years there has been an alarming increase in the level of criminal interception of email. It is common for the lawyer to request the client to provide the details of their bank account by email, by telephone, or by filling in a paper form and sending it back to the lawyer. All of these methods of delivery are potentially insecure, but there is mounting evidence that interception of emails and fraudulent alteration of the target bank details has become a major problem.

Impact on Professional Indemnity Insurance premiums

The existence of the problem has been recognised by the providers of professional indemnity insurance for law firms. Premiums are starting to increase steeply for those firms who use the traditional insecure means of obtaining clients’ bank account details.

Secure Property Conveyancing

The Safe4 Asset Register allows this risk to be eliminated. By opening a secure vault for each property transaction, and creating data fields into which basic bank account information – account number, sort code – can be entered directly by the client, the lawyer can offer the client a higher level of protection than has hitherto been possible.

After the client has entered their bank details, the conveyancer will receive an email automatically generated by Safe4 confirming that the information is available. After logging in, the information can then be transferred safely into the internal systems used for handling client payments. There is of course the standard Safe4 audit trail facility associated with all activity, providing a strong evidential record of everything that has been done during the transaction.

If the Safe4 Application Programming Interface (API) is used, the bank account details can be transferred completely automatically into the law firm’s practice management or accounting systems, thus improving security and efficiency further.

UK Hosting

Because all Safe4 data is hosted in the UK in ISO 27001-accredited data centres, the professional practitioner can also take advantage of Solicitors Regulation Authority compliance. All of the activities of Safe4 are conducted under the law of England and Wales.

Safe4 Information Management have partnered with VaultConnect to offer best-in-class security for the systems that handle the transfer of confidential information between the professional practitioner and the client. This collaboration is now benefiting law firms throughout the United Kingdom, who are able to gain the advantage of the security of the Safe4 platform with the expertise and experience of the VaultConnect team.

Met Police see ransomware as the biggest cyber-security threat in 2018

A series of global ransomware attacks in 2017 have reaped millions of dollars in rewards for criminals who have penetrated unsuspecting users’ IT systems and encrypted their data. In the UK, the National Health Service was one of a number of high-profile victims of such attacks.  According to London’s Metropolitan Police, ransomware looks likely to be a major threat again in 2018. Ransomware cannot prevent access to data stored in Safe4, as indicated in previous articles on this website.

In an article published in The Times newspaper today, the need for managing personal information is highlighted even more strongly. Theft of identity, and with it money, has become such an enormous issue that more and more of us are likely to be at risk through insecure management of our online activities. Using clever apps or devices on mobile phones or computers will obviously help; however using secure online services to deliver and store critical personal information will give the greatest level of protection to businesses and their clients alike.

Safe4 has been rated among the most secure 0.8% of sites on the Internet by independent agencies, out of more than 1.5 million tested. Using the Safe4 Asset Register to handle personal details for a wide range of online activities offers a unique facility for holding both confidential documents and individual elements of data, such as personal identification details. All data held in Safe4 is stored in UK-only data centres accredited to ISO 27001. Please contact us for more information.

Press Release: Safe4 and Mint Bridging to work together

The Background

Mint Bridging is currently the UK’s fastest growing specialist provider of short-term bridging and re-bridging loans.  Based in Altrincham, Cheshire, they offer bridging finance on residential and commercial properties to non-owner-occupier borrowers.  Formed in 2011, Mint Bridging brings more than 50 years’ experience to their operation, and provides rapid and flexible service for loans between £27,500 and £5,000,000.  With a solid base of private investors to support their funding requirements, they are able to make use of an in-house legal team as well as working with external brokers and law firms.

Mint first made contact with Safe4 in April 2017, as a result of their selection of IT Farm as their chosen provider of cloud hosting services to support their line-of-business applications as well as their Microsoft Office applications, utilising managed desktop services.  IT Farm and Safe4 have collaborated successfully with other customers in the past.  Mint needed a secure cloud platform to handle the documentation associated with their lending functions, and selected Safe4 to provide this service.

The Project

After a brief period of discussion to establish requirements and business processes, Mint commenced using the Safe4 service in July 2017, and began the process of scanning and uploading some of their case documentation backlog.  Safe4 will be used to handle the ongoing take-on of new lending cases, and will enable Mint to reduce their current paper-handling activities.

Paul Wertheim, Director of Mint Bridging, believes that implementing Safe4 will enhance efficiency and improve compliance, given the highly confidential nature of information that is handled in the course of daily business: “Safe4 allows Mint to make extensive use of cloud-based IT services, and is consistent with our policy of ensuring that confidential client information is handled as securely as possible.  It also allows us to achieve some operational efficiencies that will support our continuing rapid growth.  We look forward to working with Safe4 as we go forward, and potentially to making more extensive of use of the range of capabilities that their product offers.”

Ben Martin, Director of Safe4 Information Management, is delighted to be working with Mint.  “We welcome the opportunity to engage with rapidly-growing businesses in the UK financial services sector.  Mint Bridging have made a conscious move towards the use of cloud-based services, as this offers greater resilience and heightened security in the management of extremely confidential client information.  They also interact extensively with law firms who provide supporting services.  We are confident that our relationship with Mint Bridging will prosper as each of our businesses grows in the coming years.  This relationship also strengthens our partnership with IT Farm, who offer an excellent range of IT management services from their Manchester base.”

Safe4 Information Management was formed in 2010, with the specific objective of providing best-in-class secure information delivery services for customers in a range of business sectors.  All data stored by Safe4 is held in UK data centres accredited to ISO 27001, and is annually penetration tested in accordance with the requirements of various regulatory regimes.  Safe4 currently work with customers in the UK public sector, the National Health Service, international banks, as well as a range of professional practitioners and specialised consultancies and service providers.

Please contact us if you would like more information on this project, or on any further detail on how Safe4 can add value to your business.

UK corporates becoming more aware of the importance of GDPR compliance

Whilst the corporate sector in the UK is generally becoming aware of the need to ensure that they are compliant with the new General Data Protection Regulation that comes into force in May 2018, there are still some large firms who are alarmingly exposed to the risk of cyber attack. According to recent research, only just over half of the boards running FTSE 350 companies recognise the full impact of the threat of cyber attack, and the need to become GDPR compliant.

The impact of GDPR will affect all organisations in the UK, both large and small. In fact, it could well be the SME sector that faces the greatest risk, as many do not have a robust IT infrastructure or the necessary policies and procedures to protect their clients’ data. Safe4 are currently working with a number of organisations in the charities sector who wish to ensure that their essential information, most notably details of their donors and their financial records, do not fall prey to intrusion and thus expose them to severe penalties.

If you would like more information on how implementing Safe4 within your business can significantly reduce the risk of online fraud and data theft, please contact us.

Safe4 virus protection enhanced

In order to maintain the primary Safe4 commitment of security for information held on behalf of customers and their clients, the anti-virus protection applied when documents are uploaded to the system has been enhanced. Scanning for viruses as every document is uploaded has been an automatic function of the system since Safe4 was launched, and this has now been updated and strengthened.

As well as rejecting any files that are found to contain a virus, the system will now send an email to the uploading user advising that the file has disallowed content, and to the nominated administrator. In addition, the attempted upload and the rejection are now captured by the Safe4 audit trail, and can be queried by a user with the appropriate administration permissions. If an infected file is placed into a ZIP file, Safe4 will detect the virus and reject the upload, regardless how many levels of ZIP file have been used. Similarly, any infected files uploaded using the WebDAV interface will be rejected and reported in the same way.

For more information on how Safe4 can enhance your online security and keep your information safe, please contact us.

Safe4 version 5.01 is released – more enhancements for the Asset Register

To maintain the continuous improvement policy of Safe4, further enhancements have today been released for the Asset Register in version 5.01. These include the ability to control the horizontal display sequence of fields when asset records are being added, as well as improved handling of dates to make the format consistent across all browsers. Management of lists of attribute definitions is also improved.

Version History

It is also now possible to view the version history of a record in the Asset Register, using exactly the same approach as that adopted for viewing previous versions of files. Thus if a record is changed, the system will retain the previous version and update the audit trail accordingly, maintaining the integrity of the data in each record.

The addition of the Asset Register capability to Safe4 introduces a completely new range of possibilities in the way that the system can be used. Further incremental enhancements will be added to Safe4 in the short term, as the range of data handling capabilities is increased. The ability to mix folders containing document files with a structured columnar display of data relating to the subject of those documents brings additional levels of functionality to the system, and increased clarity for users in many different application areas.

As was indicated when the Asset Register was announced in May, Safe4 will be publishing a series of use-case papers in the next few months highlighting the range of application possibilities now afforded by the system. For more information on how the enhanced capabilities of Safe4 can assist your business, please contact us.

Ransomware – why Safe4 customers are protected

The ransomware attacks that have affected many organisations around the world over the weekend have exposed some serious vulnerabilities in the way that information is managed; using out-of-date operating systems and the failure to implement security updates are clearly primary causes of the exposure. However, it should be remembered that the problem normally arises when an unsuspecting user clicks a link in an email that is urging them to take some “essential” action, such as to update the information stored by a service provider.

Of course the email does not come from the service provider at all, but is a cleverly-disguised piece of work by a criminal organisation that will install an invasive piece of software on the user’s computer that can encrypt files and demand ransom payments in exchange for a decryption key.

Safe4 customers, and their clients, are protected against this risk in a number of ways:

  • Firstly, it is never necessary to send any confidential information, or indeed any information at all, by email. The primary function of Safe4 is to provide organisations of all types with the ability to deliver and store information of any kind in a way that makes it accessible to authorised users only. Thus if a Safe4 user receives an email requesting them to take any unusual or unexpected action, it can safely be ignored.
  • Secondly, all the files held in Safe4 are maintained in UK-based data centres accredited to ISO 27001, and are only available after the user has authenticated themselves through a web portal. The user does not therefore have direct access to the information in the way that they would if the files were held on a local or network drive.
  • The third reason for the safety of Safe4 customers is the inherent design of the system. Safe4 is a system of record. Files held in the system cannot be changed; this means they cannot be encrypted. Even if malware were to penetrate the security layers of Safe4, it cannot alter the files that have been stored. New versions of files could theoretically be created containing an encryption code, but the original files are still available for retrieval at any time – without having to pay any ransom.

We at Safe4 are continuing to remain vigilant in the constant battle against cyber criminals. Independent tests have rated Safe4 among the most secure 0.8% of sites on the internet out of millions tested due to the measures that we have put in place to protect our customers’ data. Please contact us if you would like any further detail on the security features of Safe4.