Tag Archive for: avoid email

Major upgrade for Safe4

2024 sees a major upgrade for Safe4

With the new year has come a major upgrade for Safe4. The highly secure information management and sharing service now has an enhanced user interface, with the ability to introduce a colour scheme of the customer’s choice.

The revamped user interface reflects a more modern and functionally rich experience for the user:

major upgrade for safe4, with document watermarking and enhanced branding

This new version of Safe4 is not just about cosmetic appearances, however. There are several significant changes to the functionality of the system…

This new version of Safe4 is not just about cosmetic appearances, however. There are several significant changes to the functionality of the system…

Documents can now be Watermarked

A highly configurable watermarking capability has been added as part of this major upgrade for Safe4. Any PDF file can show any chosen message, as well as a record of who has opened the document.

Documents in safe4 can be watermarked

This function also permits PDF files to be controlled, to help to reduce improper use of the information held in Safe4. Individual documents can be password controlled, and there are tools to support marking up PDF files, as well as preventing functions such as printing.

New user registration

New users will no longer be required to think of a username when accepting their invitation to register for Safe4. The system will apply the user’s email address as the username, simplifying the process and making it easier to remember usernames. If a user is invited to become a member of multiple vaults, they will simply have to enter a password and the system will automatically add them to the new vault.

Safe4 s hosted in the UK, on data centres accredited to ISO 27001. It complies with the Solicitors Regulation Authority guidance for cloud-based systems, and provides granular permissions, and a comprehensive audit trail and reporting capability.

If you would like more information on how the upgraded version of Safe4 can be of value to your business, please contact us. We will be delighted to assist.

MI5 warns of massive intellectual property theft

As featured on the BBC website on 18 October 2023, the head of MI5 in the United Kingdom has warned of the massive scale of intellectual property theft by Chinese agents approaching UK businesses.

Ken McCallum, the Head of MI5, speaking at Stanford University in California at a meeting of the Five Eyes alliance, has warned of the risk that penetration of UK businesses by hostile agents now presents. Read the article on the BBC website in full here.

The UK is known internationally as the source of much original thinking and innovation in product and service design. This naturally makes UK a target at many levels for unlawful penetration and theft of data. Whilst this clearly affects businesses who are generating and managing confidential information, the risk is also a major issue for universities, from which many UK startup companies originate.

The Solution?

Safe4 Information Management was set up in 2010 to provide a highly secure service to allow organisations of any size and type to share confidential information securely. The unique architecture of Safe4 allows the creation of secure vaults in the cloud to which users can be invited selectively. Granular permission and access controls ensure that sensitive information cannot be accessed by unauthorised parties. This differs radically from most other online file sharing systems, which are simply ways of sharing folders. Safe4 uses UK-only hosting in ISO 27001 accredited data centres, and sophisticated file encryption. Comprehensive audit trails and reporting facilities support business best practice and good governance. Safe4 offers a genuinely safe and secure facility for managing confidential documents and structured data.

Intellectual capital is one of the UK’s prime national assets, and should be managed in the most secure way possible. The core design of Safe4 makes this simple and affordable for any organisation, whether public or private sector, and of any scale. Safe4 is used effectively by small specialist consultancies as well as large corporates and public sector customers.

Safe4 has been adopted by a range of different organisations across many different business sectors. If you would like to learn how using Safe4 can reduce the risk of intellectual property theft, please contact us. We will be delighted to assist.

Updated look and feel for Safe4 – new upload options

As part of an ongoing process of refreshing the user interface, there is now an updated look and feel for Safe4. This is most apparent on the files and folders page, which is the most commonly used part of the system.

The screen has been redesigned to offer a clearer layout, with some of the buttons having been relocated and new icons introduced. Functionality remains the same, although an important change has been made to the way in which information can be uploaded to the system. As well as uploading files into a specific folder, Safe4 now supports the upload of complete folder structures in a single action. This includes complex sets of nested folders, with files at different levels. Safe4 will now create all of the folders and subfolders, and will position the file contents at the appropriate level.

This change in the upload process will allow new projects or data rooms to be added very quickly directly from Windows, without having to manually create subfolders and subfolders. As before, users who have access to the vault in question will receive automatic notification of all new uploads.

As always, this updated look and feel for Safe4 is accompanied by further security enhancements.

For more information on how Safe4 might be able to assist your organisation to manage and share information securely – without using email to transfer confidential documents or data – please contact us. We will be delighted to assist you.

Risk of using email for the transfer of confidential information

The risk of using email for the transfer of confidential information has been highlighted yet again. In today’s edition of The Times, the penetration of an email system with criminal intent has led to the loss of confidential information.

The Safe4 system has been designed specifically to avoid the use of email for the transfer of confidential information. The secure vault, which is at the heart of the Safe4 architecture, can be used for a wide range of different applications. In order to access the contents of a vault, users have to have been specifically invited to do so, and must authenticate themselves with username, password and 2-factor authentication. Confidential information is never transferred by email.

Safe4 follows guidance from the UK National Cyber Security Centre for matters relating to password length and strength, and is regularly penetration-tested by UK Government accredited services. Combined with comprehensive reporting and audit trails, and UK-based hosting in data centres accredited to ISO 27001, Safe4 offers a secure alternative to the use of email to transfer confidential information.

For more information on how Safe4 can assist your organisation to reduce the risk of unauthorised access to your information, please contact us.

NCSC warns of cyber threats to UK law firms

The United Kingdom National Cyber Security Centre (part of GCHQ) has warned again about the cyber threats to UK law firms. The renewed threat is largely being driven by legal practices adopting hybrid working patterns resulting from the pandemic, with staff increasingly spending more time working from home. More background is available in an article published in The Register on 26th June 2023.

Since law firms by definition handle highly confidential information, and are increasingly dealing with very large sums of cash on behalf of their clients, the opportunity for criminals to interfere with the transfer of information is enormous. In the words of NCSC, law firms are “particularly attractive targets to attackers”.

Cyber threats to UK law firms are not new – Safe4 Information Management was formed in 2010 specifically to allow organisations to exchange information with external parties without compromising the confidentiality of the information in question. Safe4 works with a number of law firms, both large and small, and has provided its secure vault-based service to legal practices across the UK. One of the key elements in the approach adopted by Safe4 is that confidential information is NEVER transferred by email. Invitations and notifications are sent by email, but users have to authenticate themselves with a username, password and optionally 2-factor authentication before any confidential information is made available.

One of the instances where this is most valuable is with the provision of bank details by clients. Using the structured data capabilities of Safe4, clients can be invited to enter their bank details into an online form, which when completed notifies the professional practitioner that the data has been provided. The practitioner, or fee-earner, will then have read-only access to this information after they have carried out the necessary authentication. The bank details can then be used for their intended purpose, and optionally transferred into other internal systems by API.

The Register article makes the point that some of the attackers are nation states, with access to very sophisticated tools. In particular, brute-force attack technologies are being used to penetrate systems by exploiting weak passwords. To mitigate this risk, Safe4 has implemented NCSC recommendations relating to password length and strength.

All of the information held in Safe4 is stored in UK-only data centres accredited to ISO 27001. Safe4 is penetration tested regularly, and is accredited under the UK Cyber Essentials scheme by Government approved organisations under the CHECK protocol.

If you would like more information on how Safe4 can help with the battle against cyber attack, please contact us. We will be delighted to assist.

Safe4 has passed 250,000 users

During April 2022 Safe4 has reached the quarter-of-a-million user mark. The fact that Safe4 has passed 250,000 users is significant in many ways – not least because it demonstrates the stability and reliability of the system.

The principal benefit that Safe4 brings is, of course, security. Many of the users who have created accounts in Safe4 have received vital health information through their vault, and can rest assured that their confidential personal data has not been compromised by being sent using open email. The ability to offer the highest standard of protection of personal data distinguishes Safe4 from many other systems that have been used to handle the result of Covid-19 tests, for example.

Safe4 offers the same security benefit for corporate and small business users, and is now being used extensively by many professional practitioners and service providers to manage a wide range of information safely and securely.

For more information on how Safe4 can assist your organisation to reduce costs, improve compliance and enhance client service, please contact us. Safe4 utilises UK-only data centres accredited to ISO 27001, and has been designed from first principles to maximise security and confidentiality.

 

Payment fraud using email – it’s completely avoidable

Payment fraud is a constant risk

Occurrences of payment fraud using email are continuing to hit the headlines, and it is something that can be avoided completely. The risk of using email for communication of confidential information has been evident for some years, as highlighted by this post on the Safe4 website last year.

Sending invoices by email, particularly for large sums of money, is fraught with risk. Even communicating via email regarding financial transactions can risk significant losses – as highlighted in the media today. Both supplier and customer can be victims of this type of fraud.

Personal or financial information – don’t use email

It is not just using email for communicating financial information that can lead to unnecessary risks. Personal data can also be misused if is transferred between organisations by email. The potential for theft of highly personal information is something that HR consultants face constantly, as illustrated on this website in April this year.

There is a solution

For a number of years Safe4 have been delivering invoices by uploading them into a secure vault dedicated to each customer. Only the designated users of each vault are able to access the document, and there is a comprehensive audit trail of all activity so that the supplier can be sure that the invoice has been received by the customer – and nobody else.

Options for ad-hoc sharing of confidential information have been identified by Safe4 partners OPTSM, as explained on their website. The simple rule – if you need to communicate sensitive financial or personal information, don’t use email – use SafeShare, the approach they are offering. This is based on the ability to create a Safe4 vault and invite a user in a few seconds, thus making sure that the data being shared gets to the right person immediately and with no risk of intrusion.

If you would like more information on how to avoid the risk of financial payment fraud or loss of sensitive personal data, please get in touch. We will be delighted to help.

Invoice fraud still a major threat

In December 2018 Safe4 published an article highlighting the increasing instance of invoice fraud in the UK. This is not just a UK issue – criminals across Europe are defrauding businesses of huge sums by intercepting emails and changing the bank details on invoices.

Invoice fraud remains a major problem

Further evidence of invoice fraud was published yesterday on the BBC website. Again, the use of email was highlighted as one of the most prevalent means of getting a customer to pay the funds rightfully due to their supplier into a fraudulent bank account. in 2018 3,280 cases were reported, although it is likely that the actual number was higher. In total at least £93 million was stolen through invoice fraud.

There is a solution …

Safe4 provides a secure means of transferring information of any kind between businesses of any size and type. Use of UK-only data centres accredited to ISO 27001, comprehensive audit trails, and industry-leading encryption techniques radically reduce the risk of fraud, and thus the potential for incurring significant financial losses.

Please get in touch with us if you would like to ensure that your business does not suffer from invoice fraud – we will be delighted to assist you.

Evidence of increased threat of email intrusion

Online fraud and theft have become widespread in recent years. Email in particular presents a growing risk as criminals identify ever more devious methods of persuading individuals and businesses to expose their confidential information.

The risk is highlighted in an article on the VaultConnect website, please click here for details. VaultConnect are partners of Safe4, and are working to reduce the risk of email intrusion for professional practitioners and other businesses across the United Kingdom. This article refers to 5 scams, of which number 3 is the particular case in point. Safe4 have stressed the importance of avoiding the use of email for some years, although in many sectors it is still used routinely to transfer confidential information in spite of the potential consequences of a breach under the terms of the Data Protection Act.

For more information on how the use of Safe4 can help your organisation to reduce cost and improve regulatory compliance and governance whilst enhancing customer service, please contact us.

Cyber crime is still soaring – and insecure email remains the weakest link

The scourge of email scams and phishing continues to rise relentlessly. Whilst some organisations have taken steps to protect themselves, many still use email to transfer confidential information to recipients both within and beyond their own domain. A recently-published article highlights this, and the risks to corporate governance that are involved.

Professional practitioners are among the worst offenders. Much of the information that they generate on behalf of their clients is highly confidential and is sent by email as an attachment. Not only does this expose their clients to the loss or theft of the data, it is inefficient and can ultimately lead to serious difficulties for the practitioners themselves. In the UK it is estimated that more than 70% of law firms, for example, still use open email to carry confidential client information.

Sometimes the clients themselves are a problem …

Accounting firms, for example, provide services for a wide range of different clients, everything from global corporates to the local butcher, baker and candlestick-maker. At the smaller end of this scale many clients are resistant to using secure information sharing services as they find it easier to simply receive financial information as an attachment to an email. Sometimes it is securely stored away, but often it is not, leading to repeated requests for the information to be re-sent by the accountant, multiplying the scale of the risk.

VaultConnect, partners of Safe4 Information Management, have expressed the consequences of these “can you just …” requests for information. Typically they result in an interruption of approximately 23 minutes to stop a current task, go and find the requested information, respond to the client, and then try to resume the task that has been interrupted. And the result of this is to expose both the client and the accountant to increased risk.

There are better and safer options

The Safe4 service has been designed explicitly to protect any organisation that needs to share confidential information with external or internal parties, whether it be in unstructured form (such as documents), or structured (data held in columnar format, similar to spreadsheets and simple databases). Manningtons, an accounting firm in Sussex, have recently chosen to significantly expand their use of Safe4 in order to protect themselves and their clients from loss or theft of sensitive information. Read about their experiences here. The result of this approach has enabled Manningtons to enhance their compliance with both the Data Protection Act (which now embodies the recently-enacted European General Data Protection Regulation), and with the guidance issued by the Institute of Chartered Accountants of England and Wales. This strongly advises accounting firms not to send confidential information to clients by email, even if the client has actually requested that they do so.

Safe4 utilises a highly secure vault to hold information relating to each client. This can be shared with the clients themselves, allowing two-way transfer of confidential documents and data. The very granular permissions provided by Safe4, as well as comprehensive audit trails and reporting functions, add further levels of protection to the professional practitioners as well as their clients.

Contact Safe4

For more information on how Safe4 can help your organisation to achieve enhanced levels of security and compliance with regulatory frameworks, please get in touch. We will be delighted to assist you.