Tag Archive for: iso 27001

Invoice fraud still a major threat

In December 2018 Safe4 published an article highlighting the increasing instance of invoice fraud in the UK. This is not just a UK issue – criminals across Europe are defrauding businesses of huge sums by intercepting emails and changing the bank details on invoices.

Invoice fraud remains a major problem

Further evidence of invoice fraud was published yesterday on the BBC website. Again, the use of email was highlighted as one of the most prevalent means of getting a customer to pay the funds rightfully due to their supplier into a fraudulent bank account. in 2018 3,280 cases were reported, although it is likely that the actual number was higher. In total at least £93 million was stolen through invoice fraud.

There is a solution …

Safe4 provides a secure means of transferring information of any kind between businesses of any size and type. Use of UK-only data centres accredited to ISO 27001, comprehensive audit trails, and industry-leading encryption techniques radically reduce the risk of fraud, and thus the potential for incurring significant financial losses.

Please get in touch with us if you would like to ensure that your business does not suffer from invoice fraud – we will be delighted to assist you.

GDPR compliance – what will it mean for you?

Most of us now are receiving a barrage of email relating to the need for GDPR compliance in our inboxes.  Consultants, assessors, seminar organisers, and a host of others are trying to get our attention in advance of the date when the General Data Protection Regulation comes into force in May this year.

Some of this communication is helpful, but the majority seems to be opportunistic.  It is refreshing to come across a realistic and well-considered article that highlights the simple facts about GDPR – there is no magical solution to make any organisation compliant, just the realisation that the only effective approach lies in a thorough review of the information that is being used, who uses it, how it is managed and transmitted, and what protection measures have been taken to safeguard it.

Safe4 can help to support GDPR compliance

Every organisation, of any size or structure, will have to make sure that its information management house is in order to become compliant with GDPR. No IT system can perform this service, but a compliance programme will be more successful if it is underwritten by applying technology that allows the necessary processes to be properly implemented. We at Safe4 are making some minor changes to the way the system works to make sure that it will offer full support for GDPR. But the responsibility for achieving compliance will still lie with the organisation itself, and how it manages its own activities.

We will be publishing further information about the changes that the Safe4 system will undergo in the coming months. The basic design and architecture of Safe4, as well as other factors including UK-only storage in ISO 27001-accredited data centres, full encryption of data, no reliance on email to carry confidential information, a full audit trail of all activity, and contractual arrangements under English law already provide an effective platform for ensuring best practice in the management of information.

For more information on how using Safe4 can assist your organisation to comply with GDPR, please contact us.

VaultConnect appointed as Safe4 distributor

 

As part of the market development programme being undertaken by Safe4, VaultConnect of Manchester have signed a distribution agreement enabling them to offer the highly secure Safe4 information delivery and storage service to professional practitioners across the UK.

Although based in the north of England, VaultConnect will operate nationally and have established opportunities to provide the Safe4 service to organisations in all parts of the country, in sectors such as legal, accounting, financial services and more recently art galleries.  All of these organisations manage highly confidential information on behalf of their clients, and all have the responsibility of transferring funds to and from clients and other parties as business is being transacted.

Steve Edge

Richard Higginbotham

VaultConnect was formed by Steve Edge and Richard Higginbotham, both of whom have decades of experience in sales and digital marketing of software-based solutions.  One of the first areas that VaultConnect will be addressing is the activity of property conveyancing solicitors, who are responsible for transferring significant sums of money between clients and the other parties who participate in property transactions, such as estate agents, mortgage lenders, and other law firms.  Steve Edge believes that “Safe4’s platform enables us to solve a real issue for professional service firms who need to share sensitive information with clients and partners. Conventional email is increasingly seen as an unsafe way to transmit information because it’s easy for fraudsters to intercept. Emails can then be impersonated or impregnated for commercial gain.”

Steve also feels that “Safe4 enables us to realise the mantra ‘don’t transmit, VaultConnect’; we help our clients enjoy the convenience and efficiency of email without the risks. Unlike products that are charged on a per user basis, we are able to make a compelling commercial proposition to our target markets.”

GDPR is coming …

Ben Martin, a director of Safe4, is delighted to be working with VaultConnect.  “This relationship brings an exciting opportunity for Safe4, to enhance our ability to engage with new customers and deliver secure high quality solutions in conjunction with the proven expertise of Steve and Richard in the professional practitioner sector, where the benefits from using Safe4 are immediate.  We welcome their commitment to address these vitally important sectors. With GDPR on the horizon it is becoming more important than ever to ensure that all client information is being handled as securely as possible, and using Safe4 satisfies this requirement and brings a competitive edge to professional practitioners of all types”.

For further information please contact us at Safe4, or Steve and Richard at VaultConnect.

Met Police see ransomware as the biggest cyber-security threat in 2018

A series of global ransomware attacks in 2017 have reaped millions of dollars in rewards for criminals who have penetrated unsuspecting users’ IT systems and encrypted their data. In the UK, the National Health Service was one of a number of high-profile victims of such attacks.  According to London’s Metropolitan Police, ransomware looks likely to be a major threat again in 2018. Ransomware cannot prevent access to data stored in Safe4, as indicated in previous articles on this website.

In an article published in The Times newspaper today, the need for managing personal information is highlighted even more strongly. Theft of identity, and with it money, has become such an enormous issue that more and more of us are likely to be at risk through insecure management of our online activities. Using clever apps or devices on mobile phones or computers will obviously help; however using secure online services to deliver and store critical personal information will give the greatest level of protection to businesses and their clients alike.

Safe4 has been rated among the most secure 0.8% of sites on the Internet by independent agencies, out of more than 1.5 million tested. Using the Safe4 Asset Register to handle personal details for a wide range of online activities offers a unique facility for holding both confidential documents and individual elements of data, such as personal identification details. All data held in Safe4 is stored in UK-only data centres accredited to ISO 27001. Please contact us for more information.

Ransomware – why Safe4 customers are protected

The ransomware attacks that have affected many organisations around the world over the weekend have exposed some serious vulnerabilities in the way that information is managed; using out-of-date operating systems and the failure to implement security updates are clearly primary causes of the exposure. However, it should be remembered that the problem normally arises when an unsuspecting user clicks a link in an email that is urging them to take some “essential” action, such as to update the information stored by a service provider.

Of course the email does not come from the service provider at all, but is a cleverly-disguised piece of work by a criminal organisation that will install an invasive piece of software on the user’s computer that can encrypt files and demand ransom payments in exchange for a decryption key.

Safe4 customers, and their clients, are protected against this risk in a number of ways:

  • Firstly, it is never necessary to send any confidential information, or indeed any information at all, by email. The primary function of Safe4 is to provide organisations of all types with the ability to deliver and store information of any kind in a way that makes it accessible to authorised users only. Thus if a Safe4 user receives an email requesting them to take any unusual or unexpected action, it can safely be ignored.
  • Secondly, all the files held in Safe4 are maintained in UK-based data centres accredited to ISO 27001, and are only available after the user has authenticated themselves through a web portal. The user does not therefore have direct access to the information in the way that they would if the files were held on a local or network drive.
  • The third reason for the safety of Safe4 customers is the inherent design of the system. Safe4 is a system of record. Files held in the system cannot be changed; this means they cannot be encrypted. Even if malware were to penetrate the security layers of Safe4, it cannot alter the files that have been stored. New versions of files could theoretically be created containing an encryption code, but the original files are still available for retrieval at any time – without having to pay any ransom.

We at Safe4 are continuing to remain vigilant in the constant battle against cyber criminals. Independent tests have rated Safe4 among the most secure 0.8% of sites on the internet out of millions tested due to the measures that we have put in place to protect our customers’ data. Please contact us if you would like any further detail on the security features of Safe4.

US / European Privacy Shield progress has stalled

The recently-appointed US administration has put a hold on recruitment in many branches of the government, including the appointment of an ombudsman for dealing with data privacy issues. Transfer of personal data between the US and other jurisdictions is a complex subject, and will need careful treatment as the discussions relating to the new agreement unfold. Click here for more information.

The safest way to avoid the issues relating to the movement of any confidential information across international boundaries, including personal data, is to host it in the UK. This policy was adopted by Safe4 in 2010, and has remained a fundamental pillar in the company’s information security strategy ever since. For a large number of professional practitioners in the legal, financial, insurance, property and medical sectors, Safe4 provides a secure and effective information delivery and storage service based on UK storage in ISO 27001-accredited data centres.

If you would like any further information on how Safe4 can assist your business, please contact us.

Another record month for Safe4

February 2017, in spite of being a short month, has been a record month for Safe4, with the highest number of new user sign-ups achieved so far. Safe4 customers are continuing to enjoy the benefits of secure document delivery and storage, and are sharing this with their clients and other business contacts in ever-increasing numbers.

As well as record growth in February, Safe4 also achieved another month of 100% availability in January 2017, as confirmed by independent monitoring services. It’s good to know that the information held in Safe4 is being securely stored in the UK in ISO 27001-accredited data centres, and even better to know that it is always available to authorised users when it is needed.

For more information on how Safe4 can help your business, please get in touch. We would be delighted to hear from you.

UK Watchdog makes some cloud service providers think again – it’s about time!

The UK watchdog, the Competition and Markets Authority, has decided to crack down on some of the biggest names in cloud data services by enforcing a stipulation for fairer and more transparent contracts. By recognising the the need for improvements in the contractual terms that the major providers offer, the CMA has given a boost to the protection that users of these services can expect. Click here for more detail.

The majority of them, of course, are still opaque as to where their data is stored. Even those that claim to hold their customers’ data in the UK are still very vague as to whether backups are held exclusively in the UK, or shipped to overseas data centres where capacity may be more readily available or less expensive. If data is moved outside the United Kingdom it can fall under the jurisdiction of countries whose data privacy laws do not offer the same level of protection.

Since 2010 Safe4 has provided a highly secure UK-only data storage service, making use of ISO 27001-accredited data centres. As well as levels of security and availability that are among the best in the industry, Safe4 customers enjoy the certainty that their data does not leave the UK. And Safe4 has not needed a market watchdog to enforce the offering of fair and transparent contractual commitments to its customers. Contact us for more information.

Safe4 and IT Farm to work together, with a focus on the UK professional services sector

Safe4 are delighted to announce that they are to work closely with IT Farm, a Manchester-based specialist cloud services provider. With a long history of offering cloud services in the UK, IT Farm have been providing high quality outsourced IT support services, including hosted desktop and telephony solutions, to the professional services sector in the UK.

This complements the experience that Safe4 have gained in the financial and professional services environment. With customers in the banking, legal, accounting and insurance sectors, Safe4 are ideally placed to work closely with IT Farm to deliver a range of complementary solutions. IT Farm’s customer base includes a number of organisations that will be able to take advantage of the highly secure document delivery and storage facilities offered by Safe4.

Ben Martin, director of Safe4 Information Management, believes that working closely with IT Farm is a natural step. “The emphasis we have placed on security since the company was formed in 2010 allows professional practitioners and others to share documents in complete confidence with clients, partners, associates, suppliers, employees, and other professional firms. This forms an essential element within a range of IT solutions that modern practices are now demanding, and creates an opportunity for integration with practice management, finance and accounting, and other business applications. We look forward to a long and fruitful relationship with IT Farm, who are able to bring together a number of complementary solution providers. Our SRA-compliant service will thus enable law firms in particular to take advantage of a range of opportunities for secure and effective integrated information management.”

Please contact us for more information on the benefits of adopting the Safe4 service.

US may be set to change data privacy laws – again!

The Safe Harbor data privacy agreement between the US and the EU was deemed to be ineffective in 2015, and was subsequently replaced with a Privacy Shield arrangement – which is still considered by many to be inadequate. Recent announcements by the new US administration suggest that the internal data privacy laws in the US will be subject to further change, affecting those who are not US citizens or permanent residents in the US. Please click here for more background on this development.

Safe4 decided back in 2010 that all of the data held within its secure document delivery and storage service would be stored in UK-located data centres, accredited to ISO 27001. This offers maximum protection to our customers and their clients, employees, suppliers, partners and associates. Reliance on US-hosted data storage could be seen to carry unnecessary risk of misuse or disclosure of personally-identifiable information, hence the benefit of keeping all stored data onshore within the UK.

For more detail on the measures that Safe4 applies to keep information secure, please contact us. We would be very pleased to speak with you.