Ransomware – why Safe4 customers are protected

The ransomware attacks that have affected many organisations around the world over the weekend have exposed some serious vulnerabilities in the way that information is managed; using out-of-date operating systems and the failure to implement security updates are clearly primary causes of the exposure. However, it should be remembered that the problem normally arises when an unsuspecting user clicks a link in an email that is urging them to take some “essential” action, such as to update the information stored by a service provider.

Of course the email does not come from the service provider at all, but is a cleverly-disguised piece of work by a criminal organisation that will install an invasive piece of software on the user’s computer that can encrypt files and demand ransom payments in exchange for a decryption key.

Safe4 customers, and their clients, are protected against this risk in a number of ways:

  • Firstly, it is never necessary to send any confidential information, or indeed any information at all, by email. The primary function of Safe4 is to provide organisations of all types with the ability to deliver and store information of any kind in a way that makes it accessible to authorised users only. Thus if a Safe4 user receives an email requesting them to take any unusual or unexpected action, it can safely be ignored.
  • Secondly, all the files held in Safe4 are maintained in UK-based data centres accredited to ISO 27001, and are only available after the user has authenticated themselves through a web portal. The user does not therefore have direct access to the information in the way that they would if the files were held on a local or network drive.
  • The third reason for the safety of Safe4 customers is the inherent design of the system. Safe4 is a system of record. Files held in the system cannot be changed; this means they cannot be encrypted. Even if malware were to penetrate the security layers of Safe4, it cannot alter the files that have been stored. New versions of files could theoretically be created containing an encryption code, but the original files are still available for retrieval at any time – without having to pay any ransom.

We at Safe4 are continuing to remain vigilant in the constant battle against cyber criminals. Independent tests have rated Safe4 among the most secure 0.8% of sites on the internet out of millions tested due to the measures that we have put in place to protect our customers’ data. Please contact us if you would like any further detail on the security features of Safe4.

More concern over the use of public email

Interference with personal email accounts has become a major source of fraud in the UK. Take a look at this alarming article. However, more than 70% of UK law firms are still communicating with clients via their clients’ personal email accounts, in many cases to carry highly confidential information such as bank account details when executing conveyancing transactions. Repeatedly, criminals are intercepting email messages to fraudulently change bank details, resulting in money being transferred to the wrong account – and innocent lives being ruined.

The Safe4 Asset Register has been designed to eliminate the risk of fraudulent interception of email. It allows clients to enter their banking information directly into one of the most secure sites on the Internet, and automatically notifies the conveyancer that the information has been provided. The lawyer can then login and obtain the information, whilst audit trails are recording all of the details.

Not only does the Safe4 Asset Register eliminate a risk of major financial loss and severe reputational damage, but it enhances compliance with the SRA guidance on the use of cloud computing services. Furthermore, leading brokers in the Professional Indemnity sector believe that using facilities such as that offered by Safe4 will significantly slow down the recent dramatic rises in premiums.

Please contact us. We can help you to improve compliance and reduce risk.

Safe4 Asset Register is launched with release of version 5.0

Since 2010 Safe4 has become established as one of the most secure services on the Internet for the delivery and storage of documents. With the release of Safe4 version 5.0 that capability is dramatically enhanced, as now the inclusion of the Safe4 Asset Register allows the direct input of data into fields that can be set up and managed by the the service provider.

Safe4 Asset Register driven by business requirements

This development was triggered by a number of different requirements, partly arising from the work that Safe4 has been doing in the fields of will-writing and inheritance planning, and more recently in property conveyancing. Whilst Safe4 has always offered the ability for document files to be uploaded securely by both service providers and their clients, this was not always the most efficient way to record some types of information. Details such as National Insurance numbers, personal contact information, or references to memberships are more easily recorded as data, simply entered directly into on-screen fields.

Ever-increasing occurrence of fraud

Furthermore, in recent years the huge increase in fraudulent interception of emails has meant for example that when an end-client needs to provide a conveyancer with the bank details for the transfer of funds to complete a property transaction, both parties have been exposed to significant risk. In most cases today, this information is sent in an open email, or communicated by telephone.

Professional Indemnity insurers have been aware of this for some time, and as a consequence many law firms and other professional practitioners have seen their PI insurance premiums rise steeply, with very large excess payments in respect of every claim.

The Safe4 Asset Register enables a service provider to define classes of asset themselves, and to associate them with attributes which become the fields into which the end client can input their details directly, without using email or voice. This all happens under the protection of the industry-leading security offered by Safe4. Email is only used to notify the service provider that the data has been entered, whereupon they must login to the system to obtain the necessary information. All actions are captured in the Safe4 audit trail, which provides a strong evidential record should any dispute arise.

Reduce risk, improve compliance

As well as helping to mitigate risk and thus slow down the ever-increasing cost of PI insurance, it is believed that use of the Safe4 Asset Register will also enhance compliance with the Solicitors Regulation Authority guidelines for the use of cloud computing services. Avoidance of email for the transfer of confidential information, UK hosting in ISO 27001-accredited data centres, powerful encryption, independent annual penetration testing and other measures offer genuine protection for service providers and their clients.

A wide range of other business applications can be supported by the Safe4 Asset Register. Safe4 will be publishing a series of articles and announcements in the coming months highlighting the benefits that can accrue to different types of organisation, including those in the financial services, health, business continuity planning, charities, property, government, training and skills development sectors.

Please get in touch with us for more information on how the Safe4 Asset Register can add value to your business.