Insecure email communication still causing huge losses through fraud

Recent news has highlighted once again the risks caused by using insecure email communication to transfer confidential information, as this article shows.

The effect of online theft is clearly devastating for those that have had their money stolen – in many cases these losses represent life savings and cannot be recovered. Criminals posing as conveyancing solicitors, or alternatively hacking into private email accounts and falsifying bank account details so that the conveyancer transfers the proceeds from the sale of a property into a criminal’s account have become much more frequent in recent years.

To allow conveyancers to be confident that they are transferring funds into the correct account, Safe4 are offering the use of their highly secure information transfer service, into which clients or indeed any other party can enter bank details directly into designated fields. This completely eliminates the risks posed by using insecure email communication to transfer this information. It is not only email that is insecure – hard copy post and voice communication also carry risks of their own.

Safe4 are also working with other organisations that have to transfer funds into a client account at the completion of a transaction. These include art galleries, auction houses, and others who may be selling assets on a client’s behalf.

In addition to the storage of all data in UK-only data centres accredited to ISO 27001, Safe4 have just completed another penetration test carried by an independent UK Government accredited agency. Again this has confirmed the high levels of security offered by using Safe4 as the means of transferring confidential information between parties that are involved in high-value transactions. Compliance with the SRA guidelines for cloud computing gives conveyancers additional confidence that information is being transferred between parties with minimum risk.

For more information on how Safe4 can help your organisation to improve the protection of clients’ money, please contact us.

Charities are exposed to serious risk when documents are lost

Proper management of sensitive records can be challenging, but when the documents in question relate to vulnerable individuals who are receiving care from charities or local authorities, the consequences of information falling into the wrong hands can be very damaging.  Recent cases of paper documents being lost highlight this risk.

The impending arrival of GDPR will of course impose far more severe penalties than have hitherto been possible under current data protection legislation. Among the organisations most exposed to such potential penalties are small-to-medium charities, who in many cases handle highly sensitive information about individuals. Such charities are generally staffed by dedicated and highly competent volunteers, but often they lack the experience or resources to implement processes or systems that give proper protection to the information they handle.

Converting paper documents into electronic records can be difficult, particularly if volumes are large and the documents them selves are not in good condition. However, electronic systems do provider much tighter control of information, and also provide a host of other benefits including speed of retrieval and access while away from the office or filing cabinet.

Among the key benefits of applying a highly secure electronic system such as Safe4 to the management of confidential information is that it will not only eliminate or reduce the risk of document loss, but will permit the organisation in question to achieve and maintain compliance with GDPR. This could prove to be a key safeguard in the coming years when some of the UK’s most high-profile charities have suffered enormous reputational damage and are now seeing the cancellation of direct debit donations doubling in recent weeks. Maintaining the highest possible standards in record-keeping and information management will be a valuable means for the charity to protect their most valuable asset – their donor subscribers, who provide the majority of funds to support the important work that charities carry out to assist the members of our society who are most in need of help.

In conjunction with a number of partners, Safe4 Information Management is launching an initiative to offer the charitable sector solutions that will help them not only protect their information to the highest possible standard, but also to reduce costs and improve the efficiency of their operations. Further details of this initiative will be published in the coming months, as GDPR approaches.

If you like to know more about how Safe4 can help your organisation to enhance the secure management of confidential records, please get in touch with us.

Version 5.04 of Safe4 is released

Safe4 have released version 5.04 of the secure information delivery and storage service. This release includes a significant number of internal enhancements, and will assist with the administration and management of the service.

Users will notice changes in the way that reports and messages are handled and displayed, with more flexible options for listing and presentation. The method of PIN management has also been updated, as has the user invitation process. Further changes are in the pipeline to address the requirements of GDPR, which becomes law on 25 May 2018. It is anticipated that Safe4 will be GDPR-ready by the end of the first quarter of 2018, to ensure that customers will be fully supported in their own GDPR compliance programmes.

For more information on how Safe4 can assist your organisation to handle confidential information more securely and efficiently, as well as helping with your own GDPR compliance, please get in touch with us.

Virus checker issues led to intermittent upload failures for Safe4

At around 9:30 GMT on Friday 26 January 2018 the Safe4 system began to experience intermittent failures when uploading files. This was displayed to users as a “rejected” message in the web user interface or an error message if using the Safe4 API.

Investigation showed that the issue was caused by an intermittent failure of the virus scanner that is used to check every file uploaded to the system. This was traced to an error in the virus signature files used by the virus checker – the updated signature files relied on a capability in the core virus software that had not yet been released. The root cause was therefore configuration control by the provider of the virus software.

Once the problem was identified by the virus team an updated set of signature files was released. Normal service of Safe4 was restored by approximately 3:30 GMT on Friday 26 January 2018.

The virus vendor has advised that they are reviewing their release processes to ensure that this situation does not recur.

All of the other functions of Safe4 were unaffected by this problem, and consequently no other activities suffered any disruption.

We would like to apologise for the inconvenience that this issue caused to our customers, and for their clients and associates.

Slow progress for GDPR across Europe

Most EU member states are not making much progress towards preparing their own legislative position for the effective date of the General Data Protection Regulation on 25 May this year, according to an article published today. As many UK businesses are aware, the Information Commissioner’s Office has been issuing guidance and warnings on GDPR for quite some time, but as yet response across many sectors has been patchy.

We at Safe4 have already started the process of making our highly secure information delivery and storage service GDPR-ready, so that our customers can use the system with confidence, knowing that their own compliance programmes will be strongly supported. This will involve relatively minor changes to the system, and our plan is to have these adjustments ready for deployment by the end of March 2018, well in advance of the date when the Regulation comes into force.

For more information on how Safe4 can help your business to become GDPR compliant, please contact us.

GDPR compliance – what will it mean for you?

Most of us now are receiving a barrage of email relating to the need for GDPR compliance in our inboxes.  Consultants, assessors, seminar organisers, and a host of others are trying to get our attention in advance of the date when the General Data Protection Regulation comes into force in May this year.

Some of this communication is helpful, but the majority seems to be opportunistic.  It is refreshing to come across a realistic and well-considered article that highlights the simple facts about GDPR – there is no magical solution to make any organisation compliant, just the realisation that the only effective approach lies in a thorough review of the information that is being used, who uses it, how it is managed and transmitted, and what protection measures have been taken to safeguard it.

Safe4 can help to support GDPR compliance

Every organisation, of any size or structure, will have to make sure that its information management house is in order to become compliant with GDPR. No IT system can perform this service, but a compliance programme will be more successful if it is underwritten by applying technology that allows the necessary processes to be properly implemented. We at Safe4 are making some minor changes to the way the system works to make sure that it will offer full support for GDPR. But the responsibility for achieving compliance will still lie with the organisation itself, and how it manages its own activities.

We will be publishing further information about the changes that the Safe4 system will undergo in the coming months. The basic design and architecture of Safe4, as well as other factors including UK-only storage in ISO 27001-accredited data centres, full encryption of data, no reliance on email to carry confidential information, a full audit trail of all activity, and contractual arrangements under English law already provide an effective platform for ensuring best practice in the management of information.

For more information on how using Safe4 can assist your organisation to comply with GDPR, please contact us.

VaultConnect appointed as Safe4 distributor

 

As part of the market development programme being undertaken by Safe4, VaultConnect of Manchester have signed a distribution agreement enabling them to offer the highly secure Safe4 information delivery and storage service to professional practitioners across the UK.

Although based in the north of England, VaultConnect will operate nationally and have established opportunities to provide the Safe4 service to organisations in all parts of the country, in sectors such as legal, accounting, financial services and more recently art galleries.  All of these organisations manage highly confidential information on behalf of their clients, and all have the responsibility of transferring funds to and from clients and other parties as business is being transacted.

Steve Edge

Richard Higginbotham

VaultConnect was formed by Steve Edge and Richard Higginbotham, both of whom have decades of experience in sales and digital marketing of software-based solutions.  One of the first areas that VaultConnect will be addressing is the activity of property conveyancing solicitors, who are responsible for transferring significant sums of money between clients and the other parties who participate in property transactions, such as estate agents, mortgage lenders, and other law firms.  Steve Edge believes that “Safe4’s platform enables us to solve a real issue for professional service firms who need to share sensitive information with clients and partners. Conventional email is increasingly seen as an unsafe way to transmit information because it’s easy for fraudsters to intercept. Emails can then be impersonated or impregnated for commercial gain.”

Steve also feels that “Safe4 enables us to realise the mantra ‘don’t transmit, VaultConnect’; we help our clients enjoy the convenience and efficiency of email without the risks. Unlike products that are charged on a per user basis, we are able to make a compelling commercial proposition to our target markets.”

GDPR is coming …

Ben Martin, a director of Safe4, is delighted to be working with VaultConnect.  “This relationship brings an exciting opportunity for Safe4, to enhance our ability to engage with new customers and deliver secure high quality solutions in conjunction with the proven expertise of Steve and Richard in the professional practitioner sector, where the benefits from using Safe4 are immediate.  We welcome their commitment to address these vitally important sectors. With GDPR on the horizon it is becoming more important than ever to ensure that all client information is being handled as securely as possible, and using Safe4 satisfies this requirement and brings a competitive edge to professional practitioners of all types”.

For further information please contact us at Safe4, or Steve and Richard at VaultConnect.

Transport Layer Security still not universally applied

Safe4 implemented Transport Security Layer (TLS) as the successor to Secure Sockets Layer (SSL) back in 2010 as the connection layer that is used when the system is accessed by users, but it seems that there is still some uncertainty as to how this level of security will be deployed in corporate environments, from which users are often accessing the internet through multiple layers of middleware, or middleboxes as they are sometimes known.

Not only has Safe4 implemented TLS, but this connection layer is very tightly configured to offer connected users the highest level of security possible. The configuration was significantly enhanced in 2015, when Safe4 announced a radically overhauled user interface.  Thus when Safe4 is being accessed using a device that is not under the user’s control, such as from a hotel lobby or an airport lounge, the connection is still highly encrypted and thus secure.

Making sure that customers’ information is being managed securely is the primary focus of Safe4, so that users of all levels can be confident that their data is being handled safely. Please get in touch with us if you would like more detail on how the Safe4 service could be of value for your organisation.

More Asset Register enhancements – Safe4 version 5.02 is released

More updates to the Safe4 Asset Register have been released today. These will add further functionality to the existing system, by making it simpler to manage certain types of information.

The enhancements in version 5.02 include:

  • The ability to sort columns by clicking on the heading, into ascending or descending order
  • Drop-down fields, with permission-controlled ability to define the pick-list
  • A check-box field, so that specified actions such as approval or confirmation can be added with a single click
  • The ability to define a regular expression for a field, combined with an error message of the user’s choosing. This will enable the data entered into specified fields to be controlled, for example to allow only eight numeric characters for bank account numbers
  • Display of a history box alongside each record, showing all of the actions that have been carried out on that record, with user and date/time
  • The ability to designate a field as containing a phone number, so that when used from a smartphone the number can be dialed with a single tap
  • Selection of chosen records with a checkbox to permit emailing other users with questions or comments
  • Selection of chosen records with a checkbox to permit multiple record deletion
  • Option to “Open in Excel” on any page displaying a list of records

These changes will be followed by a series of other developments in the near future, in keeping with the continuous improvement policy of Safe4.

If you would like any more information on these changes, or how they can assist with the secure management of information for your business, please contact us.

Safe4 Use-Case Paper: Secure Property Conveyancing

The Safe4 secure information delivery and storage service has been in use by law firms since 2010, but hitherto primarily in support of corporate and commercial property transactions. The introduction of the Safe4 Asset Register in May 2017 has brought new levels of functionality to the system, some of which can be applied to the process of secure property conveyancing.

How can law firms offer their clients better protection of their confidential information?

It is estimated that at least 70% of law firms in the UK use open email systems to transfer confidential information between external parties. This covers a very large number of information types in a variety of departmental activities. Residential property conveyancing, however, is one area where the use of insecure methods of information transfer has been exposed as a primary target for criminal activity.

When a lawyer is engaged by a client to handle the legal aspects associated with selling their home, the final act in the process is for the lawyer to transfer the sale proceeds from their firm’s client account to the client’s bank account. In most cases this is a simple process that is carried out without difficulty, but in recent years there has been an alarming increase in the level of criminal interception of email. It is common for the lawyer to request the client to provide the details of their bank account by email, by telephone, or by filling in a paper form and sending it back to the lawyer. All of these methods of delivery are potentially insecure, but there is mounting evidence that interception of emails and fraudulent alteration of the target bank details has become a major problem.

Impact on Professional Indemnity Insurance premiums

The existence of the problem has been recognised by the providers of professional indemnity insurance for law firms. Premiums are starting to increase steeply for those firms who use the traditional insecure means of obtaining clients’ bank account details.

Secure Property Conveyancing

The Safe4 Asset Register allows this risk to be eliminated. By opening a secure vault for each property transaction, and creating data fields into which basic bank account information – account number, sort code – can be entered directly by the client, the lawyer can offer the client a higher level of protection than has hitherto been possible.

After the client has entered their bank details, the conveyancer will receive an email automatically generated by Safe4 confirming that the information is available. After logging in, the information can then be transferred safely into the internal systems used for handling client payments. There is of course the standard Safe4 audit trail facility associated with all activity, providing a strong evidential record of everything that has been done during the transaction.

If the Safe4 Application Programming Interface (API) is used, the bank account details can be transferred completely automatically into the law firm’s practice management or accounting systems, thus improving security and efficiency further.

UK Hosting

Because all Safe4 data is hosted in the UK in ISO 27001-accredited data centres, the professional practitioner can also take advantage of Solicitors Regulation Authority compliance. All of the activities of Safe4 are conducted under the law of England and Wales.

Safe4 Information Management have partnered with VaultConnect to offer best-in-class security for the systems that handle the transfer of confidential information between the professional practitioner and the client. This collaboration is now benefiting law firms throughout the United Kingdom, who are able to gain the advantage of the security of the Safe4 platform with the expertise and experience of the VaultConnect team.