More concern over the use of public email

Interference with personal email accounts has become a major source of fraud in the UK. Take a look at this alarming article. However, more than 70% of UK law firms are still communicating with clients via their clients’ personal email accounts, in many cases to carry highly confidential information such as bank account details when executing conveyancing transactions. Repeatedly, criminals are intercepting email messages to fraudulently change bank details, resulting in money being transferred to the wrong account – and innocent lives being ruined.

The Safe4 Asset Register has been designed to eliminate the risk of fraudulent interception of email. It allows clients to enter their banking information directly into one of the most secure sites on the Internet, and automatically notifies the conveyancer that the information has been provided. The lawyer can then login and obtain the information, whilst audit trails are recording all of the details.

Not only does the Safe4 Asset Register eliminate a risk of major financial loss and severe reputational damage, but it enhances compliance with the SRA guidance on the use of cloud computing services. Furthermore, leading brokers in the Professional Indemnity sector believe that using facilities such as that offered by Safe4 will significantly slow down the recent dramatic rises in premiums.

Please contact us. We can help you to improve compliance and reduce risk.

Safe4 Asset Register is launched with release of version 5.0

Since 2010 Safe4 has become established as one of the most secure services on the Internet for the delivery and storage of documents. With the release of Safe4 version 5.0 that capability is dramatically enhanced, as now the inclusion of the Safe4 Asset Register allows the direct input of data into fields that can be set up and managed by the the service provider.

Safe4 Asset Register driven by business requirements

This development was triggered by a number of different requirements, partly arising from the work that Safe4 has been doing in the fields of will-writing and inheritance planning, and more recently in property conveyancing. Whilst Safe4 has always offered the ability for document files to be uploaded securely by both service providers and their clients, this was not always the most efficient way to record some types of information. Details such as National Insurance numbers, personal contact information, or references to memberships are more easily recorded as data, simply entered directly into on-screen fields.

Ever-increasing occurrence of fraud

Furthermore, in recent years the huge increase in fraudulent interception of emails has meant for example that when an end-client needs to provide a conveyancer with the bank details for the transfer of funds to complete a property transaction, both parties have been exposed to significant risk. In most cases today, this information is sent in an open email, or communicated by telephone.

Professional Indemnity insurers have been aware of this for some time, and as a consequence many law firms and other professional practitioners have seen their PI insurance premiums rise steeply, with very large excess payments in respect of every claim.

The Safe4 Asset Register enables a service provider to define classes of asset themselves, and to associate them with attributes which become the fields into which the end client can input their details directly, without using email or voice. This all happens under the protection of the industry-leading security offered by Safe4. Email is only used to notify the service provider that the data has been entered, whereupon they must login to the system to obtain the necessary information. All actions are captured in the Safe4 audit trail, which provides a strong evidential record should any dispute arise.

Reduce risk, improve compliance

As well as helping to mitigate risk and thus slow down the ever-increasing cost of PI insurance, it is believed that use of the Safe4 Asset Register will also enhance compliance with the Solicitors Regulation Authority guidelines for the use of cloud computing services. Avoidance of email for the transfer of confidential information, UK hosting in ISO 27001-accredited data centres, powerful encryption, independent annual penetration testing and other measures offer genuine protection for service providers and their clients.

A wide range of other business applications can be supported by the Safe4 Asset Register. Safe4 will be publishing a series of articles and announcements in the coming months highlighting the benefits that can accrue to different types of organisation, including those in the financial services, health, business continuity planning, charities, property, government, training and skills development sectors.

Please get in touch with us for more information on how the Safe4 Asset Register can add value to your business.

US / European Privacy Shield progress has stalled

The recently-appointed US administration has put a hold on recruitment in many branches of the government, including the appointment of an ombudsman for dealing with data privacy issues. Transfer of personal data between the US and other jurisdictions is a complex subject, and will need careful treatment as the discussions relating to the new agreement unfold. Click here for more information.

The safest way to avoid the issues relating to the movement of any confidential information across international boundaries, including personal data, is to host it in the UK. This policy was adopted by Safe4 in 2010, and has remained a fundamental pillar in the company’s information security strategy ever since. For a large number of professional practitioners in the legal, financial, insurance, property and medical sectors, Safe4 provides a secure and effective information delivery and storage service based on UK storage in ISO 27001-accredited data centres.

If you would like any further information on how Safe4 can assist your business, please contact us.

Ransomware has become a major business and social menace

Instances of businesses of all sizes being infected by ransomware are becoming more and more common. It is not just corporate bodies that are being hit – individual members of the public are also being asked to pay sums of money to criminals in order to remove viruses from their data. It is also understood that 30% of National Health Service hospitals in the UK have suffered ransomware attacks.

There are a range of measures that will help to protect against the effects of ransomware, as outlined in this recent article. As well as taking protective steps, however, the safest way to reduce the risk of being infected by ransomware is for businesses to inform their customers, employees, associates, partners, suppliers and any other parties that they communicate with is to make it clear that no information of any importance will ever be transmitted by email, which is the source of the overwhelming majority of the malware that leads to ransomware problems.

Safe4 have been highlighting this issue for some time – if important or confidential information is placed into a secure vault where it will be available to authorised users whenever they need it, the need for sending anything of consequence by email is dramatically reduced. Whilst it is almost impossible to remove the threat of being infected by malware completely, there are safer ways to communicate that radically reduce this risk.

Please contact us. We will be very pleased to assist in the fight against fraud and cyber crime.

Safe4 continues to prioritise security following outage on 22nd and 23rd March

Unfortunately Safe4 suffered a number of outages on the 22nd and 23rd of March. The system was partially unavailable and reporting errors for a total of just under 35 minutes over the two days (25 mins on 22nd March and a little under 10mins on 23rd.) Regrettably this was in the middle of the morning for many of our users – our peak time. Safe4 appreciate that this will have caused those affected a lot of inconvenience and we would sincerely like to apologise for this.

Safe4 strives for a high standard of performance and we have designed a robust solution that enables us to achieve this.  We have maintained 100% availability in recent months and 99.96% over the last 12 months including scheduled maintenance.

What happened

It is important to understand the root cause and learn from the incident to try to avoid it occurring in the future.

Investigation showed that a defective operating system update which was automatically applied caused the outage. Updates like these occur regularly and normally do not impact our operation at all. Unfortunately in this instance it did. Diagnosis was not simple and took longer than we would like.

The problem affected a large number of systems on the internet at about the same time. The OS vendor took prompt action to release an updated patch to correct the issue. Unfortunately because of the problems caused by the first patch the updated patch could not be applied seamlessly either. On this occasion however the resolution was known and the downtime was minimised while the process completed.

As you know Safe4 prioritises the security of your information. A key strategy we employ is to maintain our systems patched to the latest security releases at all times. As you will regularly read in the press, new threats are being discovered all of the time. Fortunately processes are in place that enable vulnerabilities to be reported and systems patched before those vulnerabilities become generally known.

Maintaining the patch level automatically is therefore important to maintaining the security of your information.

Prioritise security

To avoid such problems in the future we have weighed up the risk of turning off the automatic updates. Having examined the incidence of this type of failure (only occurrence since Safe4 started 7 years ago) compared to the possible security risk of delaying patching we have made the decision to continue with our current approach.

We hope you agree with our decision to prioritise security in this way. Safe4 is committed to providing a reliable service and we will of course continue to monitor this situation and seek ways to further reduce the likelihood of a future problem such as this.

Identity theft on the increase in the UK

Online fraud is increasingly alarmingly in the UK, according to recent reports. This particularly applies to identity theft. Cyber crime now accounts for more than half of all reported crime in the United Kingdom, and the situation is becoming more difficult all the time.

One of the prime sources of computer crime is the reliance on email to carry confidential information. Time and again criminals are targeting email communication and falsifying the contents of messages in order to intercept the transfer of funds in some types of transaction. This has become particularly prevalent in conveyancing transactions – numerous families have lost their life savings after bank transfers have been made to fraudsters’ accounts, with emails having been intercepted and their contents changed. In spite of this, 70% of UK solicitors still use open email to transfer confidential information.

Safe4 now offers a completely secure facility for the safe transfer of bank account information between parties involved in any type of financial transaction, without relying on either voice or email communication. For more details, please contact us – we will be very pleased to assist you.

Another record month for Safe4

February 2017, in spite of being a short month, has been a record month for Safe4, with the highest number of new user sign-ups achieved so far. Safe4 customers are continuing to enjoy the benefits of secure document delivery and storage, and are sharing this with their clients and other business contacts in ever-increasing numbers.

As well as record growth in February, Safe4 also achieved another month of 100% availability in January 2017, as confirmed by independent monitoring services. It’s good to know that the information held in Safe4 is being securely stored in the UK in ISO 27001-accredited data centres, and even better to know that it is always available to authorised users when it is needed.

For more information on how Safe4 can help your business, please get in touch. We would be delighted to hear from you.

UK Watchdog makes some cloud service providers think again – it’s about time!

The UK watchdog, the Competition and Markets Authority, has decided to crack down on some of the biggest names in cloud data services by enforcing a stipulation for fairer and more transparent contracts. By recognising the the need for improvements in the contractual terms that the major providers offer, the CMA has given a boost to the protection that users of these services can expect. Click here for more detail.

The majority of them, of course, are still opaque as to where their data is stored. Even those that claim to hold their customers’ data in the UK are still very vague as to whether backups are held exclusively in the UK, or shipped to overseas data centres where capacity may be more readily available or less expensive. If data is moved outside the United Kingdom it can fall under the jurisdiction of countries whose data privacy laws do not offer the same level of protection.

Since 2010 Safe4 has provided a highly secure UK-only data storage service, making use of ISO 27001-accredited data centres. As well as levels of security and availability that are among the best in the industry, Safe4 customers enjoy the certainty that their data does not leave the UK. And Safe4 has not needed a market watchdog to enforce the offering of fair and transparent contractual commitments to its customers. Contact us for more information.

Safe4 and IT Farm to work together, with a focus on the UK professional services sector

Safe4 are delighted to announce that they are to work closely with IT Farm, a Manchester-based specialist cloud services provider. With a long history of offering cloud services in the UK, IT Farm have been providing high quality outsourced IT support services, including hosted desktop and telephony solutions, to the professional services sector in the UK.

This complements the experience that Safe4 have gained in the financial and professional services environment. With customers in the banking, legal, accounting and insurance sectors, Safe4 are ideally placed to work closely with IT Farm to deliver a range of complementary solutions. IT Farm’s customer base includes a number of organisations that will be able to take advantage of the highly secure document delivery and storage facilities offered by Safe4.

Ben Martin, director of Safe4 Information Management, believes that working closely with IT Farm is a natural step. “The emphasis we have placed on security since the company was formed in 2010 allows professional practitioners and others to share documents in complete confidence with clients, partners, associates, suppliers, employees, and other professional firms. This forms an essential element within a range of IT solutions that modern practices are now demanding, and creates an opportunity for integration with practice management, finance and accounting, and other business applications. We look forward to a long and fruitful relationship with IT Farm, who are able to bring together a number of complementary solution providers. Our SRA-compliant service will thus enable law firms in particular to take advantage of a range of opportunities for secure and effective integrated information management.”

Please contact us for more information on the benefits of adopting the Safe4 service.

US may be set to change data privacy laws – again!

The Safe Harbor data privacy agreement between the US and the EU was deemed to be ineffective in 2015, and was subsequently replaced with a Privacy Shield arrangement – which is still considered by many to be inadequate. Recent announcements by the new US administration suggest that the internal data privacy laws in the US will be subject to further change, affecting those who are not US citizens or permanent residents in the US. Please click here for more background on this development.

Safe4 decided back in 2010 that all of the data held within its secure document delivery and storage service would be stored in UK-located data centres, accredited to ISO 27001. This offers maximum protection to our customers and their clients, employees, suppliers, partners and associates. Reliance on US-hosted data storage could be seen to carry unnecessary risk of misuse or disclosure of personally-identifiable information, hence the benefit of keeping all stored data onshore within the UK.

For more detail on the measures that Safe4 applies to keep information secure, please contact us. We would be very pleased to speak with you.