Posts

Password strength checker improvements for Safe4

One of the challenges of enforcing strict rules about the strength of passwords is how to make them secure and still easily usable by people who perhaps utilise a system occasionally and often need rapid access to share or obtain important information.

Safe4 has now been updated to make it easier for users to select passwords in the first place, by listing each of the strength requirements and showing visually when these have been satisfied. Because Safe4 is used in many countries around the world and by speakers of many languages, it can be difficult to prevent users from choosing a password that is a common word in one language but not in another. Using sequential characters on a keyboard is also potentially an issue, as in several European countries different keyboard layouts are utilised. Beyond Europe, in countries where alphabets may also differ, keyboard layouts are often radically different from those familiar in Anglophone regions.

Keeping it simple without sacrificing security

Safe4 has become established as one of the most secure sites on the Internet, and consequently enforcing strict password requirements is essential given the presence of brute-force attack systems that can crack simple passwords very quickly. Whilst setting a strong password is the responsibility of each individual user, applying specific rules governing this, as well as limiting the number of unsuccessful login attempts within a single browser session, makes it easier to prevent unauthorised access to the system. The changes made by Safe4 will inform new users of the strength of their password as each character is chosen, and show any discrepancies visually.

Please contact us if you would like any further information on the security measures that are taken by Safe4 to protect the integrity of information that we hold, and the protection that this offers for our customers.

Transport Layer Security still not universally applied

Safe4 implemented Transport Security Layer (TLS) as the successor to Secure Sockets Layer (SSL) back in 2010 as the connection layer that is used when the system is accessed by users, but it seems that there is still some uncertainty as to how this level of security will be deployed in corporate environments, from which users are often accessing the internet through multiple layers of middleware, or middleboxes as they are sometimes known.

Not only has Safe4 implemented TLS, but this connection layer is very tightly configured to offer connected users the highest level of security possible. The configuration was significantly enhanced in 2015, when Safe4 announced a radically overhauled user interface.  Thus when Safe4 is being accessed using a device that is not under the user’s control, such as from a hotel lobby or an airport lounge, the connection is still highly encrypted and thus secure.

Making sure that customers’ information is being managed securely is the primary focus of Safe4, so that users of all levels can be confident that their data is being handled safely. Please get in touch with us if you would like more detail on how the Safe4 service could be of value for your organisation.

Met Police see ransomware as the biggest cyber-security threat in 2018

A series of global ransomware attacks in 2017 have reaped millions of dollars in rewards for criminals who have penetrated unsuspecting users’ IT systems and encrypted their data. In the UK, the National Health Service was one of a number of high-profile victims of such attacks.  According to London’s Metropolitan Police, ransomware looks likely to be a major threat again in 2018. Ransomware cannot prevent access to data stored in Safe4, as indicated in previous articles on this website.

In an article published in The Times newspaper today, the need for managing personal information is highlighted even more strongly. Theft of identity, and with it money, has become such an enormous issue that more and more of us are likely to be at risk through insecure management of our online activities. Using clever apps or devices on mobile phones or computers will obviously help; however using secure online services to deliver and store critical personal information will give the greatest level of protection to businesses and their clients alike.

Safe4 has been rated among the most secure 0.8% of sites on the Internet by independent agencies, out of more than 1.5 million tested. Using the Safe4 Asset Register to handle personal details for a wide range of online activities offers a unique facility for holding both confidential documents and individual elements of data, such as personal identification details. All data held in Safe4 is stored in UK-only data centres accredited to ISO 27001. Please contact us for more information.

Safe4 virus protection enhanced

In order to maintain the primary Safe4 commitment of security for information held on behalf of customers and their clients, the anti-virus protection applied when documents are uploaded to the system has been enhanced. Scanning for viruses as every document is uploaded has been an automatic function of the system since Safe4 was launched, and this has now been updated and strengthened.

As well as rejecting any files that are found to contain a virus, the system will now send an email to the uploading user advising that the file has disallowed content, and to the nominated administrator. In addition, the attempted upload and the rejection are now captured by the Safe4 audit trail, and can be queried by a user with the appropriate administration permissions. If an infected file is placed into a ZIP file, Safe4 will detect the virus and reject the upload, regardless how many levels of ZIP file have been used. Similarly, any infected files uploaded using the WebDAV interface will be rejected and reported in the same way.

For more information on how Safe4 can enhance your online security and keep your information safe, please contact us.

Ransomware – why Safe4 customers are protected

The ransomware attacks that have affected many organisations around the world over the weekend have exposed some serious vulnerabilities in the way that information is managed; using out-of-date operating systems and the failure to implement security updates are clearly primary causes of the exposure. However, it should be remembered that the problem normally arises when an unsuspecting user clicks a link in an email that is urging them to take some “essential” action, such as to update the information stored by a service provider.

Of course the email does not come from the service provider at all, but is a cleverly-disguised piece of work by a criminal organisation that will install an invasive piece of software on the user’s computer that can encrypt files and demand ransom payments in exchange for a decryption key.

Safe4 customers, and their clients, are protected against this risk in a number of ways:

  • Firstly, it is never necessary to send any confidential information, or indeed any information at all, by email. The primary function of Safe4 is to provide organisations of all types with the ability to deliver and store information of any kind in a way that makes it accessible to authorised users only. Thus if a Safe4 user receives an email requesting them to take any unusual or unexpected action, it can safely be ignored.
  • Secondly, all the files held in Safe4 are maintained in UK-based data centres accredited to ISO 27001, and are only available after the user has authenticated themselves through a web portal. The user does not therefore have direct access to the information in the way that they would if the files were held on a local or network drive.
  • The third reason for the safety of Safe4 customers is the inherent design of the system. Safe4 is a system of record. Files held in the system cannot be changed; this means they cannot be encrypted. Even if malware were to penetrate the security layers of Safe4, it cannot alter the files that have been stored. New versions of files could theoretically be created containing an encryption code, but the original files are still available for retrieval at any time – without having to pay any ransom.

We at Safe4 are continuing to remain vigilant in the constant battle against cyber criminals. Independent tests have rated Safe4 among the most secure 0.8% of sites on the internet out of millions tested due to the measures that we have put in place to protect our customers’ data. Please contact us if you would like any further detail on the security features of Safe4.

US may be set to change data privacy laws – again!

The Safe Harbor data privacy agreement between the US and the EU was deemed to be ineffective in 2015, and was subsequently replaced with a Privacy Shield arrangement – which is still considered by many to be inadequate. Recent announcements by the new US administration suggest that the internal data privacy laws in the US will be subject to further change, affecting those who are not US citizens or permanent residents in the US. Please click here for more background on this development.

Safe4 decided back in 2010 that all of the data held within its secure document delivery and storage service would be stored in UK-located data centres, accredited to ISO 27001. This offers maximum protection to our customers and their clients, employees, suppliers, partners and associates. Reliance on US-hosted data storage could be seen to carry unnecessary risk of misuse or disclosure of personally-identifiable information, hence the benefit of keeping all stored data onshore within the UK.

For more detail on the measures that Safe4 applies to keep information secure, please contact us. We would be very pleased to speak with you.

Email phishing scams increasing rapidly – what is the answer?

Almost everyone who has an email account will have received large numbers of unsolicited emails from an unknown sender requesting that the recipient “click here” to gain access to a website or service that offers something of interest or value. Some of these are laughably inept, and are so obviously scams that they can be deleted immediately. However, an increasing number are from criminals who purport to represent a reputable and trusted party, often cleverly formatted in a way that makes it very difficult to differentiate between the scam and the real thing.

In 2015, the last full year for which there is appropriate data, instances of phishing emails of this type rose by 21% in the UK, as reported in the media by Silicon.  As the article suggests, the organisations that have been falsely represented most often in the UK are BT, Apple and HMRC. The Apple emails in particular are very realistic. Clicking the link as requested will normally result in ransomware or some other form of malware being downloaded on to the recipient’s computer, leading to problems that can be very damaging and difficult to deal with.

Increasingly the criminals have turned their attention to banks and their clients, and social media services such as LinkedIn. Safe4 have recently worked with Investec, one of the financial sector’s most respected specialist banking and asset management service providers, to offer solutions to this ever-worsening problem. This involves using the Safe4 service to create a highly secure vault, into which clients can place their own important documents, and which can also be used as a means of distributing bank-generated documents to clients. It will thus become possible to inform clients that if any unsolicited email is received bearing the bank’s branding, it should be deleted immediately.

Investec, headquartered in Johannesburg, South Africa, also have a substantial presence in the UK and in other locations internationally. The Safe4 integration project was carried by the Investec Digital team in Johannesburg, who worked closely with the Safe4 developers in the UK and South Africa. Investec are no strangers to innovation, and are constantly seeking ways to improve their clients’ banking experience, and importantly to increase the level of protection offered to clients.

Safe4 offers a highly secure facility for distributing documents to any recipient outside the sender’s own IT domain. Using UK-located data centres only, accredited to the ISO 27001 international security standard, Safe4 has been independently ranked among the 0.8% most secure site on the internet, out of millions tested.

Contact us for more information on the Safe4 service, and for ideas on how using Safe4 can enhance the security of your communication with the outside world.

Personal email systems still being used to carry confidential information

It is no major surprise to learn that a major email service provider has been hacked – again – and that millions of people have had their personal information exposed to criminals. This is highlighted in an interesting article in The Times, published today.

What is still very unfortunate, however, is that a large number of professional practitioners in the UK are still failing to acknowledge that email is the leading source of computer crime and online fraud. Time and again personal financial information is being passed between lawyers and their clients, in residential property transactions for example, using the client’s personal email account. Repeated examples of these emails being hacked and bank account details being changed have not deterred some high-profile UK law firms from continuing this practice, irrespective of severe financial losses being experienced by their clients.

Also worrying is that it is common practice in some firms for lawyers and others to send confidential documents to their own private email accounts so that they can be worked on outside business hours or away from the office.

The Safe4 service was launched in 2010 to offer a highly secure alternative to email, not just for document transfer, but also for medium-term or permanent management of information. Based on UK-only storage in data centres that are accredited to the ISO 27001 international security standard, Safe4 offer a service that complies with the Solicitors Regulation Authority guidance on the use of cloud computing. Accessible at any time, from anywhere, it eliminates the need to trust confidential information to high-risk systems.

For more information on how Safe4 can assist your firm to minimise the risk of information loss or interception, please contact us.

Health data services moving to the cloud?

Discussions over the suitability of the cloud for the storage and management of confidential information have grown in intensity in recent years, as the use of cloud-based resources has increased dramatically.

There has long been resistance to the use of cloud data services to handle clinical information relating to individuals’ health, based on concerns over the levels of security that cloud service providers offer, despite some cloud services being demonstrably more secure than many internally hosted systems. There is indeed an argument that maintaining health data relating to certain conditions in the cloud can help to save lives. This concept is being trialled internationally, with interesting results – click here for more information.

Safe4 provide cloud-based information management services for a number of organisations in the UK and internationally for whom security is of paramount importance – using only UK-located data centres accredited to the ISO 27001 security standard.  For more information on how using Safe4 might benefit your organisation, please contact us. We would welcome an opportunity to talk with you.