Following so many positive comments on our recent article Email security is the elephant in the room, we spoke to Ben Martin of information security company Safe4…..
- Is it safe to say we are on the same page about email security (or lack of it)?
Definitely. We at Safe4 have for some time believed that using email to carry confidential information is at best very risky, and at worst can lead to catastrophic consequences. Email has become the prevalent source of computer crime, and scams are now so common that many people’s inboxes are endlessly filled with spurious spam, much of which is malevolent. The problem, of course, is distinguishing what is genuine and what is fake. Interception of emails, with fraudulent alteration of bank details, for example, has led to large sums of money being transferred to criminals’ bank accounts.
- How do you think we have got to this stage? Is it just convenience, lack of technical knowledge or something else?
In the legal profession in particular there is a fairly widespread reluctance to adopt technology that is unfamiliar. Email is universal, and is quick, easy and efficient to use. In many cases email is both safe and necessary, provided it is used in the right context. It is very easy to see why many lawyers use email as an essential element within their communications strategy.
- What will it take for the legal profession to sit up and take notice of the issue?
Probably some more high-profile disasters resulting from the loss of critical information through email interception. Another risk is the use of “auto-complete” when selecting email addressees. Sending confidential information in the form of email attachments to the wrong people has led to many embarrassing and damaging situations. This recently caused the Bank of England some serious difficulty when confidential information about research into British exit from the EU was sent to a journalist in error, resulting from injudicious use of auto-complete in the email address field.
- What are the options for securing email and attachments?
There are a number of options for using secure email services, so that attachments get through to the correct recipients. However, this is only part of the story. Whether or not a secure email carrier is used, after clicking the “Send” button the sender must simply hope for the best. They have no idea of what happens to the email or its attachments subsequently, and no record of its correct usage by the correct people.
Another option which has been widely used in the legal profession is the addition of passwords or encryption to specific documents when they are attached to emails. This can have disastrous consequences, as not only is it necessary for the password to be sent to the recipient somehow, it must then be stored in a context that makes it available when the document is opened subsequently, perhaps even years later. Many documents have been lost forever because the required password cannot be located when it is needed.
We believe that the best, and safest, option is the use of a secure cloud-based platform for the management of documents, that can be shared with external parties without risking the law firm’s own internal systems. When information is transferred to recipients outside the sender’s own IT domain it is essential that it is handled in the most secure way possible. Placing a document into a secure vault that only the designated recipients can see has the effect of delivering it safely, and ensuring that it is available in a structured context for the duration of the matter or case to which it refers.
- What are the benefits and drawbacks of these options? e.g. cost, learning curve, educating clients, inconvenience?
As stated earlier, there is a reluctance within many in the legal profession to do something different. The use of secure cloud-based services does not therefore come naturally to many lawyers, whereas email is a familiar and comfortable way to get documents to other parties. It is thus necessary to overcome some hesitation in implementing the use of such services. Costs will of course vary depending on the service provider, but often the costs are minimal when considered in the context of information being intercepted or stolen by unauthorised parties. Reputational damage can spell the end for a law firm.
Clients will normally pick up on the use of such services very quickly. Safe4 has been designed to resemble Windows Explorer for the external user, and is universally used without difficulty. A brief training exercise for the administrators of the system is normally advisable.
In terms of inconvenience, cloud-based services are available from anywhere with an internet connection, at any time. We live in a very connected world, and it is rare to be unable to access the internet. Experience indicates that both the law firms who adopt the service as well as their clients and other external users find access very convenient, especially since Safe4 provides virtually 100% availability. It can be accessed from any mobile device, including smartphones and tablets.
- What does Safe4 offer?”
Safe4 offers a highly secure cloud-based service that permits the instantaneous transfer of information into a secure vault that can be designated to meet virtually any operational scenario encountered in the legal profession. It is hosted within the UK, and because Safe4 is a UK company operating under English Law, it is compliant with the guidance for cloud computing issued by the SRA and the Law Society. It has been penetration tested by UK-Government accredited agencies, and produced excellent results. As well as achieving very high levels of security (independent tests show that Safe4 is among the most secure 1% of internet services, out of more than 1.2 million tested), Safe4 offers a full audit trail and extensive reporting facilities. Safe4 customers include several for whom security is of paramount importance, and a constant development programme ensures that additional functionality and security features are being added regularly.
Ben is a founder member of Safe4, which was formed in 2010. He graduated with a Bachelor of Science degree from the University of London, and began his career with Bayer, the international chemical and pharmaceutical company. He moved into the IT sector in the early 1980s, and he has been involved in electronic document management since the middle of that decade. He has held sales director roles with innovative leading companies in that sector, including Anite and Spescom Software. He has been responsible for sales and business development management in the UK, Europe, the USA and South Africa.
With Safe4, Ben is responsible for sales and channel development activities in the UK and internationally.
