Advice for Securely Sending Sensitive Data
One of the major challenges facing businesses in 2017 is the need to share information with people and organisations outside their own IT domain – in other words, the outside world. Almost every organisation, whether private or public sector, has at some stage to share confidential documents with external recipients who do not have access to trusted internal applications.
Having to do this in an environment where the level of malevolent penetration of confidential networks is at an unprecedented high simply adds to the problem. For decades the use of email has been the obvious choice for transferring documents to other parties – convenient, universal, free, and safe – or so we believed until recently. However, the sophistication of criminals who wish to intercept email traffic with a view to falsely altering its contents, or using the contents for fraudulent purposes, has risen to such an extent that even the simplest transfer of information now represents a potential risk.
When we send an email, potentially with a confidential document attached, or perhaps with some private or personal information in the wording of the email itself, we simply press the “Send” button and hope for the best. It is impossible to know where that transmission goes before reaching its intended recipient. Emails are bounced around servers all over the world – experts estimate that even the shortest of transmissions will be handled by at least 3 different servers. The sender has no idea what the recipient will do with the information that is received. Will it be stored somewhere safe? Deleted by mistake? Forwarded to somebody else in error after auto-complete has been used in the address field? Many documents that are transmitted in this way form part of a wider series of interactions, and are not isolated transfers.
Take the law firm, for example. Documents exchanged with clients, other law firms, and potentially a number of external parties generally form part of a case or matter that will run for some time, and will be accessed multiple times by different parties. Even a simple matter such as a conveyancing transaction will take some time, and will involve multiple documents and multiple participants. Using email as a means of delivering documents in cases such as this can never be an effective or complete solution.
It is estimated that around 70% of law firms in the UK still send confidential information to their clients and other parties using open email systems. This is not only a risk to their own business, but can potentially place their clients’ funds in jeopardy when bank details are being transferred in this way. An increasing number of cases have been recorded involving fraudulent alteration of bank details in email messages, with funds being paid to the criminals’ accounts.
The use of a highly secure document delivery and storage service can overcome this problem, and remove the risk of unauthorised access to confidential information. Since 2010 Safe4 have been providing a UK-based service that complies with Solicitors Regulation Authority guidelines for the use of cloud computing: UK hosting of all documents, ISO 27001 accreditation, annual penetration testing by government approved agencies, sophisticated encryption, and above all – removal of the use of email to carry sensitive or confidential information.
For more information on how the use of a secure document delivery and storage service can mitigate the risks associated with using email, contact Ben Martin of Safe4: email@example.com