Security Questions - Privacy
Why does email need to be secure?
One of the most common IT security problems faced by people in all professions is probably the threat that hackers may access confidential information. However good your own IT security, once an ordinary email leaves your system you have no control over where it goes, and you can't be certain that it remains protected.
In fact, a typical email may pass through three or more servers before it reaches your intended recipient, and every time it does so, it’s vulnerable to attack.
This can put your business and your professional reputation at very real risk, as the following facts from a recent survey of 100 senior UK legal practitioners show: *
- One in ten UK law firms have suffered breaches of digital security in the last 12 months
- Six per cent of UK law firms have lost clients or damaged relationships as a result of security breaches in the past 12 months
- 50 per cent considered that loss of email access would damage their business in less than one day
- 65 per cent feel that digital security risk is increasing in their industry.
*Source NOP World survey June 2004
How can I make sure that my emails are secure?
Secure eMail is a service available to all legal practitioners working in the Criminal Justice System. It is the only Government accredited secure route for sending emails to Criminal Justice Organisations, including Crown and magistrates' courts, the CPS, police and the National Offender Management Service.
You can use Secure eMail to electronically send information to other organisations and practitioners connected to the service, up to and including anything marked 'Restricted'. The system uses 128 bit encryption to make sure that it cannot be read by anyone other than your intended recipient.
What does 'RESTRICTED' mean?
This is a Government-wide term that is used to refer to sensitive information which, if it became widely available, could cause personal or financial harm.
The Secure eMail service can handle material up to and including anything marked RESTRICTED, or its equivalent in the non-Government Protective Marking System world, such as PRIVATE, COMMERCIAL IN CONFIDENCE, or COMPANY CONFIDENTIAL.
If information is marked as 'RESTRICTED,' care should be taken to ensure that it is handled and stored appropriately. As a rule of thumb, anything you receive through Secure eMail should be treated as RESTRICTED.
Keeping Secure eMail secure
To ensure that Secure eMail stays secure, we have developed a stringent set of guidelines for users of the Secure eMail service to follow.
As a general rule, Secure eMail should only be used for legitimate business purposes relating to the Criminal Justice System.
Organisations and individuals could have their Secure eMail account suspended or removed if:
- They share their user account details or Secure eMail password with anyone else. Secretaries, PA's and clerks may be allowed to use the details on a user's behalf, but the user will remain responsible for what they do with it.
- They allow strangers to enter areas of your premises where IT systems with access to Secure eMail are in use. Where this is unavoidable, all visitors must be escorted at all times.
- They send confidential information to people who don't need to know it.
All users of Secure eMail are also required to abide by the relevant legislation pertaining to the sharing of information, including the Data Protection and Freedom of Information Acts.
Terms and Conditions
Before anyone can join the Secure eMail service, they also have to agree to our terms and conditions, which sets out in great detail the levels of security we expect them to maintain.
This ranges from ensuring that they have a hardware firewall installed, to making sure that strangers are accompanied at all times in areas where Secure eMail is being used.