DocLock™ (PoPI Act Compliance)
Password Protecting a Document on a Windows machine isn’t as easy as you might expect. Although premium 3rd Party programs can handle the task with ease, Windows doesn’t offer an out-of-the-box tool for doing so, to say the least protecting confidential and private information when sending using Microsoft Outlook™.
What does DocLOCK™ do?
- DocLOCK™ protects documents with password encryption.
- Only the intended recipient is able to open the document.
- DocLOCK™ security code is send via SMS, directly from Outlook.
- DocLOCK™ verifies recipient's contact number with Accounting database.
eLert™ - Email Fraud Prevention
Email authentication and protection directly inside your Microsoft Outlook that doesn’t interfere with your current workflow. eLert™ provides detailed information for verified senders, and warnings to protect you and your staff from clicking malicious links or falling for any impersonation attempts. Advanced options and administrative controls are available for enterprise customers.
What does eLert™ do?
- Audits incoming mail to assist in preventing fraud via email.
- Verifies that the underlying email address matches the address shown.
- Provides details of which country the email emanated from and flags mail determined to be from High Risk countries.
- Verifies that the Sender email address and Reply Address are the same.
- Provide details of SMTP Authentication if available.
- Provide details of originating host machine if available.
- Verifies that the Sender Domain is valid.
- Provides details of which country the Sender email domain is hosted in.
- Checks for sender domain SPF records and verifies that the sender is authorized to send mail on behalf of the domain.
- Indicators showing email delivery times which can be further analyzed to determine delays in email delivery routes.
- Verifies that the mail contains valid routing tables.
- Verifies that email attachments, even those contained within .ZIP and .RAR files are not listed as harmful.
- Uses Google Safe Browsing to detect web resource URLs that might contain malware or phishing content.
- Checks for ISP SPAM indicators and flags appropriately.
- Routing tables can be analyzed to show the following:
- Route taken by the mail from originator to recipient.
- Delays at each mail server along the mail route.
- Mail Server Names, IP Addresses, Server Types and Hosting Countries.
- Individual Mail Servers can be checked against 80+ Blacklist Servers.
- A Blacklist Report can be emailed directly to your ISP which provides comprehensive details of Mail Servers and IP Addresses which have been blacklisted.
- Easily forward any suspicious emails in their original format to your support department or ISP for further investigation.
- Send SMS message to Senders registered mobile number requesting confirmation of received mail. Sender replies are directed via email back to the appropriate inbox.
- Optionally validate Sender Email Address and/or Domain Names against Outlook Junk Mail Filters.
eLert™ will in no way alters the way you process your email via Outlook. eLert™ is used purely for information purposes.
For enhanced verification of sensitive and confidential email, eLert™ has the ability to send an SMS to the originator of the mail requesting that they respond to the SMS. The SMS reply is directed back to your Inbox which you can analyze. This simply adds another level of security to your Outlook communications. If the originator of the email is located within your Personal Contacts folder, eLert™ will attempt to locate it and automatically insert the mobile phone number into the SMS Verification Screen as shown. If a corresponding contact is not found, you can simply type in the mobile number and send the SMS.
eLert™ also makes unsubscribing from unwanted mailing lists easier. For email received from a mailing list, a new “Cancel Subscription” icon is visible immediately to the right of the larger Info icon. Clicking this icon allows you to quickly unsubscribe from the mailing list. Often, the unsubscribe link is hidden deep within, or at the end of the body of the message, typically in a small font making it “awkward” to find and click. As a result, unwanted Mailing Lists are often not unsubscribed to and continue being sent.
e-Verify Conveyancing Fraud Prevention
What is e-Verify?
The purpose of e-Verify is simply to verify that a Sender’s Email Address is registered in your External Database, or optionally, is located in your Personal Contacts folder. For Conveyancing applications such as GhostConvey and/or LegalSuite, email senders may have any of the following roles relating to a matter:
- Estate Agent
- Estate Agency
- Listing Agent
- Bond Attorney
- Corresponding Attorney
- Bond Holder, i.e. Bank etc
- Consultants etc
e-Verify will look up the senders email address in the database and if found, will display relevant information on the e-Verify panel. This includes, Matter No, Sender Role, File Reference and Property Description. If more than one entry is located, a drop down box is available to view the Sender’s Role related to this email. The sender’s email may however not be related to a specific matter, however, because the sender is registered in the database, all details displayed will be shown in a Green colour.
What is POPI? The Protection of Personal Information (PoPI) Act explained
In simple terms, the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing, sending and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way. The PoPI legislation basically considers your personal information to be “precious goods” and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control over:
- when and how you choose to send (email) and share your information
- the type and extent of information you choose to send, receive via email and share (must be collected for valid reasons)
- transparency and accountability on how your data will be used (limited to the purpose) and notification if/when the data is compromised
- providing you with access to your own information as well as the right to have your data removed and/or destroyed should you so wish
- who has access to your information, i.e. there must be adequate measures and controls in place to track access and prevent unauthorised people, even within the same company, from accessing your information
- how and where your information is stored (there must be adequate measures and controls in place to safeguard your information to protect it from theft, or being compromised)
- the integrity and continued accuracy of your information (i.e. your information must be captured correctly and once collected, the institution is responsible to maintain it)
Examples of “personal information” for an individual could include:
- Identity and/or passport number
- Date of birth and age
- Phone number/s (including mobile phone number)
- Email address/es
- Banking and\or credit card details
- Online/Instant messaging identifiers
- Physical address
- Gender, Race and Ethnic origin
- Photos, voice recordings, video footage (also CCTV), biometric data
- Marital/Relationship status and Family relations
- Criminal record
- Private and or Litigation correspondence
- Religious or philosophical beliefs including personal and political opinions
- Employment history and salary information
- Financial information
- Education information
- Physical and mental health information including medical history, blood type, details on your sex life
- Membership to organisations/unions
It is important to note though that this right to protection of “personal information” is not just applicable to a natural person (i.e. an individual) but any legal entity, including companies and also communities or other legally recognised organisations. All of these entities are considered to be “data subjects” and afforded the same right to protection of their information. So this means that while you as a consumer now have more rights and protection, you and your company/organisation are considered “responsible parties” and have the same obligation to protect other parties personal information. As a company this would include protecting information about your clients, employees, suppliers, vendors, service providers, business partners, etc.
The PoPI legislation is not a rare or unique phenomenon to South African law. Many countries have similar legislation in place to protect the personal information of their “data subjects”, including rules and regulations for international (cross-border) transfer and sharing of data.
As usual, ignorance of the law is no excuse. Incorporating PoPI into the day-to-day operations of a business will most likely require a significant amount of time and effort, including: educating and training staff, updating business processes when sending emails and implementing or updating security technology solutions. Early action is essential, especially if you send personal information and banking details. Consider for example that under the PoPI Act you could be breaking the law if you do something as simple as synchronising your contacts on your phone, sending an email with sensitive content, taking/sharing a video or photo and so forth.
If you are a custodian of personal information it is important that you compliant as there are serious implications for non-compliance.