Skip to main content

What to do in the event of a breach

What to do in the event of a breach

Recovery from a ransomware attack can be a challenging and sometimes costly process. The recovery process can vary dramatically depending on whether you have no protection at all versus having backups and a file recovery system in place. Here’s a comparison:
Without Cryptoloc Protection
  • Identification

    Step 1

    The first step is to recognize that you’ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.
  • Isolation

    Step 2

    Once identified, you should immediately disconnect the affected devices from the network to prevent the spread of ransomware to other connected devices.
  • Assessment

    Step 3

    Determine the extent of the damage. Which files have been encrypted? What kind of ransomware is it?
  • Decryption Options

    Step 4

    Some ransomware variants have publicly available decryption tools thanks to cybersecurity researchers. It’s worth checking if a tool is available for your ransomware variant.
  • Paying the Ransom

    Step 5

    This is a controversial step. The Australian Cyber Security Centre strongly advises against paying a ransom. Paying the ransom doesn’t guarantee that you’ll get your files back, and it encourages and funds the cybercriminals. However, for some businesses or individuals, it might be seen as the only option, especially if the data is critical and irreplaceable.
  • Clean-Up

    Step 6

    If you decide not to pay or even after retrieving your files (if the attackers keep their promise), you’ll need to clean the affected system(s). This typically involves wiping the system and reinstalling the operating system and applications from scratch.
  • Data Loss

    Step 7

    If you have no backups and can’t decrypt the data, you may have to accept that you have permanently lost all your data.
  • Post-Incident Analysis and Prevention

    Step 7

    Understand how the attack happened and implement learnings from your experience to be able to prevent future incidents and recover faster and easier.
With Cryptoloc Protection
  • Identification

    Step 1

    The first step is to recognize that you’ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.
  • Assessment

    Step 2

    You’d still assess the damage, but you can access of your files live on the Cryptoloc Cloud to view your incident response plan or carry on normal business operations.
  • Restoration

    Step 3

    Restore the infected devices and with Cryptoloc backup and file recovery system in place, you can restore your system and user files from any point before the ransomware attack. This significantly reduces the downtime and loss.
  • Validation

    Step 4

    Using a file-based backup system ensures that the backups being restored are clean and free of ransomware or any other malware.
  • Post-Incident Analysis and Prevention

    Step 5

    Analyse the breach and put in place any preventative measures identified. Having a backup is essential, but prevention is always better. Check to ensure all essential files and data are under Cryptoloc’s protection.
  • Regular Backup Checks

    Step 6

    Access the Cryptoloc Cloud and check the status of all your backups on a single easy-to-view page to confirm their successful execution.

Having a robust backup and recovery system is one of the most effective measures against ransomware. Regular backups can save you significant time, money, and stress in the event of an attack. Additionally, always ensure to keep your software updated, use a good security solution, and train employees or users about the risks of phishing emails and suspicious attachments.

Continue reading

How to protect yourself against ransomware

How to protect yourself against ransomware

What is Ransomware?

First things first… What exactly is ransomware?

Imagine you come home one day and find that someone has changed all the locks on your house, and you can’t get in. This person then tells you that you need to pay them a certain amount of money, and only then will they give you the new keys to unlock your doors. But there’s a twist. They also threaten to publicly display or sell your possessions unless you pay an extra amount.

Ransomware is like this scenario but with your computer or device. It’s a type of malicious software that, once it gets onto your device, locks your files or the entire device. The person (or group) behind this software then demands money, usually in a digital currency, in exchange for unlocking your files or device. If you don’t pay, you might lose access to your files forever and face having your data released and sold for use by other criminals.

How do you protect yourself?
Firstly, visualize your business or household as a castle, it will help to provide a clearer understanding of the measures needed to fend off ransomware or intruders and why each step is crucial.
  • Educate and Train Your People

    Step 1

    Every person in your castle is like a gatekeeper. If even one gatekeeper is tricked, enemies (in this case, ransomware) can enter.

    Action: Ensure that everyone, from the top executives to the newest members, knows how to recognize suspicious emails or links and protect their access passwords. Most ransomware attacks start by tricking someone into clicking something they shouldn’t. Training your people is like preparing your gatekeepers for an enemy’s tricks.

  • Perimeter Controls

    Step 2

    Now, consider a giant protective wall around your castle. This wall acts as the first line of defence, keeping out any threats that might want to harm your castle.

    Action: These are your firewalls, anti-virus software, and network filters. They check incoming data, block suspicious activity, and sound the alarm if something seems wrong. Keeping them updated and robust ensures your wall is strong.

  • Protect the Crown Jewels

    Step 3

    The problem with a castle wall is that the enemy will eventually find a way in. So, what do you do with your precious jewels? Instead of leaving these treasures out in the open, you keep them in a hidden location and lock them in unbreakable safes. Even if enemies somehow get past your gatekeepers and through your walls, they still can’t find or access your most valued possessions.

    Action: This is about backing up your data and encrypting it. Regularly save copies of your important files in a secure off-site place like Cryptoloc Cloud. If ransomware strikes, the criminals cannot use your data as leverage against you. You can access and restore your data from your Cloud without paying a ransom. Encryption adds an extra layer, making sure that even if someone does find your data, they can’t understand or use it.

Continue reading

What makes Cryptoloc special

What makes Cryptoloc special

  • Simplicity Meets Strength
    Engage with the Cryptoloc Cloud without hassle. Designed with user-friendliness at its core, achieve unparalleled security without getting lost in complexities.
  • Recoverable Zero-Knowledge Protection
    Hold the reins of your data. Even in the rare instance of a lost key, Cryptoloc ensures swift, secure data recovery.
  • Customized Encryption for Every File, Every Version
    Each saved file, each new version, gets its unique protective shield. Experience personalization at its security best.
  • End-to-End Safeguarding
    From the moment you initiate an upload to when you access your data, we guarantee an uninterrupted protective cover.
  • Audit Trails
    Transparency in Every Transaction: A clear log keeps you in the loop. Know when and by whom your data was accessed, ensuring trust and clarity.
  • You’re the Captain
    Take charge of your data. Grant access, deny permissions; you make the calls.
  • Multifaceted Security
    We’ve fortified every potential vulnerability – from countering supply chain threats to ensuring shared files remain unintercepted.
  • Backups Beyond Ordinary
    Not just about keeping duplicates, but about protecting them. With encrypted backups, your data remains inaccessible to prying eyes, even in storage.
  • Cryptographic Excellence
    Every transaction you make with us is stamped with cutting-edge cryptographic principles, guaranteeing security at every step.
  • Crafted for Your Routine
    Cryptoloc is more than just a tech platform. It’s a tool designed to integrate effortlessly into your daily tasks, striking the perfect balance between security and efficiency.

Continue reading

As safe as houses: The risks and rewards of technology for the property sector

The days when physical contracts were needed to buy and sell property are gone forever. But as the real estate industry moves online, cybercriminals are increasingly targeting the large – and sometimes lightly protected – sums of money that are involved in property transactions. 

Traditionally, the real estate world has been awash in paper-based processes. But just as it did for so many other parts of our lives, COVID-19 accelerated the digitalisation of the property sector. Virtual inspections and auctions have become commonplace, and contactless contracts have quickly become the norm. 

Isaac J Coonan is the Founder of Proptech BNE, a platform dedicated to facilitating industry connections and supporting the development of the property technology community in Brisbane and South-East Queensland. He says COVID was the catalyst for a digital transformation that was long overdue in the industry. 

“COVID opened the door for the industry to understand what was possible,” he says. “The truth is that the property industry has been a slow adopter of technology. I think the vast majority of the people in the industry would admit that. And I think the reason why it was slow to adopt technology is because it was such a highly profitable industry as it was. 

“When you look at the main catalysts for digital transformation and innovation, it rarely comes from scenarios where the industry’s doing phenomenally well, everyone’s quite happy and everyone’s quite wealthy. It normally comes from crisis, or from an urgent need for growth. 

“I think COVID shone a light on how technology can bring resilience to an industry. What we’re seeing now is the industry is starting to understand, ‘Okay, just because it’s not broken doesn’t mean it can’t be better.’” 

Now that the industry has seen how digital solutions can save time, energy and money for agents, buyers and sellers alike, there’s no putting the genie back in the bottle. Isaac says Proptech will continue to help the sector to innovate and evolve, and remove friction from everyday tasks and processes.

“The vast majority of this technology is not disruptive, it’s enabling,” Isaac says. “It’s technology that enables people in the property industry to do what they do more efficiently, and at scale. This industry is such a relationship-driven beast, and proptech means they don’t need to waste time on mundane, highly repetitive and easily programmed tasks. Instead, they can spend that time building relationships.” 

The challenge for the industry, then, is to use technology to maximise efficiencies and provide more convenient user experiences without sacrificing security. 

The red tape around electronic signing has eased significantly over the last few years, to the point where it’s become the norm in the industry. But even Isaac, a fierce proponent of the benefits of technology for the property sector, admits this makes him nervous. 

“Electronic signing has been transformative, but this is one of those things that gives me a little bit of anxiety,” he says. “Because when there’s a rush to adopt a technology, you sometimes overlook some fairly significant risks. 

“Electronic signing needed to happen, and it’s been highly beneficial for the industry. Sales agents have seen they don’t need to spend 20 per cent of their time driving contracts back and forth anymore, and they’re not going to go back to that. And that’s great – they should be spending that time on more important parts of their job.  

“But you need to use the right tools, not just the easiest and most readily available tools. When you look at an electronic contract, it can actually increase the risk profile for a real estate transaction if there’s no verification of who’s doing the signing. 

“If I can jump on Adobe and throw someone else’s signature on a contract, that’s a problem. I think that’s going to lead to some major screw-ups in the next year or so, which will lead to people realising they need to use better digital contract solutions.” 

Cyber scammers and the property sector 

The total value of residential real estate in Australia passed $8 trillion earlier this year, according to CoreLogic data

That makes residential property Australia’s largest asset class, and puts it around four times the size of Australia’s GDP, worth around $1 trillion more than the combined value of the ASX, superannuation and all of Australia’s commercial real estate stock. 

In other words, there’s plenty of cash flowing through the sector, with plenty of small businesses – who tend not to have the same cybersecurity protections in place as larger organisations – taking part in online transactions that involve large sums of money. 

As a result, real estate agents, mortgage brokers and conveyancers are becoming increasingly popular targets for cybercriminals. 

The Australian Cyber Security Centre (ACSC) recently warned that property-related scams are rising in Australia, while the Australian Competition and Consumer Commission’s (ACCC) Scamwatch says reports of payment redirection scams in real estate are up substantially from last year

The most common property-related cybercrimes are business email compromise (BEC) scams, in which cybercriminals impersonate email accounts in an attempt to deceive people who are buying, selling or leasing property. 

They’ll often register domain names and create email addresses that appear, at a glance, to belong to a legitimate company, but might have letters swapped, or an additional character added. 

A property BEC scammer’s modus operandi is to insert illegitimate bank details for settlement or rental payments. In Australia, the ACSC says cybercriminals will often impersonate property sellers and ask their agent or lawyer to update their details on Property Exchange Australia (PEXA), an online service for property transactions. 

This results in fraudulent bank account details being added to PEXA, without the criminals having to hack PEXA itself, and funds being sent to the cybercriminal’s account. 

While banks are sometimes able to stop fraudulent transactions that are caught within the first few days, successful property BECs can go unnoticed until a business follows up on a missing payment. This can take weeks – and by that time, the money is long gone. 

According to the ACSC’s most recent Annual Cyber Threat Report, average reported losses from BEC scams, across all industries, were up 54 per cent in 2020-21 compared to the previous financial year. 

How to protect yourself when you sign a property contract online 

With cybercriminals trying to squeeze through any openings they can find, the onus is on real estate agents, conveyancers, mortgage lenders, lawyers and any client of these businesses to be vigilant – especially during the settlement period. 

The ACSC recommends all parties involved in the buying, selling and leasing of property to: 

  • Verify payment details. Before transferring money, especially if it’s a large transaction, take extreme care to confirm the account details you have are correct. The ACSC suggests going so far as to meet in person before transferring any funds, or calling the person you’re paying via a phone number you’ve sourced independently (i.e. not a phone number you got from their emails). 
  • Train your staff to identify suspicious emails, including requests to change bank account details or emails linking to fake websites. It’s common for scammers to attempt to create a sense of urgency – and this is particularly easy to do in industries like real estate, where a sense of urgency is often already present. 

But take your time, look carefully at the sender’s email address, and if you’ve received a request to change payment details in a platform like PEXA, confirm this with the sender using contact details you source independently. 

  • Secure your email accounts. Cybercriminals pulling BEC scams won’t always use fake email addresses – they’ll sometimes hack into actual accounts using compromised passwords. Use strong passwords and implement multi-factor authentication to help prevent unauthorised access. 

If you’re signing a property contract online, it’s important to know which type of signature is being recorded – is it an electronic signature, or a digital signature? Though the terms are often used interchangeably, they’re not the same thing. 

Electronic signatures are simply signatures added to PDFs sent via email that essentially recreate paper contracts. They’re not secure or verifiable, they don’t require multi-factor authentication, and they can be easily faked or intercepted by cybercriminals. 

A secure digital signature solution, on the other hand, should only be accessible by the intended recipient, and should provide encrypted evidence that a document has been signed. These are what should be used for all legally binding contracts and agreements, including contracts of sale and residential tenancy agreements. 

To be effective, a digital signature solution should also be able to prove a contract has not been tampered with after a signature was added. 

Cryptoloc’s Secure2Client is a secure digital signature solution that enables users to send encrypted documents and generate fully admissible digital signature certificates that are legally binding. 

Powered by Crypotloc’s patented three-key encryption technology, Secure2Client guarantees the verification and integrity of contracts, enabling users to share and sign property contracts without compromising security. 

Cryptoloc’s multi-factor authentication process ensures that only the intended recipients can view and sign the contract. And with each contract assigned its own audit trail, complete with time and date stamps, users can record every time a contract is accessed, modified, shared or signed, and be certain it hasn’t been altered after a signature has been added. 

Better yet, Secure2Client conveniently integrates with existing systems like Microsoft Outlook and Salesforce. That means users can keep following their current processes and procedures, while ensuring the property contracts they send and sign online are safe, secure, and not susceptible to scammers. 

Learn more about how Cryptoloc Secure2Client can protect your property contracts and book your demo here

Cryptoloc is proud to support the Proptech Founders Forum 2022 as part of Something Fest 2022, Queensland’s digital, innovation and technology festival. The Proptech Founders Forum will bring property technology founders from around the country together for an afternoon of community building and invaluable insights into the ever-growing property economy. 

The invite-only Proptech Founders Forum will be held at Brisbane Powerhouse on Thursday 27 October. Expressions of interest can be registered here. Tickets for Something Fest, which will run from October 24 to 28, are available now

As easy as 1.0, 2.0, 3.0: What Web 3.0 means for the future of data security

By Melissa Crossman, Chief Executive Officer of Cryptoloc 

The next phase in the evolution of the web is upon us, but how much stock should we really be putting in Web 3.0, and what will it actually look like when it’s here? 

It turns out Web 3.0 could be closer than you think – and when it comes to data security, the third time’s the charm. 

What is Web 3.0? 

Simply put, Web 3.0 is the next iteration of the internet – although what form that will actually take has been a matter of much debate. 

Web 1.0 and Web 2.0 are relatively straightforward concepts. Web 1.0 was the first period of the World Wide Web, as pioneered by Tim Berners-Lee when he was working as a computer scientist at CERN in 1989. This first generation of the web lasted until about 2004, and was defined by static websites that the majority of users consumed without producing their own content. 

Web 2.0, which continues to this day, is defined by the shift towards the web as a platform for users to connect and generate their own content. Facebook, YouTube, Twitter and TikTok, for instance, all exemplify the interactive nature of Web 2.0 – the era in which virtually every user became a creator. 

What comes next isn’t as well defined. In 2001, Tim Berners-Lee said he expected Web 3.0 to be the Semantic Web, in which data can be easily processed by intelligent machines, without any need for human input. But in practice, this hasn’t really panned out, because it’s still virtually impossible for even the most sophisticated machine to understand human concepts and contexts. 

More recently, Web 3.0 has come to be understood to mean a shift towards decentralisation and a greater degree of data security and privacy; a web where you own and control your data and you determine who profits from it. 

Currently, the infrastructure of the web is built around centralised servers, and a small number of large technology companies wield an outsized influence. But there’s been much speculation that a blockchain-based Web 3.0 will distribute services and applications, with data residing on the devices – or ‘nodes’ – on a blockchain network rather than a centralised location. Proponents of a blockchain-based Web 3.0 argue this would put control of data back in the hands of users, in much the same way that blockchain-based cryptocurrencies operate without the need for a central authority. 

Breakthrough or buzzword? 

Web 3.0 has been the cause of plenty of excitement amongst technologists, venture capitalists and crypto enthusiasts, but it’s also generated its fair share of skepticism. 

Tesla and SpaceX CEO Elon Musk and former Twitter CEO Jack Dorsey have been amongst the most prominent critics, with Musk tweeting that the concept “seems more a marketing buzzword than reality right now”. 

On this occasion, at least, Musk might be correct. Web 3.0 is more vapourware than viable model right now, at least in the sense that it’s come to be popularly understood. 

The problem is with blockchain’s viability as a basis for the next evolution of the web. 

For starters, blockchain has issues with scalability. For a blockchain to store and verify data without a central authority, each node on the network has to have a full record of the data stored on the chain. The more nodes you add to a chain, and the more blocks of data you add, the more inefficient the chain becomes. In the case of large public blockchains like Bitcoin and Ethereum, this has led to higher transaction fees on those blockchains to pay for the computing resources required to power them. 

Similarly, blockchains can become extremely energy-intensive. Many blockchains are built on a proof-of-work system, in which a certain amount of computational effort has to be expended to confirm each block in the chain. 

As the blockchain network grows, so does the amount of energy expended – and while proof-of-stake systems have been created as a less energy-intensive alternative, the trade-off is that they’re more complex and less secure. 

And if Web 3.0 is driven by a desire to give users greater privacy and control of their data, then blockchain is, well, a stumbling block. All transactions are visible on a public blockchain, and everybody on the network is required to be able to see the data that’s added to it. That might be ideal for verifying financial transactions, but not for data you want to keep private, like medical records and confidential business agreements. 

Perhaps most importantly, moving to a blockchain-based model would require an intentionality that wasn’t present in the shift from Web 1.0 to Web 2.0. There, the movement was seamless and gradual – we didn’t know we were leaving Web 1.0 and entering Web 2.0 as it was happening. 

Web 2.0 changed how we used the internet, but it didn’t change the underlying structure of the web in the way that shifting data from centralised servers to decentralised blockchains would. In this case, you’d essentially be asking people to stop using one ‘web’ and start using another, like switching from Google Chrome to the dark web. 

Decentralised data ownership 

Blockchain may be impractical as a basis for the next generation of the internet, but that doesn’t mean the ideals of Web 3.0 can’t still come to fruition. In fact, they already are. 

In practice, most data is unlikely to be decentralised. It will still be stored on central servers, not distributed across infinite nodes. But what will be distributed – and can already be distributed, with the right technology – is the control of that data. 

Data privacy is a growing concern for users, even as companies become increasingly comfortable with violating that privacy. 

Surveys conducted by KPMG last year found that 86 per cent of users feel a growing concern about data privacy, and 78 per cent have fears about the amount of data being collected. Just over half – 51 per cent – of users said they’re worried about their data being sold, and 40 per cent said they don’t trust companies to use their data ethically. 

On the other hand, 70 per cent of the companies analysed by KPMG actually expanded their data collection practices over the past year, and 75 per cent of business leaders said they’re comfortable with the level of data they collect. 

This trust gap, between users who want to control who can access their data and businesses who don’t want them to be able to, is what will actually drive the implementation of Web 3.0. 

Last year, Tim Berners-Lee told The New York Times that too much power and too much personal data resides with the Googles and Facebooks of the world; and that a web that gives individuals more control over their data would be “the web that I originally wanted”. 

His vision is a move towards personal online data stores, or ‘pods’, in which individuals could control their own data – the websites they visit, the music they listen to, the exercises in their workout routine – in an individual data safe. Companies could only access that data with the user’s permission, and only for specific purposes, and they could never store it. 

This is no flight of fantasy. The technology that would enable this distribution of data ownership has already been developed. In fact, it’s already available – and it’s ours. 

Taking back control of your data

Cryptoloc’s patented three-key encryption technology guarantees privacy, authenticity and control of all data transactions. Even though the data is stored on a centralised server, ownership and control is decentralised, in that access to the data is truly restricted to the user and the people they authorise. Even Cryptoloc as the cloud provider can’t access the data, because we can never see the complete decryption key for any piece of data. 

Instead, decryption keys for every piece of data stored with Cryptoloc are split and stored by three different parties – the owner, the cloud host and an independent escrow agent (a neutral third-party entity). The decryption key can only be assembled with access to the user’s private key, which is only stored locally on their device, and password-authenticated access to a cloud-hosted, Cryptoloc-based solution. 

If a user loses their private key or their password, their access can be restored through our escrow recovery process – but even during this process, neither Cryptoloc or the escrow agent have any interactive access to the user’s unencrypted data. 

This is in stark contrast to the major cloud storage providers, who hold onto the encryption keys for their users’ files, and have the ability to access that data or hand it over to government agencies whenever they want. 

Each piece of data stored with Cryptoloc also has its own immutable audit trail, complete with time and date stamps, to record every time it’s accessed, modified or shared. This enables users to know exactly what the people and companies they authorise to access their data choose to do with it, providing added accountability. Crucially, users can also revoke access to their data at any time. 

Cryptoloc’s patented encryption  technology can be deployed to virtually any application, and has already been incorporated into file storagedocument management, and counterfeit prevention and detection solutions

The possibilities are essentially endless – and with the Cryptoloc Platform, developers can already build their own products on our platform, baking the world’s strongest data security into their products from the beginning. 

Because this technology is available now, users can start following best data control practices immediately, without having to wait for the entire internet to move to a blockchain-based model. Better yet, it’s been smoothly integrated into existing systems and procedures, such as Salesforce, as an API (Application Programming Interface), so users can continue using the software they’re used to while enjoying the benefits of Cryptoloc’s data protection. 

It’s the ideal of Web 3.0, built to work with a Web 2.0 world – so your data remains firmly under the control of numero 1.0. 

Why you need a data audit trail

Do you know who has access to your data – and what they’re doing with it? When it comes to protecting the integrity of your data and your business, there’s no substitute for a comprehensive data audit trail. 

From critical infrastructure to online shopping, data is the lifeblood of the digital economy. But that data only has value if its authenticity can be guaranteed, which is why it’s important to be able to track its provenance, and document any changes made along the way. 

Here’s why you need a data audit trail, and how it can protect your business. 

What is a data audit trail? 

The idea of an audit trail isn’t unique to the digital age. It’s a concept with roots in finance and accounting, where companies have long been required to keep manual paper trails to document their transactions and procedures. 

Today, it’s important for all companies with a digital footprint to be able to track their data. A data audit trail is a detailed record of all the activity related to a piece of data – it can tell you who accessed a file and when they accessed it, and it can track any activity that relates to the file and any modifications and alterations any user made to the file. 

A data audit trail provides transparency, and helps to ensure the security of sensitive information. If, for instance, you had a document that required an electronic signature, a data audit trail could tell you exactly when the document was signed, by which user, and whether or not any changes were made to the document afterwards. 

For a data audit trail to have value, it’s crucial that it can’t be modified. If records can be changed after the fact by someone attempting to cover their tracks, they’re worthless, in terms of providing integrity and validity. 

The information tracked should also be structured in a clear and accessible format that can be easily understood, and the trail should only be accessible by the owner of the data – and anyone they choose to share it with. 

How does a data audit trail benefit your business? 

The transparency that comes with a data audit trail is useful for a number of reasons. 

Firstly, the mere existence of a data audit trail encourages user accountability. Knowing that their steps can be traced back to them – and that these steps can’t be altered or deleted from the record – is likely to make users put more thought into how they handle data, and take more care in following best cybersecurity practices. 

Rightly or wrongly, the fact is that people tend to behave better when they know they’re being watched. So a user is far less likely to delete, modify or utilise a file in a way they shouldn’t if they know every action that relates to that file is being monitored and accounted for. 

A data audit trail can also be used in legal proceedings to prove the validity of a specific action, such as an electronic signature, and it can be used to demonstrate compliance. If there’s any question about how a particular piece of data has been handled, you can simply point to your audit trail – a particularly useful feature at a time when legislation is being introduced around the world that raises the stakes for data protection and allows for stiffer penalties for data breaches. 

Most importantly, if a file is handled improperly, a data audit trail enables you to get to the bottom of it and find out who’s responsible, without the need for a lengthy investigation. 

In the event of a breach, you can use a data audit trail to look for unusual activity and identify when the attack occurred. If you’re hit with a ransomware attack, for instance, cybercriminals will encrypt your data, and hold that data hostage until you agree to pay a ransom. Even if you pay the ransom, there’s no guarantee you’ll actually get your data back. 

But if you have a comprehensive data audit trail, you can look for the earliest signs of a breach – and if you have the capability, you can then roll back your data to a previous state, before the suspicious activity occurred and before any data was lost. This enables you to recover from what could have been a company-killing disaster with your data intact. 

You can also look at your audit trail to determine how the breach occurred. Armed with that information, you can put new security procedures in place to improve your data practices and close off those entry points to attackers. 

The ultimate audit trail 

Cryptoloc’s technology protects the confidentiality and integrity of documents stored online by combining three different encryption algorithms into one multi-layer process that has never been breached. This technology has been deployed across a wide range of applications, including our file storage and document management solution, Cryptoloc Cloud.  

Users of Cryptoloc Cloud are given access to a system-generated audit trail, which records all actions related to each document stored with Cryptoloc, including time and date stamps. 

These records can’t be altered, giving users complete confidence in the integrity of their files, including legal agreements, funds transfer records, financial reconciliations, contracts, estate documents, personal records and deeds of ownership. 

Better yet, with Cryptoloc Cloud, every previous version of every file can be accessed by the file owner at any time. Different versions of the same file can also be shared with different third parties. 

These audit and versioning features provide proof of a file’s chain of custody, as well as the identity of anyone who’s ever accessed it, and an immutable record of any changes that were made to it. This enables Cryptoloc users to produce verifiable versions of a file at the time it was uploaded, updated, shared or signed.

With a comprehensive audit trail that can’t be altered, there’s no way for any user actions to slip between the cracks, ensuring full transparency and accountability when it comes to your data. 

Big Brother is watching – but in this case, he’s on your side. 

Learn more about how you can use Cryptoloc to store files with a comprehensive data audit trail and get started with your free account here

10 telltale signs you’ve been hacked 

Do you ever get the feeling your computer is trying to tell you something? Here are 10 telltale signs that could mean you’ve been hacked – and what you can do to fight back. 

It won’t always be obvious you’ve been hacked. In fact, IBM and Ponemon’s Cost of a Data Breach Report 2021 found that the average breach takes 287 days to identify and contain, with the cost of the breach increasing the longer it remains undetected. 

But while you shouldn’t expect any flashing lights and blaring alarm sounds, there are some clear warning signs to watch out for. And with cybercrime on the rise – it’s now estimated that hackers attack someone online every 32 seconds, targeting everyone from large companies and governments to small businesses and private individuals – it’s more important than ever to be vigilant. 

Here are 10 surefire signs you’ve been breached. 

You start seeing applications you didn’t install 

Have you ever noticed programs or applications on your computer that you don’t remember installing? Sure, it’s possible that your memory is failing – but it’s also possible that these suspicious apps are malware, and that an intruder may be using them as a backdoor into your system. 

Most malware programs are Trojans and worms, and they have a nasty habit of installing themselves along with legitimate programs. Read your software license agreements carefully – some will plainly state that they’ll be installing more than one program. In that case, opt out of the other programs, if you can, and go through your installed programs and disable anything you don’t recognise. 

Your cursor moves by itself 

If your cursor appears to have a mind of its own, it probably doesn’t mean your mouse is in need of an exorcist – it means you’ve been hacked, and your device is being controlled remotely. 

Hardware problems do happen, and if your cursor starts to move randomly and uncontrollably but doesn’t seem to be getting anywhere, then the issue could be benign. But if you observe your cursor moving by itself and successfully clicking on programs or links, it’s virtually certain you’re the victim of a remote access scam, and have at some point been persuaded to download software that a cybercriminal has used to take control of your device. 

If this has happened to you, disconnect from the internet and power off your device immediately. Use another device that you trust to change all of your usernames and passwords, and check your bank account history and any other accounts the attacker may have used to make a transaction. 

If you have lost money, report it to your financial institution and to the police, and make sure the compromised device is completely restored by a professional before you use it again. 

Your antivirus software is disabled

Has it been a while since your antivirus software scanned your computer or sent you an automatic update?

If so, it could mean your antivirus software has been disabled. And if you didn’t disable it yourself, then it means you’ve probably been compromised – especially if you try to launch Task Manager or Registry Editor to investigate, and you find that these tools either won’t start, or they disappear shortly after starting. 

Try running Microsoft Autoruns (or KnockKnock, on a Mac) to see if you can identity and uninstall the malicious program, but if you can’t find it, or if the malware won’t let you easily uninstall it, you’ll most likely need to restore your system. 

Your contacts start receiving strange messages from you 

You won’t find out about this until someone decides to let you know, but if one of your friends, family members or other contacts tells you that they received a strange spam email from you, or a weird DM from one of your social media accounts, it probably means you’ve been hacked. (Either that, or you need to improve the quality of the messages you’re sending your friends.) 

Check your email outbox to see if your account has been sending phishing emails on your behalf, and if so, immediately change your password and set up multi-factor authentication. On social media, check if the unusual activity is actually coming from your account, or if a hacker has created a look-alike page as part of a phishing scam. If you’ve truly been hacked, change your password and set up multi-factor authentication; and if it’s a lookalike page, alert the social media site and ask them to take it down. 

Your passwords aren’t working 

We all forget passwords from time to time, but if you find yourself regularly being denied access to an account and you’re sure your password is correct, then you’ve probably been hacked. 

If you’re sure that your password is no longer working, and it’s not just a case of you jumbling up a couple of digits or the site you’re trying to log into experiencing technical difficulties, then what’s most likely happened is that at some point you’ve responded to a seemingly authentic phishing email that asked you to enter your username and password. 

A cybercriminal has then used that password to gain access to your account, and shut the door behind them by changing the password and the recovery details once they’ve logged in. In this case, you’ll need to contact the affected service and report the compromised account, and change your password on any other service that uses the same details. 

Pop-up windows keep, well, popping up 

Random unwanted pop-ups are usually the result of malware. Sometimes these pop-ups are advertising legitimate products, and while that’s still extremely annoying, the goal of these pop-ups is usually to earn an affiliate fee every time someone clicks on them, rather than to do further damage to your device.  

Sometimes, however, these pop-ups contain links to malicious sites that will then attempt to add even more malware to your device – a real self-perpetuating cycle. 

These pop-ups are often somewhat meta, and will claim that your device has been compromised, and that you need to click a link or call a number on your screen to get help. This will often end up in the user falling prey to the remote access scam mentioned above. 

It should go without saying that if you see one of these pop-up messages, do not click on it, and do not follow any of its instructions. Even if you think there’s a remote chance that message from, say, Apple might be legitimate, and you absolutely must check it out, contact the company directly on a number that you find independently, rather than using the number in the pop-up. 

Your browser has unwanted toolbars 

Another common sign you’ve been hacked is that new toolbars and plug-ins start showing up. Unless you’re certain you know where they came from and you trust them, you should ditch these suspicious toolbars and plug-ins immediately. 

Most browsers will let you review your toolbars and remove any you don’t want. If the suspicious toolbar doesn’t appear in this list, or it resists your attempts to delete it, you may have to reset your browser back to its default settings. 

Your internet searches are redirected 

Another common weapon in the cybercriminal’s arsenal is to redirect your browser from a legitimate site to a fraudulent one. 

If you’re trying to reach Google and you keep getting taken to another, less ubiquitous search site, or if you’re trying to access your online banking and the URL in the address bar doesn’t look quite right, you may be a victim of a virus that’s actively redirecting your browser. 

If this is the case, get under the hood of your browser settings and disable or delete any extensions that you don’t recall installing, or that you don’t use on a regular basis. 

You observe strange network traffic patterns 

If there’s a malicious program on your device that’s transferring your data to a cybercriminal, it will usually leave a calling card of sorts in the form of unusual network activity. 

If you run a business and you see large file transfers to countries you don’t do any business with, for instance, that’s a suspicious sign. 

Of course, in order to know whether or not your network traffic patterns are unusual, you’d have to know what they were supposed to look like in the first place. There are plenty of tools available to help you understand and monitor your network traffic, and while the free and open-source options usually require some expertise and know-how on your part to use effectively, there are also commercial solutions available that will spell out what you need to know. 

Think of it like getting to know your neighbours – if you don’t know who’s meant to be on your street, how will you be able to spot an intruder? 

Your computer starts running sloooooooower 

If your computer is moving sluggishly, or you’ve noticed that crashes are becoming more common, it could simply indicate that your hard drive is full, or that your computer is due for maintenance. 

But it could also indicate that there’s malware running in the background, eating up your computer’s resources without your knowledge and slowing it down. 

Use Task Manager (or Activity Monitor on a Mac – you’ll find it under Applications < Utilities) to see what processes your computer is running. If there’s an application you don’t recognise, there’s a good chance it’s your culprit. 

Protect your precious data 

Of course, there are things you can do to protect your computer from hackers. You should be using powerful antivirus software, and if you’re running a business, you should provide cybersecurity education for all of your employees, including advice on how to identify suspicious emails and requests. 

But even the best antivirus software can be bested by cybercriminals, especially if they’re using new exploits that antivirus scanners haven’t learned to detect yet, and even the most savvy user is still capable of human error, which is the Achilles heel of perimeter security mechanisms that focus on keeping intruders out. 

That’s why it’s important to be prepared for what happens when those intruders get in. Encryption is an obfuscation technique that renders stolen data worthless to anyone who gains access to it without authorisation – essentially, it scrambles data and makes it unreadable for anyone who doesn’t have the right key to unscramble it.

The IBM and Ponemon Cost of a Data Breach report found that the use of strong encryption – at least 256 AES, at rest and in transit – was a top factor in mitigating costs when breaches occur. 

Cryptoloc has taken this principle even further with our patented three-key encryption technology, which combines three different encryption algorithms into one unique multilayer process. 

As a result of our unique approach, no Cryptoloc product has ever been breached – and if you’re concerned that hackers may have compromised your systems already, then it’s especially important that you put your data under lock and key (or, in this case, three keys). 

Get a demo and get protected at

Word up: Why passwords aren’t enough to protect your data

Passwords have long been the first line of defence against cyber intruders. They’re one of the oldest software security tools, and they’ve been used offline since ancient times – but the reality is that in today’s environment, relying solely on a password to protect your data just won’t cut it. 

Here’s how passwords are being exposed by cybercriminals, and what you can do to protect your data in a world where your magic word has lost its meaning.  

The hard word 

When it comes to cybersecurity, most people and organisations are only as good as their word – and that’s proving to be a problem. Inadequate password management has become a gift for cybercriminals, with 80 per cent of data breaches now resulting from weak and easy-to-crack passwords. 

That’s partly because we keep choosing the same ones. An analysis of over five million leaked passwords revealed that 10 per cent of people are using one of the 25 worst passwords. And we’re not just talking about your old Hotmail account here – high-ranking executives and business owners still struggle with password security, with a recent study revealing that ‘123456’, ‘qwerty’, and yes, ‘password’, all rank among the five most popular passwords for CEOs and C-level executives. 

The same study revealed that many high-ranking executives use their own names as passwords, with Tiffany, Charlie, Michael and Jordan among the most popular name-themed passwords. 

Think your data’s safe behind a password? Think again…

It’s no surprise that our passwords are so predictable. Passwords are meant to be remembered, after all, which leads us to rely on familiar or significant phrases. But this means that while cybercriminals are becoming increasingly sophisticated, our passwords continue to be limited by the constraints of human memory and sentimentality. 

And no, replacing ‘password’ with ‘pa$$w0rd’ won’t fool anyone. Enough people have replaced the same letters in the same words with the same digits and symbols by now that doing so won’t make your password any less hackable.

It’s also human nature to reuse the same passwords across multiple accounts. Again, we’re talking about phrases that you’re supposed to be able to remember. But this becomes more and more of a problem with every increasingly common data leak, as cybercriminals now have access to billions of old passwords. 

This has led to a cybercrime tactic called ‘credential stuffing’, in which hackers take usernames and passwords acquired from past breaches and try them out on other accounts. These credential stuffing attacks now make up nine in every 10 login attempts on major retail sites. Essentially, if a cybercriminal can get hold of a single password, it puts every business and personal account using that same password at risk. 

Of course, even if a user comes up with a truly unique password for each of their accounts, human error can still come into play through phishing scams. This is a type of social engineering scam in which a cybercriminal uses a fraudulent, but convincing, email message or website to trick a user into giving up their password – and if one of these scammers targets your business, it can lead to an incredibly costly data breach

With all of these attack vectors taking advantage of passwords, it’s clear that additional security measures need to be put in place. 

A world without passwords? 

Countermeasures to the inherent weaknesses of passwords have included password managers (software applications that store passwords in an encrypted database), and multi-factor authentication, a security measure that requires two or more proofs of identity for a user to be granted access. 

Multi-factor authentication usually requires a combination of something the user knows (such as a password), something they have (such as a card or token), or something they are (a biometric method, such as scanning a finger print), so that simply knowing a user’s password alone isn’t enough to gain access to their account. 

On 5 May 2022 – World Password Day, no less – we may have come closer to a world without passwords, with Apple, Google and Microsoft joining forces to announce their support for a passwordless sign-in standard across all of the mobile, desktop and browser platforms they control. 

The sign-in protocols, called FIDO, work by creating a cryptographic key pair when you create an account. This is a matched pair of keys – a private key and a public key – in which messages are encrypted with one key, and can only be decrypted with the other key. 

Under Apple, Google and Microsoft’s plan, your private key would be held on your smartphone, which would become the authentication device that enabled you to unlock your online accounts. 

Apple, Google and Microsoft have joined forces to announce their support for a passwordless sign-in standard.

You’d take the same action you take multiple times every day to unlock your phone – whether that’s a PIN, a fingerprint, or a face scan – and you could then use your private key to sign into any participating account on that device (or any other nearby device, via Bluetooth) without entering a password. 

So, for instance, you could unlock your Apple device and then use your private key to sign into an account on a Google Chrome browser that’s running on Microsoft Windows. 

The announcement has been greeted with some scepticism – predictions about the demise of the password have been circulating for at least a decade, and developers will still have to implement passkeys into their websites and applications before they can think about ditching passwords. 

And while the plan would do away with the risks that are inherent to passwords, it opens up other security concerns. By tying all of your personal and business accounts to a private key on your smartphone, a cybercriminal could potentially breach all of your accounts and compromise your company’s security if they are able to access your device with your PIN or a stolen fingerprint. (And of course, it’s much harder to change your fingerprint than it is to change your password.)

But with Apple, Google and Microsoft throwing their collective weight behind the plan, it looks likely to go ahead, even though a specific roadmap has yet to be revealed. 

Three keys to rule them all 

While the world’s biggest tech companies are now embracing the possibilities of cryptographic keys in place of passwords, Cryptoloc already uses our patented three-key encryption technology to secure our users’ sensitive data.

Encryption is an obfuscation technique that renders stolen data worthless to anyone who gains access to it without authorisation. Essentially, it scrambles data and makes it unreadable for anyone who doesn’t have the right key to unscramble it. 

While most encryption solutions use only one algorithm and two keys, Cryptoloc’s unique technology combines three different encryption algorithms into one multilayer process, and requires three different key pairs to decrypt protected data. 

This three-key encryption technology has been deployed across a wide range of applications, and can be seamlessly integrated into existing systems, including Microsoft Outlook and Salesforce. 

Built for a world without perimeters, it enables data to be stored and shared, without risk of corruption, manipulation or theft, via a shared digital ledger environment that permanently records the history of each individual piece of data. 

And yes, it does require a password to access – but in this case, password authentication simply acts as an extra layer of security on top of the user’s private key, rather than acting as an access-all-areas pass in its own right. 

As a result of our unique approach, no Cryptoloc product has ever been breached – and in an environment where breaches are becoming costlier and more common, that’s the level of protection it takes to protect your data. 

Unless, of course, you want to take your chances with ‘P@33w0rd’. No chance the cybercriminals will see through that one…

How much is your data actually worth?

By Jamie Wilson, Founder and Managing Director of Cryptoloc

As our world gets smaller, and our systems for sharing information become increasingly interconnected, breaches are becoming an inevitability. It’s no longer a matter of if, but when, your data will come under attack – but do you have any idea how precious your data actually is? 

The criminals who steal data – whether for the purpose of blackmail, identity theft, extortion or even espionage – are finding themselves competing in an increasingly crowded marketplace. Over the course of the global coronavirus pandemic, as the lines between our personal and professional lives and devices blurred like never before and ransomware proliferated, hackers became more active and empowered than ever. 

According to Privacy Affairs’ latest Dark Web Price Index, the stolen data market grew significantly larger in both volume and variety over the last year, with more credit card data, personal information and documents on offer. 

As the supply of stolen data has grown, prices for each individual piece of data have plummeted. Hacked credit card details that would have sold for US$240 in 2021 are going for US$120 in 2022, for instance, and stolen online banking logins are down from US$120 to US$65. 

But this hasn’t discouraged cybercriminals. Instead, dark web sites have begun resorting to traditional marketing tactics like two-for-one discounts on stolen data, creating a bulk sales mentality that places an even greater imperative on cybercrime cartels to amass large quantities of data. 

This makes it even more likely that your data will be stolen, because even if your organisation isn’t specifically targeted, you could be caught up in an increasingly common smash-and-grab raid – like the attack on Microsoft that exposed around a quarter of a million email systems last year. 

And while the value of each piece of data on the dark web is decreasing for cybercriminals, cyber attacks are just getting costlier for the businesses the data is stolen from.

How much is your data worth to your business? 

Not sure how much your data is worth? The exact answer is impossible to quantify definitively, as it will change from one business and one piece of data to another, but it’s clear that having your data stolen can have devastating consequences. 

According to the Cost of a Data Breach Report 2021 from IBM and Ponemon, which studied the impacts of 537 real breaches across 17 countries and regions, the per-record cost to a business of a data breach sits at US$161 per record on average – a 10.3 per cent increase from 2020 to 2021. 

For a personally identifiable piece of customer data, the cost goes up to US$180 per record. Not only is this the costliest type of record, it’s also the most commonly compromised, appearing in 44 per cent of all breaches in the study. 

For a personally identifiable piece of employee data, the cost sits at US$176 per record. Intellectual property costs US$169 per record, while anonymised customer data will set you back US$157 per record. 

But it’s extremely unlikely that a cybercriminal would go to the effort of hacking your business for one piece of data. In that sense, it’s more instructive to look at the average cost of a data breach in total – which currently sits at a staggering US$4.24M. 

For ransomware breaches, in which cybercriminals encrypt files on a device and demand a ransom in exchange for their encryption, the average cost goes up to US$4.62M, while data breaches caused by business email compromise have an average cost of US$5.01M.

Breaches are costliest in the heavily regulated healthcare industry (US$9.23M) – a logical outcome, given the heightened sensitivity of medical records. By comparison, the ‘cheapest’ breaches are in less regulated industries such as hospitality (US$3.03M). 

Mega breaches involving at least 50 million records were excluded from the study to avoid blowing up the average, but a separate section of the report noted that these types of attacks cost 100 times more than the average breach.

The report found the average breach takes 287 days to identify and contain, with the cost increasing the longer the breach remains unidentified. So when it comes to cybercrime, time really is money.   

IBM and Ponemon broke the average cost of a breach up into four broad categories – detection and escalation (29 per cent), notification (6 per cent), post-breach response (27 per cent) and lost business cost (38 per cent). Lost business costs include business disruption and revenue losses from system downtime; the cost of lost customers; reputation losses; and diminished goodwill. 

A 2019 Deloitte report determined that up to 90 per cent of the total costs in a cyberattack occur beneath the surface – that the disruption to a business’ operations, as well as insurance premium increases, credit rating impact, loss of customer relationships and brand devaluation are the real killers in the long run. 

It can take time for the true impacts of a breach to reveal themselves. In 2021, the National Australia Bank revealed it had paid $686,878 in compensation to customers as the result of a 2019 data breach, which led to the personal account details of about 13,000 customers being uploaded to the dark web. 

The costs included the reissuance of government identification documents, as well as subscriptions to independent, enhanced fraud detection services for the affected customers. But the bank also had to hire a team of cyber-intelligence experts to investigate the breach, the cost of which remains unknown. 

The IBM and Ponemon report confirms that the costs of a data breach won’t all be felt straight away. While the bulk of an average data breach’s cost (53 per cent) is incurred in the first year, another 31 per cent is incurred in the second year, and the final 16 per cent is incurred more than two years after the event. 

And with the recent rise of double extortion – in which cyber criminals not only take control of a system and demand payment for its return, but also threaten to leak the data they’ve stolen unless they receive a separate payment – we’re likely to see data breaches exact a heavy toll for even longer time periods moving forward.    

How can you protect your data? 

Data breaches are becoming costlier and more common, so it’s more important than ever to ensure your data is protected. 

Many businesses are turning to cyber insurance to protect themselves. Cyber insurance typically covers costs related to the loss of data, as well as fines and penalties imposed by regulators, public relations costs, and compensation to third parties for failure to protect their data. 

But as breaches become a virtual inevitability and claims for catastrophic cyberattacks become more common, insurers are getting cold feet. Premiums are skyrocketing, and insurers are limiting their coverage, with some capping their coverage at about half of what they used to offer and others refusing to offer cyber insurance policies altogether. 

Regardless, cyber insurance is not a cyber security policy. Even the most favourable cyber insurance policy doesn’t prevent breaches, but merely attempts to mitigate the impact after the horse has already bolted. 

The best approach is to educate your employees and other members of your organisation about cyber security, and put the appropriate controls and best practices in place, including using multi-factor authentication, implementing zero trust policies, and backing up and encrypting data. 

The IBM and Ponemon report found that the use of strong encryption – at least 256 AES, at rest and in transit – was a top mitigating cost factor. Organisations using strong encryption had an average breach cost that was 29.4 per cent lower than those using low standard or no encryption. 

When data is safely and securely encrypted, any files a cybercriminal gains access to will be worthless to them without an encryption key. My business, Cryptoloc, has taken this principle even further with our patented three-key encryption technology, which combines three different encryption algorithms into one unique multilayer process. 

Built for a world without perimeters, our ISO-certified technology has been deployed across multiple products, including Cryptoloc Secure2Client, which enables users to send fully encrypted documents directly from Microsoft Outlook. 

We’ve recently made Secure2Client available on the Salesforce AppExchange, so that marketing, sales, commerce, service and IT teams using Salesforce around the world can encrypt the reports they send to clients and third parties that are sensitive or confidential in nature. 

This protects Salesforce users from the potentially catastrophic ramifications of a data breach, while allowing them to continue using the existing application that their business is built around. 

We’ve also rolled out a new Ransomware Recovery capability that empowers users to protect and restore their data in real-time in the event of an attack, ensuring they never have to pay a costly ransom for the return of their data. 

With Ransomware Recovery, every version of every file a user stores in the Cloud is automatically saved. If they suspect they’ve been the victim of a ransomware attack, they can simply lock down their Cloud temporarily to stop the spread of malware; view their files’ audit trails to determine when the attack occurred; roll back their data to the point before it was corrupted; and then unlock their Cloud. 

This ensures users can recover their data as quickly and effectively as possible, minimising costly disruptions to their business, removing the need for a lengthy and expensive investigation, and ensuring they never have to pay a cent to a cybercriminal to get back the data that’s rightfully theirs. 

Yes, cyber attacks are inevitable – but victimhood isn’t. If you take the right precautions, you can prevent costly breaches and maintain control of your precious data.  

How to protect your digital legacy

By Jamie Wilson, Founder and Managing Director of Cryptoloc

From your birth certificate to your will, much of your life is lived on paper – and now, that paper is moving to the cloud. But while there are clear advantages to digitising our most important documents, there’s also an art to doing it properly. Here’s how you can move your records online safely and securely, and ensure you’re able to pass your digital legacy on when the time comes.   

Why should you digitise your documents? 

Over the course of our lives, we accrue a lot of documents that need to be stored safely – everything from contracts, wills, trust deeds, share portfolios, property and vehicle leases, insurance policies, tax returns, power of attorney documents and funeral plans to hard-earned degree certificates, precious family photos and spicy love letters. 

But if you’re relying on paper documents, then you could be setting yourself up for disaster – quite literally, in the case of a fire, flood or even a tornado. Even if you avoid that worst-case scenario, information stored in physical formats will deteriorate a little further every time it’s handled, so it’s essential to preserve paper documents by scanning and converting them into digital files.  

If you’re running a business, then the number of documents and records that you need to keep track of grows exponentially. And the more you’re relying on paper-based processes, the less efficient your business will be on a day-to-day basis – especially if your business is geographically dispersed across multiple locations, or, like so many businesses today, you have employees working remotely. 

Ditching those bulky filing cabinets and replacing them with digital files that are quickly and easily searchable and accessible will enable you to save time, improve productivity and reduce operating costs now, while also putting you in good stead for the future.  

Of course, it’s one thing to have digital records of all your documents. But the real question is how you can store and share these files securely, because if you can’t do that, you may as well have just set all that paper on fire yourself. 

And perhaps most importantly, you need to ensure that the right people – and only the right people – are able to access those files when you’re not around to share them anymore. Because ultimately, that’s what your digital legacy is all about. 

Clouding the issue: Securing your digital legacy 

To get value out of going digital, you need to store your files in a system that’s both easy to manage and truly secure. This is something I found out the hard way. 

I was working as an accountant when my father passed away from pancreatic cancer in 2010, leaving me with the task of rounding up and managing his will, superannuation details and other legal documents and files for my mother.  

Losing a loved one is extremely hard – in some cases, it might be the hardest thing you ever go through. And, though it’s never been easier to digitise our documents, it can be overwhelming for our next of kin to track down and gain access to these documents at a time when they’re already distressed. 

It’s not something we tend to think about – or, for that matter, something we want to think about – but it’s important that we can easily pass on this information when we pass away. 

Knowing that data storage devices like hard drives and thumb drives were no safer in the event of a natural disaster than paper documents (and much easier to lose), I went looking for a secure cloud-based solution – and ended up having to create my own.  

I didn’t want other people to have the same challenges that I did in such a difficult time. I was also thinking about my accounting clients at the time. What if something happened to me? I had ownership of all their business strategy and financial documents, which they likely wouldn’t have gotten back. That could have crippled their businesses.

I thought there had to be a solution on the market that enabled businesses and individuals to own their data; to create digital documents that would stand up in court as well as the paper-based originals; and to nominate a party or parties to be able to access the documents in the event of a loss. But I found that this technology and this level of security simply did not exist, so I set off on my journey to create both. 

I worked with cybersecurity experts, mathematicians and encryption specialists to develop Cryptoloc’s patented three-key encryption technology, which combines three different encryption algorithms into one unique multilayer process, and deployed it across several products. 

One of those products is Cryptoloc Cloud, a secure cloud storage service, which enables users to safely store, edit, share and sign documents with complete confidence; files can only be accessed by the people the user authorises; and every change is tracked. 

These fully encrypted documents can then be sent to clients, customers, lawyers, government departments and anyone else who needs them, directly from Microsoft Outlook.    

But what I’m proudest of is that Cryptoloc Cloud enables users to create a true data legacy – their files are preserved, but not just anyone can access them. Instead, files can only be accessed by users nominated by the deceased before their passing. This is a feature that any cloud storage service that’s serious about preserving a person’s digital legacy needs to offer. 

In our case, the system enables users to nominate a person – such as a loved one or executor – to access their data in the event of their death, incapacitation, or another trigger event of their choosing. Users can nominate the person to be able to access as many, or as few, of their files as they like – if they don’t want to hand over their entire digital legacy to one person, they can specify which of their drives they’d like them to receive, and/or nominate multiple people.

Cryptoloc isn’t the only cloud storage service to consider a user’s digital legacy. Google’s Inactive Account Manager, for instance, enables users who have data saved on Google services to assign their data to a digital executor when their account become inactive, and Apple have just introduced a Digital Legacy feature that enables users to set a person as their Legacy Contact, giving that person access to their Apple ID account and data after they die. 

I’m pleased to see more services realising the importance of a Digital Legacy feature, but many cloud storage providers still don’t offer one. Instead, users are required to include an e-register of digital assets with their will, despite the fact that digital estate planning legislation is largely uncharted territory, and the legal rights that apply to our physical possessions or financial assets don’t yet apply to our digital assets in most jurisdictions. 

Some services actively prohibit the sharing of usernames and passwords, and the transferring of data between accounts – so leaving it to the courts to enforce your wishes is a legal minefield. 

The benefits of being able to simply nominate someone to inherit files you’ve stored in the cloud, directly through the service itself, are obvious. For instance, if you’re an estate lawyer, you can assist your clients to set up their own data legacy, and nominate you – or a loved one of their choosing – to receive their will and their other legal documents upon their passing. 

Conversely, you can ensure that the documents you’re holding onto yourself can be safely passed on to another lawyer, or to your clients themselves, when the time comes.

This is, after all, the whole reason I set out to create Cryptoloc in the first place. It’s personally very satisfying to know that users can store all their important documents securely in one place, and establish a digital legacy that they can easily pass on to the people that they choose. 

Nobody should have to go through the hassle of putting a loved one’s affairs in order while they’re grieving for them – and now, nobody does.