Keeping your Personal Data Secure - UK Cyber week 2025

UK Cyber week 2025 24th April

Information Security Guidance – paper-based NOTA:BENE System

In this UK Cyber week 2025 we are releasing a blog post offered following a conversation with a cyber security specialist. Working on projects with the government of the UK, he felt strongly that our clients would be well served by treating their own personal information as if it were government information.

“As an Information and Cyber Security Specialist my daily work is assuring the security of some of the most important Government information and services. My advice to you follows, learn from the mistakes of others, not your own. Take this seriously. Act before you are affected, not because you have been affected.

The product you have bought is an excellent tool for organising your life information and that of those you love. It allows you to spend more time doing the important things, at a time when that will be very important.

There is risk in all we do. Balancing those risks with the time and cost of reducing them is a personal decision. But the biggest risk is doing nothing. We will all be affected at some point. Doing nothing means you have no control over the impact and no understanding of its size. And the timing? It will always be at the worst possible moment. However, YOU have taken control. Threat Actors chose targets with the best return on their efforts. Choosing to improve one’s own security, means Threat Actors will be more likely to try a less protected victim.  

In the military, a system like NOTA:BENE would be considered a useful component of your life’s ‘Go Bag’. Once completed, however, you will be aware that you have also created a security risk. Your paper twin now exists; many pieces of useful information about your life are now in one place and you need to protect them.

Here are some guiding principles. Adapt them to your own specific circumstances:

1.    Treat this information as your own personal TOP SECRET data. Use ‘need to know’ principles. Don’t tell anybody about this information except the people who Need to Know, your Proxy.

2.    Once completed, store it securely - If you have concerns about visitors (carers, tradespeople, cleaners), use a lockable or consider storing it off-site with a trusted family member or your Proxy.

3.    You may want to pay for storage in a secure facility like a bank, or professional records management service. 

4.    Tell location and access details only to those you want to access the information. No one else. Remember the need-to-know principle.

5.    You may want to split the location and the access details between two trusted people as a form of 2-factor authentication. For example:

   - Tell one person the location of the document.

   - Give a spare key or access code to someone else. 

A legal professional can also act as one of those people. This isn’t required, but it’s a sound option.

6.    Make updates every five years at a minimum. Life changes—so should your records. And remember: emergencies don’t wait.

7.    Schedule time for updating your data. Including communicating with your Proxy.

If you follow this guidance and apply it, you will have minimised your risk.”

Information Security Guidance for Digital Storage Systems

Many legal firms are now offering digital vaults and online platforms for storing your personal and legal information. These are marketed as convenient, secure, and easily shareable. However, as with all technology, convenience can come at a cost.

Feedback from our clients shows a consistent pattern: most people 65+ are not comfortable using digital tools for this kind of information. They don’t want yet another password to remember and many deeply distrust digital systems. They are not alone.

Our cyber security specialist, echoes these concerns:

“Remember Digital Threat Actors choose to focus their resources on targets which will get the best return. By collating all your information into a single location, under the banner of a particular brand, you become more interesting to online threat actors and they have a target (brand) to focus their attention on.  E.g. they can search for the term ‘Digital Vault XYZ’ and concentrate their hacking efforts.

No digital system is immune. Even the most secure servers are only as strong as their weakest link—which is often human. Phishing, password reuse, outdated software, or even a moment’s inattention can make your private records vulnerable. If you're not someone who regularly updates software, uses multi-factor authentication, a paid-for password manager or recognises scam attempts, your best protection might be not to put your most sensitive personal data online in the first place. To store the most important data off-line, is a recognised and regularly used protection.

While encrypted digital systems can be part of a wider information strategy, they should never be seen as foolproof. If you're someone who prefers certainty, simplicity, and security, then paper - properly stored and managed - remains a trusted choice.”

In Summary

You've taken a major step by completing your NOTA:BENE System. Now, take the next one: protect it. Treat it like gold. Or better yet - like state secrets. Because in many ways, it is.