LuxSciLuxSci
Secure Email,
Web and Form Solutions
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Ebola is Infecting Computers; How to Protect Yours

Published: October 20th, 2014

Spam and Virus FilterNo, your computer can’t catch the actual Ebola virus… its not even airborn yet.  However, we are finding that criminals are taking advantage of the hype and scare and curiosity over Ebola to infect people’s computers more easily.

This is commonly being done via email.  There are four prevalent types of email going around now that are meant to infect your computer:

  1. A fake report on the Ebola virus — when you click the link to read more, your Windows machine is infected with a virus that can collect and steal your personal information.
  2. A fake email from telecommunications provider that contains an important “Ebola Presentation” for your to download and view.  If you do it, you install malware that can allow others to remotely control your computer, access your web cam, log what you type, etc.
  3. Fake emails talking about an “Ebola Cure” which contains a malware attachment and which asks you to forward the news on to your friends.  The malware records your keystrokes and downloads additional malware on to your computer
  4. Fake emails about Ebola news and lists of “precautions”.

There are many other types of attacks and attack vectors that are being and can be exploited.  We will go over many of these, below, and how to protect yourself from them.  You should be very wary of any email received about Ebola, even if it appears to be from a friend.  You should be especially wary of opening any attachments sent through email, unless you have good confidence that they are malware-free.

Read the rest of this post »

SSL versus TLS – What’s the difference?

Published: October 17th, 2014

SSL versus TLS

SSL TLSTLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

Read the rest of this post »

Google Apps HIPAA Compliance Gotchas: Email encryption not included and higher price

Published: October 8th, 2014

There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations.  Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges.  This seems to be increasingly less likely as of October, 2014.

Myths and hidden costs pervade this equation. If a HIPAA-aspiring entity isn’t fully educated about the finer details of the compliance process, they could end up paying very large amounts of money for Google services and still be non-compliant. Here we discuss some misconceptions about Google services as they apply to HIPAA to help you avoid the pitfalls of non-compliance.

Read the rest of this post »

Exchange ActiveSync (MobileSync) vs Good Old IMAP + SMTP

Published: October 6th, 2014

Many years ago, it used to be that if you had a cell phone that had an email program included, you could configure using IMAP and SMTP to allow you to check email and send email…. just like how a desktop email program worked.

This is still the case, of course.  However, as far back as 1996, Microsoft introduced the first version of “ActiveSync”, a protocol designed to allow mobile devices supporting it to synchronize email, calendars, tasks, and contacts with Microsoft’s Exchange server.  ActiveSync has evolved over time, getting faster, offering support for use in every modern mobile device.  While ActiveSync was designed to work with the Exchange server, these days it also works with other non-Exchange services that can talk the “ActiveSync language,” e.g. LuxSci through its Mobile Sync service.

In general, ActiveSync is much better than using IMAP and SMTP, though there are a few small corner cases where IMAP may be better for you.  Below, we shall compare them from an end-user perspective … trying to shed some light on “which is better” from a practical point of view.

Read the rest of this post »

Accelerated WebMail by LuxSci

Published: September 30th, 2014

LuxSci’s WebMail User Interface is extremely feature rich.  However, perhaps the number one suggestion from customers is to make it faster, especially when large email folders are involved.

After many months of development, LuxSci has completed work on “Accelerated WebMail“.

Accelerated WebMail

  1. Makes WebMail as fast as a regular IMAP email program. (eg. Outlook, Thunderbird, Mail.app)
  2. Folders that you have accessed recently are extremely quick to search.
  3. Folders that you access for the first time in a while are slower at first (though faster than the old WebMail access speed) and then get accelerated to lightning speed within seconds or minutes, depending on how large they are.
  4. The larger your folder is, the larger the speed up is.
  5. Searching and Sorting Accelerated Folders is now insanely fast.
  6. The conversation “threading” algorithm used for sorting folders by “Thread” has been updated to a more advanced and more useful method.
  7. Prepare for the addition of multi-folder search (coming early Q1 2015).

To Use Accelerated WebMail

Right now, Accelerated WebMail is in “Live“.  You can try it out by logging into the LuxSci Regular WebMail

https://webmail.luxsci.com

Folder access is Accelerated automatically for all users … you do not have to do anything except use WebMail.  Once you access a folder, the acceleration process will start and the folder will be indexed.  This usually takes seconds to a few minutes, depending on just how large that folder is and how busy your email server is.  Once accelerated, the folder stays accelerated and fast unless you do not use it for a long time (e.g. a week for normal folders, or several weeks for your INBOX).

Read the rest of this post »

Does my online form have to be HIPAA Compliant if it doesn’t ask for medical information?

Published: September 29th, 2014

HIPAA FormsFor folks in the medical field, there is often a lot of uncertainty regarding which kinds of web forms need HIPAA compliance and which ones do not.  We often have customers asking if this or that form really needs to be secure or not.

The short answer is that you should probably just make ALL of your forms secure, like like it is best to make all pages of your web site secure, no matter what is on the page.  This instills more trust in your web visitors and as a result results in more business.  It doesn’t take much work to secure your forms, so you might as well just do it for all of them in a clear and consistent way.  Your user’s data will be protected, and they will know that you are looking to make the best choices for them, even in cases where it might not strictly be necessary.  This is a good thing.

Back to the original question….

If you are a medical office, do some forms not need to be secure and HIPAA compliant, depending on what is collected?

Note: the following is suggested advice from LuxSci based on our understanding of HIPAA; however, this should not be taken as legal advice.  We advise you to consult your lawyer for accurate legal advice pertaining to your particular situation.

HIPAA requires that all electronic Protected Health Information (ePHI) be secured to protect the privacy of the individuals identified in the ePHI.  So, as long as either (a) HIPAA does not apply to you, or (b) your form does not collect ePHI, then you do not have to secure the web form.

Let’s look at each of the two criteria so that you can tell if either one may apply to you or your form.

Read the rest of this post »

Supercharged Forms: Complex Form Processing with SecureForm and jQuery

Published: September 15th, 2014

The classical web form is very simple: Customer fills it out and hits submit; the form submits and is processed; the data is emailed to the desired recipient.  Clean, simple, and easy to implement and secure.  Even easier by plugging the form into an existing backend form processor like SecureForm.

Time passes and business requirements get more complicated.  You need your form data to be handled in increasingly varied and complex ways, automatically.

For example:

  1. You need an encrypted copy of the data to be stored in your archival system
  2. Once archived, the data needs to be re-filled into a PDF and emailed to your sales team for review
  3. It also needs to be FTP’d securely to your office server to be ingested into your your office CRM system

Another example:

  1. Your data needs to be submitted and processed as usual
  2. Instead of re-directing to a new page when the submission is complete, you need to simply alter the current page (e.g. remove the submit button and say “Thank you”)

These examples and complex variations on them can all be readily achieved without much effort by combining the swiss-army-knife features of SecureForm and jQuery.

Read the rest of this post »

Alert: September 22nd is the Deadline for Getting Updated HIPAA Business Associate Agreements

Published: September 10th, 2014

HIPAA Omnibus went into effect a year ago and it introduced many new rules that require HIPAA Covered Entitles and Business Associates to enter into new/revised Business Associate Agreements (BAAs) with each other; agreements that properly reference Omnibus and its requirements.

All BAAs entered into before January 25, 2013 were temporarily  grandfathered in and you have until September 22nd, 2014 to enter into a revised contract.  Agreements entered into after January 25th, 2013 must already be compliant.

This is a significant reminder and warning.  Please check the date on all of your HIPAA BAAs and make sure that they are updated

Read the rest of this post »

Maximizing Delivery Speed and Reliability for Large Scale Email Marketing

Published: September 8th, 2014

You need to send millions of messages to your large opt-in mailing list over the upcoming holiday season.  You need these messages to go out pretty quickly and to not get blocked by your recipient ISPs so that the maximum number of your (potential) customers get your marketing messages and thus you can maximize your conversion rates on these messages.

This is a common scenario that we see, often from customers who have been using another provider that is excessively expensive, where delivery is sluggish, and/or where their messages are getting blacklisted or grey listed by their recipient’s systems.

Here we will share with you our standard prescription for solving this delivery dilemma once and for all.  There are multiple important factors involved, each of which will contribute to your success.

Read the rest of this post »

Reliability: How to choose a DNS Service that Shrugs off a Denial of Service Attack

Published: September 2nd, 2014

DNS is a cornerstone of the Internet.  It is the “phonebook” that translates all those domain names, like “luxsci.com” and “google.com” into the addresses of the actual computers that you need to talk to (more details).  Unfortunately, if there is an issue with the DNS for your company’s domain name, then your web site can go offline, your email can stop flowing or bounce, and other bad things can happen.

In addition to having a rock solid email and web hosting service, the reliability of your corporate email and web site depends on your DNS service being always available.  However, for this very reason, attacks on DNS services by hackers are more and more common … we see them or hear about them at least once every few months these days.  How do you prevent these attacks on DNS from crippling your business services?

Read the rest of this post »

TRUSTe EU Safe Harbor Thawte Extended Validation SSL Certificate McAfee Secure Authorize.net Merchant
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries