We at LuxSci are always being asked questions about various email programs and their usage. With HIPAA compliance becoming more and more important, we get a lot of inquiries regarding secure email. One of the most frequently asked questions is how to install S/MIME security certificates in various email programs that our servers support. Sometimes finding instructions on installing security certificates in various email clients is difficult, even with the help of search engines. To make your search easier, we have complied instructions for several of the the major email clients:
The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that
no one but you (or optionally your authorized staff) can intercept or read the information,
the information is never stored insecurely anywhere
the information cannot be modified without your knowledge
Why would this high level of security and privacy be necessary? There are many cases where they are essential; some of these include:
You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?
This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.
Information Security and integrity are becoming more important as we use email for personal communication and business. While you are reading this article imagine how security problems can affect your business or personal life…. if they have not already.
We recently discussed email security for accountants and mentioned that the use of password-protected files is not usually a very good solution for meeting data privacy needs. After writing this and getting some feed back, we thought that the issue of password-protected files really deserves some further discussion. Many people are under the assumption that if they use the “password protection” features of whatever software they are using, that their data is safe and secure. However, this is not necessarily the case. Why?
Using password-protected files to secure data is fast and easy and built into many applications. Why not use it? Certainly, password protecting files is much better than not doing so. However, there are several things that determine how secure these “protected” files really are.
Doctors and medical professionals are feeling a growing pressure to get their business online (i.e. even use of electronic prescriptions is being pushed). This includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients. If doctors can show that they are using digital systems with their health care practices in a meaningful way by 2011, they may be eligible for some serious money (part of the proposed stimulus package — the Health Information Technology for Economic and Clinical Health Act (HITECH)).
However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. So, what do these requirements mean and how can HIPAA be followed in the context of a website?
As an email hosting service, we at LuxSci are frequently asked about email clients. We would like to share with you of our expertise and opinions about the most popular email clients. We’ve created a quick guide to email programs that includes an explanation of the client, its major features, and what makes it stand out.
LuxSci has had many requests from clients who have to communicate with various banks and other security-conscious organizations asking that LuxSci "enforce the encryption of email when sent to those organizations’ email servers via TLS". This is such a common request, that I wanted to explain what it means, why it is good, how LuxSci does this by default, and the extra step that LuxSci can take to lock down things even more for you.
SecureLine is a new service provided by LuxSci that allows its users to easily send and receive secure email messages to and from anyone on the Internet who has an email address - no matter what kind of email software or service that correspondent has and no matter how insecure that correspondent’s current email services are!
SecureLine enables you to easily meet HIPAA (The Health Insurance Portability and Accountability Act) and other communication security regulations and policies and it enables account administrators to optionally require that all users employ SecureLine and thus participate only in secure communications.
In order to meet the combined goals of ease of use, maximum security, and communications with anyone, anywhere, SecureLine seamlessly integrates two distinct modes of secure email communications: SecureLine Escrow and SecureLine PKI.
SecureLine Escrow: For secure communications with anyone, anywhere, you can use “SecureLine Escrow”. When composing an email for escrow, the SecureLine-enabled sender will provide an authorization question and answer; something that is confidential and known only to the sender, recipient, and other authorized people. When sent, the secure email message is encrypted and stored in a special “escrow” database at LuxSci. The recipient receives an email notification with the password to the secure message. The recipient then follows a provided link to the “Escrow Portal” to pick up the secure message and to optionally securely reply back to the sender. In order to access the Escrowed message, the recipient needs both the password from the notification email and the answer to the sender-provided authorization question. Thus, SecureLine Escrow allows simple secure communication with anyone who has an email address.
SecureLine PKI: For secure communications with other users of SecureLine and with other people on the Internet who have compatible secure email services, LuxSci’s SecureLine also supports a Public Key Infrastructure (PKI) compatible with the S/MIME (Secure MIME) and PGP (Pretty Good Privacy) Public Key technologies. In a public key system, the encrypted message content is sent within the email message to the recipient, instead of being placed in escrow for later retrieval; the recipient can easily decrypt and read such secure messages from within his/her usual email program or WebMail. This mode of operation is more flexible and more like normal email usage than the “Escrow” system; however it requires that the recipient be another SecureLine user or someone who utilizes PGP or S/MIME email encryption technologies.
To read more about SecureLine, what features it provides and how exactly it is extremely easy to use, see the SecureLine description.
by Berislav Kucan; reproduced with permission from Help Net Security
Erik Kangas has a Ph.D. in theoretical physics from the Massachusetts Institute of Technology and is currently President of Lux Scientiae, Incorporated, an Internet services and consulting company based in Boston, Massachusetts. In the interview, Dr. Kangas talks about his company, email security services and the state of secure messaging.
"Internet email, Internet instant messaging, and mobile short text messaging are related in that they enable communications by pushing messages from sender to recipient over generally insecure networks. The security issues and vulnerabilities inherent in all three modes of communication are also very similar. This talk will review standard security threats associated with electronic messaging in general, and their common remedies including symmetric and asymmetric key encryption, digital signatures, and message authentication codes. Next, a detailed exposition of the security vulnerabilities inherent in all phases of Internet email delivery will be examined and solutions such as S/MIME, Authentication, and Transport Layer Security (TLS) will be discussed. After a brief look of the serious issues involved with public Instant Messaging services such as AOL Instant Messenger, Yahoo! Messenger, and ICQ, the Short Messaging System (SMS) over the Global System for Mobile Communications (GSM) will be examined. We will review the current security protocols used by GSM and identify the vulnerabilities to SMS. Finally, several ways that GSM or SMS could be extended or modified to ensure the security and privacy of SMS messages, even in a multi-vendor mobile environment, will be proposed."
We at LuxSci are always being asked questions about various email programs and their usage. With HIPAA compliance becoming more and more important, we get a lot of inquiries regarding secure email. One of the most frequently asked questions is how to install S/MIME security certificates in various email programs that our servers support. Sometimes finding instructions on installing security certificates in various email clients is difficult, even with the help of search engines. To make your search easier, we have complied instructions for several of the the major email clients:
The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that
You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?
We recently discussed 
Doctors and medical professionals are feeling a growing pressure to 
Receive automatic updates via email:
