LuxSciLuxSci
be Smart.
be Secure.
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Is Email Encryption via Just TLS Good Enough for Compliance with Government Regulations?

Published: August 24th, 2015

There are many ways to encrypt email, TLS being the simplest and most seamless.  With SMTP TLS (the use of TLS encryption to secure the “SMTP Protocol” used for the transmission of email between computers), messages are transported between the sender, recipient, and all servers securely.  TLS is a layer that fits seamlessly over “regular email” to ensure transport email encryption when supported by both the message sender and the recipient.  With SMTP TLS, sending a secure message works and feels the same as sending any other email message.

“It just works.” That is the ideal combination of security and usability.

SMTP TLS for Email Encryption

However, SMTP TLS only solves the problem of email encryption during transmission from sender to recipient.  It does not in any way secure an email message while it is at rest, whether while in the sender’s “sent email” folder, queued or backed up on the email servers of the sender or recipient, or saved and stored in the email recipient’s folders.  While SMTP TLS is really easy to use, it is important to consider if use of SMTP TLS alone is “good enough” for companies to comply with the many U.S. government laws which apply to email.

When it  is “good enough,” organizations may opt for the seamless simplicity of TLS over the added complexity of other modes of secure email communication.

In this article, we shall examine the security afforded by SMTP TLS and compare that to other modes of email encryption such as PGP, S/MIME, and Escrow (i.e. picking up your message from a secure web portal).  We shall then look at many of the most important laws (HIPAA, GLBA, Sarbanes-Oxley, SB1386, NASD 3010, FRCP, SEX 17a-4, FINRA, and PCI DSS)  to see what is said or implied about using “Just TLS” vs. other, stronger forms of encryption.  We won’t spend a lot of time explaining each law; if you are interested there are innumerable articles on the web for that.  We  focus only on what they say or imply about encryption for email transmission and storage.

The short answer is that many of these laws outline various requirements for email storage, archival, and retrieval for legal proceedings without specifically delineating requirements for the encryption of those messages.  So, use of TLS is just fine with respect to those.

For PCI compliance, avoid email if at all possible; however, if you must use email for sending credit card data, “Just TLS” is not sufficient.

For the rest, the burden ends up being on each individual organization to decide for itself the level of encryption appropriate to protect sensitive data.  Use of encryption methods that provide protection for data at rest can mitigate liability in the case of a breach, but they are not mandated.  There are also ways of protecting data at rest that do not involve more onerous methods of email encryption.

Indeed, your internal risk analysis may find that “Just TLS” is best in some cases and methods that provide explicit data-at-rest email encryption are warranted in others.

Read the rest of this post »

7 Ways You Could be Unknowingly Violating HIPAA

Published: August 14th, 2015

Non-compliance with HIPAA can easily lead to unintended breaches where data is exposed to unauthorized parties.  This can be very expensive!  The cost of a breach depends on your degree of negligence; it ranges from $100 to $50,000 per violation (or per data record).

You don’t want to be caught in a situation where inaction, neglect, or lack of knowledge can result in unintended breaches.  Many small and large organizations are often unknowingly using systems in a way that is either already in breach or which results in frequent sporadic breaches.

Check your organization!

If any of the following scenarios apply to you, it is worth bringing them up the person responsible for compliance (your HIPAA Security Officer) to include in your mandatory yearly Risk Analysis.  Is the risk of breach worth continuing with “business as usual?”

Read the rest of this post »

End of Life for LuxSci Internet Explorer 8 on XP Support

Published: August 2nd, 2015

As of November 1st, 2015, LuxSci will no longer support Internet Explorer versions 8 and below on Windows XP.  We will still support Internet Explorer v8 on Windows Vista and above (for a while).

What will be the effect of the dropped support?  Sometime after November 1st, 2015, users of Internet Explorer 8 on XP may no longer be able to connect to LuxSci.com or any web sites hosted by LuxSci, due to its lack of support for modern Internet security and usage features.

For customers who still use Internet Explorer 8 on XP, we recommend installing the latest version of FireFox or Google Chrome, as these will work fine even on very old operating systems, such as Windows XP, and will provide support for features we are enabling, which Internet Explorer 8 on XP does not support.

What is actually changing?

LuxSci will be making 2 changes after November 1st:

Read the rest of this post »

Interview with Mark Jeftovic, CEO of easyDNS

Published: July 24th, 2015

LuxSci has been partnered with easyDNS to provide DNS and domain registration services to its customers since 1999. Due to our sales volume, we have an “Enterprise DNS” portal that both LuxSci Support and its clients can access to manage their domains. LuxSci has stuck with easyDNS for all of these years due to their excellent support, the high quality of the DNS services, and the friendly and helpful attitude of easyDNS management. LuxSci also believes that by partnering with easyDNS, we are able to provide our clients with the best and most robust DNS services available. This is mission critical, because if your DNS is down, so is your business.

Read the rest of this post »

Query the LuxSci API for Email Sending and Delivery Status Reports

Published: July 16th, 2015

LuxSci’s API has been expanded to enable automated queries for reports of:

  1. What messages have been sent from SMTP and/or WebMail
  2. The current delivery status (tracking) of these messages
  3. Feedback loop notices for these messages
  4. The history of SMTP login failures and sending failures due to sender usage problems

All of these reports are available at the account level (e.g. to download information for one or all users in an account) and at the user level (where someone using the user API can query data about his/her own sending activity).  Each API request can return up to 50,000 matches or 50MB of data and you can easily submit multiple queries to “page” though very large result sets.  The queries support refinement by date range, customization of the number of matches returned at once, and include report-specific search capabilities so that, for example, you could find only message sent to a particular person or which have a particular delivery status.

These reports are available to all customers — business email, dedicated, and High Volume email sending.

Read the rest of this post »

Receive & Collaborate on Secure Form posts via Secure Chat

Published: July 7th, 2015

LuxSci is proud to announce the integration of SecureForm and SecureChat.   SecureForm allows you to securely capture and process post from your web site and PDF forms.  SecureChat provides secure real-time communication and collaboration between people on mobile and desktop devices.  E.g. a secure replacement for texting that incorporates collaboration, archival, and compliance.

Now, SecureForm users can have their form post data sent securely to anyone’s SecureChat account (in addition to having the option of sending data to MySQL databases, secure email, secure FTP, and secure online file storage):

Read the rest of this post »

SecureForm: API and Auditing Updates for Database Storage

Published: June 16th, 2015

Your web and/or PDF forms can securely delivery data to you in many ways using LuxSci SecureForm.  One of these ways, saving all of your form post data to a hosted database, is now even more useful:

  • Data can be downloaded and/or deleted using LuxSci’s API
  • Row-level Audit trails are now explicitly maintained or access to database-stored data

Form Database Access using the LuxSci API

LuxSci’s API enables SecureForm customers to manage form posts stored to hosted MySQL databases.  In particular, this makes audited access to stored (and encrypted) data simple, does not require any SQL knowledge, and permits you to determine if access is read only or read and delete.

Read the rest of this post »

LuxSci as SMTP Relay for Gmail = LuxSci Encryption for Google

Published: June 8th, 2015

Gmail and Google Apps users can route their outbound email through LuxSci to take advantage of SecureLine email encryption, which enables HIPAA compliant sent messages, plus LuxSci’s extensive outbound email management tools.  If you prefer the Google interface or need to use it for some reason, but require encryption and/or compliance, you can meet your needs by adding on LuxSci.

Google Apps

Read the rest of this post »

Switch from Adobe Form Central and have Secure Forms with No Programming

Published: June 3rd, 2015

LuxSci SecureForm and FormBuilder enabled you to create web forms and receive your form submissions in any way you like — email, sftp, online storage, mysql, etc.  No programming needed, no web site or hosting needed, we can take care of it all for you.

Why LuxSci SecureForm?

Read the rest of this post »

Email Delivery: How do you know if they got your message?

Published: May 18th, 2015

You just sent an important business communication via email and assume all is well … but what if that email was not received?

How do you know?  There could be significant delays or consequences if the message was not delivered.  What can you do to put your mind at ease?

Read the rest of this post »

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries