be Smart.
be Secure.
Phone: 800-441-6612

Are you Minimizing your Risk by using the Next Generation of Opt In Email Encryption?

We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky.  Why? Any mistake or oversight immediately equals a breach and liability.

Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless the sender specifically indicates that the message is not sensitive.  The risk with Opt Out Encryption is very much smaller than with Opt In.  (See Opt-In Email Encryption is too Risky for HIPAA Compliance).

The problem is: many companies use Opt In Encryption because it is convenient when sending messages without sensitive information — you just send these messages “as usual,”  without forethought.  These companies are trading large risks in return for conveniences.

LuxSci has solved the “Opt In vs. Opt Out” conundrum with its SecureLine Email Encryption Service.  You could say that SecureLine enables the “Next Generation” of Opt In Email Encryption — combining both usability and security.

TLS-Only Email Encryption

Email encryption via “TLS” allows email servers to talk to each other securely, transporting all of your email in an encrypted manner, safe from eavesdropping and tampering. (Read: how secure email over TLS works.)

TLS-Only encryption is great because it is seamless and it works, as far as the sender and recipient are concerned, just like regular email.  The encryption is transparent and automatic.

The down sides to TLS-Only are that:

  1. although email is encrypted during transport, it is not encrypted “at rest” (i.e. in the “Sent Mail” folder, in the recipient’s Inbox, and in other backups and storage locations in between), and
  2. not all email providers support TLS yet.

Wide Support: While not everyone supports TLS for email transmission yet, the trend over the last few years has been that all major and most minor providers have added TLS support.  At this time, there are few providers who do not support TLS.  (See: Who does not support TLS? and How to find out if your recipient supports TLS?)

Compliance: While email encryption mechanisms that provide encryption-at-rest are better for compliance laws of all kinds, TLS-Only encryption can also be “OK” in many cases (including HIPAA, GLBA, SOX, etc.).  It all depends on your context, your risk assessment, and what actually gets sent this way.  (See: Is Email Encryption via Just TLS Good Enough for Compliance with Government Regulations?)

Going “Better than TLS”

For highly sensitive information and for folks wishing to minimize risk as much as possible, there are better, more secure ways to send email.  For example, three commonly used alternatives to TLS are: ( 1) the tried-and-true “pick up the message at my secure portal” (a.k.a. “Escrow”) method; (2) encryption using PGP, and (3) encryption using S/MIME.  It is even better when messages sent using one of these methods are also delivered over TLS.

While these methods are more secure, they are also usually more “annoying.”  It would be great if you could save the more-annoying stronger encryption for really sensitive messages, and use the transparent TLS encryption for everything else.  Everything is encrypted, some things are just better encrypted than others.

The Next Generation of Opt In Email Encryption

LuxSci’s next generation Opt In solution is:

  1. Account default encrypts everything using at least TLS-Only.
  2. Additionally, individual senders can opt for better encryption on a per-message basis.

This has all of the advantages of regular “Opt In” without most of the risks and defects.  Anyone using the old style Opt In Encryption scheme with another provider should re-consider their Risk Analysis.

With LuxSci’s Opt In Encryption option:

  1. At minimum, all messages are sent with transport encryption.
  2. In addition, senders can selectively send sensitive messages with better encryption which include both transport and at-rest encryption, as well as an additional layer of TLS in some cases.
  3. A mistake or oversight on the part of the sender never results in a message being sent insecurely — it is not an automatic breach.
  4. Account administrators can also choose to allow senders to “Opt Out” of encryption altogether, if needed.

With the vast majority of email providers supporting TLS these days, most messages can be secured at a basic level without imposing any kind of burden on the recipient.  When sending to recipients using systems that do not support high quality TLS, LuxSci will automatically use some other, stronger, encryption scheme unless the sender has explicitly opted out of encryption by denoting the message as nonsensitive.  The need for such a thing will continue to diminish over time as everyone else catches up and starts supporting TLS.

Note: if TLS-Only encryption is not desired by your organization, LuxSci allows you to disable it and use only the more secure options for all secured messages.

Does your secure email system ensure that every message is encrypted, no matter what?  Are you protected from being in breach due to mistake or oversight? Do you have the option to select stronger encryption methods for the recipients of your email messages “on demand” from WebMail or any email program or device (no plugins needed)?

If the answer to any of those questions is “No” … maybe its time to try LuxSci.

Comments are closed.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries