" New Feature Announcements Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Archive for the ‘New Feature Announcements’ Category

CalDAV & CardDAV: The Keys to Syncing Your Calendar & Contacts

Wednesday, February 6th, 2019

If you use a calendar app to organize your life, you may have noticed that you can add a new event on your phone and it will be immediately updated to your desktop. Likewise, your contacts can also be updated instantly across your devices whenever you make changes.

Have you ever stopped to wonder how this happens?

Unfortunately, it’s not magic, unless you consider the painstaking process of a bunch of engineers sitting in a room and bickering to be magical.

The answer behind what is actually going on will depend on which system we are talking about, but some of the most common underlying protocols for syncing are CalDAV and CardDAV.

Calendaring Extensions to WebDAV (CalDAV), and vCard Extensions to WebDAV (CardDAV) are Internet Standards that are frequently used to sync calendars and contacts, respectively. They are both based on the HTTP extension, WebDAV, which enables clients to remotely edit documents on a web server.



What Does CalDAV Do?

To understand what CalDAV does, let’s first discuss one of the main problems that led to its development. Let’s say you’re a businesswoman in 1995. You have a secretary who normally handles your scheduling, but you run into an old friend on the street.

You have a quick conversation and then, knowing that you have the night free, you agree to meet up that for dinner. The problem? Just minutes before, your secretary had scheduled drinks with your superiors at the exact same time.

When you see your secretary a little while later, you find out that you have been double-booked and face the difficult decision of either ditching your friend or skipping the business drinks, which could lead to numerous career opportunities.

The real issue here is that previous systems just weren’t reliable enough to make real-time changes to your schedule. Well, what if a current version of your schedule could be accessed at any time from anywhere?

This is what CalDAV can give us. There is a range of other calendar systems that perform similar functions, but CalDAV is an interoperable standard that is now used in a range of calendar applications.


Where Is CalDAV Used?

Some of the most common clients that use the CalDAV standard include:

    • iCloud Calendar (i.e., iOS and macOS)
    • Google Calendar
    • Windows 10 (for integration with both iCloud and Google’s calendars)
    • Open Sync (an open source Android synchronizer)
    • BusyCal
    • Many other apps for mobile and desktop

There is also a range of third-party applications that support CalDAV and make it easy to use on systems like Windows.

At LuxSci, we also offer CalDAV synchronization as part of our HIPAA-compliant secure email. Our setup makes it simple for users to access, share and update their calendars across their devices. On top of this, our CalDAV solution also comes with our security-first approach. Your calendar is guarded by TLS and can only be accessed with your password, meaning that only authorized individuals have access to your data.


How Does CalDAV Work?

To understand CalDAV and how it can update in real-time, we have to think about where the calendar is actually stored. Is it stored on your computer? On your phone? In the ether? Or is it somehow simultaneously stored everywhere?

The answer is that your calendar is stored on a remote server. This provides a central hub that gives your devices up-to-date information.

If someone wants to schedule something on your calendar, they can perform queries to find when you have free time available. The owner of a particular calendar can set their own security levels, as well as nominate who can make changes to their calendar. Since CalDAV is an interoperable standard, it can do this between organizations and across a range of different types of software.


What Does CardDAV Do?

As you might have already guessed, CardDAV allows people to keep their address books and contact information updated in real-time and across all of their devices.

With CardDAV, you can alter the personal details of a contact on your phone and the same changes will be made on your computer, without you having to do anything else. Its interoperable nature makes it easy to sync contacts between a variety of different platforms, saving you the hassle of doing it manually.


Where Is CardDAV Used?

Some of the most common clients that use the CardDAV standard include:

    • iCloud Contacts (i.e., iOS and macOS
    • Google Contacts
    • Windows 10 (for integration with both iCloud and Google’s contacts applications)
    • BusyContacts
    • Many other apps for mobile and desktop

Third-party applications can also be used to integrate your contacts into platforms that don’t natively support CarDAV.

Just like with CalDAV, CardDAV synchronization is also a part of LuxSci’s HIPAA-compliant secure email. This makes it easy for you to sync your contacts, all with LuxSci’s renowned approach to security keeping your information safe.


How Does CardDAV Work?

Since we have already introduced CalDAV, which is similar in a number of ways, much of the mystery behind CardDAV is pretty easy to figure out. Once again, your address book is kept on a remote server. When updates are made from your phone or computer, the changes are put through to the server, which keeps all of your other devices in sync.

The CardDAV standard makes it much easier to keep your contacts in order and up-to-date. Without it, we’d either be faced with the arduous task of constantly editing our own address books or having to deal with confusing address books that are filled with duplicates and errors.

The Government Shutdown’s Impact on Cybersecurity

Thursday, January 31st, 2019

The Federal Government shutdown put a halt to many government processes and threw the lives of many of its workers into turmoil. But it also had an effect on the nation’s cybersecurity, causing damage that could last well into the future.

Many national security employees were working without pay and other departments were operating with significant cuts to their workforces. While many of the organizations that normally battle cybercrime were operating at reduced capacities, the threat level remained just as high. This led to a number of potential cybersecurity issues.

government shutdown impact on cybersecurity

Disruptions to Criminal Investigations

The government shutdown caused significant problems for federal cybercrime investigations, which could have long-term impacts. KrebsonSecurity quotes an anonymous federal source who said that the shutdown was “a giant distraction and people aren’t as focused.” The same source also said that there was no money for travel budgets and important meetings had been delayed, which prevented cases from moving forward.

The shutdown also cut off funding for confidential human source payments, which are payments to sources that provide intelligence which is used to protect the U.S.. Without these payments, the intelligence stopped coming in, putting the nation at risk. Similarly, the FBI could no longer make payments to informants for ongoing investigations, which was detrimental to its cases.

The shutdown also affected the Justice Department’s ability to hand out subpoenas and warrants. An article in Data Breach Today quoted an agent about how it impacted their work.

“As a result, only ’emergency’ subpoenas are being issued, and any ‘non-emergency’ subpoenas will not be processed until after the shutdown. This is causing affected [sic] investigations to be put on hold until the shutdown ends.”

Subpoenas and warrants are critical for many federal cybersecurity investigations. Without them, cases cannot proceed. Since many investigations are time sensitive, this interruption caused a series of problems

The Shutdown Makes Federal Work Less Appealing

Many people work for government agencies because they perceive the jobs to be more stable than the private sector. Frequent government shutdowns and the suspended payments that come with them begin to make federal employment seem far less appealing.

According to the anonymous source quoted in KrebsonSecurity, the shutdown has caused many individuals to either retire or seek other employment.

“The talent drain after this is finally resolved will cost us five years. Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”

Hiring new agents was not so simple, because the clearance process had also been interrupted by the shutdown. Even if they could have been hired, the shutdown has likely made government opportunities seem far less attractive, which could lead to less-skilled applicants in the future.

NIST & CISA Operated at Minimal Capacity

Most of the National Institute of Standards and Technology’s (NIST) workforce was furloughed, meaning that the agency was no longer making progress on its documentation and other initiatives. During this period, its website was no longer being updated, preventing the latest developments from reaching security professionals.

The Cybersecurity and Infrastructure Security Agency (CISA) had its staff reduced from 3,431 employees to 2,008. CISA is responsible for securing the nation’s critical infrastructure, so such a dramatic cut represented a significant vulnerability in the nation’s overall security.

Security Certificates Expired on Government Websites

The shutdown also led to the expiration of many government website security certificates. According to Netcraft, the number was up to at least 130 by January 16, but it could have been higher.

This was an issue because many browsers discourage users from visiting sites that have expired certificates. This could prevent many people from accessing government information and services

Who Was Monitoring & Maintaining Government Systems?

With such huge proportions of the federal workforce furloughed, it is likely that many essential monitoring and maintenance processes were being overlooked or performed poorly. If there were fewer workers to analyze logs and alerts, then its possible that serious threats may have been missed. There is also a chance that the backlog of alerts could cause some critical events to be overlooked.

The shutdown could also have prevented regular maintenance from taking place. Unless auto-updates were in place, these systems would have been vulnerable to the latest flaws.

Online threats stay just as high even when these agencies are operating at a limited capacity. Because of this, it’s likely that such a long shutdown could have caused long-lasting damage to the nation’s cyber health.

What is a HIPAA Compliant Server?

Tuesday, July 24th, 2018

You cannot achieve overall HIPAA compliance if you don’t use a server that ensures the confidentiality, integrity and availability of your organization’s protected health information (PHI). You have the option to use a cloud server, and given the buzz around the affordability and convenience of cloud computing solutions, you may want to take a closer look at this option.


What is a cloud server?

Cloud computing involves maintaining information on a remote server (in “the cloud”), and accessing the information over the internet rather than storing it on a local hard drive. What, then, is a “cloud server”?  A cloud server is a “server on the internet somewhere.”  Often instead of using an entire physical machine, it is more cost effective to install special software on the physical machine that allows it to run one or more separate and independent “virtual servers.”  E.g., a virtual server is like an apartment and the physical machine is akin to the apartment building.  If you own the physical server and all the virtual ones, then you have a “Private Cloud” … where you are in control of everything.  If you only own a virtual server and someone else (like Amazon) is in charge of the physical server and allows other people to rent virtual servers on the same machine, then you are in the “Public Cloud” (i.e., you are just a tenant and not a landlord!)

Read the rest of this post »

HIPAA Business Associate Agreement: Do I Need One?

Thursday, July 12th, 2018

A business associate (BA) is an individual or an entity who could come in contact with protected health information (PHI) by providing services to or performing activities on behalf of covered entities. Your employee is not a business associate, but your web host, email encryption service, billing company and lawyers could be, and these are just four examples. BAs of BAs (BA’s contracting with your vendors) further extend the chain.

Not all entities that access PHI must be business associates. For instance, the cleaning company that disposes trash from your office does not qualify as a business associate even though there is a possibility of the cleaning crew coming in contact with identifying patient information in dustbins or laying on FAX machines or desks (though if they do, then your employees did not manage the PHI properly). However, it is important to have a clear reporting mechanism in place where cleaning company workers can alert a point person in your office when they come across PHI.

Business associate agreement do I need one?

The Omnibus Rule provides multiple categories of business associates, including health information organizations (HIOs), anyone offering personal health records to individuals on behalf of covered entities, and covers a variety of service categories such as data aggregation, accreditation, actuarial and administrative services dispensed to a covered entity provided such services involve the disclosure of patient health information. Use this link for more information on business associates.

Read the rest of this post »

GDPR: LuxSci Privacy Policy and Terms and Conditions Changes

Wednesday, May 23rd, 2018

On the 25th of May 2018 a new data protection law, the General Data Protection Regulation (GDPR), will take effect in the European Union. The GDPR aims to strengthen the data protection and privacy for all individuals within the EU and brings with it the most significant changes to data protection law in two decades. Based on privacy-by-design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Gdpr Protection Business Regulation General

To ensure that LuxSci is ready for the GDPR, we have updated our Privacy Policy and Master Services Agreement (MSA) to comply.  There is now a “GDPR Data Privacy Addendum” to our MSA that is automatically included in all contracts with existing and future customers and which, together with LuxSci’s participation in and certified compliance with the EU-US Privacy Shield,  provides the required contractual framework for ensuring that our customers are GDPR compliant when using LuxSci as a data processor.   The changes to LuxSci’s privacy policy and MSA are effective as of May 23rd, 2018.

Read the rest of this post »