How Secure Is Your Email Provider?

March 26th, 2019

Most people don’t put a lot of thought into the security of their email. As long as it sends and receives messages without overloading them with spam, it seems to be enough, right?

Well, that depends on what you use your email for.

If you only use it for reading chain letters from your aunt and skimming through the newsletters from your favorite organizations, then you might not have much to worry about.

But very few people use their email in such a limited manner. It’s often used as a second authentication factor for other accounts, many people get their bank statements sent to them via email, and others use it to talk about critical work details.

That’s not to mention the countless other pieces of sensitive and valuable information that people communicate over email each day.

If you use your email for any of the above, then you need to think twice about your email’s security.

Why?

Because email is inherently insecure.

Without additional protective measures, the plaintext of your emails can easily be intercepted by attackers.

That’s right. Someone could have seen your online banking passwords that time you emailed them to your husband. A hacker could have read that message you sent to a friend where you called your boss every bad name in the book, then used it to blackmail you. An attacker could even receive the link to reset your password and use it to hijack your account.

If that’s not bad enough, your messages can also be modified or deleted in transit. And this is just the tip of the iceberg when it comes to the security and privacy issues that surround email.

Let’s look at some of the particular problems associated with some of the world’s most popular email providers, Gmail and Outlook:

Gmail

Thankfully, in 2017, Google announced that it would no longer be automatically scanning emails for advertising purposes. It’s good news that they are no longer diving through their customers’ messages with their tools. However, third-party apps that are installed on people’s devices can still be configured to scan through emails instead.

So maybe Google isn’t going through your messages any more, but there is the potential that other companies are.

Messages are encrypted within Gmail’s systems and when traveling to some of the major email providers. However, this all depends on the recipient’s email provider, and some providers may not offer TLS encryption. This means that a message may travel part of the way as cleartext.

When you add in Google’s strong history of collecting as much user data as they can, it’s safe to assume that Gmail is not the best option for those who are privacy conscious.

Outlook

Outlook does offer configuration options to send completely encrypted email, but it is not set up by default and can easily be misused. It operates under a different funding model to Gmail, so one positive aspect is that it hasn’t been as rife with privacy issues as Google’s offering.

While it is possible to sign a Business Associate’s Agreement with Microsoft, Outlook isn’t really set up to be HIPAA-compliant, so using it for your HIPAA needs can be very dangerous.

Looking for a Provider that Takes Your Email Security Seriously?

None of the major providers make it easy to be HIPAA compliant, nor are they designed with your security needs in mind. These organizations are also huge targets for hackers and they have massive attack surfaces that they need to defend. All of them have had a number of serious data breaches over the years as well.

LuxSci is a security provider that specializes in HIPAA compliance, and keeping our customers safe is one of the foremost design objectives in all of our services. That’s why we’ve tailored our secure email service to offer completely encrypted email in a number of different ways, including TLS, portal-pickup, PGP and S/MIME.

We also offer a range of configuration options that make it easy to prevent user errors, such as opt-out encryption.

If you really care about your email’s security, then you should be choosing a provider who prioritizes it at the core of their service, rather than a mainstream competitor who has only tacked it on over the years after countless damning media reports. Keep your messages safe with LuxSci.

Want to discuss how LuxSci’s HIPAA-Compliant Email Solutions can help your organization?  Contact Us