" email security Archives - LuxSci

Posts Tagged ‘email security’

New Feature: Secure Email Tagline

Thursday, June 23rd, 2022

LuxSci is introducing a new email tagline feature to inform recipients that email messages are secured. This helps build trust and increase confidence with less tech-savvy recipients who do not understand how email encryption works.

secure email tagline

TLS Encryption

TLS encryption is now widely supported by the most popular email providers. As a result, more organizations are choosing to send emails containing sensitive data with TLS encryption. There are a few reasons for this:

  1. TLS encryption is permitted under HIPAA and most compliance regulations.
  2. It’s easier to use and does not require recipients to log in to portals to access their messages.
  3. The open and response rates are higher on TLS encrypted messages.

However, using only TLS to encrypt emails can be confusing to the laypeople receiving them. While it’s easy to use and “invisible,” that can be concerning when transmitting sensitive information. If it looks like a regular email, recipients may be concerned that the organization does not care about the security of their personal information. This perception can negatively impact the business and dissuade people from using digital channels.

Introducing a New Email Tagline

For these reasons, all Email Hosting, Secure Connector, Secure High Volume Email, and Secure Marketing customers who send emails encrypted via SecureLine will have a small tagline at the bottom of the email that indicates the message is secure. It looks like this:

message secured by LuxSci tagline

This tagline builds trust and lets the recipient know that the company has taken steps to secure sensitive data. If you are an existing customer, visit your email settings or contact Customer Support to enable this feature. New customers will automatically have the tagline enabled when sending SecureLine encrypted emails.

HIPAA-Compliant Email Hosting or Outbound Email Encryption?

Tuesday, January 25th, 2022

There are many ways to protect ePHI in email. HIPAA is technology-neutral and doesn’t make specific recommendations for how to protect email communications. This article explains the difference between a HIPAA-compliant email host and an email encryption gateway. These are just two of the options for securing email accounts.

email encryption

Read the rest of this post »

5 Ways to Prevent Human Impacts on Your Cybersecurity Program

Tuesday, October 12th, 2021

There are multiple ways that humans impact cybersecurity and can put data at risk. From being tricked by phishing emails to choosing easily guessed passwords, insider fraud and mistakenly classifying the security level of emails and other content, the actions of your employees can make your data vulnerable.

While the impact of human errors can’t be eliminated entirely, there are steps that can be taken to minimize the effects humans can have on your cybersecurity. Five of these steps are detailed below.

prevent human effects on cybersecurity

1. Adopt an “Opt-out” approach to encryption

At LuxSci, our philosophy is to limit risk by taking basic security choices out of employee hands. Instead of relying on employees to encrypt emails with sensitive contents, we automatically encrypt every message by default. This makes it more difficult for an employee to carelessly send out sensitive emails without the proper safeguards.

Conversely, when taking an opt-in approach to cybersecurity, employees are responsible for remembering to encrypt each email before sending. Anytime an employee forgets to take this step, it represents a potential security breach with all the liability that entails. Adopting an opt-out approach to encryption reduces this risk significantly. While many companies use opt-in processes because of their convenience, they introduce a high degree of risk. LuxSci’s SecureLine encryption technology enables a new generation of email encryption that features both flexibility and security.

2. Implement strict email filtering and network firewalls

Are you familiar with the aphorism “an ounce of prevention is worth a pound of cure”? By taking steps to prevent malicious threats from reaching your systems and networks, your employees will not have to spend their time trying to figure out what is a threat.

Email filtering

Phishing is one of the greatest threats to cybersecurity. Rather than relying strictly on human judgement with regard to which emails to open, using a sender policy system that filters or flags suspicious incoming emails can appreciably improve cybersecurity. Don’t count on your busy employees to know when an email is suspicious. Instead, use email filtering to keep those emails from even entering their inboxes.

Network firewalls

Firewalls help prevent attackers from gaining easy access to your network. They prevent suspicious connections or messages from connecting to the network or reaching their intended destination. By serving as a first line of defense, a firewall plays a major part in shielding your network from cyberattacks. By preventing external threats from accessing your applications, you don’t need to count on your employees to recognize when something isn’t right.

3. Prevent human impacts on cybersecurity by training staff

Almost every modern workplace relies on internet-connected devices to get work done. However, just training staff to use your technology effectively is not enough. With cyberattacks growing in frequency, keeping your staff aware of the latest cybersecurity threats is essential to protect your business. With data breaches, denial-of-service (DoS), and ransomware attacks accounting for tremendous financial losses, failing to prepare your staff for the danger these attacks pose to your IT operations can be costly.

Your employees can prevent security breaches if they are properly trained in the latest cybersecurity best practices. Some complex security breaches can evade even the best automated security measures. If your staff knows what to look for, they can play a crucial role in augmenting your existing security measures.

In addition, hackers often target employees as their first access point for gaining entry to a network. As a result, restricting cybersecurity training to just the IT department can leave your employees vulnerable to social engineering, phishing emails, and other exploits used by hackers to dupe them.

A cybersecurity training program can help reduce risks by familiarizing employees with the tricks used by hackers to gain access to their accounts. As part of the training program, it’s important to test employees on core concepts to ensure the message is retained.

4. Enforce strong password and access control policies

To reduce the risk of security breaches, a robust password protection program is necessary. One of the key elements is enforcing password complexity. Simple passwords are vulnerable to brute force hacking, enabling hackers to easily access employee accounts.

Requiring staff to use unique, complex passwords makes it much harder for hackers to gain access to an account. A complex password can include multiple types of characters (numbers, letters, capitalization, special characters) and minimum character lengths. Learn more about creating secure passwords in our blog archives.

Multi-factor authentication (MFA) is another key element of a robust security policy. By requiring more than a single action to access an account, you can drastically cut down on security breaches due to lost or stolen passwords. Given that compromised passwords are a significant cause of security breaches, using MFA is a powerful tool for bolstering network security.

In addition, setting up time-based access controls for your sensitive systems can prevent bad actors from gaining unauthorized access. For example, if you have an employee who works a 9am-5pm shift, you can prevent her from accessing the system from 6pm-8am. That way if a bad actor did get her credentials, they would be unable to login when she was offline. This could prevent someone from taking over your systems overnight.

5. Adopt the Zero Trust security stance

What is Zero Trust Architecture? Essentially, it is a policy for guarding against cyberattacks by assuming that every aspect of a network is subject to attack. This includes potential insider threats from employees or attackers who have infiltrated your network. This contrasts with other security approaches that assume that traffic within a network’s security perimeter can automatically be trusted. Instead, Zero Trust Architecture minimizes the security perimeter as much as possible to reduce the chance of a security breach and evaluates the credentials and actions of users at all levels of access to identify any actors inside the network who may pose a threat.

By providing a more granular level of threat detection and limiting access within the network, a Zero Trust security approach is more rigorous than existing security models focused primarily on perimeter security.

ZTA improves security without imposing unduly burdensome requirements. It gives users access to just the minimum level of data and services needed to fulfill their role. This can help stop insider threats from employees. If a lower-level employee with little access to sensitive data has their credentials compromised, it is less threatening to the organization’s data security. The attacker will not be able to penetrate other parts of the network without additional identity verification.

Limiting human impacts on your cybersecurity to decrease risk

Humans can amplify cybersecurity risks in many ways. Between careless mistakes and intentional sabotage, there are a number of things that employees can do to expose your company to cybersecurity risks. The steps listed above comprise a comprehensive set of measures you can take to minimize negative human impacts on cybersecurity. In conjunction with a robust security solution, these measures can significantly enhance your cybersecurity defenses.

Secure your organization by contacting us to find out how to get onboard with LuxSci.

When Should You Use An Email Encryption Gateway?

Tuesday, September 14th, 2021

An email encryption gateway is a great way to protect sensitive emails for HIPAA compliance. You probably know just how important encryption is for sensitive data, as well as information that is protected by law, like ePHI. However, embracing these protections can sometimes be challenging. Gateways that rely on opt-in encryption put your company at risk, because employees may forget to encrypt protected health information.

Email encryption gateways like LuxSci’s Secure Connector automatically encrypt all outgoing emails, drastically reducing the risk of breaches caused by human errors.

email encryption gateway

What Is An Email Encryption Gateway?

By default, email is incredibly insecure. Protecting it requires additional effort, and it is easy for employees to make mistakes. The main purpose of an email encryption gateway is to encrypt outgoing emails. Some common ways to trigger encryption are:

  • by using keyword prompts
  • pushing a button or switch to enable encryption
  • using content scanners to encrypt emails according to administrator settings.

LuxSci’s Secure Connector automatically encrypts every email message using TLS encryption for a seamless delivery to recipient accounts. LuxSci’s solution allows you to choose the right type of encryption to suit your email use cases. For example, you may want to send highly sensitive messages like patient lab results using a more secure form of encryption like Portal Pickup to protect patient privacy. Not every gateway can provide that level of flexibility so it’s important to understand how you want to use the tool when shopping for a solution.

When Should You Use An Email Encryption Gateway?

There are several situations when using an email encryption gateways is appropriate. These include:

Email Encryption Gateways For Microsoft 365 And Google Workspace

One of the most useful applications is for businesses that use Microsoft Office 365 or Google Workspace. These extremely popular email platforms do not come automatically configured for HIPAA compliance. To make Google Workspace HIPAA-compliant, you must use a third-party encryption tool to secure your emails. Microsoft Office 365 has an encryption add-on option, but it can be difficult to configure and cumbersome for your email recipients.

LuxSci’s own email encryption gateway Secure Connector works with both Google Workspace and Microsoft Office 365 and is simple to configure. All it requires are LuxSci smart hosting accounts for your Google or Microsoft users. For example, if you have 20 users for your company’s domain in Microsoft, you would simply need LuxSci accounts set up in the same domain for those 20 users.

Once the user accounts are configured and smart hosting is enabled in Google or Microsoft, the outbound email for all of these users will flow through LuxSci’s Secure Connector. Every outbound email will be automatically encrypted, without the user noticing or having to do anything. This setup can help your organization meet its HIPAA obligations without having to switch email hosting providers.

Email Encryption Gateways Can Solve A Wide Range Of Problems

While one of the most popular uses of LuxSci’s Secure Connector is for automatically encrypting outbound email for Google and Microsoft, this has much to do with the ubiquity of these services, rather than the limitations of email encryption gateways.

LuxSci’s Secure Connector can also solve the following problems:

  • An ISP does not allow your mail server to send outbound email, or limits the number of outbound emails to a set quantity. Secure Connector gives you a way to circumvent these limitations and send more emails.
  • Your Exchange Server can’t send email directly for your organization, Secure Connector provides another means to do so.
  • If an outbound email system does not support SMTP authentication, Secure Connector can perform the authentication instead. It supports username and password authentication, which can help to keep your organization secure.
  • Your IP address has a poor reputation and your outbound emails are filtered out as spam by the recipients. Secure Connector can help to stop this from happening.
  • You want to hide your mail server’s IP address. With Secure Connector, your mail server’s IP address can be hidden. This helps prevent mail from being blocked by recipients.
  • Archive your outbound emails.

Is LuxSci’s Secure Connector The Ideal Email Encryption Gateway for Your Organization?

If your company needs an email encryption gateway to automatically secure all of its outbound email, LuxSci’s Secure Connector is the only choice. Our opt-out approach to email encryption sets us apart from other companies. It is a HIPAA-compliant solution that supports multiple types of encryption to increase security for highly sensitive emails. Contact our team now to learn more about how Secure Connector can help solve your problems.

Time-Based Access Control

Tuesday, March 16th, 2021

A new security feature is available for LuxSci WebMail customers. Account administrators now have the option to implement time-based access controls for their users. Administrators can restrict what times of day and what days of the week individual users are permitted to use the LuxSci web interface (for WebMail, administration, or other tasks) to increase security on the platform.

This prevents unauthorized off-hours access by employees and also by potential attackers. In a compliance context, LuxSci customers are able to apply time-of-day access controls on a user-level to further limit the attack surface and keep essential information protected.

How to Enable Time-Based Access

You must be an account administrator to enable time-based access. To edit this setting, go to the user’s account and click on “Settings.” Under “Security,” go to the “General” page and do the following steps:

  • Enable the overall setting “Enable time-based access restrictions to this web interface.”
  • Select the time zone to use for these times.
  • For each day the user will be allowed to login to the Web Interface, enter one or two time ranges in the 24-hour time format “HH:MM-HH:MM.”
    • For example, if the user can use the system between 9am and 5pm, you would enter “09:00-17:00.” Use two time ranges if there are two distinct periods of time during the day that are acceptable.

time based access settings

Additional Security Features

In addition to this feature, we also recommend that LuxSci customers take advantage of our other security controls such as: