" identity theft Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘identity theft’

SPF & DKIM: The State of Domain-based Email Authentication – Part 1

Friday, September 1st, 2017

Recent reports on cyber-security threats in the healthcare sector by Verizon, Symantec and Ponemon consistently make several observations:

  • Email-borne malware is on the rise, with such malware delivered via spam or phishing;
  • Small-to-medium sized businesses (from all sectors) have the highest rate of email-delivered malware;
  • Most breaches are caused by negligent employees or contractors.

These conclusions are hardly surprising as email is now an increasingly common part of communications with protected health information (PHI) frequently exchanged amongst employees and patients within a practice, between medical providers, and medical providers and their business associates. The concern for the healthcare industry is the potential violation of the HIPAA privacy rule caused by email-related (and other) breaches, leading to disruptions from loss of data, compliance audits and possibly hefty fines.

No Phishing

We wrote about obvious measures medical providers can take to avoid HIPAA non-compliance in email exchanges such as opt-out email security. That addresses only one aspect of the threat landscape, though – the protection of PHI in email exchanges. Another aspect is more sinister, as it deals with external, malignant actors. These actors use various spoofing techniques to trick patients or employees of a medical practice to react incautiously, often impulsively, to emails supposedly coming from valid sources. These often lead to identity theft, where the damage is more far reaching as the information given up is more long-lived and more widely used and cannot just be erased like revoking a misused credit card.

Read the rest of this post »

Is your Accountant protecting your privacy and identity?

Wednesday, April 15th, 2015

Everyone always harps on the necessity of privacy when discussing health care, government, and banking communications.  It is surprising how little attention is paid to email security with regards to accounting and tax preparation.   There is a real danger of identity theft, unintended information disclosure, as well as invasion of privacy when using tax preparation services or organizations that do not use secure email.  Why is this?

Read the rest of this post »

The Case For Email Security

Tuesday, March 31st, 2015

Section 1: Introduction to Email Security

You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?

This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.

Information security and integrity are centrally important  as we use email for personal and business communication: sending confidential and sensitive information over this medium every day. While you are reading this article, imagine how these security problems could affect your business or personal life and your identity…. if they have not already.

Read the rest of this post »

Why protecting and validating email identity is a top priority for a secure 2015

Wednesday, January 21st, 2015

The scope and frequency of cyber attacks, data breaches, information disclosures, and the sophistication of the tools used to attack companies and individuals has been increasing at a tremendous rate.

It doesn’t strain our memories to come up with numerous prime examples including the deliberate corporate penetration of Sony (which was “easy”) and of Sands Casino (presumably very hard); or the exposure of super-powerful nation state sponsored attack software Regin that helps enable penetration of specific, complex targets.   Don’t forget as well, the numerous phishing attacks that were propagated in 2014.  And, perhaps just as infamous, the social engineering attacks in which malicious individuals tricked Apple and GoDaddy into revealing sensitive information.

All of these are different attack vectors, with different ultimate purposes, targeting individuals or corporations.  All were successful.  And the actual, complete list would be too large to publish (and would be impossible to know as more than half of data breaches go unnoticed).

Read the rest of this post »

Social Engineering from Both Sides: Thinking + Caution = Safety

Thursday, May 3rd, 2012

Thank you, now I know your social security number!

Social Engineering” happens when you are manipulated into revealing sensitive or private information to someone who should not have it.  The person performing the manipulation seeks information that can be used for fraud, identity theft, computer access, and other nefarious actions.

Recently, I have run across a few situations that were not actually social engineering attacks, but could easily have been.  They serve to illustrate the danger.

Read the rest of this post »

Big Brother: Being Watched at Work and the Truth about Email Security at the Office

Wednesday, March 4th, 2009

Do you feel secure? If so, you must be a good corporate citizen. You are on time every day, contribute effectively and courteously in meetings, and your appearance is impeccable. You could be a contender as Trump’s next Apprentice. Of course, no one knows that you’re more like Andrew Dice Clay when you email your co-workers and friends. Or do they???

Read the rest of this post »