" pgp Archives - LuxSci

Posts Tagged ‘pgp’

Creating Secure Websites and Forms: What You Need to Know

Tuesday, October 26th, 2021

Creating a website that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate. All a certificate does is create a thin veneer of security. It does not go very far to protect whatever sensitive data necessitated security in the first place. In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, beyond paying big bucks to hire a developer with significant security expertise, what do you do? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure websites and forms and what you can do to address them. At a minimum, reading this article will help you intelligently discuss your website security with the developers that you ultimately hire.

creating secure website forms

Read the rest of this post »

HIPAA-Compliant Web Sites: Requirements and Best Practices

Tuesday, March 23rd, 2021

It is not easy to create a HIPAA-compliant web site and webmasters often ask us for clarification on best practices when it comes to HIPAA compliance.

We have previously discussed what makes a web page secure and also what makes a web site HIPAA-compliant, but it seems that an explainer on what you should and should not do with web sites in shared and dedicated environments would be useful to many.

hipaa compliant web site

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Compliant

Tuesday, March 2nd, 2021

Telehealth is the new normal thanks to the Covid-19 pandemic. Many medical providers are finding that not only is telehealth a safer option during the pandemic, it can also help increase patient access to healthcare and improve outcomes. Along with video appointments, the virtual medicine push includes making protected health information available to patients via a web site and collecting similar private information from patients or would-be patients online.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. The Omnibus rule requires all web sites, old and new, to be properly designed or their owners can face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

Enhanced Security: AES-256 Encryption for SSL and TLS

Tuesday, December 1st, 2020

AES-256 EncryptionSSL and TLS play critical roles in securing data transmission over the internet, and AES-256 is integral in their most secure configurations. The original standard was known as Secure Sockets Layer (SSL). Although it was replaced by Transport Layer Security (TLS), many in the industry still refer to TLS by its predecessor’s acronym. While TLS can be relied on for securing information at a high level—such as US Government TOP SECRET data—improper or outdated implementations of the standard may not provide much security at all.

Variations in which cipher is used in TLS impact how secure TLS ultimately is. Some ciphers are fast but insecure, while others are slower, require a greater amount of computational resources, and can provide a higher degree of security. Weaker ciphers—such as the early export-grade ciphers—still exist, but they should no longer be used.

The Advanced Encryption Standard (AES), is an encryption specification that succeeded the Data Encryption Standard (DES). AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric-key cryptography. It is often seen as the gold standard symmetric-key encryption technique, with many security-conscious organizations requiring their employees to use AES-256 for all communications. It is also used prominently in TLS.

Read the rest of this post »

Email Encryption Showdown: SMTP TLS vs PGP vs S/MIME vs Portal Pickup

Monday, May 29th, 2017

While messaging apps may have become more popular over the last ten or so years, email remains an important method of communication, particularly for business. Despite its common use, there are many security problems associated with regular email:

Message Tampering

False messages are a significant threat, particularly when it comes to business and legal issues. Imagine someone else sends an email from your account – how can you prove it wasn’t you? There are many viruses that spread in this way, and with regular email, there is no concrete way to tell whether a message is false or not.

Email Encryption

Normal emails can also be modified by anyone with system-administrator access to the SMTP servers that your emails pass through. They can alter or completely delete the message, and your recipient has no way of knowing if the message has been tampered with or not.

In the same way, messages can be saved by the SMTP system administrator, then altered and sent again at a later time. This means that subsequent messages may appear valid, even if they are actually just copies that have been faked.

Read the rest of this post »

LUXSCI