" pgp Archives - Page 2 of 4 - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘pgp’

Stopping Forged Email 4: Your Last Resorts

Wednesday, March 4th, 2015

In previous posts we have examined how hackers and spammers can send forged email and how it can be extremely difficult to differentiate these messages from legitimate messages.  We have looked at the various common techniques for anti-fraud such as SPFDKIM, and DMARC and seen that, while these technologies can help a lot, they all have limitations; they all require strict and proper setup by the owner of the purported sender’s domain, and they must be well supported by your own spam filtering system.

Yet even with these technologies, it’s not hard in many cases for a determined attacker to send you a forged, fraudulent email message that still looks and feels legitimate.

What else can you do to validate email messages and protect yourself from phishing or social engineering attacks?

Read the rest of this post »

7 Steps to Make your Web Site HIPAA-Secure

Friday, February 13th, 2015

Doctors and medical professionals are feeling increasing pressure to get their business online (e.g. use of electronic prescriptions, web appointments, and remote medicine are both trendy and critical for building and sustaining revenue streams in the tightening medical market).  This push includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients.

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  And with the Omnibus rule in place, all web sites, old and new, must be properly designed or their owners face potential financial liability into the millions of dollars.

So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

256-bit AES Encryption for SSL and TLS: Maximal Security

Wednesday, February 4th, 2015

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

HIPAA-Compliant Web Sites: Requirements and Best Practices

Thursday, February 27th, 2014

We are approached frequently by webmasters and site designers asking for clarification on or guidelines for using ePHI in web sites that must be HIPAA compliant.

While we have discussed previously what makes a web page secure in general and also what in particular makes a web site HIPAA compliant, it seems that a concise recommendation that spells out what you should and should not do with web sites in shared and dedicated environments would be particularly useful to many.

Read the rest of this post »

Collaborative Access to Encrypted Archived Form Data with SecureForm

Friday, February 7th, 2014

LuxSci SecureForm service uniquely enables web site and PDF forms to post their data and files to a secure URL and have that data automatically securely emailed to one or more recipients, uploaded to an S/FTP site, archived in an online collaborative WebAides file storage space, and/or saved to a MySQL database.  With a few clicks and minimal changes to existing forms, customers can have sophisticated and secure forwarding, processing, and storage of their form posts, including re-filling the posted data into template PDF, html, xml, and other files.

Collaborative Access to Encrypted Archived Form Data

When using SecureForm to store copies of uploaded form data to an online Documents WebAide, you can choose to have that data automatically encrypted so that only the “recipient” of the encryption (i.e. one of your users) can ever open it.  Not even LuxSci’s technical support staff would be able to access this data unless you specifically allowed it.  

Read the rest of this post »

Secure: Does LuxSci Hold the Keys to Unlock your Secure Email Data?

Wednesday, December 18th, 2013

For many different reasons, customers have asked us if we hold the keys to unlocking their email data. Why?

  1. Compliance / Emergencies: Customers with compliance needs, such as HIPAA, need to have emergency access to data … and that can mean appealing to LuxSci to access data to which the customer has otherwise lost access.  Having the keys in this case, is very important.
  2. Privacy: On the other end of the spectrum, some customers want to do as much as possible to ensure that no one, not even LuxSci staff, can access their email data.

Both considerations are extremely valid in their own context.  The answer is that “it depends”.  For security and flexibility, LuxSci presents customers a variety of email encryption options that span the complete range from “completely unencrypted” to “LuxSci has no possible access“.  It is up to the customer to choose where in that spectrum they fall … often balancing ease of use with security needs.

In the following sections, we will consider to what degree LuxSci can assist customers in accessing email (and WebAides) data, based on what encryption options the customer has chosen.  We also discuss where and how your trust of LuxSci comes into play. Understanding if and when LuxSci can access encrypted data is different from understanding when messages are encrypted at rest

Read the rest of this post »

Ensuring all data is encrypted at rest with LuxSci

Friday, May 10th, 2013

Email and other data is either being “transmitted” or “processed” or is “at rest.”  I.e., it is moving from one computer to another, or it is stored/at rest on a computer, or it is preparing to be transmitted or stored.

While most types of compliance regulation, such as HIPAA, specifically require that data be transmitted securely, not all regulations require that data be stored in an encrypted form while at rest.  I.e., HIPAA does not require at-rest encryption, though it is recommended to decrease risk and potential liability in some situations

Having your email and other data encrypted while at rest can potentially increase the security of that data, even if that level of security is not explicitly required.  As a result, many LuxSci customers have asked about how to ensure that all of their email and other data is encrypted while at rest.

Read the rest of this post »

Encryption for Documents, Passwords, and Internal Blogs

Tuesday, April 9th, 2013

LuxSci’s WebAide collaboration tools enable storage and sharing of all sorts of information through LuxSci’s web site, e.g. address books, calendars, tasks, blogs, files, password libraries, links, notes, and more. These tools allow online access from anywhere and fine grained sharing with selected users, or groups of users.

The items that typically contain the most sensitive information are internal Blogs, Document storage, and Password Libraries.  These items are, of course, saved in a secured database and backed up, like all other WebAides. However, for these sensitive items, LuxSci has special optional encryption options that provide both enhanced security and finer grained access control.

Read the rest of this post »

SSL and TLS are not enough to secure your email

Friday, February 22nd, 2013

A very common marketing ploy involves companies advertising “secure” services .. where that security consists of only SSL- or TLS-encrypted connection to their servers.  While use of TLS and SSL is a critical part of web and email security, it is only one small aspect of security.  Below, we will talk about some of the other aspects of what you should be looking for in terms of an actual secure solution so you can be more saavy of simplistic marketing claims in the future.

Read the rest of this post »

Enhanced Email Security Reports

Monday, November 19th, 2012

LuxSci provides a vast array of options for sending outbound email securely — from Opportunistic TLS, to SecureLine for enforced TLS and other methods of end-to-end email encryption.  Many organizations requiring HIPAA compliance or high security solutions rely on these services every day.

In relation to these services, we are commonly asked: “Was the email message sent securely?  How do we know?  What kind of encryption was used?  Did the user receive the message? etc.”.

LuxSci has offered email sending and delivery status reports for some time.  What was missing until now was the ability for users to see if the message was delivered securely and by which method.

Read the rest of this post »