" secure email Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘secure email’

Email, Calls, Messaging Apps & More: How Can You Secure It All?

Tuesday, February 26th, 2019

In a forgotten time, if an organization wanted to secure their communications, all that they had to worry about was their conversations, postage and landlines. If a business was on the cutting edge of technology, it might use a fax machine as well.

In 2019, things are a lot more complicated. To start with we, now have email, mobile calls, and text messages. Then there are the countless messaging apps like WhatsApp, Facebook Messenger, Telegram, Signal, and Viber.

On top of this, there are online calls like Google Voice, Skype, and others. We can’t forget video calling either, or the fact that many of these services offer several different communication channels.

Landlines and postage haven’t gone away either, so they still have to be secured as well. Some businesses even persist in using fax machines.

The point is that in the modern world, we have a lot more to worry about. With so many different channels, how can an organization possibly secure them all?

While the task may seem like an unending battle against emerging and deprecating technology, the goal of securing all of your business’s communications is not unattainable. All it takes is planning, policy, and enforcement.

secure communications

 

Analyzing the needs of your organization

Sure, all of these new communication methods have definitely complicated security, but you also have to look at the other side as well. They allow us to do things that we have never been able to do before – we can get results in seconds that may have taken months in earlier days.

There are tremendous advantages to many of these technologies, so there is no point in being a Luddite and staying away from technological developments. As long as potential security risks are addressed, these solutions can be more than worthwhile.

Your organization should be leveraging these technologies to simplify its work processes as much as it can. But it needs to be doing with a security-first mindset.

 

Take stock of your organization’s current communication methods

The first step is to look at the channels that are currently being used. Email is a given, most businesses probably use cell phones and landlines as well. Does your business use messaging apps on top of this? How about VOIP or video call services? Is there a workplace Slack, Facebook or Telegram group?

 

What does your organization really need?

Once you have accounted for each of the channels that are being used, and what they are being used for, you can consider whether or not they are necessary. Does your business really need to use landlines, cell phones and VoIP, or can these be consolidated? Are texting apps important for getting work done quickly, or can you restrict messaging to email in order to simplify your systems?

If you can reduce the number of different communication channels that are used in your workplace without impacting productivity, it will make it much easier to administer them securely.

Does it need to be secured?

Let’s be honest, a lot of information doesn’t need to be secured. While SMS may be insecure, it probably doesn’t matter if all you are using it for is to send certain offers and promotions to your customers (although there may be certain healthcare situations where even something this simple can violate HIPAA).

If you can ensure that a given communication channel won’t be used to transmit sensitive or valuable information, then you may not need to find a secure alternative. Take the human factor into account when you consider this because these mistakes and laziness can end up being incredibly costly for businesses.

 

Look for Secure & Compliant Alternatives

There are a number of different solutions that allow you to message, call or video-call in a secure and compliant manner:

  • Calls – Neither landlines or cell phones offer a safe way to voice call. Any calls that require security should be done over encrypted VoIP connections.
  • SMS – SMS is an insecure protocol, so secure email or messaging apps should be used whenever you are sending sensitive or valuable information. Despite this, a service like SecureText can be used to send SMS messages that alert recipients that there is a secure message waiting for them.
  • Email – Standard email is inherently insecure, but services that use portal pickup, PGP or S/MIME can be safe. Secure Email is a HIPAA-compliant option that offers a wide range of security configurations.
  • Messaging apps – SecureChat is HIPAA-compliant and secure. While options like Signal and WhatsApp also offer encryption, they do not offer HIPAA compliance.
  • VoIP – Signal and WhatsApp both encrypt their voice calls from end to end, but they do not offer HIPAA-compliance.
  • Video calls – Secure Video allows its users to deliver telemedicine or run conference calls with up to 100 people, all in a secure and HIPAA-compliant manner.

 

Establish a Policy

Once you have determined your business’s communication needs, analyzed the risks and come up with secure alternatives, it’s time to establish a workplace-wide policy that ensures these secure communication channels are used every time that sensitive and valuable information is transmitted.

 

Design the Policy to Handle Worst-case Scenarios

It’s best to be overly cautious in the policy and account for mistakes – remember, simple errors often cause of massively expensive HIPAA penalties.

Sure, a workplace Facebook group can be a great way to facilitate communications. You could even have a strict policy that sensitive and valuable information should not be exchanged in the group. It might even be effective for a long time.

But what happens when Robert from accounting just woke up from his 2pm nap, and in a brief, bleary-eyed moment he forgets about the rules and posts something he shouldn’t? Even if it was a simple accident and Robert from accounting didn’t mean to do it, his actions could still lead to a HIPAA violation or the information getting stolen by a hacker or publically exposed.

This is why it’s best to be overly cautious. Sure, you could have a workplace Facebook group, but why run the risk when you can use secure alternatives instead?

 

Training & Awareness

Once a policy has been established, you need to make your employees aware of it so that the new regulations are followed. Compliance can often be improved by explaining the reasons why the policy is in place and discussing the risks during training sessions.

 

Monitor & Enforce the Policy

Once your new policy has been set up, you will need to monitor whether or not it is being followed. In the transition period, you may notice violations, but if you address these carefully at the start and strictly maintain the policy, you will soon break the old employee habits.

 

Over time, there may need to be some reinforcement, otherwise the old habits can end up slipping back. This can be achieved through periodic training, continuing to provide awareness about the policy and the reasons behind it, as well as taking extra time to address those employees who have violated the policy.

 

Adjust the Policy as Necessary

Over time, new solutions will become available, while your current services may also become less secure. If you want your business to maximize its security and productivity, there is no reason for the policy to be set in stone. Instead, it should be adaptable, taking advantage of services that may improve performance, while leaving behind those that may pose a threat.  Policies should be reviewed and updated at least yearly.

 

Workplace-wide Secure Communications

Protecting all of your critical communication channels may sound like a challenging process, but luckily there is already a wide range of security-focused applications that are easy to implement.

At LuxSci, we offer a variety of secure and HIPAA-compliant alternatives in-house:

Arranging to take care of all of your secure communication services through one provider will result in systems that are more interoperable, save on overhead, simplify implementation and make management far less of a headache.

With the right approach and an expert technology partner, securing all of your organization’s communications is an easy way to drastically reduce the risks that it faces.

Will Email Ever Be Truly Secure?

Tuesday, November 6th, 2018

Email gateways are a leading cause of security breaches. The optimistic view is that effective email security practices, firewalls, mobile device security, wireless security, endpoint security, web security, behavioral best practices, data loss prevention and network access control – among other solutions – can ensure foolproof security. The realistic view is that email – or anything for that matter – cannot be truly secure.

To err is human. Technology advancement is a boon and a bane: cyber attacks are more sophisticated than before. You can trust no one security solution, place your full trust on end-to-end encryption (currently the most secure way to communicate securely and privately online) or predict when someone will break into your device and access your email.

The road to HIPAA compliance is paved with many risks, possibilities and outcomes. Well-researched and thoughtful implementations are essential but there are many decisions to make and loose ends to tie up. Your ePHI protection, privacy and confidentiality practices may be excellent, but your employees may still mistakenly dispose of a fax machine or hard drive that contains retrievable PHI. Or some of your staff may fail to observe the policy of what needs to be encrypted and what does not.

will email ever be secure

 

And if you thought that email encryption, cryptographic protocols and even your computer system and CPU were protecting your data at all times, think again…

Read the rest of this post »

What Is Email Archiving and Why Do I Need It?

Thursday, November 1st, 2018

The digital era has changed many things about the way people communicate. In the case of businesses and organizations, especially in the healthcare sector, the changes have been significant. For instance, the threat of fraud and data theft is forcing businesses to keep track of all the messages shared between employees and stakeholders.

Despite the availability of multiple communication tools, email is still the most preferred option for large-scale corporate and organizational-level communication. It estimated that over 250 billion emails are sent each day.

A business with just 1000 employees can generate around 40,000 emails per day. Needless to say, that’s a phenomenal number of emails and keeping track of each one can be tedious. However, it needs to be done, considering the fact that many of those emails contain critical information. In the case of healthcare organizations, those emails can even contain confidential patient data.

Email Archiving is the Answer

It is required that healthcare providers and organizations engaging in HIPAA-compliant emails practice email archiving. Email archiving allows healthcare companies to make things easier by providing them with the confidence that their communications are protected from prying eyes, while also being accessible to authorized personnel via as needed, even during emergencies and email system outages.

Read the rest of this post »

SSL versus TLS – What’s the difference?

Saturday, May 12th, 2018

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

SSL versus TLS: What is the differenc?

See also our Infographic which summarizes these differences.

Read the rest of this post »

Does secure email make you more vulnerable to spam and viruses?

Monday, August 28th, 2017

Read the rest of this post »

LUXSCI