" security Archives - LuxSci

Posts Tagged ‘security’

LuxSci Achieves HITRUST CSF Certification

Thursday, October 22nd, 2020

LuxSci announces today that it has achieved the HITRUST CSF Certification, the gold standard and most widely adopted security framework in the healthcare industry.

LuxSci Achieves HITRUST CSF Certification

What is HITRUST CSF Certification and why should it matter?

Today, we are very proud to announce that LuxSci has achieved the HITRUST CSF Certification, the gold standard and most widely adopted security framework in the healthcare industry. The full fleet of LuxSci services, including Secure High Volume Email Sending, Secure Marketing, Secure Email Hosting, Secure Connector for Microsoft 365 and Google Workspace, Secure Forms, Secure Texting, and Secure Web Hosting, were audited by our third-party assessor, Security Compliance Associates, and have earned Certified status for HIPAA and GDPR under HITRUST.

Read the rest of this post »

How Can You Tell if an Email Was Transmitted Using TLS Encryption?

Tuesday, October 29th, 2019

Frequently, we are asked to verify if an email that someone sent or received was encrypted using SMTP TLS while being transmitted over the internet.  For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient.

Email should always be transmitted with this basic level of email encryption ensure that the email message content cannot be eavesdropped upon.  This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question.  However, it requires some knowledge and experience.  It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.

To see how to analyze a message for its transmission security, we will look at an example email message sent from Hotmail to LuxSci, and see that Hotmail did not use TLS when sending this message.  Hotmail is not a good provider to use when security or privacy are required.

Read the rest of this post »

SSL versus TLS – What’s the difference?

Saturday, May 12th, 2018

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

SSL versus TLS: What is the differenc?

See also our Infographic which summarizes these differences.

Read the rest of this post »

Login security & passwords – yesterday, today and tomorrow

Wednesday, December 20th, 2017

The act of “logging in” – that is, gaining access to some private area in a shared space – has been with us since the early 60s with the introduction of time-sharing computers, albeit confined in those days to very limited professional circles. However, with the use of the public internet as a communication and social medium and the growth of the web as a platform for commerce in the past twenty years, remembering login names and passwords for access to all our online resources is as commonplace as remembering the birthdays of our loved ones. While we might remember at most ten birthdays (with the rest written down in calendars and diaries), the average person has accumulated, based on an anonymized survey of its enterprise accounts by the popular password manager vendor LastPass, about 191 online accounts!

Lest this seem like an absurdly large number, consider all the professional accounts as well as numerous personal ones accumulated over one’s online lifetime, many of which are quickly set up for some online purchase or commenting at an informational web site and then forgotten or rarely visited. These days it seems that even the slightest online activity requires creating an account and signing in. Thus, it is not surprising that most people reuse the same login credentials (user name and password) across multiple sites. Security experts have long warned against this obvious vulnerability, but who can blame the average user for choosing an easy path to manage this increasing burden of remembering multiple passwords. (Some recent statistics suggests that only 22% of online users in the US use different credentials for each online account.)

Read the rest of this post »

Application Specific Passwords / Login Aliases at LuxSci

Thursday, December 14th, 2017

LuxSci now supports the creation of “application-specific passwords” for individual user accounts.

What are these?  The are essentially “login aliases.”

Increase your security through application-specific passwords
Users can create distinct username/password combinations for use with different applications, devices, or for shared account access.  These login aliases can have limited privileges; for example, granting access only to email or only to web site file storage.  Use of application specific passwords can greatly enhance user security.  In this article, we will discuss application-specific passwords, what their benefits are, and how to use them effectively.

Read the rest of this post »

LUXSCI