" security Archives - Page 5 of 8 - LuxSci

Posts Tagged ‘security’

Can You Save Money by Spending on Security?

Tuesday, May 23rd, 2017

When everything is running smoothly, cyber security can go unnoticed by executives. It’s only when things go wrong that it tends to enter their peripherals. This often leads to inadequate budgeting or heavy cutbacks. Unfortunately, restricting security funds can result in incidents that cost companies many times more than what they would have spent on security measures.

Because of this, security can be seen as an investment that often has a high ROI, as long as it is applied strategically and intelligently. Although no amount of money and infrastructure can make your systems 100% secure, the right measures can still help to boost a company’s bottom line.

Security

A well thought-out security plan is a balancing act between the costs of implementation and the potential damage of a breach. Sure, your company could invest in complex security measures, but is it justified by the risks you face?

In some situations–such as healthcare–highly advanced security is a necessity. Other businesses may be able to justify a lower level of security, particularly if they operate at a smaller scale and don’t handle sensitive data. Security needs will vary depending on industry and the individual business model, according to both the relevant regulations and the risk profile.

Read the rest of this post »

Tags: benefit, cost, risk, security
Posted in LuxSci Library: Security and Privacy
No comments »

Are you encouraging insecurity via your website forms?

Friday, April 15th, 2016

Many websites have “contact us” pages and include web forms for receiving requests from existing or potential customers. This includes “new patient intake” forms on healthcare providers’ websites. However, if you aren’t using a secure form solution, your web forms may suffer from several serious problems:

  • Spam – Getting unwanted form submissions from bots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When web forms transmit or store data insecurely or otherwise do not treat the data submitted with the level of protection it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” Many insecure forms even have disclaimers requesting people not to submit sensitive information if they have concerns and then ask lots of sensitive questions. Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data. This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice.” Why does this happen?

  1. Securing forms is trivial and inexpensive. As the bar is so low for collecting data in a compliant way, it could be considered neglectful to not bother with security and privacy and continue to solicit data insecurely.
  2. People can insecurely send you their own personal PHI any time … when it is done of their own accord. However, when you provide them with a recommended communication channel, and when that channel is not secure, you need to get informed consent from them before you accept the data through that channel. Informed consent means:
    1. Training them in the risks involved.
    2. Getting their explicit sign-off indicating their acceptance of these risks.
    3. Capturing and saving those signed consent forms.

Getting signed consent must be done appropriately, and it imposes a barrier in front of your forms. There is no reason to go through all the work to set up informed consent when it is simpler to secure the forms themselves.

You can block form spam, ensure content security and privacy, archive form submissions, and even get text message notices of new submissions to your phone using LuxSci Secure Form. And it takes only a couple of minutes to integrate a secure form into any existing website at any web hosting provider.

How does Secure Form Integrate with a Website Form?

Secure Form is straightforward to set up and integrate. You configure the Secure Form account with what you want to happen to your form data. Then you change one line of your web form (where the form posts go) and copy and paste a line of JavaScript into that page. Setup takes about 5 minutes.

How Does Secure Form deal with Spam, Encryption, Archival, and Notices?

Secure Form blocks web robot spam by determining if a real person is connecting to your form and blocking submissions from anything that is not. Your users do not have to enter any security codes or image (Captcha) codes — the system checks that they are using a modern web browser with cookies enabled and JavaScript working. Most web bots do not support one or both of these standard technologies; all modern browsers do.

Secure Form enables privacy and security by allowing you to ensure that the form data is encrypted from the end-user to your email inbox. It enables the automatic use of secure email delivery, secure FTP uploads, secure online document storage, and more. You can use any or all of these data capture methods.

Secure Form enables archival by saving copies of all form posts in an online document storage area, uploading copies to your FTP site, or saving copies in a database that you can access as needed.

Secure Form enables notices by allowing you to have text messages sent to up to 5 different mobile devices when each form post is submitted. This is in addition to the form data being emailed to where it needs to go. You and your staff can be informed in real-time of new posts, no matter where you are.

LuxSci Secure Form is the swiss army knife of web and PDF form processing tools, integrating quickly with existing websites and providing form security even if your website is not already secured with TLS.

Tags: captcha, contact us, email archival, notices, privacy, secureform, security, sms, text message, web form
Posted in Business Solutions, Secure Form
No comments »

Is your Accountant protecting your privacy and identity?

Wednesday, April 15th, 2015

Everyone always harps on the necessity of privacy when discussing health care, government, and banking communications.  It is surprising how little attention is paid to email security with regards to accounting and tax preparation.   There is a real danger of identity theft, unintended information disclosure, as well as invasion of privacy when using tax preparation services or organizations that do not use secure email.  Why is this?

Read the rest of this post »

Tags: accountant, accounting, documents, email, encrypted, identity theft, password recovery, password-protected file, private labeled, quickbooks, secure email, secureline, security, social security number, tax, tax prep, tax returns
Posted in Business Solutions, LuxSci Library: Security and Privacy
5 Comments »

Stopping Forged Email 4: Your Last Resorts

Wednesday, March 4th, 2015

In previous posts we have examined how hackers and spammers can send forged email and how it can be extremely difficult to differentiate these messages from legitimate messages.  We have looked at the various common techniques for anti-fraud such as SPFDKIM, and DMARC and seen that, while these technologies can help a lot, they all have limitations; they all require strict and proper setup by the owner of the purported sender’s domain, and they must be well supported by your own spam filtering system.

Yet even with these technologies, it’s not hard in many cases for a determined attacker to send you a forged, fraudulent email message that still looks and feels legitimate.

What else can you do to validate email messages and protect yourself from phishing or social engineering attacks?

Read the rest of this post »

Tags: digital signatures, pgp, s/mime, security, smtp tls, tls
Posted in LuxSci Library: The Technical Side of Email
No comments »

Understanding Email Services: A crash course in email jargon

Tuesday, July 23rd, 2013

You thought email was a simple concept, but you are at once confronted with a plethora of acronyms and jargon like POP, IMAP, WebMail, Aliases, Forwards, SMTP, IMAP, POP, Quota, SPAM, TLS, SSL, Archival, and more! This article describes the ins and outs of email, explains these terms, and helps you figure out what services and features you need from your personal or business email service provider.

Read the rest of this post »

Tags: autoresponder, catch-all alias, email, email alias, email archival, email clients, email provider, imap, imaps, Internet Mail Access Protocol, personality, pop, pop3, pops, Post Office Protocol, private labeling, secure imap, secure pop, secure SMTP, security, Simple Mail Transport Protocol, smarthost, smtp, smtp authentication, SMTP relaying, smtp server, spam, ssl, tls, web-based email, webmail
Posted in AAA Featured Articles, LuxSci Library: The Technical Side of Email
1 Comment »

« Older Entries
Newer Entries »