" s/mime Archives - LuxSci

Posts Tagged ‘s/mime’

The Case For Email Security

Friday, March 21st, 2025

We all know that regular email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages you deleted years ago may be on servers halfway around the world? Or that your messages can sometimes be read and modified in transit, even before they reach their destination? Did you know that forging email is very, very easy? Can you trust what you read in an email? Email was not designed with security in mind, and as a result, many different solutions have evolved to plug the multitude of resulting issues.

This article will explain how email works, what the real email security issues are, what mitigations to these are generally in use, and what else you can do to protect your email. This is especially important in healthcare marketing where you need to have HIPAA compliant email.

Case for Email Security

Information security and integrity are essential as we use email to send confidential and sensitive information over this medium every day. While reading this article, imagine how these security problems could affect your business, your personal life, and your identity if they have not already.

Read the rest of this post »

Did You Know? S/MIME is like SSL for Email Encryption

Sunday, November 24th, 2024

S/MIME is a popular technology for end-to-end email encryption and is analogous to PGP in the way that it works.  It is commonly available in most modern email programs and in many server-side email and WebMail encryption services like LuxSci SecureLine.

Folks are used to thinking about Internet security and encryption in terms of web site security. E.g. the “https://” that secures our everyday life working in our web browsers is the signal that SSL/TLS is being used to encrypt traffic between ourselves and the web server.  People are even becoming used to the fact that TLS (with SMTP) is also commonly used to secure the transport of email messages from server-to-server.

These are all good things!

S/MIME (like PGP) is different — it encrypts the email message before it is sent and the message stays encrypted until the recipient opens it.  It “doesn’t matter” how this message is transported to the recipient … its secure the whole way.[1]  But did you know that S/MIME is really just an application of the same SSL/TLS technology that secures your traffic to securing your messages? This makes it useful for HIPAA compliant email.

[1] S/MIME (and PGP) do not secure your message headers (e.g. the subject, recipients, etc.), it only secures the message body and attachments.  So, the added security of SMTP over TLS does serve to protect those things that S/MIME does not protect.

Read the rest of this post »

Is TLS Email Encryption Suitable for Compliance?

Tuesday, September 19th, 2023

This article discusses what types of email encryption are sufficient to comply with government regulations. TLS email encryption is a good option for many organizations that manage sensitive data. However, it does not protect data at rest. Each organization must perform a risk assessment to determine which encryption methods suit their legal requirements.

Read the rest of this post »

Creating HIPAA Compliant Secure Web Forms: What You Need to Know

Tuesday, September 12th, 2023

Creating HIPAA Compliant forms starts with creating a secure website. This process is more complex than creating web pages and adding an SSL Certificate. A certificate is a solid first step, but it only goes so far as to protect whatever sensitive data necessitates security in the first place.

Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, what do you do beyond hiring a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure web forms and how to address them. At a minimum, reading this article will help you intelligently discuss website security with the developers you hire.

person filling out a secure web form on a laptop

Read the rest of this post »

HIPAA-Compliant Secure Email: Understanding Encryption

Tuesday, August 15th, 2023

Email encryption is an important topic to understand when evaluating HIPAA compliant email vendors. Encryption is an addressable standard for HIPAA compliance, but if you send sensitive information via email, encryption is the easiest way to meet the standard.

The two most common email encryption methods include SMTP TLS and Secure Portal Pick Up. This article will discuss their differences and guide users on selecting the right option for HIPAA-compliant secure email.

secure email sending

Read the rest of this post »