Posts Tagged ‘s/mime’
Friday, March 21st, 2025
We all know that regular email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages you deleted years ago may be on servers halfway around the world? Or that your messages can sometimes be read and modified in transit, even before they reach their destination? Did you know that forging email is very, very easy? Can you trust what you read in an email? Email was not designed with security in mind, and as a result, many different solutions have evolved to plug the multitude of resulting issues.
This article will explain how email works, what the real email security issues are, what mitigations to these are generally in use, and what else you can do to protect your email. This is especially important in healthcare marketing where you need to have HIPAA compliant email.
Information security and integrity are essential as we use email to send confidential and sensitive information over this medium every day. While reading this article, imagine how these security problems could affect your business, your personal life, and your identity if they have not already.
Read the rest of this post »
Tags: asymmetric encryption, eavesdropping, email security, false messages, http, identity theft, imap, invasion of privacy, message modification, Message Replay, opportunistic TLS, pgp, pop, repudiation, s/mime, Simple Mail Transport Protocol, smtp, SMTP relaying, smtp server, ssl, ssl certificate, symmetric encryption, tls, Unprotected Backups
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy
14 Comments »
Sunday, November 24th, 2024
S/MIME is a popular technology for end-to-end email encryption and is analogous to PGP in the way that it works. It is commonly available in most modern email programs and in many server-side email and WebMail encryption services like LuxSci SecureLine.
Folks are used to thinking about Internet security and encryption in terms of web site security. E.g. the “https://” that secures our everyday life working in our web browsers is the signal that SSL/TLS is being used to encrypt traffic between ourselves and the web server. People are even becoming used to the fact that TLS (with SMTP) is also commonly used to secure the transport of email messages from server-to-server.
These are all good things!
S/MIME (like PGP) is different — it encrypts the email message before it is sent and the message stays encrypted until the recipient opens it. It “doesn’t matter” how this message is transported to the recipient … its secure the whole way.[1] But did you know that S/MIME is really just an application of the same SSL/TLS technology that secures your traffic to securing your messages? This makes it useful for HIPAA compliant email.
[1] S/MIME (and PGP) do not secure your message headers (e.g. the subject, recipients, etc.), it only secures the message body and attachments. So, the added security of SMTP over TLS does serve to protect those things that S/MIME does not protect.
Read the rest of this post »
Tags: openssl, s/mime, ssl, tls
Posted in LuxSci Library: The Technical Side of Email
No comments »
Tuesday, September 19th, 2023
This article discusses what types of email encryption are sufficient to comply with government regulations. TLS email encryption is a good option for many organizations that manage sensitive data. However, it does not protect data at rest. Each organization must perform a risk assessment to determine which encryption methods suit their legal requirements.
Read the rest of this post »
Tags: California Senate Bill 1386, email encryption, encryption at rest, ePHI, Federal Rules for Civil Procedure, finra, frcp, glba, Gramm-Leach-Bliley Act, hipaa, nasd 3010, nist, pci dss, pgp, s/mime, Sarbanes-Oxley Act, sb 1386, sec 17a-4, smtp, tls, tls email encyption
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »
Tuesday, September 12th, 2023
Creating HIPAA Compliant forms starts with creating a secure website. This process is more complex than creating web pages and adding an SSL Certificate. A certificate is a solid first step, but it only goes so far as to protect whatever sensitive data necessitates security in the first place.
Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.
So, what do you do beyond hiring a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure web forms and how to address them. At a minimum, reading this article will help you intelligently discuss website security with the developers you hire.
Read the rest of this post »
Tags: cross site scripting, eavesdropping, man-in-the-middle, pgp, phishing, s/mime, secure form, secureform, ssl, ssl certificate, trust, web security, website security
Posted in AAA Featured Articles, HIPAA Compliant Forms, LuxSci Library: Security and Privacy, LuxSci Library: Web Design and Programming, Popular Posts
No comments »
Tuesday, August 15th, 2023
Email encryption is an important topic to understand when evaluating HIPAA compliant email vendors. Encryption is an addressable standard for HIPAA compliance, but if you send sensitive information via email, encryption is the easiest way to meet the standard.
The two most common email encryption methods include SMTP TLS and Secure Portal Pick Up. This article will discuss their differences and guide users on selecting the right option for HIPAA-compliant secure email.
Read the rest of this post »
Tags: email encryption, escrow, hipaa, hipaa compliance, hipaa-compliant email, s/mime, secure email, smtp tls, ssl, tls
Posted in HIPAA Email Compliance
No comments »
