Open PGP: It’s Not All It’s Cracked Up to Be

Secured Document Delivery I Open PGP I Armored Envoy

It’s hardly surprising that concerns around email privacy are percolating to a boil – there are threats to email security on all fronts. It’s no longer just about fraud protection and regulatory compliance – it’s about protecting people from government surveillance and other seemingly innocuous yet pervasive and poorly understood threats. The public outcry for privacy protection has reached a fever pitch, and the software industry is responding with free tools that leverage open PGP to simplify the encryption of online forms of communication, including email, instant messaging, SMS and more.

PGP, however, is too complicated for typical email users – in fact, while it’s been available for free for over 20 years, it has never built a significant installed base. Why? Read more ›

Tagged with: , , , , , , , , , , , ,
Posted in Data Security, Email Security
sep

HIPAA Hi-Tech: Is your Email Program HIPAA Compliant?

secured document delivery blog I HIPAA compliant I Armored Envoy

The HIPAA safeguards principles state that individually identifiable health information should be protected with reasonable administrative, technical and physical safeguards to ensure confidentiality, integrity and availability and to prevent unauthorized or inappropriate access or disclosure. And, while privacy rules allow health care providers to share PHI electronically for treatment purposes, there are important measures that must be in place to ensure that your email program is HIPAA compliant.

What is HIPAA compliance?  With respect to electronic transfer of personal health information via email, it all centers on protecting patient privacy rights through avoiding unintentional disclosures. Read more ›

Tagged with: , , , , , , ,
Posted in Healthcare, HIPAA Compliance
sep

Why It’s Important to Send Sensitive Information Via Email Safely and Securely

Secured document delivery I sensitive information I Armored Envoy

Most people take reasonable and obvious precautions to secure their homes – they lock their doors and windows, screen outside vendors that visit their homes, and install security systems to keep the premises safe.  However, when it comes to cybersecurity – and more specifically email security – many folks are in the dark about how to send sensitive information via email safely and securely.

Often this is because people are lulled into a false sense of safety around the emails they send and receive, particularly with respect to secure file transfer. It’s just so convenient to receive electronic receipts and confirmations, applications, statements and more. The risk is poorly understood for two key reasons – first, people aren’t attuned to what constitutes personally identifiable sensitive information.  And second, the likelihood of email breach on an individual level seems minimal and insignificant.

The truth is that it takes only a smidgen of personally identifiable information for a hacker to work up a scam – it can be as insignificant as an intercepted electronic receipt. A hacker can leverage an electronic receipt to create a phishing scam whereby the email user receives an email ostensibly from the retailer who sent the receipt asking for “confirmation” around details of the transaction.  Because the “sender” is familiar and the correspondence feels logical, the user supplies the information and gets fleeced in the process. And this is just one example of how hackers work.

In addition to the lack of understanding around the risks associated with exposing personally identifiable information, the general public perceives that individual risk around email breach is small. However, the reality is that hackers don’t go after individuals – they go after the organizations that send sensitive correspondence to individuals. These types of breaches aren’t limited in scope – the whole customer base is affected.

Beyond hacking, documents flying around cyberspace as email attachments are also vulnerable to government surveillance. This monitoring occurs silently and invisibly and potentially affects every American with an email account. While most people have nothing to hide, the mere thought of secret surveillance is cause for serious consternation.

The bottom line is that no one can assume that email correspondence is confidential and safe.  And, if there’s a file transfer involved, it’s doubly important to make sure that there are tools in place to protect the attachment from prying eyes. You can’t count on vendors to protect you, nor can you count on the government.

This is why it’s critically important to be vigilant and take personal responsibility for how the vendors with which you do business send sensitive information and what safeguards they have in place around email security.  As for government surveillance, private citizens can expect ISPs to offer email encryption capabilities in the near future.

Tagged with: , , , , , , , , ,
Posted in Personally Identifiable Information, Secured Document Delivery
sep

Email Encryption is Everywhere – But Will People Actually Use It?

Secured document delivery I email encryption I Armored Envoy

Edward Snowden’s revelations around NSA email surveillance both shocked the world and sent the email privacy bandwagon into motion. With even Snowden conceding that email encryption provides protection, it seems like the whole world is buzzing about end-to-end encryption and how it’s going mainstream.  Yahoo, Google, Chrome and others – they’re all heavily promoting email encryption and creating tools to make it happen.

It’s logical that the providers are focused on the nuts and bolts around secure email – how to encrypt files, what encryption software features are necessary, and other important considerations around providing secure email service. However, aren’t all of these efforts made in vain if email users aren’t actually going to use these encryption tools? No, because from a provider’s point of view, it’s no longer “optional” to provide email security protection.  Even if people don’t use it, they still want to know that it’s in place and that their provider cares about their privacy protection.

Why wouldn’t an everyday email user go to the effort to encrypt private email communication? Read more ›

Tagged with: , , , , , , , , ,
Posted in Email Encryption
sep

Secure Email: Yahoo and Google Move to Protect Privacy for the Masses

Secured Document Delivery I Secure Email I Armored Envoy

According to an article recently published in PC magazine, Yahoo and Google have teamed up to boost email encryption services for all users. This fall the two giants plan to release source code to the open source community to refine the experience and eliminate bugs and fully roll out end-to-end email encryption capabilities in 2015.  What is driving this broad-scale push for secure email?

It’s the widespread and justifiable privacy concerns running rampant within the general public. This is why Yahoo and Google are developing a secure email system that would make it nearly impossible for hackers or government officials to peruse the messages exchanged between private citizens.

Beyond protecting email users from hackers and government surveillance, secure email capabilities will also preclude Yahoo and Google from delving into user correspondence on their networks. Why is this important?

Because if Yahoo and Google can access user correspondence, they can be legally mandated to turn over the contents by court order. However, if they never have purview in the first place, they can’t turn over what they don’t have.

The most secure email solutions preserve email privacy for not only the sender and the recipient but also the service provider. However, email security provisions are only as effective as they are practical. The reason that email encryption tools have yet to establish a solid foothold within the general population is two-fold.  First, tools that require that senders and recipients install the same encryption software to correspond securely are simply too complicated for everyday email users. And second, up until the recent revelations around government monitoring of private correspondence, personal email security has not been top-of-mind within the general population.

The importance of email privacy assumes a whole new magnitude when the public thinks that the government is spying on private citizens. Apprehension around widespread surveillance has created a groundswell demand for privacy protections, and Yahoo and Google are moving quickly and decisively to address user concerns.

The question that remains is no longer if and when email encryption will happen – it’s how it will be designed and rolled out. To better understand the nuances around email security, it’s important to distinguish between the body of the email and attached files. When a hacker or surveillance team infiltrates an email stream, there’s a treasure trove of personal information to be found, and not just within the content of the bodies of the emails.

The attachments that people send and receive can be the most risky component of the email exchange because they often contain personally identifiable and confidential information, and email users often don’t understand the risks.  There are documents like loan applications, transcripts, investment statements and more that contain account numbers, social security numbers, home addresses and more.  And then there are the documents that are seemingly innocuous – things like electronic receipts, hotel confirmations, and airline itineraries.

Email users send and receive these sensitive documents without giving it a second thought because the risk of breach on an individual level seems exceedingly low.  However, if a sensitive document ends up in the wrong hands, the fall-out can be devastating.

More secure email is critically important for both users and providers – and it’s undeniably riding the wave of the future.

Tagged with: , , , , , ,
Posted in Data Security, Email Encryption
sep

Document Protection During Email Transmission: Why It’s a Critical Capability

Secured Document Delivery I Document Protection I Armored Envoy

In a recent interview, Gartner vice president and distinguished analyst Paul Proctor predicted that “the new digital risk concept will become the default approach for technology risk management,” and cited an organization’s ability to keep its data safe – particularly with respect to the security of its business documents – as a critical core capability. While most organizations are well aware of the importance of network security, many are unfamiliar with the risks associated with electronic transmission of sensitive information and associated protocols around business document protection.

The transfer of electronic documents containing sensitive information – both internally and externally – happens within organizations across industries countless times each and every day.  And as these files exchange hands, it’s critically important to have electronic document management protocols in place to protect confidential files.

While most organizations are familiar with the concept of email encryption generally, many aren’t leveraging encryption software to send sensitive files because it’s just too complicated. Most solutions require that the sender and recipient have the same software installed.  While this type of solution can be sufficient for internal communication where the IT department purchases and installs it organization-wide, the significant limitation lies in the inability to transmit electronic documents securely to outside parties, including customers, vendors, partners and more.

Document control outside of the organization is significantly trickier.  While password protection protocols keep the network secure and email encryption software preserves the security of electronic transmission of documents within the organization, once the document has been sent outside the building all bets are off.

In highly regulated industries – like financial services and health care – regulatory requirements mandate that appropriate security measures are in place to protect personal privacy. However, in less regulated industries – like retail, hospitality and higher education – sensitive information flies around unsecured for three reasons.

First, there’s a general lack of awareness around the degree of risk associated with electronic document transfer.  This is because – at an individual level – the risk of breach is presumed to be low, and the convenience of receiving documents via email outweighs this perceived risk.

Second, it seems complicated to implement secure document delivery capabilities that extend beyond the walls of the organization. This is because it’s exceedingly challenging to convince outside parties to download the software required to safely receive your transmission.

And third, organizations don’t realize the risks associated with transmitting seemingly innocuous files that contain sensitive – albeit not technically “confidential” – information. This would include things like electronic receipts containing personally identifiable information.

From a customer’s point of view, the convenience of receiving receipts, applications, records and more is of significant value.  Accordingly, organizations across industries are moving quickly to offer the service.  However, to offer the sensitive document delivery without protecting customers from potential exposure is unnecessarily reckless.  With cloud-based secure document delivery tools that feature password protection to access sensitive attachments but don’t require that recipients download software to receive the transmission, companies are in a great position to offer the convenience of electronic document delivery and the document protection that’s vitally important to customer-facing business processes.

Tagged with: , , , , , , ,
Posted in Secured Document Delivery
sep

HIPAA Security Dollars and Sense: Just How Much Does a Breach Cost?

Secured Document Delivery Blog I HIPAA Security I Armored Envoy

Health care providers are subject to stringent regulatory requirements around patient privacy, and HIPAA security protocols are designed to protect both patients and providers.  “Breach” is a scary word, typically conjuring up visions of malicious individuals hacking into systems and swiping data en masse. However, it’s just as likely that a breach can occur unintentionally through benign neglect.

The digitization of personal health records has proliferated so quickly throughout the industry that health care providers are scrambling to keep up with the HIPAA security implications.  While many large-scale providers have a handle on the HIPAA security standards associated with network security and the potential of a wide-scale breach, most don’t have measures in place to address the benign and far more prevalent risks associated with the electronic transmission of health records.

One of the key benefits of digital health records is the ability for multiple physicians to access and share a complete medical history for a given patient.  With a shared full picture around prescriptions, allergies, conditions and major health events, multiple physicians treating the same patient are in a much better position to offer unified, timely and, therefore, superior care.

Read the complete the article at HITECHAnswers.net

Tagged with: , , , , , , ,
Posted in Healthcare, HIPAA Compliance
sep

Protecting Personally Identifiable Information: Employers are Ethically – and Legally – Obligated

Secured Document Delivery I personally identifiable information I Armored Envoy

Throughout the course of an employment relationship, businesses acquire, generate, maintain and store a significant amount of personally identifiable information (PII) on individual applicants and employees. Data collection commences during the application process when a job seeker is typically asked to provide a history of his or her education and work experience, reasons for leaving previous employers, names and contact information for personal references and more. At the same time, materials on the applicant’s credit history, past job performance, criminal records, and online profile are gathered and scrutinized.  Before completing the hire some employers require drug testing, a pre-employment physical, and even polygraph exams.

Once the employee is hired, the collection of personally identifiable information continues to proliferate. Medical records to substantiate sick leave, family medical leave, health and dependent care benefits, fitness tests, and requests for worker accommodation, disability and workman’s compensation claims – and it all flies around the organization via email. Read more ›

Tagged with: , , , , , , , , , ,
Posted in Personally Identifiable Information
sep

Just How Risky is Electronic Document Delivery for Financial Services Providers?

Secured document delivery I electronic document delivery I Armored Envoy

Anyone would be hard-pressed to name an industry that’s subject to more regulatory requirements and data security protocols than financial services.  Because the stakes around security breach are so high, financial services providers are rightfully risk adverse. So, when it comes down to weighing the risks and rewards associated with implementing electronic document delivery capabilities, the perceived risk typically outweighs the rewards.

So just how risky is electronic document delivery for financial service providers?  The answer to that question is entirely dependent on features of their secure document delivery solution.

When hackers hijack emails that financial services providers send to their customers, the potential damage is significant. The risk resides on two fronts – first, there’s the risk associated with personal information appearing in the body of the email. And second, there’s the risk associated with hackers getting their hands on email attachments – statements, loan files, tax documentation and more.

The information that hackers can glean from the body of the email – name, email address, mailing address and other seemingly innocuous snippets of information – can be used for elaborate phishing scams. If a hacker has captured an email sent by a financial institution to a customer and invited that customer to enter their credentials into a fake website, it’s a quick yet devastating interaction. Because the email appears to be from their bank of record, the request seems legitimate. And when the customer responds to the request, the resulting damage can be swift and furious.

The second key area of concern – sending email attachments containing confidential personal information – is where financial institutions get so nervous that they opt out of offering the service entirely because they believe that there’s no such thing as secure electronic document transmission. If a hacker gets ahold of a loan file or tax statement, that customer becomes a sitting duck for full-scale identity theft.

While falling victim to a phishing expedition is inconvenient and embarrassing, customers know that at the end of the day the bank will absorb the fraud. However, if a hacker intercepts an attachment containing social security numbers, names, addresses and more, it’s virtually impossible for the bank to contain the damage.

Protecting customers and preventing fraud starts with proactively scrubbing the body of all email communication of all personal information that hackers can use to phish customers.  Best-in-class secure electronic document delivery solutions take an additional critical step to protect the security of the email transmission of sensitive documents.  These solutions feature email encryption capabilities that segregate the attachment from the body of the email while requiring a password to access the file. This added layer of protection makes it far more difficult for hackers to access confidential documents.

Risk mitigation is all about layers of protection and safeguards – and it’s critically important to balance usability and risk reduction.

Tagged with: , , , , , ,
Posted in Secured Document Delivery
sep