Securing Internal and External Email
Email is the most recognized and accepted communication method that organizations use to send information. It is also the least secure of any communication method, yet all organizations use it on a daily basis to send sensitive information to patients, doctors, third-party organizations, banks, loan documents and more. Securing sensitive data and email text is required by law for most organizations HIPAA, HITECH, GLBA, SOX. Even state security laws make it clear that protecting sensitive information is no longer optional. While all organizations are subject to the requirement to encrypt sensitive data, some industries such as healthcare, financial services and government face a heavy audit and regulatory burden due to expanding federal laws and state data security laws targeted to their specific industries.
How BorderLAN Secures Data
BorderLAN with a simple phone call helps organizations determine the risk and method data leaks and creates a custom network security recommendation;
2 Organization wide reporting, off-network management of PC’s encryption keys with periodic checkin and automatic outbound filter encryption for email Compliancee needs. for those that host their own email server and require a fail-safe for users.
3 A simple managed encryption service that BorderLAN provides can monitor your encryption keys, help with compliance reporting and if needed perform Dataloss prevention monitoring for methods outside of email that can be used to select, copy, store and send information outside the approved secure methods.
Your email is not secure and can be viewed as “open-text” or plain text for anyone watching. To compound the potential for breach and prying eyes, many servers touching the email in transition keep logs of the email, so a breach can be by anyone who has access to anything that has touched an open-text email. By sending any private information in open or plain text email it means that it is permanently in cyberspace and likely accessible by many people.
Master Encryption Key
Despite the challenges posed by compliance standards, employee behavior and turnover, employee mobility, BorderLAN always recommends a Master-Key for the users so that all email is logged, archived and kept to ensure compliance and prove for audits that information was in fact secured. Master-Key offers employers a Carbon Copy account hosted in the cloud for all emails from an organization. The master key can even unlock even x-employees secure emails who have moved on.
Email Privacy can be obtained via encrypted sending yet a key component often missing is how the mail is routed securely. The method we utilize and recommend is that any secure email is automatically sent to a secure facility that temporarily holds the email, sends the recipient a message such as “you’ve received a secure email” along with a link. Clicking on the link brings the recipient to a login / registration page. Once logged in the email flows through and the delivery is secure from start to finish. Secure Email is the fastest way to reach compliance and pass audits as it’s the most common method of loss.
Hosted Website Portal
BorderLAN can supply you with a simple but powerful service called the Hosted Website Portal. The service is designed to allow web users to contact you via your website with comments or attachments that are secured and emailed safely to you. Often this is useful in healthcare, banking, dental, legal and other industries where users or customers unknowingly create breaches and compliance issues by placing social security, account numbers and diagnosis comments into web portals. Unfortunately it’s a common practice of users, yet that act alone creates audit nightmares.
ZixMail outlook plugin or web-hosted email allows single users a single click to encrypt. Zixmail works on laptops or desktops from any location to secure emails. Each secure mail is first sent to the Zix directory where first a notice is sent to the end recipient saying “You’ve received a secure email click here to read”. Once a user authenticates they can read the message or reply. Zixmail Desktop can integrate with most corporate or Web-based email systems and provides email encryption and decryption with a single click.
ZixPort / Hosted Web Portal
ZixPort service creates a similar look and feel to your existing website for user convenience in sending in secure information. The service uses a “pull” technology that sends encrypted email through a secure Web portal. It is ideal for companies that need to or want to extend their image as sensitive to security by including secure email communications as part of their website experience.
ZixGateway is a policy-based email encryption appliance for email policy compliance. The appliance is installed at the edge of your network and can capture all outbound and inbound email, scan it for sensitivity and compare against user or corporate policies such as HIPAA, GLBA and take appropriate actions to encrypt, reject or notify. The process can be transparent to your users. ZixGateway supports industry standards such as S/MIME, TLA and OpenPGP. ZixGateway provides logs and details for audits and vulnerabilities.
Zix Master Key is a Carbon Copy service making a hosted account for copmany officers or auditors that captures and archives all secure communications in the event of a lost password, employee turnover. It also provides a simple method
for giving audit compliance permissions.
Encrypted Email Testimonial
“When we looked at the different encryption service providers we noticed that some of our key business partners, including the U.S. Department of the Treasury, were ZixCorp customers. Having seamless email integration was high on our list.”
Peter Dewar, Director of Information Technology, District of Columbia Retirement Board
“Our patients and their families have put great trust in us. We do everything we can to ensure their PHI remains private.”
Ron Isbell, Information Security Administrator, Children’s Memorial Hospital