Why Your Business Requires Security

The States and Federal Identity Theft and Privacy Protection Laws now require businesses, agencies and organizations of all sizes to protect all personal information they store, and report to all their customers whenever a breach occurs. The financial ramifications after having a data breach can be very substantial to both present and future business. In some many cases a company never does recover from a breach and is forced to close down. Currently, the average cost on a company is $3.7M per incident.
May
18

How Secure are the Secure Email Programs?

By

HITECH is the latest requirement to secure HIPAA. And while there are many parts to these regulations, the latest question I have been getting is finding a good secure email and encryption document attachments application. Well, it turned out to be like asking me for a good flavor of ice cream. It really depends on your taste. There are many different ways companies have implemented security.

In the world of secure emails the choice may be based around your preferred communications channel (smart phone, PC, netbook, etc), what is convenient to you, are you more of a cloud person or a PC based email app user, price per user, number of emails that can be sent, and so forth. But the number one perspective you have to have in evaluating any of these different products is how convenient is it to your recipients. I am a firm believer that if you make security cumbersome, then users will always find ways to circumvent security for their own convenience. However, you can’t make something so convenient that security is thrown out the window. It’s a balancing act.

I recently tested rPost, SecurEnvoy, Word Secure, ZixMail, 4SecureMail, FileFortress, and Voltage Secure Mail. This is not an all inclusive list and with secure email services popping up rapidly there are probably a lot that I am unaware of. My bias in looking at all these services was not to find the one best service since that goes back to picking ice cream. Instead I am going to go through a series of items that I have concerns about and for you to consider before signing up.

I am not going to review each product separately for their strengths or weaknesses. I believe that almost every technology is inherently good assuming it is being deployed in the right environment. Rather here I will discuss general features and you have to determine if it works for you.

  1. Managing the Secrets Codes:
    Secure emails is the process in with the text you write is encrypted by a method so that the text becomes so scrambled and disjointed that it cannot be read by someone. The trick this is to get the authorized recipient the code or key that can unscramble everything back to its original text. Think of it as you and your best friend using your Captain America’s Secret Decoder Rings (maybe your Ironman ring for you younger readers). The difficulty comes in what is called key management or sharing the secrets.For example, say I have only two friends called Preston and Nikkitta (hey their my imaginary friends and I can name them anything I want). I want to send secure messages to Preston but I don’t want Nikkitta to read, so I encrypt with Secret code 1 setting. Next I want to only communicate with Nikkitta so I need Code 2. Finally, there will be times I want both to read the same email because I am lazy and don’t want to send out two separate emails so I create Code 3. You might think I only have three Codes to worry about, well don’t be so quick on your math. What if Preston wants to send me secure emails using a Code 4 he created, and since Nikkitta does not want to be left out of the fun, she has her Code 5. But we still are not finished. Preston also sends out emails that both Nikkitta and I can read Code 6, and Nikkitta has emails that she wants Preston and I to read Code 7. So what’s the fine Code count? Seven

So along comes Samantha and she knows a great group of people to befriend, but she wants her codes too. If we follow the same logic then I have 19 codes I have to remember. In truth I have over 200 friends and business contacts so I would have a boat load of codes.

Some products have you generate a password or code every time you send a new message. Some products have all the emails go into a secure server that requires a logon account. And, some will generate a new key for each group and store them within your computer. All these systems have their pros and cons like what happens if you want to retrieve an older email? How secure is the logon procedures and secure are the user’s passwords (Sticky Note security again)? If you go to a different computer where are all your account codes? So, when you looking at secure email systems give serious thought to  how the codes will be managed.

The next blog will be on Code Distribution.

Comments are closed.

FLEXCAP
SiteLock