16 November 2017

Privacy and Cybersecurity 101: How to Send Secure Email

Regular email, without some form of added security such as encryption, is not secure.  By that we mean when you use Outlook or Gmail to send an email to another person, unless you have deliberately added a layer of security (e.g., encryption and/or password protection), that email is not secure.

Email was not designed with any privacy or security in mind.  Even now, email security is not built-in to the email network topography, which can have dozens of weak spots.  All it takes is for one unsecure server along your email’s path for someone to gain access to your email.  A bad actor can intercept and read the contents of the email, steal the attachments, or otherwise access the information from a non-secure email.

This may not mean much to the average, casual email user.  Many of our clients, however, have obligations under state and federal law to be more cautious.  For example, in addition to our hospital clients, state governments, insurance firms, and universities are subject to HIPAA to the extent they deal with protected health information.  Even corporate HR departments must comply with HIPAA regardless of industry because they process employee benefits and health insurance information.  HIPAA compliance requires, among other controls, integrity person or entity authentication and transmission security.  Similarly, lawyers have an ethical duty to send secure emails to clients when communicating sensitive personal or protected health information.

So, how do you secure email and comply with HIPAA and other regulations?  The answer is simple: buy software that properly encrypts email.  Encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.  Some of the most useful and popular email encryption services include:

These programs are popular because they integrate well into your everyday workflow of email, which means you are more likely to use them.  With Zixcorp, for example, you type SECURE in the subject line of the email and the email will be encrypted.  We are noticing a number of law firms using this service.  Virtru works with Google and Microsoft and this service claims to be HIPAA compliant.  ShareFile, a Citrix product, allows you to create secure on-line workspaces to securely share documents.  SecureGmail is a plug-in that encrypts your email even as it is composed.

To learn more about these services, click on the links embedded in the name of service above.  Of course, if you have any questions, feel free to contact anyone one of us on the Cybersecurity team.

**This is post is the second in our Privacy and Cybersecurity 101 series.  To read the previous post on laptop encryption, please visit https://millerjohnson.com/privacy-cybersecurity-101-encrypt-laptop/