Zix Launches New Secure Email App for Google Apps Users

Our regular readers know that I’m a big fan of Google and use many Google apps.  For example my wife loves Google Voice’s global spam filter that has silenced our home phone of the marketing calls that used to spoil our evening dinner time.

Zix Message Encryption for Google Apps graphicTherefore I’m especially pleased to discover that Zix has created an encrypted email solution for small to medium businesses that already use Google Apps for Work. It’s for businesses that require up to 35 encrypted email users – 35 seats or less – and it is very easy to purchase and to provision.

It is named Zix Message Encryption for Apps, and it offers small to medium businesses the seamless transparent secure email delivery for which Zix is famous. Transparent secure delivery to other Zix users means that encrypted emails are automatically decrypted at the destination and appear in the recipient’s inbox as a plaintext message, just like the other messages in their inbox. Because it is so seamless, it lets the recipient know that each email has been encrypted in transit by including a blue banner at the top of each decrypted email with the words: “This email was sent securely using ZixCorp.” Sitting at the edge of your Google Apps environment, Zix Message Encryption for Apps makes secure email as easy as regular email for your employees. That is, there are no extra steps or passwords needed either to send or to receive encrypted email. This is because key management is fully automated utilizing ZixDirectory, the industry’s largest hosted global directory.

Ordering is easy:  just have your Google Apps Super Admin search for Zix Message Encryption for Apps in the Google Apps Marketplace.  Once the site is located, your Super Admin uses their Google Apps login credentials to launch the app and to follow the instructions to order service for up to 35 users – they can keep their existing email addresses provided they’re all on your one domain. Need help? There’s an ordering guide here.

You can read more about Zix Message Encryption for Apps by clicking here.

Posted in Company Update, Email Encryption | Tagged , , , , | Leave a comment

Healthcare Companies Continue to Hemorrhage Patient Data

I’ve been reading some recent statistics published by the National Association of Corporate Directors. They compare the self-reported knowledge levels of corporate directors about cybersecurity across a number of industries. What surprises me is that the knowledge levels of directors in the healthcare industry are average compared to those of the other six sectors reported. While there are signs that some senior managers are waking up to the dangers, it seems strange to me that 19 years after enacting HIPAA and 6 years after enacting HITECH, healthcare directors are not the best briefed, best educated in cybersecurity of all business sectors.

Corporate Directors' Cybersecurity Knowledge Chart Segmented by Industry

Source: National Association of Corporate Directors

If you haven’t already done so, you should look at the Office of Civil Rights’ Breach Portal – known to many as “The Wall of Shame.” It shows a staggering number of breaches of healthcare providers, health plan providers and their business associates (BAs). BAs have come under a lot of scrutiny recently mainly due to sending HIPAA information in unencrypted form. If you have any BAs who need to know more about securing emails or who have a complex solution that staff dislike using, get them to watch this webinar discussing how to balance HIPAA regulations with business needs.

In addition to encrypting emails, health providers need to be aware of just how easy it is for staff to send PHI to the wrong people. Recent examples include UPMC Health Plan, where a staff member sent an email attachment with the PHI of 722 clients to the wrong people, Georgia Department of Human Services where PHI for 3000 people was sent to the wrong recipients, and NYC’s Health and Hospitals Corporation similarly affecting almost 4000 patients. It is inevitable that staff – busy staff – will make errors when it comes to sending emails containing PHI, costing your organization punitive damages, losing you clients and severely damaging your organization’s name and brand.

Yet modern solutions can prevent this from happening. Automated data loss prevention prevents PHI going to the wrong people. It automatically stops and quarantines suspicious outgoing email before it leaves your network, giving you a second opportunity to check that the right PHI is going to the right recipient. Also, modern email encryption provides a way for staff to send and receive encrypted PHI without time-consuming activities such as remembering passwords.

To hear my recommendations for healthcare providers and BAs, and those of my colleague Dena Bauckman, click on this link to listen to our webinar.

Posted in Data Breaches | Tagged , , , , | Leave a comment

Start from the Top: An Education in Cybersecurity

As more and more companies fall victim to cyber-attacks and data breaches, the need for education around cybersecurity has been thrust into the spotlight. While some have taken it upon themselves to learn more, a majority are still lost, stuck trying to make sense of everything happening around them.

Corporate-Board-Room- Cybersecurity-Education

While it isn’t necessary for individuals to have a complex understanding of cybersecurity, especially when they are not in a position to make company decisions, it is more than a bit concerning when the Wall Street Journal reports that many on corporate boards struggle with understanding cybersecurity threats. The survey, which was conducted by the National Association of Corporate Directors, revealed that only 11 percent of board members across industries reported they had a “high level” of knowledge about cybersecurity.

When broken out by industry, the stats don’t look much better:

  • 30 percent of healthcare directors said they have “little knowledge” of cybersecurity
  • Only 20 percent of healthcare directors reported having a “high level of knowledge”

The 30 percent stat is by far the lowest of any industry surveyed, which is shocking given the heavy regulatory compliance burden facing healthcare.

This places a spotlight on a major issue within the healthcare industry that needs to be addressed — that is, maintaining a high level of education. As an industry that holds a large amount of consumers’ private information, it is imperative that all involved gain some knowledge about cybersecurity, and boards need enough knowledge at the C-level to effectively enable the implementation of progressive solutions that will protect their organizations.

While each organization’s needs are different, it is recommended that companies employ a layered security solution. Solutions like Zix Email Encryption and ZixDLP play critical roles in helping protect data in email – a top risk in any organization. These solutions help ensure that private information isn’t leaked into the wrong hands in transit and doesn’t get sent out to the wrong person by mistake.

In the end, there needs to be a major emphasis placed on educating key decision makers within companies. Raising cybersecurity awareness at the corporate board level can only help combat the issues we are currently facing.

Are you in healthcare and want to learn more about your obligations to protect private information? Register for our webinar at http://go.zixcorp.com/20150723ZixHealthcareWebinar.html.

Posted in Technology | Tagged , , | Leave a comment

The Latest HIPAA Settlement Is Eye-Catching

On Monday, Joseph Conn published an article for Modern Healthcare highlighting a recent HIPAA settlement between St. Elizabeth’s Medical Center and the Office for Civil Rights (OCR), which as most of you know enforces the HIPAA Privacy Rule. Settlements with the OCR and breaches on its “Wall of Shame” are so frequent that it’s easy to ignore the latest news, but this particular article caught our eye when reporting:Modern Healthcare article snapshot: St. Elizabeth's Medical Center will pay settlement in HIPAA breach

  1. The settlement involved “a relatively rare enforcement area, Internet-based file-sharing services”
  2. Insight from Adam Greene, a well-known privacy lawyer, who said, “you’re going to have to have a business associate agreement (BAA) with any cloud-based (service) providers.”
  3. The violations came to light after complaints from the medical center’s own employee base

Often organizations have to account for employees as a weak link in their security and compliance strategy. We understand why; mistakes happen, as we ourselves pointed out in Monday’s data loss prevention blog. However, this article serves as a great reminder that, interestingly enough, employees are also an organization’s greatest asset.  Not only are employees critical to the success of quality care and daily operations, they can be your eyes and ears to ensure security and compliance are meeting your standards day-in and day-out. After all, you spend valuable resources and time training employees on the appropriate policies and procedures; put that training to even greater use by leveraging employee feedback on what’s working and where you need to fill holes.

Now in turning our attention to the other two highlights – the “rare enforcement area” of Internet-based file-sharing services and the BAA with any cloud-based (service) providers – we would be remiss if we didn’t offer a quick and selfish reminder that Zix is the leader in protecting the most popular file sharing method (aka email) and, unlike many email encryption competitors, will sign a BAA. We’ve signed several hundred so far and are happy to work with you to provide this extra layer of assurance.

Posted in Compliance | Tagged , , , | Leave a comment

Dealing with Data Breach and Data Loss Prevention

Your company has suffered a data breach, and your executives are concerned and looking to you for the cause and a solution.

While cyber threats and attacks are becoming more sophisticated and demanding of more resources, it’s critical that you don’t lose sight of a data-loss cause closer to home – your employees. In their roles, employees are trusted with highly sensitive information, from financial information and personally identifiable information (PII) of customers and employees to medical records or intellectual property. Over the course of their daily responsibilities, employees can mistakenly share that information outside your secure network.

The loss or breach of sensitive information can impact organizations big and small, very negatively, and it’s likely that the breach will occur through email.

Email’s greatest benefit is enabling organizations to collaborate and share valuable information inside and outside your network. But this benefit comes at the cost of also being the greatest threat to sensitive data. Take the recent Woolworths data breach for example:

In a significant data breach, Australian supermarket chain Woolworths mistakenly emailed out a spreadsheet with the personal details of thousands of customers, as well as the redeemable codes of 7,941 gift cards.

After all, unintended disclosure was the second most common cause of 2014 data breaches after hacking and malware.

 

With an email data loss prevention (DLP) solution, organizations can monitor and protect this everyday channel of communication. By scanning all emails leaving your company, DLP has the ability to let appropriate messages leave the network or to flag and stop emails that contain sensitive information and perhaps shouldn’t leave the network. Companies and organizations that must comply with regulations — such as the Sarbanes-Oxley Act, Health Insurance Portability and Accountability (HIPAA) and the Federal Information Security Management Act — can set up filters that quarantine emails that could lead to a violation.

In the end, your employees are your greatest asset, but they’re also a top breach threat. Even your best, most well-intentioned employee could have a bad day. When that day happens, you will be happy you have implemented an email DLP solution that will act as their safety net, catching any slip-up that might otherwise have made it out of your system.

Posted in Data Breaches, Data Loss Prevention | Tagged , , | Leave a comment

Customer Spotlight – Union Bank “Opens Up Shop” with ZixOne

Let’s be honest, IT departments rarely have an opportunity to make everyone happy — especially when it comes to the selection of security solutions.

Selecting a BYOD product is no different than any other security solution — many times privacy is sacrificed in the name of security. While this ensures that data is secure, it can also lead to unnecessary tension within the workplace.

Because of this, Union Bank remained a “closed shop” to mobile devices for many years. Unable to find a solution that balanced employee needs with security, the bank made the conscious decision to not implement a security solution unless it would please all of its employees.

When Union Bank decided to allow employees to use their personal mobile devices, the IT team wanted to avoid making any compromises. They knew they needed a solution that could meet security requirements AND employee demands for an easy-to-use, non-intrusive solution.

Once discovering ZixOne, Union Bank knew it was the right product.

With its no data on device approach, Union Bank employees can now securely access corporate and client data on-the-go, without worrying about their personal privacy being violated.

Another bonus?  ZixOne is easy to use and easy to deploy.

Don Goodhue, vice president of information technology at Union Bank, sums it up perfectly:

“ZixOne’s approach of giving us control of our data without managing employee devices provides a straightforward solution that makes everyone happy. 

There is no admin overhead, and rollout was incredibly smooth. Employees use ZixOne in the office for meetings or on the road with clients. It works great — ZixOne is exactly what we needed.

Implementing BYOD may seem like a risky proposition at first, but Union Bank learned that with the right solution, BYOD can make everyone happy.

Here’s a little about Union Bank:byod stock photo

  • Founded in 1891 and headquartered in Morrisville, VT
  • Serves Northern Vermont and northwestern New Hampshire with 17 branches and two loan centers
  • Offers deposit, loan, asset management and commercial banking services

Posted in Bring-Your-Own-Device | Tagged , , , | Leave a comment

You’ve suffered a data breach! Now what?

As breaches have recently become a weekly occurrence — executives, IT departments and legal teams are wracking their brains to pinpoint the problem and identify solutions. But is anyone asking what is on the minds of the customers affected?

We are. And that is precisely what we explored in a recent survey that sampled more than 500 Americans.

Through the results, we concluded two main points –

  1. People are not as educated as they might think in regard to the severity and types of breaches that have been splashed across headlines.
  2. People want to be in the know regarding a breach as quickly as possible. In short – ignorance is NOT bliss when dealing with a data breach.

Regarding point No. 1 — 55 percent of those surveyed believe retail and insurance breaches are equally as bad, with 13 percent believing a retail breach is more concerning than an insurance breach.

If one thing is clear, it’s that people need further enlightenment when it comes to this topic. To begin with, retail and healthcare breaches both show cause for concern. However, both are not created equal –healthcare breaches should be more unsettling.

Why?

Both types of breaches hold vastly different information. For a retail store – your credit or debit card information can be leaked – which, let’s be clear about this – isn’t fun to go through. On the other hand, a retail breach is not as damaging as a healthcare or insurance breach where one’s Social Security Number and health records are compromised. Because at the end of the day, there is no undoing theft of your Social Security Number and identity.

Now examining point No. 2, 92 percent of those surveyed feel companies should notify their entire customer base of a breach, regardless of breach size. This is where companies need to be transparent when it comes to breaches and keep those affected top of mind. In addition, the survey results show that 84 percent would like to be notified of a breach right away in order to regain trust. We see where respondents are coming from — the sooner people are notified of a breach the sooner they can take action to protect themselves like implementing a credit freeze and monitoring for fraudulent activity. So it is up to businesses to be mindful of findings like these and do what they can to take action according to their customers’ view. After all, they are the ones affected and looking to them is the best way of retaining their business.

Data Breach Trust Survey Results

Interested in more of our survey’s findings? Just shoot us a comment, and we’ll be happy to discuss them further. Or feel free to check out our announcement here.

Posted in Data Breaches | Tagged , , , | Leave a comment

SEC Investigates Widespread Email Hacking

In overnight breaking news, it was revealed that the Securities and Exchange Commission (SEC) is investigating a group of hackers who appear repeatedly to have broken into email systems at biotech and healthcare companies to gain financial advantages by trading in these companies’ stocks.

Silhouette of Stock Market DiscussionReuters is reporting that John Reed Stark, a former head of internet enforcement at the SEC, told them that having a government agency ask businesses to disclose details about breaches is “an absolute first.” He also described the email interceptions as a “dangerous, new method of unlawful insider trading.”

An example of one group involved in the hacking is FIN4, as reported by FireEye back in December. Their regional president Richard Turner has said, “We have solid evidence that there is at least one group and probably multiple groups that are breaching corporate networks to gain knowledge and trade in the markets in an advantaged position.” Operating for at least two years, FIN4 is believed to have hacked into email accounts at more than 100 companies, looking for insider market information.

We at Zix know that there are far more email breaches than reported in the press. This is because businesses are not required to disclose email breaches unless they are deemed to be “material” under federal laws. These businesses can protect themselves, their sensitive data and their clients by implementing modern email encryption. The most influential companies and government organizations use the proven Zix solutions. Zix Email Encryption Services are powered by ZixDirectory, the largest email encryption community in the world.

You can learn more here.

Posted in Data Breaches, Email Encryption | Tagged , , , , | Leave a comment

Join Our Community

Last year in this blog, we told you about the Zix Encryption Network, a growing community of trust with thousands of companies and millions hands inof members participating. We’re happy to share that our Network is continuing to grow, with new companies and new members joining all the time.

There is no secret or mystery about why the Zix Encryption Network is so popular. Instead of users being required constantly to check their outgoing emails for sensitive information, and having to remember to follow a time-consuming procedure to encrypt these sensitive emails, members of the Zix Encryption Network need do nothing except hit the “send” button. Zix does the rest.

Zix reduces the risk of human error by introducing automatic email encryption. With sophisticated filters, Zix scans every outbound email, in real time, for sensitive information that needs to be protected. For the members of the Zix Encryption Network, all this happens seamlessly, and they need do nothing extra beyond their normal jobs. Having everyone within our community means there is no need for portals or passwords: for recipients who are members, encrypted emails are sent transparently. These emails are automatically decrypted upon receipt and delivered to the recipient’s inbox just as easy to read as regular emails. Nearly 12,000 businesses are now members of the Zix Encryption Network, and of the 1.1 million emails they send every day, a full 75% of these are sent transparently. For the remaining 25% that go to folks who have not yet joined up, decryption is still quick and intuitive.

To learn more about the Zix Encryption Network, the world’s largest and most secure email encryption network, click here.

Posted in Email Encryption | Tagged , , , , | Leave a comment

Mitnick Interview Goes Live Today

You may remember this blog from the last month when I reviewed the then forthcoming Kevin Mitnick video. Well the release date has arrived and today you can watch the forty minute interview of Mitnick by Geoff Bibby.

Mitnick-Bibby

When in college, Mitnick admits to having been bored with the assignments set by his tutors. He uses the term “prankster” often and states that he never hacked a system to make or to steal money. When asked by Bibby what motivated him back then, Mitnick replies “it was [for the] pursuit of knowledge, challenge, and the seduction of adventure.” Clearly for Mitnick, hacking was a game not intended to hurt anyone.

The interview is well worth watching in its own right; however the most important sequence is the email hack. In the studio, Mitnick has set up a demonstration of fiber tapping into emails in transit. He has laptops playing the parts of a user’s device, a company server through which the first device sends emails, and a third to represent a hacker’s device. The user’s device and the server are connected via optical fiber, just as they would be in the real world, and Mitnick introduces a $400 fiber tap that can read the traffic passing between them. Mitnick sends unencrypted emails to and from the user’s device and demonstrates that the hacker can read these emails in real time as they transit the fiber cable. For me, it is clear proof of how easy it is for hackers to read unencrypted emails as they transit the Internet; thus the great need to encrypt emails containing any sensitive information.

The video is released today and you can view it by clicking here.

Posted in Email Encryption | Tagged , , , , | Leave a comment