Not all email encryption providers are created equal: S/MIME & the Outlook Bug

By Trustifi on Nov 07 2017

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

The problem was due to a bug (CVE-2017-11776) in Microsoft Outlook that occurs when users format their emails as plain text while using the S/MIME encryption. This causes the “encrypted” emails to be sent in a human-readable clear text form along with the encrypted version. This was not the service that was promised.

One of the biggest issues is also that the users would have no idea that the sent email was compromised. It would still show up in the sent folder as “encrypted” leaving the user with a false peace of mind. Tracking is a key part of email security and companies such as Trustifi have great solutions to this tracking error.

Many consumers do not understand how to encrypt an email and trust their providers with their personal information. Trustifi’s solution avoids these issues because they are a military grade, court validated interface that encrypts your emails with absolute ease. They continue to compete with the best cyber security companies in the industry due to their dedication to security. Trustifi’s solutions for encrypting emails is simply one way they can avoid what happened with S/MIME.

Cybercrime is a serious matter, and how a company protects themselves with a secure email gateway should be taken with care and certainty. The best cyber security companies around the globe understand the trust their clients put in them, and the importance of their role in their clients’ lives.

Trustifi, a patented email solution that encrypts and tracks emails, and is the first federally-accepted method of sending legal documents online, is one of many solutions for avoiding problems that S/MIME ran into. Their solution is predicated on providing top-notch security and strict confidentiality to their clients in order to provide peace of mind.

According to researchers, the magnitude of the vulnerability depends on the configuration on the user’s Outlook.

  1. Outlook with Exchange

The encrypted emails of Outlook with Exchange users would only reach one hop (to the sender’s exchange) and the plain text message would be removed because they were sent to external exchange. However, if the sender and recipient were in the same exchange, the plain text would be attached.

  1. Outlook with SMTP (Impact on the entire email path)

If Outlook was being used with SMTP the plaintext would be received by the recipient as well as all mail servers along the path. So not only was the failure in encrypting emails, but your email could be seen by anyone on the mail servers.

Since one of the biggest problems with the S/MIME bug was that users would view their email as encrypted in their own sent folder. Trustifi’s email tracking system avoids this issue as their product users will be able to track where the email was sent to, as well as who opened it and on what device. This is yet another way to avoid any mishaps with the security of your emails.

The S/MIME bug truly demonstrates the importance of having a trustworthy encrypted email provider. Sending legal documents with confidential information is too risky if you are using a sub-par provider. Only the best cyber security companies will suffice, who understand the ins and outs of encrypting emails, and keeping you and your clients’ information, safe.

For instance, having a federally-approved form of legal delivery allows a company like Trustifi to have confidence in its solutions. This in turn gives a sense of security to its users that all is well regarding their email.

From legal records, to medical records, to intellectual property, encrypted emails and documents must be kept as safe as possible when the consumer trusts a company to do so. It is the obligation of any encrypted email provider to deliver the best possible service, with no negative outcomes.

Unfortunately, hacked emails are a part of the modern world. The more technology and security that is out there, the more people will attempt to take advantage. This is where cyber security companies must step up to the challenge. Trustifi is one said company that uses modern technology and ideas to come up with the best possible strategies and solutions to deter any negative activity.

Another reality this incident with S/MIME brings to the surface is how serious businesses must take their private information. Human relations divisions must take note, they are in charge of protecting all the personal information for the employees and their company. It would be detrimental to any business owner if any single email with private information were to be hacked due to faulty encryption. Encrypting emails safely is the only way to avoid the major consequences that occur when an email is compromised. You must find an industry leader you can trust.

Trustifi offers a demo so you can understand exactly how their solution works before you even sign up. Understand that this matter is only becoming more and more serious, and encrypting your emails is more pertinent than ever before.

The average consumer does not understand how to encrypt an email and therefore is truly putting all their trust in cyber security companies. Mistakes such as the bug with S/MIME and many others demonstrate the risks of the modern technological world we live in. It is the providers job to protect and secure all of its clients’ documents to the highest standard, anything short of this is simply unacceptable.

To protect your most important information, sign up for a free trial of Trustifi’s patented solution.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Trustifi Live Stream: How to Protect Your Business from the Hacking Cyber-Apocalypse

Oct. 28, 2017

10:00-11:00AM PST

Equifax. Deloitte. Yahoo. In the past few years, we’ve seen the rise of some of the worst cyberattacks in recent history. The sheer scope of these hacks has affected business and consumer confidence throughout the whole world. Imagine the most sensitive, confidential and private information, on display to the public – or worse yet – sold to the highest bidder. Private passwords, SSN’s, medical records, bank statements, credit reports, contracts, anything of value to the right set of eyes is now up for grabs.

The threat of a cyber-apocalypse has finally become a clear and present danger to all of us, in any industry. In a special live streaming event, happening on Tuesday, October 31st, Trustifi CEO Idan Udi Edry will deliver a webinar on what individuals and companies can do to protect themselves from this very real threat.

A properly-executed hacked email server can dismantle businesses, destroy reputations and end livelihoods. The webinar will focus on what companies and individuals can do to protect their information through intensive email security, in the light of these recent cyberattacks.

Trustifi, one of the most groundbreaking encrypted email providers in the industry, specializes in protecting corporations of any size. To sign up for Trustifi’s free 7-day trial, click here.


Trustifi does much more than just email security. Email tracking, certified email, and eSignature are just a few of the state-of-the-art services Trustifi provides. If you’re looking for a personalized demo, customized to your needs, click here.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

3 of 3 Part Email Dangers Blog Series: Business Security – Sales Engagement

By Trustifi on Apr 30 2017

By Nancy Richardson, President – VOC Company, LLC

An increasing number of vertical industry market processes require extra security and data sensitivity. HIPAA and financial-based internal and client/consumer communications within the Healthcare and Financial markets are obvious examples. When you make your career in one of those fields you get use to certain standards when it comes to protecting the data that you process.

But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting. Current email configurations often limit employees from effectively protecting business communications, particularly in business development – opening business to risks in sharing competitive information.

In this third blog in our three-part series, we’ll be talking about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

What You Need to Know When You Work in Sales Engagement

In our last post, we discussed why HR professionals need to be extra diligent and especially sensitive to protecting the information they send via email. Much of the information HR sends is internal to the organization. But what if you’re a business development professional? Then the converse likely holds true — most of the information you send is external to your organization. Once your email leaves your inbox, you have almost no control about what happens to it.

This is why business development and sales professionals need to be particularly cautious when sending emails outside of the organization.

If you’re a business development professional, whether you know it or not, you’re transmitting quite a bit of organizational sensitive information. You’re definitely sending out a good deal of data that you wouldn’t want your competition — or even other prospects — to catch wind of. A simple sales contract could let your competition know your price points and about your prospect, allowing them to undercut or underbid you.

A prospect pipeline is a sales person’s lifeblood. Because of the unique nature of sales positions, which often require personnel to work remotely from the road, it’s imperative to protect your prospect list when transmitting it from device to device. If you’re like many professionals, you may rely on a service like Dropbox — or you may even email it to yourself! This puts your very professional lifeline at huge risk!

Many other types of organizations will work with prospects to develop a sort of “white label” product for resell. When negotiating pricing and product details a great deal of trade secret information may be emailed, back-and-forth. A non-disclosure agreement has limits in protecting your organization. What happens if your client’s email is breached and that information is leaked to your competitors? Despite the relatively limited reporting on cases of breaches involving intellectual property or trade secrets, they are still highly sought-after pieces of data by cybercriminals.

Fortunately, there are ways to protect yourself and your organization. By using a simple secure email lifecycle management tool, you can be assured that your emails — and their attachments — are protected end-to-end. Not only that, but you can track the email through its entire lifecycle, from send, receive, open, read, forward, and print. Protect your assets and protect your business by ensuring that your email is secure.

Through this four-part blog series, you’ve gained insight into the internal and external business communications risks, often overlooked. What other information do you think needs to be secured?


Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Part 2 of 3 Email Dangers Blog Series: Business Security – Human Resource Risks

By Trustifi on Apr 24 2017

Certain industry types require extra security and data sensitivity. When you make your career in one of those fields you get used to certain standards when it comes to protecting the data that you process. But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting.

In part 2 of this 4 part series, we continue to talk about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

HR Electronic Communications – What should you secure?

Human resource professionals often deal with some of the most sensitive information a company owns. We often think that the payroll department is the sentinel of our constantly-accessed personally identifiable information, and while that is true, human resource professionals access and process mountains of our sensitive information regularly. Bottom line: the HR department is the first and last stop in protecting employee confidentiality.

Because email is and continues to be the most widely used method of communicating internally and externally to an organization, HR professionals need to be extra diligent about protecting personally identifiable information and be especially worried about email security. As the keepers of everything from social security numbers to bank account and routing numbers, HR departments are one of the most targeted departments within an organization.

If you work in HR, take a look at your inbox. It’s more-than-likely a veritable treasure trove of data about your employees. Everything from W4s to spreadsheets with employee information gets transmitted through your email. And while you may think the data is safe as long as it’s being shared internally, once you hit “send” you have no control over where that data will ultimately end up. This is why it is incredibly important to use an email lifecycle management tool that not only tracks your email — so you’re assured of its destination — but stores your emails in an encrypted environment.

But what should you be protecting? The short answer is everything you send, but let’s look at a few of the most commonly overlooked items.

Employee Review Forms — many forms used by organizations contain an employee’s personally identifiable information in the header of the form. But because we often think of an employee review form as relatively innocuous, we don’t secure it when we send the email. This is a mistake and can open the organization up to a data breach.

Spreadsheets — HR departments thrive on spreadsheets to manage the day-to-day management of personnel. While these spreadsheets are often password protected, a simple password is easy enough for even the most newbie hacker to break. When you send your spreadsheets, make sure to add an extra layer of security by encrypting the email.

New Hire and Annual W4 Forms — many employers and employees will email these documents to each other. Because they’re relying on the assumed security of an internal email network, both employers and employees may open themselves up to a data breach by not securing the email.

Policy Changes — when sending policy changes to employees its imperative to make sure that all of your staff has received and read the change. While most email clients have a return receipt option that can be enabled, that’s often not enough to provide proof that an email has been received, opened, and read, which means the HR department has to chase down acknowledgments. Save time and money by using postmarked email.

Workers Compensation Claims — these forms have a wealth of information about employees and often need to be emailed externally, to insurance companies and medical offices. Like spreadsheets, the document may be password protected, but a simple password is simply not enough to thwart a hacker.

HR is the first line of defense in protecting an organization from a data breach and protecting the livelihood of its employees. One of the easiest ways to protect your organization from a data breach is to use a robust email lifecycle management solution.


Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Your Email Address is Worth More Than You Think

By Trustifi on Mar 13 2017

Before you start reading, I want you to close your eyes and think about your daily routine. What’s the first thing you do? If you’re like 80% of smartphone users, you probably check your phone before you even brush your teeth.

Now close your eyes again. What do you see on the home screen? What apps are there? You probably have a few time killers – games, trivia – maybe some of your favorite news sites. You definitely have at least one social media source. What did you need in order to sign up for access or download the apps?

An email address.

Email addresses are the modern social security number – and they are tied to everything you use. That’s why cybercriminals want them.

The end of 2016 was ushered out with the Yahoo data breaches. Billions of email addresses, passwords, and security questions were obtained by cyber thieves, who likely had their hands on this information for years and used it to infiltrate thousands of individuals’ lives. These cybercriminals weren’t looking for a massive payout from their theft; it was far more lucrative to cherry pick a few individuals’ information a little at a time because it prolongs the shelf-life of your stolen data. While Yahoo was aware of the breach, they only made it public when Verizon uncovered the massive problem  during due diligence.

Human beings are creatures of habit and because so much of our real lives are intertwined with our digital existence, we tend to recycle passwords from one data source to the next. Even if you’re diligent about using different passwords, your email address is still likely tied to multiple accounts, such as your credit card or banking information. Even something as seemingly innocuous as your Amazon account can be a veritable skeleton key to the rest of your digital life.

Your inbox is a treasure trove of information.

Beyond the passwords and security question answers, cyber criminals had access to the intimate details of over a billion users’ inboxes – how they shopped, who they banked with; medical records, tax information, family recipes all in the hands of cyber criminals who could exploit that data for profit. Email is ubiquitous and we presume that what we send is relatively private. Except that it isn’t. The Yahoo breach also exposed setting issues, like auto-forward. A copy of the email lives in the primary inbox and another copy auto-forwards to another inbox. It’s relatively simple to set up and is a feature that most folks “set and forget.” Most email services do not provide any tracking mechanisms for email, so the typical Yahoo user would have no idea where their emails were actually going.

Email theft is, unfortunately, a growing trend.

But that doesn’t mean you should give up on privacy and security. There are simple proactive steps you can take to protect your email and keep your digital life safe and secure.


Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Millenials: Time to Give Privacy a LB

By Trustifi on Mar 11 2017

TL:DR For real, digital privacy is important AF.

We  spend approximately all of our waking hours connected to social media. Our entire lives are out there, so most of us don’t even think twice about digital security. Or, if we do think about it, we think “what’s the point?”

A recent graduate of George Mason University recently said, “There is no longer such a thing as privacy and it’s a little scary but honestly inevitable. I’m not sure if it’s reasonable to be worried anymore because it’s already out there.”  Natalie isn’t a rogue millennial either. According to a recent study, just 2 in 10 Millennials worry about digital privacy most of the time.

But all of that time we spend connected, we spend connected to peer generated content. These are people we have at least a passing familiarity with. So what’s the big deal?

Your digital life can hurt you.

What you put out there for the world to see can not only hurt your career prospects, but it can affect your entire life by giving hackers clues about your life – clues they need to answer security questions. These same clues can also help them phish your accounts and take control of your entire digital life , credit report, and entire identity.

TBH Your digital life affects you IRL too.

You need decent credit for everything from getting an apartment to getting car insurance. Sometimes, you need decent credit to get a job. If a cybercriminal – or just someone throwing some cyber shade your way – gets a hold of your digital life, they can (and will) get a hold of your credit. It can take months before you know that your stellar 750 credit scored just dipped to 550, and even longer to fix it.


By that time, you’re back couch surfing at your mom’s house. And that’s not a good look.


Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

What You Need to Know About Email Safety

By Trustifi on Mar 10 2017

Data breaches are on the rise and, despite the increased security requirements that organizations are obliged to undertake, don’t seem likely to stop happening any time soon. Cyberthieves can make a lot of money stealing your identity and there isn’t a strong likelihood that they’ll be caught. As the world becomes more digital, going “offline” isn’t realistic. So what can you do to protect yourself before and after a data breach?

The best defense is a good offense. When it comes to protecting your identity there are some really simple, but effective steps you can take:

  1. Never use the same password twice. Even if you think your password is un-hackable, you’re probably underestimating the tools that cyberthieves have in their arsenals. In the event that one of your accounts is compromised, using different passwords for your other accounts makes it difficult for a hacker to access them.
  2. Whenever possible make sure you turn on two factor authentication for your accounts — especially your email.
  3. When you have to send sensitive information by email, make sure to use an encrypted email service, like
  4. Make your social media accounts, like Facebook or Instagram, private. Social engineers will often peruse social media accounts to glean the answers to your security questions, like your mother’s maiden name and where you went to high school.
  5. When choosing what security questions to answer, either choose an obscure question or write your own. It’s generally a good idea to make the answer something fairly off-the-wall, like answering “ice cream” to “what’s your favorite color.”
  6. Make sure to monitor your digital life: periodically log in to your bank and credit card accounts, do a quick Google search for criminal records, and request a copy of your credit report from the three major bureaus.

If, despite your best efforts, your information was compromised during a data breach it may be months or even years before you truly know if you’re in the clear. Make sure to immediately change all your passwords — and set up a schedule to change them regularly — and obtain copies of your credit reports annually. Don’t fall victim to phishing or social engineering attacks. If you think you might be the victim of identity theft make sure to file a report with your local police department and notify the credit bureaus immediately.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization