How to Start Using Encrypted Email Communications

May. 08, 2020

5:24AM PST

If you've decided to protect the content of your emails better to keep yourself and your clients safe from scams, hackers, and data breaches; congratulations, the important first step is done! However, you may be unfamiliar or unsure of how exactly to start using encrypted email communications, which is why it’s essential to differentiate between the two different primary types of email encryption available; S/MIME and PGP/MIME. Both have their benefits and drawbacks; because of this, it’s a matter of personal preference on which form of encryption is the best or most accessible fit for you or your business. 

S/MIME Encryption

S/MIME encryption relies on a centralized authority to pick the encryption algorithm and is a popular method of encryption simply because it’s already built into some large party email platforms such as Google, iOS, and Outlook. S/MIME supports both digital signature and message encryption. Although a digital signature can authenticate a sender and provide data integrity, it does not equal encryption. A message with a digital signature can still be read by anyone, which is why digital signatures support the integrity of the message but do not render the content unreadable. Adversely, encryption ensures that no one other than those intended can read the message, but does not provide data integrity, meaning that an encrypted email could still come from an unidentified or unauthorized source. It’s due to the shortcomings of encryption and digital signatures that the combination of both together is vitally important to the overall security of an email. Because the two are not mutually exclusive, complete email security that encompasses both integrity and confidentiality requires the use of both encryption and digital signatures simultaneously. 

PGP/MIME Encryption

One of the benefits of PGP/MIME encryption is the ability to create your own key code. Since PGP uses both symmetric and public-key encryption, it gained popularity. It is considered a highly beneficial service for businesses with a large clientele base for its ability for users who have never met to exchange encrypted messages without the need to share private encryption keys. But while PGP encryption is widely regarded as the most secure option, the use of this method in and of itself is not very user friendly. PGP encryption often requires training to learn how to incorporate it efficiently, as incorrect use can create holes in security. 

However, if you want to start using encrypted email communications, there are more simple solutions available. If you do not use one of the above-mentioned email platforms that contain inbuilt S/MIME encryption, then you may require a third-party tool to encrypt your emails. Providers such as Android, Yahoo, or AOL are compatible with both S/MIME and PGP/MIME encryption, but require third-party platforms to put that encryption to use. 

Additional benefits of third-party platforms such as Trustifi is the extra protection of email not only by the sender but also on the recipient's ends. Once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform. For example, if you are using Outlook, the Trustifi app is already built-in, so you can easily respond using Outlook. This enables total, NSA-grade protection that encompasses senders and receivers alike. There are numerous sources to choose from when it comes to third-party encryption, most are easily accessible and user-friendly, and most importantly, they provide a trustworthy service that guarantees privacy protection for senders and recipients of email messages and attachments.  

Resources

https://docs.microsoft.com/en-us/previous-versions/tn-archive/aa995740(v=exchg.65)

http://www.pitt.edu/~poole/PGP.htm

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Detect Scam Emails and Block Odd Senders

May. 7, 2020

1:44AM PST

The worldwide outbreak of Coronavirus has caused a massive influx of internet scammers sending out phishing emails to the general public. Google recently stated that they have been blocking approximately 100 million phishing emails every day. That is an outstanding and concerning number, which leads experts to believe that COVID-19 may now be the biggest email phishing topic ever to have existed. Cybercriminals are sending out mass amounts of emails posing as companies who are trying to encourage individuals to donate to pandemic-related causes or pretending to be government institutions in an attempt to capitalize on the increase of unemployment benefits applications. With the news of the pandemic being an opportunity for scammers, it’s more important now than ever to make sure that you are fully protected online.

Cybercriminals use phishing as a way to gather personal or sensitive information from an individual, often through false emails that appear to be legitimate. There are some best practices to use when avoiding phishing emails, but in order to ensure that you are protecting yourself online, it’s also important to understand how to detect scam emails and, if you do detect a scammer, how to block them so they are unable to reach your inbox.

The primary issue with previously discussed best practices for detecting scams is that fake emails are becoming increasingly difficult to distinguish from the real deal. Oftentimes, cybercriminals have become so practiced that an unwarranted phishing email is almost unrecognizable, particularly to the average person or an untrained eye. Scam emails will use the company's logo and will present the content to look almost identical to one that would come from the company itself. However, there are usually a few telltale giveaways to look out for. For example, an email that uses a generic name instead of addressing you directly or one which asks you to follow a link to fill out personal information are signs that something is amiss.

There are also measures you can take by changing the settings of your email to make it easier to spot malicious practices. A simple best practice to implicate is to employ but very helpful is to disable the HTML setting on your email platform. HTML essentially embeds links in an email so that the URL is disguised or hidden. Scammers will often trick recipients by embedding a link to disguise a fake website or pop-up. By disabling the HTML setting, you can see the URL you are clicking on, which ensures the link you are following is taking you to the webpage you were intending on visiting.

What happens if you discover a scam email?

The simplest thing to do if you think that a cybercriminal is trying to scam you is to block the sender to disallow any further emails from the same source from coming into your inbox. The benefit of some third-party email security platforms is that they contain whitelisting and blacklisting options which allow you to easily determine which senders you would like to allow emails from, and which senders you want to ensure cannot reach your inbox. If you do discover a phishing email, it is also a best practice to notify your email provider so that they can further investigate and potentially put a stop to the cybercriminals behind the scam.

If trusting yourself to spot a scam email isn’t quite enough security for you, there are extra steps you can take to catch phishing. In order to increase your security, it’s a good idea to download a program that can intricately filter out potential scam emails. Because cybercriminals are now so proficient in creating content that looks almost unrecognizable as illegitimate, relying on your own ability to catch a scammer can be unreliable. These third-party email security platforms prevent any potential scams from reaching your inbox, so there is a significantly decreased likelihood of a phishing email showing up for you to read. Third-party programs that search your incoming mail (and sometimes your inbox as well) are the most efficient way to make sure your online security is being adequately protected.

Resources

https://www.sciencedirect.com/book/9780128001103/detecting-and-combating-malicious-email

https://trustifi.com/cybersecurity-best-practices-how-to-stop-phishing-emails/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Open a Secure Email in Outlook and Gmail.

May. 6, 2020

1:44AM PST

Despite what many of us may like to think, emails that you are sending and receiving are not necessarily always guaranteed to be secure. While we may want to believe that any confidential information is protected, online security is not always promised, particularly if you are using a larger email service like Gmail, Yahoo, or Outlook. If you want to learn more about increasing your online privacy and setting up a secure email account, head over to our site. But what if, instead of being the sender, you are on the receiving end of a secure email?

Fortunately, there are ways that you can send and receive secure emails using larger servers. Both Gmail and Outlook have built-in encryption methods that allow messages and attachments to be sent securely. If you are the recipient of the email, there are easy steps that you can take to open emails sent to you that are encrypted or secured by the sender.

Opening Secure Emails in Gmail.

Gmail has introduced a confidential mode that allows users to protect the content of email messages from unauthorized access. According to the Google support website, the confidential mode allows senders to “set an expiration date for messages or revoke access at any time. Recipients of the confidential message will have options to forward, copy, print, and download disabled messages.” If you receive an email through the Gmail platform that has been sent with confidential mode, reading it is fairly simple. You can view the email and any attachments for as long as the sender allows access, or until the expiration date. Additionally, a passcode may be required from the sender to open the email.

Opening Secure Email in Outlook

Outlook has options that use either S/MIME or Microsoft 365 Message encryption to protect the privacy of their users. For Office365 users, opening secure emails is relatively easy. Outlook authenticates recipients by sending encrypted messages as attachments, which then require the reader to sign-on using their organization's credentials or entering a one-time-only password to access the contents of the email.

However, even though Gmail and Outlook’s decryption processes are simple, there is one glaring issue; they only work if you are sending and receiving email on the same platform. If you want to decrypt and email that has been encrypted using a different method or program, the process is a bit more complicated. One option is to access the email using a one-time authentication code that is shared via a separate means (for example, over the phone), but this method can be extremely inconvenient if you have a number of clients who require regular access to encrypted email messages and attachments. The second option is to use a program that easily allows email decryption. 

 

It’s safe to make the assumption here that it is unlikely all clients and businesses will be using the same platforms to send and receive emails, which is why secure email integration is often considered to be too much of a hassle. However, there are third-party programs that make opening an encrypted email from a sender simple and user-friendly. The recipient of the email does not have to use the same program. To open an encrypted email, you click on a link that which leads to a two-factor authentication process, once this is completed, the email can be read and also responded to securely.

 

Gmail and Outlook have integrated S/MIME encryption into their programs so that senders can successfully encrypt emails, but unfortunately, this doesn’t provide a solution for those who do not use their services. Thankfully, third-party email security platforms have created a user-friendly solution to this problem, which makes secure-email access all the more accessible to everyone that wants to take measures towards protecting sensitive content or personal information.

 

Resources

“Encrypt Email Messages.” Outlook, support.office.com/en-us/article/encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc.

“Send & Open Confidential Emails - Computer - Gmail Help.” Google, Google, support.google.com/mail/answer/7674059?co=GENIE.Platform%3DDesktop&hl=en.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Cybersecurity Best Practices: How to Stop Phishing Emails

April. 30, 2020

1:44AM PST

You’ve probably heard the term “cybersecurity” before, but do you know what it actually means? To put it simply, cybersecurity is the process of defending your computers and electronic devices from attacks such as malware, viruses, and phishing. While viruses and malware are pesky problems that can wreak havoc on your devices, phishing is a particularly nasty form of cybercrime that you should learn how to protect yourself against.

What is Email Phishing?

Phishing is a process that cybercriminals use to steal identities and personal or financial information. Most often, the theft process happens through email phishing, where phishers send legitimate-looking emails (sometimes including links or pop-ups) that ask for sensitive information. The goal of these emails is to trick people into providing personal and financial data. It’s essentially a very sneaky form of online theft. So, how do you protect yourself from phishing emails?

Easy Ways to Avoid Email Phishing

The first and most obvious step is always to be wary of any emails that you open. Pay attention to the small details, like the email address of the sender, particularly if the email is asking you to provide sensitive information. If you think that an email may be phony, delete it and don’t respond. Additionally, never click suspicious links or open attachments, and certainly don’t fill out any information. Remember, legitimate companies won’t ask for personal information via a link or a pop-up window. If you have doubts about the legitimacy of an email, go directly to the source instead. Additionally, always verify a site’s security before you enter any personal information. To ensure that a site is secure, check that the URL starts with “https” and that there is a padlock icon in the address bar. 

It’s also a good idea to make sure that you are keeping your browser up to date. Popular browsers will release security updates to prevent loopholes that cyber scammers may find and exploit. Each time you receive a notification about updating your browser, you should do so immediately.  

What more can you do?

If you are taking all these precautionary measures but are still concerned about your online security (rightfully so!), it may be a good idea to install an email filter. These filters will scan for spam and stop phishing emails from reaching your inbox. Alternatively, you could try installing an anti-phishing toolbar (available as a browser add-on or plugin), which will alert you if you click on a malicious website. 

Another best practice to stop phishing emails is to make sure that you are using firewalls to shield your computer or network. There are both software and hardware firewalls available, so it’s a good idea to do some research on which type you think would benefit you. There are pros and cons to both types of firewall protection, but either one will sufficiently assist you in stopping email phishing. 

Phishing is, at best, an annoyance that we could really do without. But, at its worst, it has the potential to lead to serious identity and financial theft. It’s always a good idea to put best practices in place to protect yourself from phishing scams and stop phishing emails. Make sure that you take advised precautionary measures to keep your online security protected. And, if you want the added protection, Firewalls, email filters, and anti-phishing toolbars are all great ways of building extra security layers to help stop email phishing. Take a look at the services we offer to help keep your business email secure!

 

 Resources

KnowBe4. “10 Ways to Avoid Phishing Scams.” Phishing, www.phishing.org/10-ways-to-avoid-phishing-scams.

“The Phishing Menace and Ways to Protect Your Online Identity.” Cyberoam, www.cyberoam.com/phishing.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How To Send A Secure Email Attachment

April. 30, 2020

1:44AM PST

In a previous blog post, we talked about how most larger email providers aren’t properly protecting your security, which can leave private and sensitive information vulnerable to attack by cybercriminals. If cybersecurity is something that concerns you, particularly when it comes to defending the content of your emails, then you may have decided to take measures that will better protect you by switching to a more secure email provider. If you have; great! It’s a good idea to enhance your online security as best as you can. 

However, while secure email providers may be protecting the information included within the actual message, what about attachments? You see, email attachments are often where the most sensitive information is included. We often email paperwork such as financial documents, mortgage agreements, health records, or other extremely sensitive information as an attachment to an email, and not as part of the email itself. This means that it’s equally important you know how to send a secure email attachment, but most of the resources out there are full of inaccessible tech jargon that can be difficult to understand. So, here’s a simple breakdown of ways to make sure that your email attachments are secure. 

Why Encrypt your File Attachments?

 Here’s the catch; many secure email providers only encrypt your actual email messages and not the attachments that are sent with them. Encryption is, in its simplest and most understandable form, a way to scramble data so that it can’t be read by anyone who you don’t want to read it. It’s important to take steps to encrypt your attachments so that they are unreadable by outsiders and don’t leave you or your clients vulnerable to cybercrime. You need to make sure not only that any attachments you send cannot be intercepted along the way, but that the intended recipient is the only one who can open and read the email. 

How do you encrypt an email attachment?

 There are a few different options when it comes to encrypting email attachments so you can send them securely. There are two main types of encryption that you may have heard of before. Public-Key Encryption, such as PGP (or Pretty Good Privacy), is a popular type of encryption that can be used to scramble sensitive files and render them unreadable, so you can send them securely. Essentially, Public-Key Encryption requires two sets of keys which can be used to decrypt the email on the receiving end. One key is publicly available, while the other is private and shared only between the sender and the receiver. This type of encryption is popular, as it can be done remotely without ever having to meet the person to exchange keys.  The second form of encryption is Symmetric-Key Encryption (such as AES 256), which also involves the use of a key to encrypt the email, but there is only one key used. The sender must share the key with the recipient prior to the email being sent. 

 You can learn how to send and receive secure emails and attachments without the use of a third-party provider, but it can be much more complicated than it needs to be. The best way to encrypt your email attachments is to use a program that does all the heavy lifting for you and makes the process much simpler and more user-friendly. 

 There are programs that can be easily downloaded that utilize either Public or Symmetric Key Encryption to allow you to send a secure email attachment. Some programs work directly with your email provider, while others may involve you scrambling the document you want to send prior to attaching it to the email. With a small amount of research, you can choose a program that suits your needs and use it to ensure the online safety of both you and your clients.

Resources

Becker, Ralf, and Hadi Nategh. “PGP vs. S/MIME.” EGroupWare, www.egroupware.org/wp-content/uploads/2017/04/EGroupware_smime.pdf.

Braun, Andrew. “PGP Encryption: How It Works and How You Can Get Started.” Make Tech Easier, 23 Apr. 2018, www.maketecheasier.com/pgp-encryption-how-it-works/.

“How to Encrypt Email Attachments.” Virtru, 19 Oct. 2019, www.virtru.com/blog/how-to-encrypt-email-attachments/.

“How to Send a Secure Email Attachment.” Trustifi, 20 Dec. 2019, trustifi.com/how-to-send-a-secure-email-attachment/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Expensive—and Preventable—Data Breach Hits Altice

March 11, 2020

10:00-11:00AM PST

Another major company has announced that it has fallen victim to a major data breach. Alarmingly, it was internet service, phone and cable provider Altice USA that was the data breach target through an attack executed via an extremely common malicious email technique.

Criminals used a phishing email that was sent to an Altice employee in Long Island, New York. When the employee clicked on a link, it gave thieves access that enabled them to download the Social Security numbers, birth dates and other personal information of all 12,000 current employees, as well as a number of former employees and customers across the 21 states it serves.

Data Breaches through Phishing Emails

What makes this data breach alarming is that phishing email attacks—like the one that was usedto initiate this break in and theft—are exceedingly common. The average U.S. employee gets 16 malicious emails a month. Without training and software that protects email, it is only a matter of time before one of those emails wreaks havoc.

Suchdata breach attacks are exceedingly costly:

  • Altice had to hire a computer forensics company to figure out what happened and determine the extent of the damage.
  • It has paid to train employees on how to better recognize a malicious email and what to do with suspect email.
  • The company must cover the cost of credit monitoring services for everyone compromised.
  • As a New York company, Altice is subject to the new SHIELD Act [link to this article on your site]that imposes fines and other legal obligations.

And it doesn’t stop there. Add in the damage to the brand, and you have a major loss; one that was extremely preventable.

Phishing Email Data Breaches Are Preventable

Phishing email attacks that initiate data breaches are indeed preventable. Solutions are available that scan inbound email traffic in real-time. These solutions compare incoming emails against black listed entities, scrape and analyze the emails for malicious links and attachments, quarantine suspected emails, and then detonate them in protected spaces not connected to networks where they can do no harm. The most sophisticated systems use machine learning to enhance threat detection.

Because phishing, spoofing, malware, and other threats require human participation, the best systems provide warnings as to the presence and nature of threats. Training on how to recognize and respond to malicious email attacks is a vital part of protecting systems, data, employees and customers.

Also Protect What You Send

Criminals are looking to break into the emails you send, too. Your outgoing email traffic is equally at risk for data breaches as the email your company sends. Solutions that encrypt outgoing mail, even on mobile devices, provide a needed layer of security.

As we were wrapping up this article late this afternoon, it was announced that Altice is now the subject of a class action lawsuit.  The suit filed today is likely the first of manyfor Altice following this data breach. Unfortunately for Altice, the costs keep mounting—all from a data breach initiated through email that was preventable with a small investment in software and training.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

General Data Protection Regulations: 160,000 Data Breaches and Counting

January 30, 2020

10:00-11:00AM PST

Authorities report over 160,000 data-breach notifications have been filed since the European Union enacted the General Data Protection Regulation (GDPR) that started 25 May 2018. That averages out to 278 breach notifications a day.

 

U.S. companies are directly impacted by this regulation if their websites are accessible and targeted to EU visitors, meaning;there are options to change languages to a European language or you can adjust denomination to a European denomination. The lawallows for no exceptions; not for size of firm, type of data collected, or scope of activities. If your firm is found to be in violation of the law—even if you are just selling hand-knitted mittens or offering a free download of a white paper—EU authorities can fine you up to four percent of your global revenue. They may not be able to easily collect from small U.S. businesses, but enforcement will certainly cause headaches for any business operating internationally.

 

What Personal Data Must be Protected

  • Personal identification data including name, phone, address, email, ID numbers
  • Photographs
  • Social media posts
  • Racial, cultural, sexual, or ethnic data
  • Bank and other financial details
  • Medical, biometric and genetic data
  • Website data: location, IP address, cookie histories and RFID tags

 

Selected GDPR Requirements

We advise you to review the specifics of the GDPR with an attorney and your IT leaders. Some of the key requirements include:

  • Asking visitor for their consent to collect data
  • Getting explicit opt-in to data use in profiling, advertising, etc.
  • Providing an opt-out of future emails option
  • Offering a privacy notice about data collection, use, and protection
  • Mandatory reporting of breaches

 

Why It Matters to US Companies

U.S. companies need to comply with the GDPR, but that is not the only reason to focus on privacy protection issues now. Various states have begun enacting a patchwork of regulations that affect their residents, impacting any company that hiring or doing business in those states. Notable recent regulations include New York’s SHIELD Act for protecting employee information, California’s Consumer Privacy Act, and 201 CMR 17.00 Standards for the Protection of Personal Information in Massachusetts.

 

Cyber-security is costly to your reputation and your business. With increased regulation, you face more than the cost of the crime, but also the costs of litigation and fines. If you haven’t done a complete compliance audit yet, now is the time to get started.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization