email « Zecurion Company Blog

Posts Tagged ‘email’

Emailing Sensitive Data

Thursday, February 3rd, 2011

While the primary aim for most companies is to ensure that sensitive or confidential information is not sent out via email, for some industries the sharing of sensitive information is a business necessity. The medical, finance, and insurance industries all need to be able to exchange private or confidential information with customers. The trick is to share the information in a secure manner that protects it from unauthorized view.

Once upon a time, a medical benefits processing company I was working with needed to confirm some contract details with me via email. They had a gateway solution in place to prevent sending out sensitive information. Instead, the solution stored the message securely on a local server, then sent me an email with a link to access it over an encrypted HTTP connection. Fair enough. Except the part where they included the password necessary to access the encrypted data with the email containing the link. Oops.

Fast forward a year or two. I recently switched banks and I needed to change the automatic payment info with my life insurance company. Apparently my life insurance has a similar solution in place for protecting sensitive data, because what I received was a more or less blank email with an HTML attachment of some sort. I clicked the attachment and it asked for a password–a password I had never created and had no idea what it might be. I just typed in a random password I sometimes use, which it accepted and then took me to an initial login screen requiring me to change/create my password. So, they had enough sense to try and safeguard my private information from unauthorized access, but sent it as an email attachment requiring a password that you get to make up as you go? Well, that’s secure.

Companies like these need to have ways to protect sensitive data, and also must meet data protection compliance requirements such as HIPAA / HITECH, and PCI DSS. I question, though, just how secure my data really was in either instance. Obviously, there are some serious flaws in both solutions. Companies need tools that can identify and filter sensitive information, and deliver data securely when warranted.

Tags: data protection, email, sensitive data, Zgate
Posted in Data Storage Security | 1 Comment »

Security Clearance For Your Email

Wednesday, September 29th, 2010

Zgate^TM acts as a checkpoint stopping the leakage of confidential information via email and facilitates the investigation of security breaches by controlling and archiving email across the entire enterprise. This email filtering software works as an SMTP gateway, filtering emails going outside the network. Messages are filtered using all of the available fields (sender, recipient, subject, etc.), including body text and attachments. Once the analysis is complete, the message is then sent, blocked, placed in quarantine or archived.

Learn more about protecting your sensitive data and providing security clearance for your email communications.

Tags: data protection, email, Exchange, information leakage, SMTP gateway, Zgate
Posted in Data Storage Security | 1 Comment »

Sometimes You Wish You Could “Unsend” that Email

Thursday, June 3rd, 2010

Have you ever hit “Send” on an email, and in that fraction of an instant had an epiphany that you accidentally hit “Reply to All” or addressed the email to the wrong party? Oops.

While some email programs have a feature that allows for a message to be recalled, that functionality usually relies on two things- 1) the recipient must be on the same mail server–in other words someone in your same organization, and 2) the recipient must not have already received and opened the errant email message. Typically, what happens is that someone tries to recall a message and the errant recipient receives a notification that the sender would like to recall the email message, which just piques the recipient’s curiosity and draws attention to the fact that there is some reason the sender does not want you to see the message. Its not a very good system.

All of that is a long way of getting around to a recent data breach incident that occurred in Ireland. An error occurred in merging account data into emails which resulted in the wrong account information being sent to various parties and compromising the data. Since the account data merging was an automated process, it seems fair to assume that the sender did not actually have an opportunity to review and approve each email prior to transmission. It seems that the Tralee Town Council was not aware of the problem until it was too late.

One way to ensure that sensitive or confidential data isn’t accidentally emailed out–and maybe prevent that “oops” feeling one gets when realizing sensitive information was emailed to the wrong party–is with Zgate. Zgate analyzes the contents of all fields in the email, including the body and file attachments, ensuring that sensitive information remains secure.

Tags: bank account, compromise, data breach, email
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

UK Police Officer Emails Sensitive Information

Monday, April 19th, 2010

Oops. Have you ever hit SEND just as you realize that you are sending an email to the wrong person or group? Well, imagine how one Gwent Police officer felt when he accidentally forwarded an unprotected Excel spreadsheet containing sensitive information on over 10,000 people…to a journalist.

The officer, now facing a gross misconduct investigation and possible termination, sent an Excel file attachment containing names, dates of birth, and detailed results of criminal background investigations on 10,006 individuals dating back to 2001.

It is up to the Gwent Police to determine whether it was negligence, incompetence, or simple human error that led to this data breach. But, incidents like this are preventable if you remove the human error factor from the equation. Zecurion Zgate monitors inbound and outbound email for sensitive information and ensures that private and confidential data is handled according to established rules and policies and that sensitive data is not transmitted unencrypted.

Tags: CRB, Criminal Records Bureau, data breach, email, Gwent Police
Posted in Security Breaches & Data Loss Incidents | 2 Comments »

Blog

Posts Tagged ‘email’

Emailing Sensitive Data

Security Clearance For Your Email

Sometimes You Wish You Could “Unsend” that Email

UK Police Officer Emails Sensitive Information

Categories

Unknown Feed

Pages

Archives

Twitter Updates