Has your boss read the latest expense report? Did your programmer get those updates for the website? Has everyone seen the notice about Casual Pirate Dress Friday?
When collaborating with team members, especially in a large office or when someone is travelling, it can be helpful to know that your email was received. Greenview Data's hosted email suite offers just such an easy-to-use Read Receipt option, a feature that you can't find in other hosted solutions like Google Apps.
To request a Read Receipt, when composing an email click on the "Options" menu and select "Read Request Receipt." It's that easy!
Individuals have the option to block such requests, for example if you're playing hooky for an extra day after a conference and you still want to check your mail to make sure you don't miss any emergencies. To set your Read Receipt behavior, go to your "Preferences" tab and select "Mail." Under the "Receiving Messages" block you can set your Read Receipt option to either always respond, never respond, or ask you what action to take.
Of course, you'll want to make sure your users are at least using the "Ask me" setting in general before you start sending out requests and then complaining that nobody ever looks at your hilarious LOLcat joke emails. How dare they.
With the recently updated HIPAA rules being approved and HITECH data breach notification laws starting to be enforced, information security is going to be in the news more than ever. And not in a good way. I'd put good money down that in the next few years, as these new laws really come into effect, we'll see an explosion of data breach disclosures. But more than that, they're going to be of this variety:
That's because, with all the talk over "policy" and "best practices", we still don't have a culture of security that lends itself to keeping data where it belongs and out of the hands of those that shouldn't have it. Just take a look at these recent data breaches. What do I mean by a culture of security? It's twofold, and invloves:
- Having a clear understanding of what it means to have secure data. Not just knowing that encryption is "good" but how it actually helps secure data and in what ways it differs from other techniques like passwords, limited access, etc.
- Making data security a habit and a default mode of thinking, rather than reactive or secondary. The question of data security should never be along the lines of "should I do more to secure this?" but rather "is it ok to do less?" Presume a level of highest defense, and then learn where you can relax standards.
It should go without saying that you need #1 before you can really get to #2, but unfortunately I think it's a common practice for businesses to try and skip right to #2, providing little or no training for the individuals they are entrusting and expecting to follow through with the procedures in place. You can build the most impenetrable castle in all the land, but if you don't properly tell your soldiers when and why to open the drawbridge, sooner or later you're going to have a trojan horse on your hands.
Do I expect everyone in an organization to know the difference between TLS and AES, what asymmetric key cryptography is, or how to forge email headers? No, of course not. For any organization dealing with sensitive data, creating a culture of security isn't about technical knowledge as much as it is an attitude. You don't have to know how encrypted email works, but you should know how, when, and why to send and receive it, and never miss an opportunity where it's called for.
Part of the problem for many organizations is that they will need to create this culture from scratch. Dealing with the security of digital information is not something that the health industry (or finance, or government, or really anyone for that matter) has had to deal with in the past. It's a different beast, and requires education and commitment. Fortunately, we finally have some good tools for the job. For example, Greenview Data's hosted email encryption service makes it incredibly easy to send encrypted email. Besides the smart content filters that automatically catch and encrypt emails containing sensitive data, a user can send an encrypted email by simply including a key word in the subject line such as "SecureIt". But without a culture of security, these tools will go to waste. Again, it will probably take a few years and a lot more missteps before we get there, but everyone's got to start somewhere.
Interested in developing a culture of security? Please share your thoughts and experiences in the comments below! Or give us a call at 800-458-3348 to talk to a Greenview Data encryption expert about how you can improve the culture of security at your organization.
The hot topic nowadays is privacy, specifically in reference to personal information and disclosure. It's become relevant for both businesses and individuals, but the situation is increasingly hairy as we push social networks and cloud services to be more and more prevalent. Can the need for secure information and the desire for publicly shared information peacefully coexist?
Currently, state governments such as those of Massachusetts and Nevada have pushed through strong regulations on email encryption and data breach notifications, and in all likelihood similar legislation will soon be passed at the federal level. At Greenview Data, we offer a hosted email encryption solution that meets these new HIPAA/HITECH & state regulations, but this is only one data security endpoint that businesses need to address. The recent case of some hospital employees losing their jobs for sharing patient information on facebook is just one example.
Which brings us to the personal side of the issue. There has been no shortage of discussion on problems with individual privacy in the midst of the explosive growth of social networks the past few years. It seems that facebook can't go a month without being in the news over privacy issues, and plenty of other sites have had their share of information leaks. Yet these social networks only continue to grow in popularity.
Yes, despite data privacy and security issues being thrust into the limelight, it's hard to see progress, especially when the government itself can't keep data properly secured but wants to increase their monitoring and control of the internet. But the seeds are there. I think the move to cloud computing will actually be a boon to increased security (I'll write a followup article on that soon). Even if there isn't yet widespread public understanding of the problems underlying information security, there is awareness now. We've reached a point where people recognize the need and benefits of data security, but there's an educational gap that must be bridged. At the same time, a balance needs to be found with respect to the openness and sharing fostered on sites like facebook and twitter.
I think data encryption will be a big part of the equation. It needs to become the default mode of operation, not the exception. We'll need cooperation from the big players on the web offering hosted services (Google took a step in the right direction recently with their encrypted search). And we'll need a better informed and educated public. But it isn't hard to imagine a near-future where all of our online interactions are through encrypted channels; where every email sent is encrypted as well as every file containing sensitive data; where the data posted on social networks that should only be seen by friends can only be seen by friends. Then all we'll have to do to enjoy a secure and social web is stop writing down our passwords on sticky notes.