Keep Your Data Safe With Secure Email

encryption

Are you using secure email?

This post is focused on secure email but some aspects like SSL and encryption apply equally to data in general.

  • With all the breaches in the headlines, it behooves us to secure our email.
  • Breaches expose client data that can be used to access your accounts.
  • Even if a hacker has your email account credentials, he may be unable to read encrypted email.
  • Email can be accessed by the unscrupulous in a number of ways.
  • Sending email without SSL is like sending your mail on postcards.

Think your data is safe?

Our focus is finding solutions that work for our clients with minimal intervention and/or setup.

Recent Breaches?

fraud
Fraud

These high profile breaches are a reminder that our data is not as secure as we would like.

Anything shared on the Internet is vulnerable to various types of snooping and hacks.

Email is no exception.

With the information gleaned from breaches, hackers may have direct access to your accounts if they uncovered passwords that you use elsewhere.

That’s why we suggest unique strong passwords  for every account.

Let’s investigate methods to secure our email.

How Difficult is it for Someone to Hack Your Data?

With folks getting emails on their mobile devices via Wi-Fi, it’s more important than ever to use secure email.cartoon-hacker-with-laptop-400

The best defense is to use encryption but that is not as convenient as we would like.

SSL email helps in most cases.

Otherwise your email is open to anyone that can sniff it out of the air.

That’s easier than you may think using attacks like Man in the Middle.

Hacking Methods Used

Once hackers have your information there are a number of ways to access your accounts.

With enough information, a determined hacker can gain access to your accounts.phishing-and-spy

  • Phishing – acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication
  • Man-in-the-middle attack (MITM) – attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Session stealing (cookie hijacking) – exploitation of a valid computer session (session key) to gain unauthorized access to information or services in a computer system. … theft of a magic cookie used to authenticate a user to a remote server.
  • Keylogging (Keystroke logging/keyboard capturing) –  recording (logging) the keys struck on a keyboard, typically covertly.
  • Social Engineering – psychological manipulation of people into performing actions or divulging confidential information
  • Hacking your computer – malware planted on your computer allows hackers complete access to your data
    • If a hacker has access to your computer you need to have it cleaned.

Doesn’t  SSL Secure My Email?

Using SSL for your email provides security between you and your email host.

Prior to SSL (Secure Socket Layer) emails were sent in plain text from your email client like Outlook to the host server.

Google’s chart below shows that most email to and from Gmail in the America’s uses SSL.

email-Gmail Secure Email
Volume of email to and from Gmail

SSL is helpful but it doesn’t keep anyone with access to the server from reading your email or necessarily guarantee that it will be transported to the recipient via SSL.

Client-side SSL is a step in the right direction but encrypting you email is much more secure.

Using SSL and SSL Email Setup?

If you want to check whether you are using SSL you can use Comcast’s guide to interrogate various email clients.

If you need to setup an email account to use SSL you can contact your provider or Google setup “Provider Name” email.

“Provider Name” is the provider who sends you a bill each month.

Implementing Secure Email

Secure Email
Secure Email

We encrypted email for our clients back in the late 1980s but it was tedious to setup and use.

Consequently, secure email was not considered a priority and seldom used.

We need encryption to ensure that sensitive email is not compromised.

This requires some inconvenience on the clients but it’s the best way to secure our email.

HIPAA Compliant Email

With the advent of the HIPAA (Health Insurance Portability and Accountability Act) companies have become more security aware.

If you send sensitive email or work in the medical industry you may be required to secure your email or face penalties.

The Health Insurance Portability and Accountability Act (HIPAA), sets the standard for protecting sensitive patient data. Any organization dealing with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

Paubox article on HIPAA compliance

sending receiving email
sending receiving email

Is HIPAA Email Encrypted?

Some HIPAA email providers like GoDaddy do not necessarily encrypt email in transit.

There is some debate on whether or not HIPAA requires email to be encrypted.

GoDaddy encryption has an add-on for HIPAA email. It’s an all or nothing scenario so all your mailboxes either get encryption or they don’t.

Likewise encrypted email isn’t necessarily HIPAA compliant.

HIPAA compliance requires partners to sign a Business Associate Agreement (BAA).

HIPAA Compliant Hosts

GoDaddy and other hosts offer HIPAA compliant email.

Host
Host

GoDaddy was the least expensive of the providers we found using Exchange email.

HIPAA COMPLIANT EMAIL

HIPAA requires health care providers to ensure that their business associates will safeguard Protected Health Information (PHI). If you are interested in emailing with your patients, or sending any patient data through email, you need to be sure that your email is protected in a HIPAA-compliant manner.

OFFICE 365 FROM GODADDY HELP

Exchange

Some vendors offer HIPAA compliant email with Exchange like features.

In some ways, these email services may surpass Exchange by encrypting email.

On the other hand, why not get a service that is like Exchange when you can have Exchange even if it isn’t encrypted.

Encryption

You need encryption if you want to secure your email while in transit.

Encryption Key
Encryption Key

HIPAA email providers using Exchange email do not necessarily encrypt in transit.

There are, however,  encryption add-ons.

Encryption uses PGP key pairs.

One key is shared with the public and the other is private.

Without the private key, your message is safe from prying eyes.

Generating Keys

Part of the challenge of setting up and using PGP encryption is the generation and tracking keys.

Security Key
Security Key

The nomenclature is a bit confusing.

Key generators typically import private keys and export public keys.

Some key generators will export both public and private keys simultaneously.

Kleopatra

GPG4Win’s Kleopatra Interface is a bit clunky but works fine once set up.

Kelopatra
Kelopatra

We did have issues with some public certificates generated in Kleopatra not working with Gravity Form PGP Extension.

Interestingly the Kleopatra generated  public key did not work with Kleopatra but did work with Gmail Mailvelope extension.

Importing the  Kleopatra public key into Mailvelope and exporting produced a working certificate for our server.

Mailvelope

Mailvelope Chrome extension easy to install and use.

Mailvelope
Mailvelope

After running into issues with Kleopatra generated public certificates, we tried generating keys via Mailvelope.

Unfortunately, the certificates didn’t install well on Gravity Form PGP Extension.

Gravity Form PGP Extension requires a matching email address for a notification email and the Mailvelope public certificates displayed none.

Symantec Desktop Email Encryption

Symantec Desktop Email Encryption was the easiest solution to work with but expensive.

It works with Macs & Windows but not Linux.

Once setup outlook emails are decrypted automatically with no intervention of the user.

Secure Email

ProtonMail and Gmail send encrypted email these days but you lose that

Secure Email
Secure Email

feature when you send to an outside account.

Gmail is not HIPAA compliant.

Google Apps business email is HIPAA compliant.

Web Forms

If your website asks for sensitive information you should use SSL and encryption to protect that data.

Installation instructions for Gravity Forms PGP Encryption plugin
Installation instructions for Gravity Forms PGP Encryption plugin

Gravity Forms and their PGP Extension  makes it easy to setup an encrypted form.

Gravity Form PGP Extension requires public keys and matching email for notifications to be send.

Decryption

When you send encrypted email you must decrypt to read it.

The following table lists software that handles encryption/decryption.

PGP-Software
Recommended Software

Gpg4win

Gpg4win is a free solution for Windows Outlook users.

  1. Import private key
  2. Certify you will be able to
  3. Decrypt messages
    1. Open message
    2. click decrypt

Mailvelope

Mailvelope is a free and easy solution to implement for Gmail and Chrome.

This is the easiest solution if you are using Gmail and Chrome.

  1. Install extension
  2. Import private key
  3. Emails are automatically decrypted

Conclusion

  • Use SSL Email at very least.
  • Make sure your computer doesn’t have malware.
  • Encrypt email if you and your correspondents want the most security.
  • Use HIPAA email if you deal with Protected Health Information (PHI).

Best Home Small Business Printer

Color Printer

Best Home Small Business Printer

Best Home Small Business Printer – where do I find one? The problem these days is that there are too many choices.

While a color laser printer used to be out of reach for home and small businesses they can be had for a reasonable price these days.

The initial cost of the Best Home Small Business Printer is just the beginning.

Keeping them in ink or toner can be expensive.

Bells and Whistles for Best Home Small Business Printer

Adding to the confusion of finding the Best Home Small Business Printer is all the bells and whistles that are available.

  • WiFi
  • FAX
  • ADF (Automatic Document Feeder)
  • Ethernet
  • print-shop-quality color prints
  • laser-sharp black and color text
  • high-speed prints
  • multiple paper trays
  • monthly duty cycle (pages/month)
  •  auto 2-sided print/copy/scan/fax.

Wireless Printers

Wireless printers allows printing from tablets (e.g., iPad) and

Wi Fi

smartphones (e.g., iPhone). Not all printers make this easy.

Some printers may require mobile devices to print to the cloud (Internet).

While this can be useful we want our Best Home Small Business Printer to connect directly to.

Some may require you to print to their cloud or allow popular clouds like Dropbox, Google Drive, and OneDrive.

Printing to the cloud may not be a concern if you have high-speed Internet but it might be a problem if you depend on a cellular data plan to upload the files.

There are also security concerns for uploading sensitive documents to the cloud.

Downs Consulting recommends a wireless printer that doesn’t require printing to the cloud. We prefer our Best Home Small Business Printer to print directly via WiFi.

Printing to the cloud is a nice feature but we don’t want all our print jobs to go through it.

Wi-Fi

Wireless setup sounds nice. In theory you setup your Best Home Small Business Printer anywhere you have

Wireless Connection
Wireless Connection

power and WiFi reception and you are “good to go”.

The printer forums are littered with complaints about printers connected or rather not connected via WiFi.

It’s common for WiFi to drop the connections. It’s similar to mobile phone connections.

Dropping a connection in the middle of a big print job could cause problems. Maybe you would have to start all over again after waiting minutes for it to enter the print queue.

The reality is that WiFi is not as dependable as an Ethernet connection.

Our advice is to use a wired connection if at all possible. This requires an Ethernet connections which some models may not have.

Ethernet

This is our preferred method of connecting our printer. We

network connector

can still use WiFi to connect to our mobile devices.

Downs Consulting recommends a networked printer that is not tied to a computer.

Many printers limit their functions if connected via USB.

Some printers may not have this capability.

Footprint and Noise

A noisy printer right next to you in a small office is no small intrusion on

foot print

your space.

Likewise, a huge printer is not going to very welcome either.

While there are plenty of small printers they tend to skimp on some features.

A small printer may be better for a Home user that doesn’t need all the “bells and whistles”.

When we settled on our Best Home Small Business Printer we still had to convince our office that we had room for it.

Printer Maintenance Costs – Ink & Toner

A major concern is operating costs. It’s common to see the ink/toner

replacement cost more than the printer.

Printers often come with starter

operating costs

supplies that don’t last as long as the standard capacity.

Usually, you can find high-yield supplies that are a better buy in the long run.

It also saves on the aggravation of running to the store for supplies.

Some printers may refuse to work at all if one of their cartridges are low. This is particularly frustrating if you don’t need that cartridge for the job you have queued up.

New Color Inkjet printers can be up to 50% cheaper to operate than a color laser.

Review Sites

Review sites are a good place to start looking for available features, costs,

editors' choice

and buyer or editor opinions.

Preferably the  site has lost of reviews so the overall score can’t be skewed one way or another by a few one-sided reviews.

If there are not many reviews you may not get an accurate assessment.

Likewise, the site should not have a vested interest in the sale of the product and reviewers should be able to post sincere remarks.

A lack of disparaging or complimentary remarks could be a sign of bias.

 

Consumer Reports

Consumer Reports is a great resource for buying appliances like this but you need a subscription to see their reviews online. They compile statistics on the main categories including maintenance cost, print quality, photo quality, and speed.

You can usually get a free trial for online or magazines. The magazines come with a buyers guide and is a good resource in itself.

The Consumer Reports interactive video below offers some good advice.  You can click on the sections you are most interested in.

Other Review Sites

Some websites like PC Magazine have editor and user reviews.

Amazon has good prices and user reviews.

Bad Reviews

No printer is perfect in every way and we found bad reviews on the best-rated ones.

Some bad reviews may have been from lemons or simply technical errors. Some may have had issues with their networks. Some may have been malicious.

Laser Printers

Since some inkjet printers are cheaper to run than a color laser we would

laser

not recommend a color laser as a Best Home Small Business Printer.

If you are only concerned about printing text then you may want to consider buying a monochrome laser printer.

Text quality has long been the domain of the laser printer but even here  inkjet printers are competitive with text print quality and speed.

Inkjet Printers

For us, all roads point to a Multi-Function inkjet printer which is somewhat disappointing.

Just when the costs of color laser have become affordable, inkjet

Inkjet printer Downs Consulting
Inkjet printer – Downs Consulting

technology has become competitive in all respects.

 

We shouldn’t complain since keeping up with multiple toners for the color laser is not a task we would want.

Inkjet ink itself is expensive enough.

Compromises for the Best Home Small Business Printer

office

 

If you find a printer that is perfect in every way then it is likely a budget breaker.

Consequently, you have to decide what’s the most important features you need and what you can do without.

Our Best Home Small Business Printer requirements:

  1. Network connection  using our LAN (local area )network
  2. Print laser-sharp text
  3. Print color and text
  4. FAX
  5. Scan
  6. Low Cost
  7. Reasonable speed
  8. Reasonable maintenance costs – Save on ink or toner
  9. Multiple Paper Trays

Nice to have features

  1. ADF – Automatic Document Feeder
  2. Automatic 2-sided print/copy/scan/fax
  3. Easy printing from tablets and smartphones – Android, Apple & Windows products
  4. Fast print speeds
  5. Stunning graphics and images

Multiple Networks – Combining

Need to combine multiple networks?

Network – Router – Windows 8 – Mac – Printers

Combining Multiple Networks

Combining Multiple Networks
Combining Multiple Networks

Combining Multiple Networks can be tricky. Perhaps you had everything on the same network and replaced or introduced new hardware.

 

Let’s say that you have a small network with printers, PCs, Macs, connected via a switch to your Internet Service Provider’s,  (ISP‘s) router/modem. This is not the best network design but it’s common for home and small offices. For the most part this network will work OK but you lose some security & versatility by using the ISP provided router/modem.

If our router/modem fails in the above scenario you will typically call your ISP to provide another router/modem. Since they are not likely to configure the router/modem you may end up with a new network. Let’s say that they switched you from the LAN of 192.168.0.1 to 192.168.1.1.

Since you are now on a new network anything with a static ip won’t work. DHCP devices should be fine. There are several alternatives to fix the new network:

Change the router subnets.

Network Router
Technicians connecting network cable.

While this is the simplest change there may be issues that you don’t foresee and you won’t get a lot of help from the ISP. This also requires you to have the credentials. Typically you can find these on the router itself unless it’s been changed. Even if it has you can use a reset.

You may find yourself stranded from the router if you are connecting through the existing network. That’s one reason you need a direct connection to the router. All in all this simple change may be the most intimidating.

Change the Printers with static ips

Printers typically are assigned static ips which are outside the scope of DHCP. This prevents a conflicting ip from showing up on your network. In general printer ips are not that difficult to change through the menu. In some cases, you may need credentials to make the changes.

You will need to update the ip on the ports of printers or just remove & add the printer. The latter is the best method since it will force the computer to download the driver.

You may also need to calibrate your printer to make sure image quality is OK.

Windows 8

Windows 8
Windows 8

Windows 8 adds another obstacle to making changes. For starters there’s no start bar. You can swipe from right edge and search for Printer or Control Panel.

You can use the Charm bar (position mouse in the top or bottom right corners of the screen or Windows C) to search. An easier method is to right-click to get the lower left corner of the screen. This opens the Quick Access Menu. Likewise Windows “i” opens another Charm Bar Settings with the Control Panel.

Once you get into the printer properties changing the printers is much the same as in Windows 7. It’s probably best to just remove the printer and add it back with the new ip.

MAC

Macs make things easy but it’s not always apparent that you are getting the results you want. Once your printers are up and running on the new ip it’s simple enough to go to any print menu and add the printer.

The preferred method is to delete the printer from the Print Center (/Applications/Utilities/) and then add the printer with the new ip.

Testing

You will want to print a test page from all workstations and check the print quality. Look closely since some issues may clip the print and/or use too wide a margin.