Keep Your Data Safe With Secure Email

encryption

Are you using secure email?

This post is focused on secure email but some aspects like SSL and encryption apply equally to data in general.

  • With all the breaches in the headlines, it behooves us to secure our email.
  • Breaches expose client data that can be used to access your accounts.
  • Even if a hacker has your email account credentials, he may be unable to read encrypted email.
  • Email can be accessed by the unscrupulous in a number of ways.
  • Sending email without SSL is like sending your mail on postcards.

Think your data is safe?

Our focus is finding solutions that work for our clients with minimal intervention and/or setup.

Recent Breaches?

Fraud

These high profile breaches are a reminder that our data is not as secure as we would like.

Anything shared on the Internet is vulnerable to various types of snooping and hacks.

Email is no exception.

With the information gleaned from breaches, hackers may have direct access to your accounts if they uncovered passwords that you use elsewhere.

That’s why we suggest unique strong passwords  for every account.

Let’s investigate methods to secure our email.

How Difficult is it for Someone to Hack Your Data?

With folks getting emails on their mobile devices via Wi-Fi, it’s more important than ever to use secure email.

The best defense is to use encryption but that is not as convenient as we would like.

SSL email helps in most cases.

Otherwise your email is open to anyone that can sniff it out of the air.

That’s easier than you may think using attacks like Man in the Middle.

Hacking Methods Used

Once hackers have your information there are a number of ways to access your accounts.

With enough information, a determined hacker can gain access to your accounts.

  • Phishing – acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication
  • Man-in-the-middle attack (MITM) – attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Session stealing (cookie hijacking) – exploitation of a valid computer session (session key) to gain unauthorized access to information or services in a computer system. … theft of a magic cookie used to authenticate a user to a remote server.
  • Keylogging (Keystroke logging/keyboard capturing) –  recording (logging) the keys struck on a keyboard, typically covertly.
  • Social Engineering – psychological manipulation of people into performing actions or divulging confidential information
  • Hacking your computer – malware planted on your computer allows hackers complete access to your data
    • If a hacker has access to your computer you need to have it cleaned.

Doesn’t  SSL Secure My Email?

Using SSL for your email provides security between you and your email host.

Prior to SSL (Secure Socket Layer) emails were sent in plain text from your email client like Outlook to the host server.

Google’s chart below shows that most email to and from Gmail in the America’s uses SSL.

Volume of email to and from Gmail

SSL is helpful but it doesn’t keep anyone with access to the server from reading your email or necessarily guarantee that it will be transported to the recipient via SSL.

Client-side SSL is a step in the right direction but encrypting you email is much more secure.

Using SSL and SSL Email Setup?

If you want to check whether you are using SSL you can use Comcast’s guide to interrogate various email clients.

If you need to setup an email account to use SSL you can contact your provider or Google setup “Provider Name” email.

“Provider Name” is the provider who sends you a bill each month.

Implementing Secure Email

Secure Email

We encrypted email for our clients back in the late 1980s but it was tedious to setup and use.

Consequently, secure email was not considered a priority and seldom used.

We need encryption to ensure that sensitive email is not compromised.

This requires some inconvenience on the clients but it’s the best way to secure our email.

HIPAA Compliant Email

With the advent of the HIPAA (Health Insurance Portability and Accountability Act) companies have become more security aware.

If you send sensitive email or work in the medical industry you may be required to secure your email or face penalties.

The Health Insurance Portability and Accountability Act (HIPAA), sets the standard for protecting sensitive patient data. Any organization dealing with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

Paubox article on HIPAA compliance

sending receiving email

Is HIPAA Email Encrypted?

Some HIPAA email providers like GoDaddy do not necessarily encrypt email in transit.

There is some debate on whether or not HIPAA requires email to be encrypted.

GoDaddy encryption has an add-on for HIPAA email. It’s an all or nothing scenario so all your mailboxes either get encryption or they don’t.

Likewise encrypted email isn’t necessarily HIPAA compliant.

HIPAA compliance requires partners to sign a Business Associate Agreement (BAA).

HIPAA Compliant Hosts

GoDaddy and other hosts offer HIPAA compliant email.

Host

GoDaddy was the least expensive of the providers we found using Exchange email.

HIPAA COMPLIANT EMAIL

HIPAA requires health care providers to ensure that their business associates will safeguard Protected Health Information (PHI). If you are interested in emailing with your patients, or sending any patient data through email, you need to be sure that your email is protected in a HIPAA-compliant manner.

OFFICE 365 FROM GODADDY HELP

Exchange

Some vendors offer HIPAA compliant email with Exchange like features.

In some ways, these email services may surpass Exchange by encrypting email.

On the other hand, why not get a service that is like Exchange when you can have Exchange even if it isn’t encrypted.

Encryption

You need encryption if you want to secure your email while in transit.

Encryption Key

HIPAA email providers using Exchange email do not necessarily encrypt in transit.

There are, however,  encryption add-ons.

Encryption uses PGP key pairs.

One key is shared with the public and the other is private.

Without the private key, your message is safe from prying eyes.

Generating Keys

Part of the challenge of setting up and using PGP encryption is the generation and tracking keys.

Security Key

The nomenclature is a bit confusing.

Key generators typically import private keys and export public keys.

Some key generators will export both public and private keys simultaneously.

Kleopatra

GPG4Win’s Kleopatra Interface is a bit clunky but works fine once set up.

Kelopatra

We did have issues with some public certificates generated in Kleopatra not working with Gravity Form PGP Extension.

Interestingly the Kleopatra generated  public key did not work with Kleopatra but did work with Gmail Mailvelope extension.

Importing the  Kleopatra public key into Mailvelope and exporting produced a working certificate for our server.

Mailvelope

Mailvelope Chrome extension easy to install and use.

Mailvelope

After running into issues with Kleopatra generated public certificates, we tried generating keys via Mailvelope.

Unfortunately, the certificates didn’t install well on Gravity Form PGP Extension.

Gravity Form PGP Extension requires a matching email address for a notification email and the Mailvelope public certificates displayed none.

Symantec Desktop Email Encryption

Symantec Desktop Email Encryption was the easiest solution to work with but expensive.

It works with Macs & Windows but not Linux.

Once setup outlook emails are decrypted automatically with no intervention of the user.

Secure Email

ProtonMail and Gmail send encrypted email these days but you lose that

Secure Email

feature when you send to an outside account.

Gmail is not HIPAA compliant.

Google Apps business email is HIPAA compliant.

Web Forms

If your website asks for sensitive information you should use SSL and encryption to protect that data.

Installation instructions for Gravity Forms PGP Encryption plugin

Gravity Forms and their PGP Extension  makes it easy to setup an encrypted form.

Gravity Form PGP Extension requires public keys and matching email for notifications to be send.

Decryption

When you send encrypted email you must decrypt to read it.

The following table lists software that handles encryption/decryption.

Recommended Software

Gpg4win

Gpg4win is a free solution for Windows Outlook users.

  1. Import private key
  2. Certify you will be able to
  3. Decrypt messages
    1. Open message
    2. click decrypt

Mailvelope

Mailvelope is a free and easy solution to implement for Gmail and Chrome.

This is the easiest solution if you are using Gmail and Chrome.

  1. Install extension
  2. Import private key
  3. Emails are automatically decrypted

Conclusion

  • Use SSL Email at very least.
  • Make sure your computer doesn’t have malware.
  • Encrypt email if you and your correspondents want the most security.
  • Use HIPAA email if you deal with Protected Health Information (PHI).

Best Home Small Business Printer

Best Home Small Business Printer

Best Home Small Business Printer – where do I find one? The problem these days is that there are too many choices.

While a color laser printer used to be out of reach for home and small businesses they can be had for a reasonable price these days.

The initial cost of the Best Home Small Business Printer is just the beginning.

Keeping them in ink or toner can be expensive.

Bells and Whistles for Best Home Small Business Printer

Adding to the confusion of finding the Best Home Small Business Printer is all the bells and whistles that are available.

  • WiFi
  • FAX
  • ADF (Automatic Document Feeder)
  • Ethernet
  • print-shop-quality color prints
  • laser-sharp black and color text
  • high-speed prints
  • multiple paper trays
  • monthly duty cycle (pages/month)
  •  auto 2-sided print/copy/scan/fax.

Wireless Printers

Wireless printers allows printing from tablets (e.g., iPad) and

smartphones (e.g., iPhone). Not all printers make this easy.

Some printers may require mobile devices to print to the cloud (Internet).

While this can be useful we want our Best Home Small Business Printer to connect directly to.

Some may require you to print to their cloud or allow popular clouds like Dropbox, Google Drive, and OneDrive.

Printing to the cloud may not be a concern if you have high-speed Internet but it might be a problem if you depend on a cellular data plan to upload the files.

There are also security concerns for uploading sensitive documents to the cloud.

Downs Consulting recommends a wireless printer that doesn’t require printing to the cloud. We prefer our Best Home Small Business Printer to print directly via WiFi.

Printing to the cloud is a nice feature but we don’t want all our print jobs to go through it.

Wi-Fi

Wireless setup sounds nice. In theory you setup your Best Home Small Business Printer anywhere you have

Wireless Connection

power and WiFi reception and you are “good to go”.

The printer forums are littered with complaints about printers connected or rather not connected via WiFi.

It’s common for WiFi to drop the connections. It’s similar to mobile phone connections.

Dropping a connection in the middle of a big print job could cause problems. Maybe you would have to start all over again after waiting minutes for it to enter the print queue.

The reality is that WiFi is not as dependable as an Ethernet connection.

Our advice is to use a wired connection if at all possible. This requires an Ethernet connections which some models may not have.

Ethernet

This is our preferred method of connecting our printer. We

can still use WiFi to connect to our mobile devices.

Downs Consulting recommends a networked printer that is not tied to a computer.

Many printers limit their functions if connected via USB.

Some printers may not have this capability.

Footprint and Noise

A noisy printer right next to you in a small office is no small intrusion on

your space.

Likewise, a huge printer is not going to very welcome either.

While there are plenty of small printers they tend to skimp on some features.

A small printer may be better for a Home user that doesn’t need all the “bells and whistles”.

When we settled on our Best Home Small Business Printer we still had to convince our office that we had room for it.

Printer Maintenance Costs – Ink & Toner

A major concern is operating costs. It’s common to see the ink/toner

replacement cost more than the printer.

Printers often come with starter

supplies that don’t last as long as the standard capacity.

Usually, you can find high-yield supplies that are a better buy in the long run.

It also saves on the aggravation of running to the store for supplies.

Some printers may refuse to work at all if one of their cartridges are low. This is particularly frustrating if you don’t need that cartridge for the job you have queued up.

New Color Inkjet printers can be up to 50% cheaper to operate than a color laser.

Review Sites

Review sites are a good place to start looking for available features, costs,

and buyer or editor opinions.

Preferably the  site has lost of reviews so the overall score can’t be skewed one way or another by a few one-sided reviews.

If there are not many reviews you may not get an accurate assessment.

Likewise, the site should not have a vested interest in the sale of the product and reviewers should be able to post sincere remarks.

A lack of disparaging or complimentary remarks could be a sign of bias.

 

Consumer Reports

Consumer Reports is a great resource for buying appliances like this but you need a subscription to see their reviews online. They compile statistics on the main categories including maintenance cost, print quality, photo quality, and speed.

You can usually get a free trial for online or magazines. The magazines come with a buyers guide and is a good resource in itself.

The Consumer Reports interactive video below offers some good advice.  You can click on the sections you are most interested in.

Other Review Sites

Some websites like PC Magazine have editor and user reviews.

Amazon has good prices and user reviews.

Bad Reviews

No printer is perfect in every way and we found bad reviews on the best-rated ones.

Some bad reviews may have been from lemons or simply technical errors. Some may have had issues with their networks. Some may have been malicious.

Laser Printers

Since some inkjet printers are cheaper to run than a color laser we would

not recommend a color laser as a Best Home Small Business Printer.

If you are only concerned about printing text then you may want to consider buying a monochrome laser printer.

Text quality has long been the domain of the laser printer but even here  inkjet printers are competitive with text print quality and speed.

Inkjet Printers

For us, all roads point to a Multi-Function inkjet printer which is somewhat disappointing.

Just when the costs of color laser have become affordable, inkjet

Inkjet printer – Downs Consulting

technology has become competitive in all respects.

 

We shouldn’t complain since keeping up with multiple toners for the color laser is not a task we would want.

Inkjet ink itself is expensive enough.

Compromises for the Best Home Small Business Printer

 

If you find a printer that is perfect in every way then it is likely a budget breaker.

Consequently, you have to decide what’s the most important features you need and what you can do without.

Our Best Home Small Business Printer requirements:

  1. Network connection  using our LAN (local area )
  2. Print laser-sharp text
  3. Print color and text
  4. FAX
  5. Scan
  6. Low Cost
  7. Reasonable speed
  8. Reasonable maintenance costs – Save on ink or toner
  9. Multiple Paper Trays

Nice to have features

  1. ADF – Automatic Document Feeder
  2. Automatic 2-sided print/copy/scan/fax
  3. Easy printing from tablets and smartphones – Android, Apple & Windows products
  4. Fast print speeds
  5. Stunning graphics and images

Blocked Email Message – Unable to Send Email

Trouble with a blocked email message?

Sending email from your domain can be problematic at times.

Blocked Email Message

This article primarily deals with sending email from a public ip and using Non-SSL Settings for POP email. Most clients have their mail server hosted remotely but the IP address you send from is the one checked sending email using the default settings for POP email.

If your messages are not being delivered then you may have an IP address with a bad reputation that is being blocked by a server application like Barracuda’s Spam Blocker. Your IP address may be on one or more blacklists. This usually happens with a new account or an account that utilizes dynamic IP addresses.

You can troubleshoot this problem by taking down the anti-SPAM applications off-line if you control the server. If you don’t control the server you can utilize sites like mxtoolbox  to review the history of your IP address. This will tell you if your IP address is on a Reputation Block List (RBL) or blacklists. Once you know that you have issues with an ip you should consider using Secure SSL/TLS Settings to connect directly to your server.

If your ISP provides you with a dynamic ip you can try acquiring a new ip and check the repuation on it. Typically this is done by turning off power to the ISP’s modem. If you have static ips you can ask for a different block but this may require you to make changes at the registrar if those ips are used for the public. 

Connecting directly to your mail Server


A good solution for a blocked ip is to connect directly to your server using Secure SSL/TLS Settings thereby bypassing the RBL and blacklists. This means that you will now be using the IP address of the email server rather than the local IP address of your PC.

To authenticate using Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL), you need the port that your server accepts. A common port for sending email that bypasses RBL checking rules is 587. Check your host’s email client setup for Secure SSL/TLS Settings.

Issues with Connecting Directly


Connecting directly will avoid IP address bans from your location, but you need a certificate in place that satisfies your email client (e.g. Outlook). 

It’s common for hosts to use a common certificate for a server. While the common certificate will work, Outlook has a nag screen stating “the name on the security certificate is invalid or doesn’t match the name of the site” the 1st time you send an email in a session. Click Yes to proceed and sending email will continue working until you restart Outlook. Installing the certificate won’t help so don’t bother with viewing and installing the certificate in this instance. 

Some hosts will allow you to purchase SSL via 3rd parties like Comodo but others will require you to buy from the host. The hosts that allow you to buy your own certificate will assist you in the installation if you have managed hosting. Otherwise you may have to install it yourself. The hosts that require you to purchase from them generally do the install for you.

Public ip is Not Blocked


If you are not on a block list then you probably have port and/or mail server name issues. Most hosts have an Email Clients page that lists server names and associated ports for both Secure SSL/TLS Settings and Non-SSL Settings. Here’s a good example of a Email Clients page from GoDaddy. Some hosts like GoDaddy have autodiscover scripts that will attempt to find your servers and ports automatically. There are occasions where the autodiscover scripts are your best bet. You may have to logon to your hosting account to access the email client setup for your specific hosting plan.

We will assume that your mail server is not on a blacklist for this article but you should contact your host if that’s not the case. If for some reason your host was blocked and you didn’t want to change hosting, you could move the email hosting. Moving email hosting invloves pointing your email server (e.g. mail.domain.com) to the new host via your registrar.