One of the most common questions people have when searching for a secure solution to their online communications for protection and regulatory compliance such as HIPAA is "Will it work with Outlook?"
Microsoft Outlook™ is one of the most popular and powerful client email programs in the world, and it can do many things, such as manage and sort your email, track your appointments, manage your business and personal contacts, manage lists and groups, and allow for online collaboration. To call it feature-rich would be an understatement. However, when an application tries to be so many things to so many people, security often gets lost in the shuffle. The battle between providing features and ensuring security is ongoing. This is why Adobe and browser providers are constantly pushing down updates to their products. They need constantly to strive to be fancy, feature-rich, and oh! ...also secure, so when you click on that fun-looking link or install that cute little applet, your bank account isn't drained instantly, only to be discovered weeks later when the criminals who hacked you are lounging on a little beach someplace in Aruba, sipping drinks you paid for.
Secure messaging, on the other hand, generally focuses on just two things: Security and ease of use. It does work with Microsoft Outlook™, and almost every other email client available, but your secure messages aren't actually stored in your inbox on your local machine. They are kept on the secure server, which is the only place from which they can be accessed. For several reasons, this is true of most approaches to doing secure messaging in order to keep data truly safe. The fewer whistles and bells that can connect to and manipulate your secure data and messages, the less chance there is of security holes in the "feature-rich" software, compromising your data and that of your clients, patients, or customers.
Email by its very nature is highly insecure because it is sent over the internet in CLEAR TEXT. This means anyone with a packet sniffer and a hard-wired connection at the location of your ISP or company network can actually see what you are sending across the wire and capture it to disk. The scary thing is, even a child could do it with very little research and practice. It is not difficult to learn how, which is why criminal hackers do it so frequently, as news reports will attest.
The bigger problem with email security, which most people don't even realize, is that it makes copies of itself all over the internet. It gets copied on the sender's computer in their 'Sent mail' box. It gets copied again to the server that sends the email. It then gets copied again to the server that receives the email. The email then of course gets copied to recipients' computers when they download the email.
Then there are all the backups made of these emails. Most people now know they need to backup their data and email regularly, so they do. Copies of that get burned to CD or to backup servers on Local Area Networks. Automated backups get stored in "the cloud" (i.e. clusters of redundant servers spread all over the world that keep many copies of your data) elsewhere on the internet. The question isn't who has a copy of your email, the real question is, who doesn't?
So-called "Secure Email" addresses the fact that regular email is sent in CLEAR TEXT by encrypting the communication on the sender's end, then decrypting it from the inbox directly on the recipient's local computer. It does not, however, even in the case of having a web-based secure email portal, address the fact that multiple copies are stored all across the internet in the form of backups, as well as on the computers of the sender and recipients. Encrypted confidential data will only stay encrypted for so long when a laptop that it lives on is stolen. Cryptographers claim their ciphers will take decades to crack, only to be proven wrong weeks or months later. Regardless, under HIPAA laws, individuals who have had their data stolen in a data breach must be notified, and any data breach affecting more than 500 individuals needs to be made public. This is true whether or not the data of the affected individuals was encrypted.
Furthermore, there is no control over where the data goes with "Secure" email just as with regular email. Encrypting it only solves part of the problem. It does not address the issues regarding the redundancy of the data stored across the internet as well as on local personal computers. The fact is, the most secure email provider you can find providing plugins to your mail client to encrypt and decrypt messages is not going to protect your information as well as a secure messaging system.
Unlike email, server-side applications such as secure messaging store the data centrally and in one secure location. Backups are also performed, but the data remains under the control of the vendor, not roaming freely all over the internet as when an email, encrypted or not, is sent. Replication of the data is dangerous, again, because it provides more copies of that data to be captured and made vulnerable to crackers. Simply put, secure email has a greater number of points of possible failure when it comes to protecting the data.
Secure messaging is like a secure email portal, but without the data getting copied across the internet every time a message is sent. Secure messaging uses regular email to send a simple notification to the recipient with a link to a website allowing them to access their secure message. If it's truly secure, the website will be encrypted and a password known only to the recipient will be entered to access the encrypted document across an encrypted web connection. Passwords with access to sensitive data should never be sent in clear text emails. This is a good benchmark to use when looking at different products that claim to provide you with superior data security. A secure message can't be stored in your Inbox on your local computer under a standard email client and be as protected and secure. Email can be used for regular messages, but sensitive information should be sent using the secure messaging system. Another advantage to web-based secure messaging is that it can be accessed from anywhere, anytime, which is not always true of secure email.
We designed WordSecure Messaging to have all the benefits of encrypted email in a secure, centralized, password-protected, web-based environment. The message data and attachments are written to and retrieved from the server in an industry-standard encrypted format used by banks and ecommerce sites worldwide. With WordSecure Messaging, messages can be set to expire automatically or be archived indefinitely, depending on your organization's security policies and needs. The system is flexible and can be customized but is also highly secure by virtue of the fact that it remains so simple to use. For all these reasons, secure messaging is the preferred solution to encrypted communications over the internet.
Please contact WordSecure, LLC if you have any questions about how WordSecure Messaging can be used at your organization to protect the confidentiality of your and your clients' personal data, financial data, or protected health information (PHI).
- Jonathan S. Lybrook is Managing Partner for WordSecure, LLC.
Get Started with WordSecure Messaging now and be using it in minutes. It's the easiest way to send information securely.