• linkedin
  • Increase Font
  • Sharebar

    Are your emails safe?

    Why you need to be more concerned about email security — and what you can do about it.


    Phishing is often successful because of a technique known as email address spoofing, where the attackers use addresses in the “from” field that mimic legitimate accounts such as a bank, or even one using your company’s domain name to make the email appear to come from an internal sender like one of your staff.

    The latest trend is to target specific individuals or groups within organizations in a more personal and devious manner — now called spearphishing. Spearphishing is a common tactic of Advanced Persistent Threat campaigns, which aim to gain entry to the target organization’s network and obtain confidential information.

    Related article: 7 ways to avoid becoming a HIPAA horror story

    If you want to shoot for compliance, here are three simple steps:

    1. Start with defining a policy and educating users. Provide your employees and stakeholders with a documented policy that explains the key elements of your data loss prevention strategy. Focus on the types of data you need to protect, your motivations for protecting it, the consequences if you don’t and the procedures to follow to ensure it’s protected.
    2. Deploy email data protection technology. Your users and policy must be supported by effective, transparent technology. You need a solution to protect from accidental loss and to secure sensitive data that must leave the organization. A secure email gateway with policy-based encryption is an essential element of any effective data protection compliance solution.
    3. Start with the essentials, expand over time. Data protection can easily become overwhelming, which is why it’s important to prioritize your data protection needs. Start with the most likely source of leaks: email. Make sure you’ve got the necessary policies in place to protect your most sensitive client, employee or partner data first, including credit card numbers, Social Security numbers and other HIPAA data. Once those policies are running smoothly, you should consider broadening your implementation. 
    Dr. Lorne Lavine
    Dr. Lorne Lavine, founder and president of Dental Technology Consultants, has more than 30 years invested in the dental and dental ...


    Add Comment
    • No comments available