The COVID-19 crisis has changed the way we approach data privacy and email security. The necessary and accelerated transition to working from home has been accompanied by a growing surge of Coronavirus-themed phishing scams and spoofed websites used to distribute malware or lure victims into providing confidential information.
Healthcare systems are seen as a particularly valuable target for these cyberattacks, with hospitals around the world suffering confirmed cyber attacks since the start of the pandemic. In fact, Interpol has issued a “Purple Notice” alerting healthcare organizations engaged in the virus response, as well as police departments in all of its 194 member countries, to the heightened ransomware threat. And the primary entry point for these attacks, according to Interpol? “Emails – often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment.”
Unfortunately, as this article from Threatpost points out, this is happening at the same time that employees are working from home, and although well-intentioned, are increasingly participating in negligent behaviors that put company data at risk. Whether due to working in unsecured environments from home, or a lack of appropriate training on how to handle sensitive data, these "negligent insiders" are an increasing threat to data protection.
Further, while highly regulated industries such as healthcare tend to conduct security training more frequently, their incidence of unauthorized data being digitally misdirected by departing employees is among the highest. This means healthcare organizations must constantly be on guard against leaks of confidential data transmitted via email and other outbound threats while still meeting the latest data privacy and compliance regulations.
Protecting Your Business with Security Gateway for Email and MDaemon Email Server
Both MDaemon and Security Gateway are packed with features to help protect healthcare entities from spam, malware and other email-borne threats, including the latest COVID-19 related phishing scams; whether your facility uses MDaemon or Security Gateway, you’ve got total control to provide the most secure email to suit your needs. That holds true for our hosted email and secure email gateway services as well as on-premise deployments, so to help healthcare facilities meet the challenges of securing online communications as employees work from home, I’d like to share a few email security best practices.
Best Practices for Secure Email with Security Gateway
Use Data Leak Prevention to prevent sensitive data from being sent via email
As healthcare facilities, doctors, and mental health professionals transition to online appointments, personal data such as Social Security numbers, diagnoses and treatment details are more likely to be shared online, and this can present important privacy and compliance implications. To help prevent this sensitive information from being sent via email, Security Gateway includes Data Leak Prevention to detect email messages containing sensitive content and then reject them, encrypt them, or place them in the administrative quarantine for review.
Block spam, viruses, ransomware, and more
Security Gateway can also help protect against the latest COVID-19 related spam and virus outbreaks with its dual antivirus engines and Zero-Hour Virus Outbreak Protection. Administrators have complete control over their anti-spam and antivirus settings, including quarantine configuration and reporting tools to help ensure junk email gets blocked while legitimate email gets delivered.
Follow email archiving and retention best practices
Healthcare organizations must also be careful to regularly revisit their email compliance and archiving requirements. Security Gateway’s built-in archiving includes retention policies and legal hold to help businesses meet current regulations or respond to litigation requests.
Best Practices for Secure Email with MDaemon Email Server
Use content filtering and email encryption
To help prevent confidential data sent via email from getting into the wrong hands, MDaemon administrators can create content filtering rules to encrypt messages containing sensitive data using OpenPGP email encryption.
Use MDaemon AntiVirus
MDaemon AntiVirus with Zero-Hour Virus Outbreak Protection helps protect business from the latest COVID-19 related spam and malware outbreaks. It uses Recurrent Pattern Detection technology to identify the latest spam and malware within minutes (or even seconds) of an outbreak.
Use secure connections to send and receive email
We always recommend using SSL and TLS for secure email messaging. Administrators can take things a step further by requiring employees to configure their email clients to send email over a secure, encrypted connection using port 587 instead of the standard port 25, which does not use SSL.
Use secure connections for instant messaging
Your remote workforce will likely be using MDaemon Instant Messenger as well, so to help ensure these communications are kept private, MDaemon’s XMPP server supports communication over the secure SSL port for both XMPP and HTTPS connections.
Use Email Encryption in MDaemon Webmail
MDaemon Webmail users can easily send encrypted email messages on-demand from the message compose window.
Use two-factor authentication
MDaemon Webmail supports two-factor authentication to protect against password guessing attempts and unauthorized login attempts.
Times Are Changing
With the rapid shift to remote work, healthcare organizations must stay on top of the latest cyber threats and trends, and this holds especially true to ensure the security of remote employees’ email.