Posts

Innovate More, Fear Less at CETPA 2017 with SonicWall for Your School Network

Recently, the personal information of Palo Alto High School students was published via a website that allowed students to see class rankings, grade-point averages and identification numbers. Is your school network at risk?

Know your best defense against new threats. Join SonicWall at Booth 904 at the 2017 CETPA Annual Conference on Nov. 14-17 in Pasadena, California. With over 3,000 K-12 schools and districts relying on SonicWall next-generation firewalls and real-time automated breach detection and prevention with SonicWall Advanced Threat Protection cloud sandboxing service, we’ll be onsite to share our expertise on the latest threats and best practices to stop cyber attacks.

Can’t-miss highlights include:

  • Solving Real-world Network Security Issues in Today’s K-12 Campus Environment
    • Speaker: Jenna Burrows, Director of Business Services, Calistoga Joint Unified School District.
    • Date & Time: 4 p.m., Nov. 14
    • Location: Room 204
    • Learn how this district, with the help of SonicWall Silver partner Napa Valley Networks, provides over 900 students and staff with secure, uninterrupted network access, protects students from harmful web content and stops hackers from stealing confidential records. We’ll also explore advantages of a managed SonicWall’s Security-as-a-Service (SECaaS) approach to network security.

“It’s really hard for districts, at any point, to have to lay out a large amount of money,” for projects of this type, says Burrows. “It’s just not reasonable. There’s really no value in us purchasing it outright, and then, say, it’s obsolete in a couple years anyway. It makes a lot more sense for us to do it monthly. It (SonicWall Security-As-A-Service) provides more flexibility but it’s also much more reasonable in terms of breaking out the costs, not having to pay a large upfront amount.” said Jenna Burrows, Director of Business Services, Calistoga Joint Unified School District.

  • Vendor Shootout: Capture Advanced Threat Protection Sandbox
    • Presenter: Tim Johnson, System Engineer, SonicWall
    • Date & Time: 8 a.m., Nov. 16
    • Examine and compare the effectiveness of SonicWall’s Capture ATP, a leading cloud sandboxing solutions in preventing zero-day and advanced threats. Following the shootout, discuss your specific needs with our experts at booth 904 in the exhibit hall from 9-4 p.m.
  • SonicWall Live Demos
    • Date & Time: 9-4 p.m.

Throughout the event, we’ll be showcasing the SonicWall Advanced Threat Protection sandbox service, the new SonicOS 6.5, NSA 2650 next-gen firewall, SonicWave Wireless Access Points,  Cloud Analytics and Secure Mobile Access 12.1 with ongoing demonstrations focused on:

  •  Advanced Threats: Watch our award-winning multi-engine sandbox, SonicWall Capture ATP, scan network traffic in the cloud, and block unknown files until our Capture Threat Network reaches a verdict in near real-time.
  • Encrypted Threats: Most web-based malware is hidden by SSL/TLS encryption. Watch our DPI-SSL uncover hidden malicious attacks, block C&C communications and stop data exfiltration.
  • Wireless & Mobile Threats: Wi-Fi and mobile devices present a major security risk for students, faculty and administrators. View our Wireless and Mobile Access solutions, including the new Secure Mobile Access (SMA) 12.1 and SonicWave 802.11ac Wave 2 wireless access points.
  • Email Threats: Email remains a primary vector for attacks, such as ransomware. Discover how our next-gen Email Security solution can block spoofed email attacks with hosted and on-premise configurations.
  • Restricted Web Content: Protect students and employees, and meet K-12 regulatory compliance. Watch our Content Filtering Client block inappropriate, unproductive, illegal and malicious web content on school-issued devices taken off campus.

SonicWall is dedicated to helping K-12 schools and districts innovate more and fear less. Realize the promise of technology-driven learning environments, on campus and over the web.

Join us at the 2017 CETPA Annual Conference, tune in via Twitter #CETPA2017 and follow @SonicWall.

Enemy at the Corporate Gate: Why Email Security is More Crucial Than Ever with Dell and SonicWall

Note: This is guest blog post by Bryan Chester, Vice President of North America Partner Software and Imaging Sales at Dell.

Email has long been acknowledged as a business critical application. However, it can expose your organization to devastating sabotage by offering hackers an easily accessible vehicle to exploit vulnerabilities in your organization’s network security.

There are a multitude of repercussions if email-based threats such as ransomware, phishing, or viruses make it into your email servers and users’ inboxes.  Given today’s complex threats, it is crucial that organizations deploy a multi-layered security solution that includes dedicated, leading edge email protection.

Even with the knowledge of that threat, it is becoming increasingly difficult to accurately detect all of the bad emails without creating a bottleneck and dampening your employee productivity. This is especially true for emails containing attachments.

So what can you do to protect your environment at an email level while not slowing down your critical business processes? Dell and SonicWall can help you answer that question.

SonicWall Email Security leverages multiple patented SonicWall threat detection techniques and a unique worldwide attack identification and monitoring network. This next-generation SonicWall Email Security solution protects your organization from today’s most advanced email threats.

SonicWall Email Security includes the cloud-based Capture ATP (Advanced Threat Protection) service that can scan a broad range of email attachment types, analyze them in a multi-engine sandbox, and block dangerous files or emails before they reach your network. Email Security with Capture ATP gives you a highly effective and responsive defense against email threats, all at a low TCO.

SonicWall Email Security features include:

  • Advanced Threat Protection: Integrates Capture cloud-based sandboxing technology for detection of zero-day threats such as ransomware, for fine-grained inspection of SMTP traffic
  • Next-generation Email Protection: Incorporates anti-spam, anti-virus and anti-spoofing functionalities to not only detect and prevent spam and other unwanted email, but also scan email messages and attachments for ransomware, Trojan horses, worms and other types of malicious content.
  • Improved Office 365 Support: Enhances security for multi-tenant environments by providing a method for ensured, mapped delivery of emails for SonicWall Hosted Email Security environments
  • Updated Line of Appliances: Refreshes SonicWall’s line of Email Security Appliances (hardware and virtual options), helping customers to better face threats delivered by email.
  • Encryption Protection: Supports not only SMTP Authentication, but also the encryption service feature enables any email containing protected data to be automatically encrypted, routed for approval or archived.
  • Policy and Compliance Management: Enables an administrator to enact policies that filter messages and their contents as they enter or exit the organization. This allows organizations to meet regulatory requirements based on government legislation, industry standards or corporate governance activities.
  • To learn more download the SonicWall Email Security 9.0 data sheet or view a live demo of the SonicWall Email Security Solution to see all of the latest enhancements.

Reach out to your Dell and SonicWall contacts today to learn more about how SonicWall Email Security can protect your organization by scanning all inbound and outbound email content and attachments for sensitive data, all while delivering real-time protection from spam, phishing, viruses, malicious URLs, spoofing, Denial of Service (DoS), and a myriad of other unknown and sometimes unimaginable attacks.

Securing Email in the Age of Ransomware and Phishing Attacks

Email security has become a big concern for organizations, thanks to phishing campaigns that deliver ransomware. Recently, there has been no shortage of notable cyber attacks. The Google Docs attack, Docusign phishing attackGannet phishing attack, and Jaff ransomware and its variants were all delivered through phishing emails.  Most recently, the WannaCry ransomware attack was spread through an SMB vulnerability.

According to a survey by the SANS institute, spear-phishing and whaling attacks are increasing dramatically. Spear phishing was identified as the second most significant type of attack (ransomware takes the honors for the top spot).  In the case of spear phishing attacks, cyber criminals are carrying out extensive social engineering activities to gather personal information and craft messages that appear from trusted sources to gain the victim’s confidence.

It is becoming increasingly difficult to accurately detect all bad emails, especially those containing attachments, without slowing down email to such an extent that it impacts employee productivity. In many cases, critical business communications need to be delivered promptly, without any delay or being lost in junk or spam folders. In addition, traditional signature-based technologies are proving to be ineffective in stopping phishing emails that contain malicious payloads such as zero-day/unknown malware and ransomware.

In today’s landscape, an effective email security solution should:

  • Align with and complement your network security solutions
  • Integrate with network sandboxing to scan all you SMTP traffic and email attachments
  • Provide granular administrative control over settings and must be able to set policies such as “Tag a subject line” or “Strip email attachment” in cases where communication is of the utmost importance
  • Feature anti-spoofing authentication mechanisms such as DKIM, SPF and DMARC, to protect against impostor emails
  • Offer encryption and data leakage prevention (DLP) capabilities for outbound protection

Email is the top attack vector, and most cyber attacks typically start with a phishing or spear phishing attack. Almost every organization has deployed some sort of email security solution. However, the threat landscape is constantly evolving and today’s advanced threats are designed to bypass traditional security techniques. Now is the right time to evaluate the currently deployed solution and analyze gaps in your security posture. To reduce risk exposure, email security must use a multi-layered approach. Read our solution brief to learn about the critical capabilities of next-generation email security here.

Wrapped Up a Winning Week at Dell EMC World 2017: SonicWall Helps Secure More. Fear Less.

We enjoyed a “winning” week engaging with our loyal customers and partners at Dell EMC World, attended by more than 12,000 IT professionals like you.

SonicWall had a strong and visible presence, with one key goal: to maintain and strengthen our ties with Dell and our mutual customers and partners.  This event affirmed how important Dell EMC customers and partners are to SonicWall, and how committed we are to helping you stay ahead of the cyber arms race.

The buzz of this year’s event was all around “Realize your Digital Future.”  We heard from many customers, partners and Dell executives that organizations are looking to digital transformation to drive IT innovation, enhance workforce mobility and reduce risk.  Throughout the event, attendees explored the exciting and innovative benefits that digital transformation will provide.

However, digital transformation also increases exposure to risks for your customer data, your reputation and your organization’s credibility.  It was clear from feedback at the event that the partnership and solutions from SonicWall and Dell EMC provide the perfect combination to keep you ahead of cybercriminals in the continually evolving cyber arms race.

In the SonicWall booth, we demonstrated how our solutions empower you to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.  Our kiosk demos included:

  • Our award-winning multi-engine sandbox, SonicWall Capture ATP, which can scan and block unknown files until a verdict can be reached in order to prevent zero-day and advanced threats.
  • SonicWall’s next-gen firewalls help prevent breaches caused by encrypted malware. Over 60% of today’s web traffic now uses SSL encryption, which can lead to under-the-radar hacks and expose your network to breaches. Most modern firewalls claim to decrypt and scan encrypted traffic, but not all perform well in the real world.
  • SonicWall Email Security with Capture, which can stop phishing and block ransomware in your email. Ransomware attacks have grown at a tremendous rate, with email as one of main attacks vectors.
  • Our latest Secure Mobile Access solutions, which let you define granular access policies, enforce multi-factor authentication and monitor all activities for compliance. SonicWall’s access security and network segmentation delivers the right level of access to your mobile workers and reduces the threat surface.
  • The integration of Dell EMC X-Series switches with SonicWall to extend your network infrastructure securely and centrally manage switches, firewalls and wireless access devices.

Our goal at SonicWall is to help you stay protected and ahead of today’s ever-changing cyber attacks. We do this with the intelligence of our advanced global GRID Network, the unique integration of our award-winning Capture capabilities with our Email Security solutions, and our IoT security solutions. SonicWall lets you protect your enterprise while you drive business productivity, with next-gen firewalls, access security, and email security solutions. We look forward to continuing the momentum of Dell EMC World to give you the power to secure more and fear less.

DPI-SSL: What Keeps You Up at Night? Protect More. Fear Less.

If you have been in this industry for more than a few years, you have probably heard the sales pitch, “What keeps you up at night?” It’s a typical sales tactic to elicit an emotional response to threats that seem to be out of your control. It’s designed to draw you out, start a conversation, and ultimately, prey on your fears.

We have enough security issues to concentrate on without having to prey on fears.  That is one of the reasons I never liked this sales pitch. I have always felt it is better to address the challenges facing network security and do what we can to face those threats.

Growing up in Santa Cruz California, I learned to swim in the ocean with some pretty scary waves.  If you did not see a wave coming, you would get swamped by the wave.  But if you faced the wave and dove under it, the threat was mitigated.  If we do not see the threats in network security, we too can be swamped. For this same reason, we must look into encrypted packets to mitigate those threats.  We cannot face what we do not see.

The SonicWall 2017 Annual Threat Report shows that over half the mechanisms delivering malware utilized encryption to mask the threats.  The threat actors who create malware know that if they encrypt their payload, the odds of end system infection are very high while intrusion detection is low.  As far as effort to create an encrypted session than a standard, plain-text session, is minimal.  So, there is little extra work to create encrypted payloads while the reward is large.

In the last few months, there have been some tests and claims from well-respected Web Browser vendors making the claim that Security Devices doing Deep Packet Inspection (DPI) of encrypted packets weaken security. Their testing showed that many security product vendors deploying ‘Man in The Middle’ tactics to de-crypt and re-encrypt packets for the inspection, re-encrypted with a lower quality of encryption.  This effectively did weaken security, and by doing so, drew the conclusion that security devices performing DPI-SSL weaken your protection.

This position is understandable, however, SonicWall takes this opportunity to actually increase security by hardening HTTPS encryption when weaker cyphers or invalid certificates are presented.

Workstations and end systems do a very good job of updating browsers, checking for revoked certificates and supporting strong encryption methods. But there are many times in which we find the same is not true for hosted sites that contain many servers but have limited IT resources. Encryption methods get depreciated, but these often to not get updated and within the server negotiation of Transportation Layer Security (TLS) session, older and outdated methods still exist today. Secure Sockets Layer 1, 2 and 3 protocols are no longer recommended for sensitive data and should not be used.

The SonicWall next-generation firewall can detect when a server is presenting these weak encryption methods and block session initiation. Of course, there are times when this is not desirable. In that case, we also have the ability to let these connections establish. When I am confronted with incidents where TLS is not supported from a host that contains sensitive data, I have been successful in reaching out to that organization and letting them know they are not complying with Transport Layer best practices.

When networks are breached, sometimes the only time you find out is when these compromised devices “phone home.”  In doing so they will use encryption.  Trojans, malware, and botnets leverage Command and Control Centers for updates and orders.  They use non-standard ports and are not typically web connections. SonicWall is not dependent on port numbers or browsers but all ports. Every packet in each direction is inspected, securing your network.

The next time someone comes into your office and asks you, “What keeps you up at night,” don’t fall into this fear trap.  With SonicWall, sleep sound.  Protect More and Fear Less.

Why Defeating Encrypted Threats Should Be Your Top Priority

Times are extremely restless for security teams as they face highly motivated adversaries, and the onslaught of very active and progressive cyber-attacks.  Today’s hacking techniques are stealthy, unpredictable in nature and waged by skillful attackers capable of developing innovative ways of circumventing security defenses. One new and more popular way that is becoming a status quo among malware writers today is the malicious use of encryption. Using encryption methods such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL), attackers now cipher malicious payloads and command and control communication to evade detection. I offer some helpful tips to overcome these threats.

Based on a small sample of threat data recently collected by NSS Labs’ BaitNETTM test environment1, it shows the malicious use of encryption soared nearly 13,000% in 2016 compared to 2014.  Moreover, information gathered by Virus Total and SSL BlackList reveals the number of malware families using encryption increased almost 5,700%, and command and control communications involving these malware families leaped 20,000% in Q4 of 20152.  Although the sample size may be small considering it came from a single test harness, it does accurately reflects the tens of millions of systems of tens of thousands of organizations making TLS/SSL connections that are subjected to the unseen harm caused by encrypted threats.

Organizations that choose not to (or whose firewall is limited in its ability to) inspect encrypted traffic are missing a lot of the value of their security systems.  When there is no visibility, they are unable to view what is inside that traffic, spot malware downloads, identify ransomware and see the unauthorized transmission of privileged information to external systems.  With the rise of encrypted attacks threatening mobile devices, endpoint systems and data center applications, it is imperative that organizations quickly establish a security model that can decrypt and inspect encrypted traffic and neutralize the danger of hidden threats.  Otherwise, they cannot stop what they cannot see.

To make matters more problematic, the majority of current firewalls are inadequate in their ability to handle encrypted threats because decrypting and inspecting encrypted traffic can create performance problems.  The two key areas of TLS/SSL that affect inspection performance are establishing a trusted connection and decryption/re-encryption for secure data exchange.  Both are very complex and compute intensive because each TLS/SSL session handshake consumes 15 times more compute resources3 from the firewall side than from the client side.  Most firewall designs today do not provide the right combination of inspection technology, hardware processing power and scalability to handle the exponential increase in computing capacity required.  Therefore, they often collapse under the heavy load and eventually disrupt business operations.  According to NSS Labs, the performance penalty on a firewall when TLS/SSL inspection is enabled can be as high as 74% with 1024b ciphers and 81% with 2048b ciphers4.   In other words, your firewall performance degrades to an unusable level.

These important points should spark serious security conversations for security teams, and give them the opportunity to educate their leadership team and/or board about encrypted threats, as well as why inspecting TLS/SSL traffic must be one of the top priority to the breach prevention strategy.  To defeat encrypted threats effectively, the security system must be able to perform in a way that does not infringe on privacy and legal matters, while not becoming a choke point on their network that will cause any network and service disruption.  The right solution begins with the right inspection architecture as the foundation, because not all firewall inspections perform equally in the real world.  Security teams would want to avoid any post-deployment surprises by doing their full due diligence when shortlisting firewall vendors.  Slowly and thoroughly, you would want to conduct a proof-of-concept (POC) and validate the right firewall that demonstrates the desire security efficacy and performance without any hidden limitations.

For more detail information, read our Executive Brief titled, “Solution Brief: Best practices for stopping encrypted threats.”

1 https://www.gartner.com/imagesrv/media-products/pdf/radware/Radware-1-2Y7FR0I.pdf
2 https://www.nsslabs.com/linkservid/13C7BD87-5056-9046-93FB736663C0B07A/

Bringing a Focused Cybersecurity Education to the Front Lines with SonicWall University

When the SonicWall community separated from Dell and announced our SecureFirst Partner Program 150 Days ago, we confirmed our commitment to 100 percent fulfillment through channel partners. Since then, more than 10,000 partners across 90 countries have registered as SonicWall resellers, including 2,000 new partners.

I cite these statistics not only as a testament to the global reach of SonicWall’s solutions but as a reminder of the heightened security landscape that causes businesses to seek out our partners and solutions in the first place. The cyber arms race intensifies every year as cybersecurity teams and criminals alike enhance their techniques for outwitting their respective opponents.

Because our goal is to outwit highly knowledgeable criminals, one of our greatest assets in this ongoing battle is cybersecurity education. Many small and mid-sized businesses (SMBs) rely on our partners as IT consultants to help them put the technology in place to detect and protect against breaches. This requires our partners to maintain real-time awareness of the constantly shifting threat landscape, a tall order that our partners have filled laudably. Still, many have expressed a desire for more real-time focused education that would help them provide the best possible advice based on a complete understanding of today’s current threats and technologies.

To meet this need, we are thrilled to announce an extension of SecureFirst called SonicWall University, which will help us more quickly and effectively communicate insights we have gleaned from our Global Response Intelligence Defense (GRID) Threat Network to the partner community. Partners can access the SonicWall University curriculum through a web-based platform and will receive specialized training and accreditation tailored to their role as a salesperson, systems engineer or support team member. In addition to our own curriculum, we’ll be sharing content from trusted industry sources as well as our partners themselves to ensure the full breadth of current knowledge is being distributed rapidly and effectively.

Partners have not only requested cybersecurity education for themselves, but for their customers and prospects, who may not always have up-to-date information on how to protect their infrastructure. Today we unveiled a major marketing campaign to educate SMBs on the three most prominent threats identified in the SonicWall 2017 Annual Threat Report – ransomware, encrypted communications (SSL/TLS), and advanced phishing and other email-borne attacks. Partners can apply for marketing development funds and earn special discounts and rebates for using these programs, which they can access through our new SecureFirst Partner Portal. We have had great momentum for our partners.

“As a long standing partner and direct marketer of SonicWall, we are seeing great business acceleration since SonicWall’s independence and the new programs such as the SonicWall University. We are delighted with the restoration of the SonicWall brand and the new marketing campaign ‘air cover’,” said Hillel Sackstein, President of Virtual Graffiti, Inc, a Platinum Partner and DMR.

“As a SonicWall partner, our team has already benefitted from the advantages of the SecureFirst Partner Program. The technical innovation in the SonicWall offerings are built from the ground up to secure the customer and benefit partners. The new SonicWall University with on-demand courses, certifications and accreditations will be an excellent way to deliver increased expertise to our customers.” said Eamon Moore, Managing Director of EMIT, a SecureFirst Silver partner based in Ireland.

“As a partner in Asia Pacific, we are delighted with the enhanced access and investment of the new on-demand technical resources and courses SonicWall University delivers to our teams. Since SonicWall has been independent, we have continued to push boundaries and together we have built more opportunity. SonicWall’s excellent track record of committing to innovation and delivering on their promise to better protect our customers is something we can always count on,” said Cary Wu, General Manager, SecuUnion in Asia Pacific.

“The introduction of SonicWall University is a great initiative from a company that remains committed to supporting its partners’ success. It’s critical that businesses facing today’s level of cybersecurity threats are prepared with both the latest technology and, equally as important, the cyber skills to manage that technology. With SonicWall University we’ll be able to provide our customers with even more support in a time when businesses are lacking the required in-house security skills needed. Everyone on our team is excited to get started on the SonicWall University training and accreditation to further enhance our customer offering,” said Jason Hill, Sales Director, Security, Exertis.

I could not be more delighted to introduce these initiatives and to be a part of the SonicWall community making them a reality. To our exceptional partner base, we’re excited and honored to be part of your business strategy, and it’s our great privilege to take an even more central role in educating you on today’s current threats and solutions. As you participate in SonicWall University courses and work to educate your SMB customers over the coming weeks and months, I look forward to your feedback and ideas for improving these programs. It’s our central goal to ensure you and your customers have the knowledge, training and technology you need to have more business and less fear.

SonicWall Email Security 8.3 Delivers New Spam Detection and Authentication

Summertime means different things to different people. Whether it be kids enjoying time off from school, or parents taking long family vacations, summertime gives everyone an opportunity to re-energize and re-focus.

Everyone that is, including hackers.

Threats to your infrastructure don’t take a vacation, and if you’re entrusted with securing your organization email, it’s important to not leave your guard down during these warm summer days.

SonicWall Email Security solutions continuously protects your email infrastructure from ever-increasing threats including spam, phishing attacks, and malware. And, now you can rest even further knowing that the protection provided by SonicWall Email Security has been improved once again. Our latest release, Email Security 8.3, delivers more effective protection against emerging threats, through the following key features:

  • New Spam-Detection Engine – utilizes both a retrained Adversarial Bayesian model, as well as a new machine learning model which leverages a Support Vector Machine approach
  • SMTP Authentication – if you’re concerned about preventing unauthorized users on your infrastructure, new SMTP authentication requires a user to authenticate prior to sending outbound emails

Additionally, SonicWall Email Security solutions continue leveraging a robust architecture to deliver superior protection with the following features:

  • Multi-Layer Protection – proven, patented, email scanning technologies deliver superior real-time protection
  • Automated Management and Reporting ““ minimize required administration time
  • Compliance & Encryption Management – protect against confidential data leaks and compliance violations
  • Flexible Deployment Options – to best meet business infrastructure requirements, including on-Premise, Virtual, and Cloud-based
  • Scalable – ability to configure for growth and redundancy, allows your infrastructure to grow as required without requiring large upfront costs
  • Multi-Tenancy – enables MSPs to provision and manage email security services for multiple customers

SonicWall System Architecture

Graphic of SonicWall's System Architecture of Email Security 8.3

SonicWall Email Security provides the comprehensive protection needed, so maybe you too can enjoy your summer!

SonicWall Email Security 8.3 is available today for download for those with a valid license. For more information please contact your preferred reseller, reach us directly at 888.557.6642 or sales@sonicwall.com, or visit us for product detail here.

How to Enforce Email Compliance and Encryption to Satisfy Users

If you’re like the majority of internet users, you mostly access the internet from your mobile devices. And by the way, so do your customers. In fact, 2014 was the year that mobile traffic exceeded legacy PC traffic on the internet. Business success, now more than ever, requires that you provide a great, mobile user experience, Email continues to be a key communication tool for business. Although email communication has been a primary application for mobile devices for many years, secure email exchange, ensuring email is encrypted to protect sensitive data and to comply with industry and regulatory requirements, is typically optimized for a legacy PC user experience.

With the widespread use of smartphones and tablets in business today, email encryption solutions must provide a seamless user experience across all devices. Unfortunately, many legacy solutions and services were not designed to function well on these devices, leaving users frustrated or unable to access or manage encrypted messages and files on their smartphones and tablets. If your business is subject to industry compliance or regulatory compliance to protect sensitive data, or if you’re concerned about protecting company intellectual property, it’s increasingly important to deploy an email encryption service designed and optimized for use with mobile devices that provides the seamless user experience subscribers and recipients want and need.

If you’re interested in learning more about requirements for protecting sensitive data, including how to ensure the secure exchange of email containing sensitive customer data – and simplify compliance in the process.

Read this white paper for details about achieving regulatory and industry compliance when moving:

  • PII (Personally Identifiable Information)
  • PHI (Protected Health Information)
  • Proprietary data
  • Any other types of sensitive information

You’ll get a side-by-side look at specific HIPAA/HITECH and PCI-DSS compliance regulations, and how the SonicWall Email Encryption service helps you meet each of them, and provides a great user experience for both legacy PC and mobile users.

Secure Email Data for HIPAA Compliance: Protect Your Business

Protecting sensitive or confidential data is not just good business. For some, it’s legally required and subject to audit. For example, HIPAA regulations require organizations to take reasonable steps to ensure the confidentiality of all communications that contain patient or customer information. Health service providers and their business associates and contractors who touch or handle Protected Health Information (PHI) are subject to these rules.

Organizations such as physician’s offices, hospitals, health plans, self-insured employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities could all be considered covered entities and/or business associates or their subcontractors. In addition, mandatory reporting is required for HIPAA violations, even when the data is lost by a third party.

This increases the need for subcontractors to implement the same level of security typically found in larger organizations. The penalties for failure to conform to HIPAA regulations go far beyond the hundreds of thousands of dollars in fines. They include public humiliation, loss of reputation, brand damage, class-action lawsuits, and yes, even prison. But there are practical ways to avoid these penalties.

Here are some methods to secure your moving data:

1. Do an assessment.

If you do nothing else, at least do an assessment of where your PHI resides, how you get it and where you send it. Knowing where the data is that you need to protect, and how it travels, is the first step.

2. Add layers of security in case people make mistakes.

One of the most common causes of any kind of security breach is human error. Whether conscious, accidental, or simply due to laziness, human error can result in Personally Identifiable Information (PII) or Protected Health Information (PHI) being sent over the Internet as unencrypted text unless content filters are put in place to detect these messages and encode or reroute them safely. You need to:

  • Install smart filters that analyze both the email and its attachments
  • Correlate fields in both documents and attempt to match them to known patient databases
  • Encrypt messages before they’re sent over the Internet

3. Make sure the boundaries between systems are secure.

Communication security breaches commonly occur when data is transferred between two or more systems. It can happen whenever data is transferred between:

  • People within your organization’s firewall
  • People inside and outside your organization’s firewall
  • Your employees and your business associates (and their subcontractors)
  • Your employees and your customers/ patients
  • Two different systems

Whenever information passes between systems and people, the data needs to be secured at all times, even when in transit. You must also ensure the data that is sent to people outside your firewall is always sent in encrypted format, so that no one but its intended recipients can read it.

4. Make sure your internal communications are secure.

Employees who work from home present HIPAA boundary issues. It is critical that they securely transfer data from work to their home computers. Even though your business information will remain within your company it must still pass across the Internet securely. To prevent a mistake that compromises protected information, provide email encryption to any employee with access to PHI.

5. Make sure your business associate and subcontractor communications are secure.

Another boundary issue arises when employees interact with external business associates and subcontractors. It’s likely that they must regularly transfer sensitive information with these external contacts. And they may use different email systems than those in your office. Often, client or patient PII and/or PHI needs to be sent via email. Be sure to secure these emails with encryption that works with many different systems and devices, including mobile devices i.e., smartphones and tablets. Healthcare related institutions must use solutions that make it possible to communicate with anyone, anytime, anywhere, no matter what email system or device the other party uses. Likewise, you must demand the ability to securely transfer large files with all these same people.

6. Make sure your communications with telecommuters are secure.

Employees who telecommute comprise another set of boundary issues.

More medical professionals are working from home and often need to transfer large, important and time-sensitive files such as x-rays or mammograms as attachments through your email system. Because the files can be so large, they have the potential to bring your email system to a standstill.

Not only do you need to exchange these files securely, you need to send them in a way that does not overload or crash your email system. So you either must find the time, the budget, and the resources to set up file transfer sites for these large files or you can use encrypted email with a secure large file attachment capability. Either way, you must make absolutely sure that they comply with encryption guidelines.

7. Make sure when your patients communicate with you, everything they do is secure.

Your patients must often submit forms, ask questions of specific people and departments, or submit follow -up information about an ongoing illness or other matter. These communications often contain PHI. Until recently, these needs were served by paper-based processes, but now can be handled through secure electronic forms on your website. But how do you ensure that this data reaches the right department or employee to process it? And can this data be integrated into existing knowledge worker software to track its status? If the request contains sensitive information, is it received from the patient in a secure manner, or did the method of collecting data cause a privacy violation? And if any follow up is needed with the patient, can this be sent securely? With a messaging system in place that provides secure inbound and outbound service, uses email encryption and secure electronic forms, and provides workflow integration, you can streamline your operations and cost-effectively serve patients.

8. Make it easy to transfer even very large files securely.

FTP, or file transfer protocol, is the standard way to transfer files across the Internet. However, it transmits user login credentials and the contents of files in an unencrypted manner. So this is not the secure method needed for transferring. You need a secure messaging system that automatically routes large files, alerts the recipient that they are available, and that tells you when they’ve been opened and by whom.

9. Make sure you can demonstrate that your system is secure.

After an email message is sent, how do you know what happened to it? Did its intended recipient open it? Were its attachments opened? Is there proof that the message was received and was read? Should a question arise about who viewed a message or its attachments, can you prove who read them to an auditor? It’s increasingly obvious that a secure messaging system must be trackable and auditable. To make this possible, messages and their attachments, their metadata and the fingerprinting data must be both viewable and traceable. The fingerprint data must record permanently the IP addresses of the recipient’s computers, and the system’s time must be synchronized with an atomic clock so that message times are never a point of dispute. Such a system would allow your administrators and, if necessary, auditors to easily review and sort through volumes of message information, and quickly retrieve a particular message, as well as all the tracking and fingerprint information associated with it.

If you’re interested in learning more about requirements for protecting sensitive data, including how to ensure the secure exchange of email containing sensitive customer data and simplify compliance in the process.

Read this white paper for details about achieving regulatory and industry compliance when moving:

  • PII
  • PHI
  • Proprietary data
  • Any other types of sensitive information

You’ll get a side-by-side look at specific HIPAA/HITECH and PCI-DSS compliance regulations, and how the  SonicWall Email Encryption service helps you meet each of them.