Secure email

jpod

jpod

jpod

Associate
Joined
16 Jun 2011
Posts
1,891
Location
Cheshire
Hello

Dentist here and noob PC enthusiast. Colleagues and I use Outlook for emailing patient referrals back and forth - dental radiographs - names, addresses, dob, contact tel nos, email addresses........

During the pandemic emailing patients information about their care is more common.

The NHS has issued secure email addresses to NHS dentists. Although I wonder what NHS secure means - I know wanacry was an issue so there is a level of irony there? Many dentists are reluctant to use email because of GDPR and security.

My question is - what is more secure than Outlook?

Is there a securer way for private practice colleagues to email their patient information to me - and for me to email information to colleagues and patients?

Is protonmail something to look at - or would it make no difference?

It may be necessary to explain like I am 10........thanks pod
 
Recent Outlook versions backed by office355 is probably about as secure as you reasonably need a solution to be assuming you Microsoft everything?

Are you hosting your own email accounts at the moment and just using outlook to connect to them instead?

User training and enabling provider features like safelinks etc if available is sane, your provider might also provide scanning for dodgy attachments etc as well.

If your hosting you own email or running an older SMTP server or something POP3 yourselves just stop and use the NHS accounts or something from a big provider. Unless someone at your practice is a proper sysadmin or something it's very easy to build email systems that are fragile/vulnerable/insecure etc
 
Outlook, or any client for that matter is not the issue, the issue is generally in transit. It's all about how it's configured at the back end and you will need to know this to answer their question. For proper email security you can implement SMIME within exchange which leverages active directory certificate services and the certification authority in AD. SMIME offers end to end encryption using private/public key infrastructure and offers security over and above that of deterministic TLS (transaction layer security). We use it to communicate with many of our clients. Can it be done, absolutely, but both ends would need to publish their certificates to each others stores and make revoked certification information available to each other. Why not ask the NHS for their partner document for these secure addresses. It's what often happens to us and is why we run S/MIME in the first place. i.e we were forced to by a big multinational.

Put simply have a look/ read up on smime and if not already make sure that you are running at least TLS. Some cloud providers have partners that can offer additional layers of security so if you don't run your own infrastructure talk to your vendor about TLS and S/MIME. Even if you do run your own infrastructure and use s/mime, tls and other security features you can also tag on in transit security as the mails leave your network/ enter your network with services such as messagelabs (which i think is now part of the symantec/veritas cloud), zscaler, mimecast and other similar services. Personally I leverage Exchange with S/MIME using our own Certification Server, Veritas for mail continuity, messagelabs for in transit and zscaler on the proxy for web traffic.
 
Last edited:
Bouton Aide said:
It might not be what is more secure than outlook but maybe they might issue email systems themselves for all practitioners to use. Other than that I have no idea what could be more secure than Outlook/0365.

I would ask them for sure what they envisage.
Click to expand...

That is reassuring.
 
BongoHunter said:
Recent Outlook versions backed by office355 is probably about as secure as you reasonably need a solution to be assuming you Microsoft everything?

Are you hosting your own email accounts at the moment and just using outlook to connect to them instead?

User training and enabling provider features like safelinks etc if available is sane, your provider might also provide scanning for dodgy attachments etc as well.

If your hosting you own email or running an older SMTP server or something POP3 yourselves just stop and use the NHS accounts or something from a big provider. Unless someone at your practice is a proper sysadmin or something it's very easy to build email systems that are fragile/vulnerable/insecure etc
Click to expand...

I am just using 2 email addresses via Outlook. Not hosting as far as I understand. The email addresses are our names plus our company domain name - dot co dot uk.

I host the domain on Dreamhost.

Colleagues email, send pdfs, jpegs to me. I send them emails and MS word docs (letters) and jpegs.

A facility to send in information via our website using a contact form and 'upload' jpegs or pdfs is going to be useful. My understanding is that it needs to be saved securely.
 
Bouton Aide said:
Do you all not get a nhs email address? I know the ones around my way do when they work directly with the NHS.
Click to expand...

Hi, and thanks for posting by the way I am grateful. I am in private practice. I could ask for one or two addresses. Our current email addresses are on our literature so using those is ideal.
 
jpod said:
I host the domain on Dreamhost.
Click to expand...
jpod said:
Hi, and thanks for posting by the way I am grateful. I am in private practice. I could ask for one or two addresses. Our current email addresses are on our literature so using those is ideal.
Click to expand...

I would be very tempted to move your email over to 0365 and use webmail OR as you say ask for a NHS email if you are working directly with the NHS.

I'm not saying Dreamhost isn't secure but I think it could be more secure by moving it over. I haven't even heard of Dreamhost until now. :)

As Vince has pointed out it isn't just the client it is the transport of the emails and the ability for someone to intercept them in the middle between you and the servers. There's a good chance this is also what they are talking about.

You could always forward your email address to the NHS one until you update all your leaflets and signs e.t.c that would be fine to do. :)
 
Vince said:
Outlook, or any client for that matter is not the issue, the issue is generally in transit. It's all about how it's configured at the back end and you will need to know this to answer their question. For proper email security you can implement SMIME within exchange which leverages active directory certificate services and the certification authority in AD. SMIME offers end to end encryption using private/public key infrastructure and offers security over and above that of deterministic TLS (transaction layer security). We use it to communicate with many of our clients. Can it be done, absolutely, but both ends would need to publish their certificates to each others stores and make revoked certification information available to each other. Why not ask the NHS for their partner document for these secure addresses. It's what often happens to us and is why we run S/MIME in the first place. i.e we were forced to by a big multinational.

Put simply have a look/ read up on smime and if not already make sure that you are running at least TLS. Some cloud providers have partners that can offer additional layers of security so if you don't run your own infrastructure talk to your vendor about TLS and S/MIME. Even if you do run your own infrastructure and use s/mime, tls and other security features you can also tag on in transit security as the mails leave your network/ enter your network with services such as messagelabs (which i think is now part of the symantec/veritas cloud), zscaler, mimecast and other similar services. Personally I leverage Exchange with S/MIME using our own Certification Server, Veritas for mail continuity, messagelabs for in transit and zscaler on the proxy for web traffic.
Click to expand...

Hi Vince thanks for posting. I am going to let the IT Pro-ness wash over me. Very interesting and I am going to research the above.
 
Bouton Aide said:
I would be very tempted to move your email over to 0365 and use webmail OR as you say ask for a NHS email if you are working directly with the NHS.

I'm not saying Dreamhost isn't secure but I think it could be more secure by moving it over. I haven't even heard of Dreamhost until now. :)

As Vince has pointed out it isn't just the client it is the transport of the emails and the ability for someone to intercept them in the middle between you and the servers. There's a good chance this is also what they are talking about.

You could always forward your email address to the NHS one until you update all your leaflets and signs e.t.c that would be fine to do. :)
Click to expand...

Hi. Could I ask a noob question - could you explain what you mean by "move your email over to 0365", do you mean change to outlook.com addresses?
 
jpod said:
Hi. Could I ask a noob question - could you explain what you mean by "move your email over to 0365", do you mean change to outlook.com addresses?
Click to expand...

You can still use office 365 with your own domain. Everything gets filtered at Microsoft rather than your host.

You also get your own control panel to manage all your users and usually the licencing is done by the host you choose.

It doesn't cost the earth either and you can then use webmail with your own domain.

Changes are required with your current host domain that would point to the Microsoft system but I don't recommend you doing it yourself though unless you know how to do it. :)

https://www.microsoft.com/en-gb/microsoft-365/business-variant

On top of this you can also add other features if you really wanted too depends on your budget. Like Microsoft Teams, Office Licences e.t.c :)
 
Bouton Aide said:
You can still use office 365 with your own domain. Everything gets filtered at Microsoft rather than your host.

You also get your own control panel to manage all your users and usually the licencing is done by the host you choose.

It doesn't cost the earth either and you can then use webmail with your own domain.

Changes are required with your current host domain that would point to the Microsoft system but I don't recommend you doing it yourself though unless you know how to do it. :)

https://www.microsoft.com/en-gb/microsoft-365/business-variant

On top of this you can also add other features if you really wanted too depends on your budget. Like Microsoft Teams, Office Licences e.t.c :)
Click to expand...

Thanks, thats really great to know. I already buy 365 for home ~£50 / £60 a year so this looks great. I will have a read! No I don't know how to do it! I will have a read - a pal has a wordpress IT business - poor guy - he may get the pleasure!
 
jpod said:
Thanks, thats really great to know. I already buy 365 for home ~£50 / £60 a year so this looks great. I will have a read! No I don't know how to do it! I will have a read - a pal has a wordpress IT business - poor guy - he may get the pleasure!
Click to expand...

Just because you can do Wordpress doesn't mean they know how to manage 0365. It's a special area when setting this up, migrating e.t.c.

You could save money by Migrating over to it for your business and you can add as many users on as you need and control your business from one control panel. It's 100% worth looking into as it's not expensive.
 
Bouton Aide said:
Just because you can do Wordpress doesn't mean they know how to manage 0365. It's a special area when setting this up, migrating e.t.c.

You could save money by Migrating over to it for your business and you can add as many users on as you need and control your business from one control panel. It's 100% worth looking into as it's not expensive.
Click to expand...

Just be careful with moving straight away in my opinion. Certain o365 services/configs wont allow S/MIME although I am pretty sure you can set it up using a hybrid approach.
 
Bouton Aide said:
Just because you can do Wordpress doesn't mean they know how to manage 0365. It's a special area when setting this up, migrating e.t.c.

You could save money by Migrating over to it for your business and you can add as many users on as you need and control your business from one control panel. It's 100% worth looking into as it's not expensive.
Click to expand...

That's great BA I will have a read about it - thank you.
 
jpod said:
Thanks, thats really great to know. I already buy 365 for home ~£50 / £60 a year so this looks great. I will have a read! No I don't know how to do it! I will have a read - a pal has a wordpress IT business - poor guy - he may get the pleasure!
Click to expand...

What back end are you currently using? Exchange?
 
jpod said:
I don't know. Sorry.
Click to expand...

It's worth finding out :) Will make it much easier to point you in the right direction :) 0365 may not be the easy choice depending on what they ask for. o365 is just shared platform exchange after all.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom