Email Encryption: Does your business have a plan?


Non-public Personal Information or NPI!

Regular readers of Hallmark Abstract Service articles are hopefully aware that along with what we believe to be interesting information, every once in a while we will write an article containing what we believe to be critical information!

This is one of those times for the latter as the sanctity and security of non-public information has moved to the forefront of business in light of both regulatory requirements and the increasing threat of cyber attacks that every company, regardless of industry, is now facing.

What is NPI? ‘NPI includes first name or first initial and last name coupled with any of the following: date of birth, Social Security number, driver’s license number, state-issued ID number, credit card number, debit card number or other financial account numbers.‘ (Source: ALTA)

The Title Insurance Industry

For a title insurance provider, our most critical job is to protect our clients as they prepare to make what may be the largest financial transaction of their lives.

We do this by ensuring that the property they are buying will be 100% theirs once the deed is transferred and that no one can come back afterwards and claim that in fact they are the rightful owners.

But our obligation to protect our clients starts well before a title insurance policy is ever issued which, for the purposes of this discussion, includes the protection of non-public information or NPI!

While much of the information concerning a property comes from the public records on file in a town hall available for all to see and access, some of the information concerning an actual transaction may be relevant to the participants themselves and, as such, NPI.

Email Encryption

One of the tools that Hallmark Abstract Service uses to protect this data is our ability to encrypt our email.

What is email encryption and why do you need it?

Even if you never email sensitive information–social security numbers, banking info, business secrets, and so on–you should consider using encryption. Aside from capturing your email content and attachments, a miscreant could hijack your entire email account if you failed to secure it properly.

To secure your email effectively, you should encrypt three things: the connection from your email provider; your actual email messages; and your stored, cached, or archived email messages.‘ (Source: PCWorld)

So given the importance of email encryption, what are some of the components that a company should be looking for when choosing a provider?

Fortunately, in this months title industry publication TitleNews, five tips were provided on this very topic!

Five Tips for Selecting Email Encryption

Get into compliance with the third pillar of ALTA’s Best Practices and  protect yourself against breaches that can result in non-public personal  information (NPI) being exposed through email. Even if email is hacked, if  it is encrypted, it is considered protected. Here are five tips for selecting  an email encryption solution:

Tip 1: If the Solution Feels Too Complicated, It Probably Is Employees must be able to easily conduct business using the email  encryption tool or they’ll turn to less-than-secure methods. And there  must not be any additional burdens placed on the recipient. Ease-of-use  is of utmost importance—for the user and the recipient.

Tip 2: Look for Policy-based Gateway Filtering NPI can be exposed through the email itself or in associated file  attachments. Look for a solution that can filter messages and a wide  variety of file attachment formats. The technology should be able to  combine pattern matching and exact matching to specific data lists  when scanning for NPI that you don’t want leaving the company in an  unencrypted state.

Tip 3: Require Easy Handling of File Attachments A solution must let users easily send large files with NPI as email  attachments without getting IT involved, while still maintaining  compliance and control. Without this capability, workers often use  unauthorized file sharing services. Most of these services do not encrypt  the data, thus exposing the company to risk.

Tip 4: Make Sure You Can Demonstrate Compliance Eliminate solutions that cannot provide extensive logging and reporting.  These tools are necessary to help manage operations, as well as provide  details for audits and proof of compliance. Effectiveness cannot be  proven if it cannot be measured. This is a must have.

Tip 5: Ensure Secure Inbound Communication Robust email encryption solutions provide a way for customers or  business partners to start a secure email exchange without the need to  install or use complicated encryption software of their own. Look for a  solution that provides a secure portal through which outsiders can initiate  secure inbound messaging.

Read Title Insurance 101 For Consumers! here

If you are buying or refinancing Residential or Commercial Real Estate in New York you can potentially save hundreds of dollars in closing costs with Hallmark Abstract Service! Click here to learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *