This week’s ISM3004 project consisted of creating a secure email, which is better called an encrypted email, and finding a case in the public market to show how important encryption of email is. The hardest part of encrypting email was the time it took to download the free certificate from the security provider. I will briefly show some screen shots from the process with a short explanation based on our ISM 3004 project instructions given by our University of Florida professors. I will also show how important encrypted email can be when dealing with personal and private information by giving a brief synopsis of the article “Unencrypted email implicated in Geisinger patient data breach,” by Sandra Yin.
The process of setting up a secure email from home is rather simple. The instructions given in our project had us head to http://www.mozilla.com/firefox to download Firefox free if we did not have it. The picture below is of the homepage from the link. The process of downloading is very simple and will guide you through, just click “Firefox Free Download” as our ISM3004 instructions lead us to do.
Screen Capture on 9 April 2011
After setting up Firefox on my computer the project had us http://mozila.com/thunderbird and setup Thunderbird and tie it to our University of Florida student email account. The download was easy using Windows 7 on my computer because it guided me step by step and pulled in all of my email settings from the account. All I really had to do was to follow the setup wizard and then enter my email address and password and I was done.
Screen Capture on 9 April 2011
Next I went on to http://verisign.com/authentication/digital-id/index.html and followed the assignment instructions to get a free email certificate. Our professors clearly explained to us click on the buy option and then select the 90 free trial. The next steps were to ensure that you select high grade for encryption and follow the setup wizard. Once done you will receive a verification email to finish the process by copying your “Digital ID Pin” and pasting it in the appropriate box.
Screen Capture on 9 April 2011
Email from Verisign.com
The next part was the hardest for some reason. You need to go to Firefox and download your certificate and back it up to upload into Thunderbird to use. The steps given to us were as follows:
1. Click Tools/then Options
2. Advanced then Encryption
3. View Certificates
4. Click Backup
These are all easy except for the fact it took me nearly ten minutes to find the toolbar on Firefox. After using Google I found a common issue with computers loaded with Windows 7 is that for some reason tool bars on Firefox are hidden. The good news is that clicking the ALT key brings it back up. This was a simple answer that saved me from a lot of frustration in the end.
In the next step import the certificate to the Thunderbird email account. In Thunderbird follow these simple steps.
1. Open Thunderbird
2. Click Tools then Account Settings
3. Click Security
4. Click View Certificates and Your Certificates
5. Select your Backup file done in previous step
6. Type password previously selected in last setup
7. Select it and click Yes for signing and encrypting with Certificate
8. Then OK
Next we had to get the key for our professor’s email. Do this by sending them a signed email and ask for a signed back. To ensure your email is signed click on the lock icon’s drop down box and select digitally signed email. Here is a picture of my email to the class professors.
Screen Capture 9 April 2011 of Email sent to ISM Professors,From Thunderbird email account via UFL.EDU Student Email
Once Dr. Means emailed me back a signed email I followed the project instructions to open it, click on "from" on the email, and then saved her key in my contacts box which allowed me to send her and encrypted email. When sending the encrypted email just simply use the contact created in the "to" box and then click the drop down for the lock icon and select digitally encrypt. This is the sent encrypted email and also a screen capture of my inbox.
Screen Captures 9 April 2011, From Thunderbird email account via UFL.EDU Student Email
Now why would you care about encrypting your email to someone? The answer is relatively simple. If you do not encrypt your email others may be able to see its contents. This is very important when dealing with medical information, company policies that may be private and personal data that may cause risks of identity fraud. These are things in the corporate and private world that are important to keep private. Simply spending a few minutes encrypting an email will help protect data that others should not have access to.
On the website http://www.fiercehealthcare.com/story/unencrypted-email-implicated-geisinger-patient-data-breach/2010-12-29 I found the article ““Unencrypted email implicated in Geisinger patient data breach,” by Sandra Yin. This article explained how a doctor working for Geisinger Health System sent an unencrypted email to his home email address with protected health information of about 2900 patients. Though the information had medical and other pertinent information on these patients the article stated “it appeared to have no financial information.” The doctor at fault, David Schaefer, had to contact his home email provider to get this item deleted off its network.
The company states that it believes no one had seen this information other than the doctor who sent it. It does appear that the doctor is no longer employed by Geisinger Health System. One can only speculate to the reason of this, but having 2900 upset patients knowing that they have their personal health information at risk may be the cause. Please encrypt your information that you must protect from prying eyes. If you feel that something in an email may cause issues spend the extra time to encrypt it. It is always better to be safe than sorry, or potentially unemployed.
Additional Sources:
“Secure Email Project Instructions.” ISM 3004 Course, University of Florida. Downloaded and used as reference for project on 5 April 2011. Professors: Dr. Means and Dr. Olson
No comments:
Post a Comment