Following last month’s look at personal security on the net, David Guest, sees what’s on offer for North Coast practices.
“The Internet, the last frontier: where men are men
and women are men, and 14 year old schoolgirls are FBI agents.”
When the internet was being designed over 30 years ago, it was envisaged that it would be a glorious utopia where one would be able to communicate with friends and family on the other side of the world in seconds. The vision came true. Text only emails are passé now. Video conferencing with several family members is also old hat. (NBN permitting.)
What was not expected was the number of people trying to use your information for nefarious purposes. The potential to be hacked is a serious risk for everybody on the net and has spawned several billion dollar industries.
Previous articles in GPSpeak have recommended the use of two factor authentication and online password managers. While this adds delays and complexity to accessing your data, it is a significant improvement in security and well worth the extra work, as anyone who has had their data stolen will attest.
Communication involves two parties, however, and it is important that the websites to which you are connecting also take your security seriously.
This can be somewhat of a problem for large technology companies but at least they have the resources to manage it. Smaller organisations use third party certificates to secure their communications. Businesses will engage a certificate authority to check their credentials and, if they pass, will be given a certificate validated by the authority and accepted by end users’ browsers and email clients.
Certificates can vary in price, but none are cheap and the good ones are quite expensive. Many small businesses and charity organisations choose to “go naked”.
In an effort to improve their reputation Google, Facebook, Yahoo, Microsoft and Apple have worked hard at improving their security. These companies encrypt the data being sent from one to another, as well as encrypting the communication with their users. This is a clear Improvement but American law requires US security agencies to have complete access to all the data controlled by web based American organisations. The NSA and other US government security organisations intercept data at the inter company level. This is a major concern to many people.
In recent years a number of technology companies have rallied around the Electronic Frontier Foundation in an effort to improve security for smaller websites. They have formed the Internet Security Research Group, which has set up the Let’s Encrypt® certificate authority. This went into production in late 2015.
The authority uses automated software to generate and deploy encryption certificates for most web servers. While not perfect, Let's Encrypt gives users the confidence that the website they are browsing has highly secure encryption and has undergone at least a basic level of authentication.
The NRMX secure email system used by North Coast health practices to transmit secure patient data has recently converted to Let’s Encrypt, replacing the previous commercial certificates. Given the closed nature of NRMX community, users can be confident of secure and reliable message delivery.
The Let's Encrypt security certificate information for NRMX displayed in Firefox.
Note the closed lock at the start of the URL signifying a secured site.
Let's Encrypt is a free, automatic, secure open system to improve security on the web. Practices on the North Coast that take patient queries or collect online patient data need to secure their websites with encryption certificates. Using Let’s Encrypt is a good choice.