C4502 scan to email encryption

[BillyCarpenter]

The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

Sent from my BlackBerry using Tapatalk

I want to preface what I'm about to say:

I read a few comments that the copier tech should pass the buck to the customer's IT department. However, that is no excuse for not knowing the answer, in my humble opinion. It's our job to at least have a basic understanding of how it works. We need to be able to have an informed conversation with the customer before telling them to talk to their IT department.

With that being said, I need to study up on what rthonpm is talking about.

[Old Crow]

Thanks for all of the input here on encryption. Reading rthonpm's post confirmed how little I know about the subject. I agree BillyCarpenter that being able to have an informed conversation with the customer is important. After googling the terms offered in the thread such as stunnel, cipher, tsl/ssl, etc., I am starting to have a (minimal) understanding of the basics but certainly not enough to make an informed decision on how to solve their problem.

I believe this to be an IT issue so will definitely be passing the ball to their IT folks. That said, I will pass along rthonpm's advice for sharing sensitive documents.

I will definitely update firmware and have a conversation with the customer about upgrading the machine as it is getting to be an antique.

[rthonpm]

If I may add a couple of points.
It has everything exposed by the colleague Rthonpm, and being in this case a sensitive issue such as the treatment of documentation of the company.
For the use of Google Drive, Dropbox, OneDrive or any similar service, I always recommend that such files be saved in advance with compaction programs such as WinZip, WinRar, 7-Zip, and the use of a key / password so that they are protected.
The reason for this recommendation comes from security flaws in the aforementioned platforms (cloud storage), in which confidential files have been leaked.


Prevention is better than cure.

If any cloud service is to be used, it has to be used at the business tier of that service. OneDrive and Box to my knowledge are both HIPAA certified in the US, as well as other regulatory certifications and offer very robust data loss protection (DLP) tools. By using the business tier, you also get considerably more advanced tools and access provisions than the consumer tiers offer. You also have an SLA at that point since you are entering into a business agreement with the provider.

No system that is connected to any network can be considered completely secure. However, the monitoring and patching of cloud service infrastructure is far superior to anything that an onsite provider can maintain. Sharing a document link to a specific person with specific permissions is quite secure for anything beyond national security or privileged access documents for 99.9% of businesses.

I'd also be curious to hear of these breaches of cloud service infrastructure since the only real ones I'm aware of are just individual accounts being accessed due to sloppy passwords or phishing, which would also affect on-prem systems just as easily as anything hosted online.

Sent from my BlackBerry using Tapatalk

[rthonpm]

I want to preface what I'm about to say:

I read a few comments that the copier tech should pass the buck to the customer's IT department. However, that is no excuse for not knowing the answer, in my humble opinion. It's our job to at least have a basic understanding of how it works. We need to be able to have an informed conversation with the customer before telling them to talk to their IT department.

With that being said, I need to study up on what rthonpm is talking about.

In many ways, it may not be the customer talking to IT, but the tech being a part of the conversation to at least 'pass the buck' to the people who would be responsible for the infrastructure. A tech can point them to the right section in the user manuals for things but the overall issue for this lies at the network level, and not the device level.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

I believe this to be an IT issue so will definitely be passing the ball to their IT folks. That said, I will pass along rthonpm's advice for sharing sensitive documents.

.

You won't go wrong taking advice from rthonpm.

[slimslob]

I believe this to be an IT issue so will definitely be passing the ball to their IT folks.

Bear in mind, they may not have an IT provider. That could be why they asked you in the first place. They may be looking to you for IT support. You might want to search what IT services are available in your area so you can make a recommendation, if they ask.

[BillyCarpenter]

Bear in mind, they may not have an IT provider. That could be why they asked you in the first place. They may be looking to you for IT support. You might want to search what IT services are available in your area so you can make a recommendation, if they ask.

Many years ago when I was a new copier tech, one of the owners asked me a question about a copier and my response was: "I don't know".


That answer didn't go over well with the owner.

His response to me was: What do you mean that you don't know? If you don't know, who does? What's your job title?

I told him that I was a copier tech and he told me that if I was a copier tech that there was only 2 acceptable answers to his question:

1. The correct answer

or

2. I don't have that information but I will get it for you.


That's still burned into my brain to this day.


Our customers expect us to know these answers or at least be informed enough to discuss it intelligently.

[Old Crow]

I only spoke briefly to the customer on Friday afternoon about her concern. Basically I told her I didn't know the answer to her question but I would try to find out. It's (usually) always good to be honest and besides, this subject is not one that is easy to baffle the customer with bullshit, nor would I want to try. A few Google searches certainly don't qualify me to talk intelligently about email encryption so I'll leave that up to the IT guy(s). That said, I have stopped assuming that the various IT guys I have met over the years, when installing equipment, know more than I do. Oftentimes I have needed to help them connect for print and scan. They usually are reluctant to listen to me because I'm "just a copier guy", so what the Hell do I know?!

Anyway, thanks for all the great input. Going there tomorrow to:

1. Update firmware
2. Determine what sort of IT services they currently employ
3. Contact their IT people/person
3. Point out that our responsibility ends when information leaves the copier
4. Start a conversation about upgrading equipment

Will update as to what occurs as things progress.

[BillyCarpenter]

I was already in the process of learning One Drive so this topic come up at a good time for me. What I'm working on now is learning how to deploy One Drive to many users on a domain but that's a subject for another day.

Right now "security" is the topic we're dealing with.

With Microsoft OneDrive, you can easily and securely store and access your files from all your devices. You can work with others regardless of whether they're inside or outside your organization and terminate that sharing whenever you want. OneDrive helps protect your work through advanced encryption while the data is in transit and at rest in data centers. OneDrive also helps ensure that users adhere to your most rigorous compliance standards by enabling them to choose where their data lives and providing detailed reporting of how that data has changed and been accessed. OneDrive connects you to your personal and shared files in Microsoft 365, enhancing collaboration capabilities within Microsoft 365 apps. With OneDrive on the web, desktop, or mobile, you can access all your personal files plus the files shared with you from other people or teams, including files from Microsoft Teams and SharePoint.

• Share inside or outside your organization. Securely share files with people inside or outside your organization by using their email address, even if they don't have a Microsoft Services Account. This common sharing experience is available in the web, mobile, and desktop versions of OneDrive.

Once again, I think One Drive is an invaluable asset.


rthonpm was the only one thus far who knew the answer to the test.




OneDrive guide for enterprises - OneDrive | Microsoft Docs

[BillyCarpenter]

Reading thru the Microsoft docs has been a real eye opener.

Encryption of data in transit and at rest


OneDrive uses advanced data-encryption methods between your device and the data center, between servers in the data center, and at rest. At rest, OneDrive uses disk encryption through BitLocker Drive Encryption and file encryption to secure your data. Each file is encrypted with its own encryption key; anything larger than 64 KB is split into individual chunks, each of which has its own encryption key locked in a key store.


Each file chunk is then randomly distributed among Microsoft Azure Storage containers, and a construction map for the complete file is stored in a separate secure content database. For attackers to access the file, they would need all the file chunks, the keys, and the map—a highly improbable task. For more info about this process, see Data Encryption in OneDrive and SharePoint.


Customer-controlled encryption keys


By using a Microsoft 365 feature called service encryption with Customer Key, you can upload your own encryption keys to Azure Key Vault for use encrypting your data at rest in Azure data centers. Even though this encryption is done natively through BitLocker, customers can require the use of their own key to meet their security compliance requirements. Should users lose their key, they can retrieve a deleted key from the Recycle Bin for up to 90 days (based on your configuration). Before you can use this feature, however, you must create an Azure subscription and complete a few prerequisite steps. For detailed info about service encryption with Customer Key, and how to configure it in your environment, see Controlling your data in Microsoft 365 using Customer Key.