chatterton Posted April 29, 2018 Posted April 29, 2018 Hi My understanding of the GDPR is that any information that is shared has to be done so securely. So what about emails. We occasionally send queries to funding about children which may include their name and DOB - personal data. So I believe we could only do this if we send it encrypted. Does anyone have any easy solutions to encrypting emails? We use a Google email account and so far I am struggling to understand how to encrypt. Can anyone offer any advice? With thanks
lynned55 Posted April 29, 2018 Posted April 29, 2018 As far as I know Gmail encrypt emails between servers- I'm not sure if that would be classed as secure enough. Our LA has used egress to send secure emails but I think it costs to send. Also the last lot they sent no one could open so we got them in pdf format via email!!
chatterton Posted April 29, 2018 Author Posted April 29, 2018 Thanks. Some of our LA also use egress but yes if we wanted to use it other than to reply we would have to pay £80 a year. My understanding is the same about Google that it is encrypted during transit but like you I'm not sure it's enough.
louby loo Posted April 29, 2018 Posted April 29, 2018 We use egress [LA account] for sensitive info - and to be fair we only really send sensitive info to and from LA anyway. We can send via Egress but only to the County/LA addresses free of charge. If a parent chooses to email us things, I think that is there responsibility, and I would just read/print then delete.
Mouseketeer Posted April 29, 2018 Posted April 29, 2018 I have no idea where to start with encryption, And what about things that go awol in the post?
louby loo Posted April 29, 2018 Posted April 29, 2018 2 minutes ago, Mouseketeer said: I have no idea where to start with encryption, And what about things that go awol in the post? Good point- and this happens all the time with us as we have no post box. Even the LA seem to forget this despite us forever reminding them. 1
Tim Posted April 30, 2018 Posted April 30, 2018 Your email will usually be encrypted during transit, meaning that if someone intercepts it while it is being sent from your computer, between email servers, or being delivered to the recipient, it will be secure. Once delivered to the recipient, it will be available to anyone with access to that email mailbox. It might be good to think about a few things before sending emails containing personal information, such as: ensure you have the correct email address (it is very easy to accidentally send to the wrong person by, for example, typing hotmail.com rather than hotmail.co.uk) make sure the recipient is expecting the email, will be available to receive it and than no-one else will have access to the email account at that time confirm safe receipt with the recipient rather than typing personal information into the email, put in into a document that you can password protect and attach to the email. Or you could upload your password protected document to a cloud service such as googledrive, onedrive or dropbox, the provide a link to the document in your email. Of course, you will need to tell the recipient the password to access the file(s), which you should not do via email. There are a number of solutions available for end-to-end encryption, ensuring that only the intended recipient can access emails that you send to them, but these do come at a cost. Many agencies that we work with will have something in place, such as the NHS, local education authorities and social services. So it is worth an assessment of what personal information you might to want send that won't already be captured by these and whether the steps above might be adequate before investing. I hope that's helpful :-) 4 3
Mouseketeer Posted April 30, 2018 Posted April 30, 2018 (edited) Thanks for the info Tim, I use onedrive and was trying to figure out if there’s a way to let staff access one file that has paperwork they might want to work on from home so it’s saved in onedrive rather than on their own pc/laptop )or even better have a file each that only me and them can view) but I always worry that if I do that share thing I might be sharing my whole life history and they could see every file I have on OD Email encryption- so am I right in thing if another agency that sends me things now that I need a password to open if I send them something back they will need a password to open it without me having done anything? I think I need encryption for dummies Edited April 30, 2018 by Mouseketeer 1 1
louby loo Posted April 30, 2018 Posted April 30, 2018 Thank you Tim. Mousekeeper - where do I get a copy of Encryption for Dummies please? I'm with you about the sharing and if I'm honest I really haven't a clue what 'one drive' actually is
FSFRebecca Posted April 30, 2018 Posted April 30, 2018 1 minute ago, louby loo said: Thank you Tim. Mousekeeper - where do I get a copy of Encryption for Dummies please? I'm with you about the sharing and if I'm honest I really haven't a clue what 'one drive' actually is Urm - this? 1 2
Mouseketeer Posted April 30, 2018 Posted April 30, 2018 11 minutes ago, louby loo said: Thank you Tim. Mousekeeper - where do I get a copy of Encryption for Dummies please? I'm with you about the sharing and if I'm honest I really haven't a clue what 'one drive' actually is It’s a cloud type thingy like dropbox 🤔 11 minutes ago, Rebecca said: Urm - this? 🤣 will I understand it though? Instruction manuals are something to ‘go to’ when it’s already broke :-/
louby loo Posted April 30, 2018 Posted April 30, 2018 12 minutes ago, Rebecca said: Urm - this? Wow, I didn't think one really existed I really do have no excuse now. 2
louby loo Posted April 30, 2018 Posted April 30, 2018 10 minutes ago, Mouseketeer said: It’s a cloud type thingy like dropbox 🤔 ......and I don't really understand dropbox either
Sparklers17 Posted May 1, 2018 Posted May 1, 2018 (edited) 14 hours ago, louby loo said: ......and I don't really understand dropbox either It's funny how commonly I hear this. The best way I've found to explain dropbox & one drive is: Think of your files on your computer, dropbox and one drive is the same sorta thing as that but instead the files are on a big set of computers with secure methods of accessing the files to ensure that you only see what is yours. You are essentially putting all of your files with everyone else but only you can see yours and they can see theirs etc. Of course, that is hugely simplified and the systems are much more complicated. Personally I'd advise against storing any sensitive data 'in the cloud' ( one drive, dropbox, google drive, etc ). Although the files are secure and only you can access them, if someone was to get your password through guessing, staff leaving knowing the password, phishing, etc you'd have all your files ( the ones stored on one drive / dropbox ) being able to be access. If you'd like to use one of these cloud solutions then I highly suggest activated 2fa ( 2 factor authentication ). You can find the relevant steps for Google Drive, Dropbox, OneDrive. On 29/04/2018 at 18:24, chatterton said: Hi My understanding of the GDPR is that any information that is shared has to be done so securely. So what about emails. We occasionally send queries to funding about children which may include their name and DOB - personal data. So I believe we could only do this if we send it encrypted. Does anyone have any easy solutions to encrypting emails? We use a Google email account and so far I am struggling to understand how to encrypt. Can anyone offer any advice? With thanks There are many ways of securing your data being sent over email, you're best bet would be to Zip up your files using 7Zip or WinRaR. This allows you to put a password on the .zip file you send, most people can open zip files. If you then where to provide your LA with the password for the zip via other means then you'll have a relatively secure way of sending files. As for actual text being sent via email. Most email providers, google, outlook, etc provide a basic layer of encryption doing transit. Google have a great Document explaining how the encryption works and how to check for it. Your LA SHOULD be following all of the standards in place for running an email server. You can use the google guide to see if emails from your LA are encrypted. If you find they are not using the base layer of encryption then I'd suggest taking it up with them personally to see how they will go about resolving the issue. I hope this helps :D, If anyone has any more questions then feel free to direct them towards me. Edited May 1, 2018 by Sparklers17 1
Tim Posted May 1, 2018 Posted May 1, 2018 Hi Sparklers17, welcome to the forum. I think the use of a cloud service (GoogleDrive, DropBox, OneDrive, etc.) is a matter for people to decide for themselves. Many small settings will have a single computer, with little backup and anti-virus protection, or computers that may be accessible to unauthorised people (e.g. in a pack-away setting), so using cloud storage may actually be a far more secure solution than storing files locally. Two factor authentication is good practice to help to further secure information. For those trying desperately to understand, two factor authentication is using something else in addition to just a password to access your files. This maybe something like biometric authentication (e.g. fingerprint or face recognition), or more simply a text to a mobile phone when you login with a code that can only be used once and expires after a short time - as the text is sent to a specific phone, even if someone finds out your password, they would also need access to your phone. As for email, ZIP files do provide a good way to password protect a number of files in a batch, although most of the applications that people will be using (e.g. Word, Excel, Acrobat) also have the ability to password protect individual documents directly without the need to use an additional application. As I mentioned yesterday, consideration needs to be given as to how passwords are communicated to the recipient. As far as encryption is concerned, whilst email should be encrypted during transit, it is normally unencrypted in the recipient's mailbox. It is therefore accessible to anyone with access to the computer where the email is received (a clear screen policy and always locking the computer when walking away is good practice). If a sender is using an additional method of encryption, you will normally be required to register and login to a third-party encrypted email system, so you will know about it. This system may also allow you to send encrypted emails back, but this will depend on the individual solution and configuration. You should not assume that because you have received an encrypted email from, for example, your LA, that anything you send back will also be encrypted. Hopefully we are not getting too technical and helping to inform people to make their choices :-) 2
FSFRebecca Posted May 1, 2018 Posted May 1, 2018 6 minutes ago, Tim said: Hi Sparklers17, welcome to the forum. I think the use of a cloud service (GoogleDrive, DropBox, OneDrive, etc.) is a matter for people to decide for themselves. Many small settings will have a single computer, with little backup and anti-virus protection, or computers that may be accessible to unauthorised people (e.g. in a pack-away setting), so using cloud storage may actually be a far more secure solution than storing files locally. Two factor authentication is good practice to help to further secure information. For those trying desperately to understand, two factor authentication is using something else in addition to just a password to access your files. This maybe something like biometric authentication (e.g. fingerprint or face recognition), or more simply a text to a mobile phone when you login with a code that can only be used once and expires after a short time - as the text is sent to a specific phone, even if someone finds out your password, they would also need access to your phone. As for email, ZIP files do provide a good way to password protect a number of files in a batch, although most of the applications that people will be using (e.g. Word, Excel, Acrobat) also have the ability to password protect individual documents directly without the need to use an additional application. As I mentioned yesterday, consideration needs to be given as to how passwords are communicated to the recipient. As far as encryption is concerned, whilst email should be encrypted during transit, it is normally unencrypted in the recipient's mailbox. It is therefore accessible to anyone with access to the computer where the email is received (a clear screen policy and always locking the computer when walking away is good practice). If a sender is using an additional method of encryption, you will normally be required to register and login to a third-party encrypted email system, so you will know about it. This system may also allow you to send encrypted emails back, but this will depend on the individual solution and configuration. You should not assume that because you have received an encrypted email from, for example, your LA, that anything you send back will also be encrypted. Hopefully we are not getting too technical and helping to inform people to make their choices :-) Thanks Tim, that's really clear!
chatterton Posted May 1, 2018 Author Posted May 1, 2018 Thanks Tim and Sparklers17 you've both provided some very clear and helpful comments. Feeling better informed now.
NickyR Posted May 14, 2018 Posted May 14, 2018 We use Outlooks for our email and I've just recently found out that if we add (encrypt) in the subject line before adding the subject it will encrypt the whole email. The recipient has to sign in to view the email. I'm not sure if that's been specifically set up for our account or it's generic.....but thought I'd share anyway. 2
Mouseketeer Posted May 14, 2018 Posted May 14, 2018 (edited) that sounds very sensible I doubt BT have anything that useful with their emails, i'll send myself something and try it :-) edit - that will be a no then :-( Edited May 14, 2018 by Mouseketeer
NickyR Posted May 16, 2018 Posted May 16, 2018 On 14/05/2018 at 15:37, Mouseketeer said: that sounds very sensible I doubt BT have anything that useful with their emails, i'll send myself something and try it :-) edit - that will be a no then :-( Ahhhhh that's a shame. :-( 1
Recommended Posts