Title Company Finds Effective Email Encryption Solution
|April 17, 2014|
About nine months ago, Wisconsin Title Closing & Credit Services started using Barracuda’s cloud-based system for spam filtering and to block viruses. Meanwhile, the title company was unsuccessfully searching for an email encryption solution. That’s when Linda Tojek, Wisconsin Title’s information systems manager, stumbled on an email encryption tool included in Barracuda’s spam and virus firewall product.
As the company used the email service to set up white lists for client domain names, Tojek discovered the system provided custom filtering that allowed for email encryption.
Tojek said the title company’s production software provider had just set up encryption for documents before she discovered the Barracuda option. The system set up through the production software was cumbersome, requiring the user to specify which documents needed encryption. A password then had to be requested and sent to the receiver. The company needed a better solution for itself and its customers.
“The option we found with Barracuda is so seamless,” Tojek said. “We’ve received responses from some of our lenders that this is a great way to send documents containing NPI.”
Tojek said when an encrypted email is sent, the recipient will receive a separate notification email containing a link to log into the Barracuda Message Center. The message center must be accessed with a web browser using HTTPS. The recipient must create a password before logging into the message center for the first time. Future access is authenticated with the same password. Once recipients are logged in, they are able to view all encrypted messages that are sent to them. Recipients are able to reply to the email or download the email to store on their computer. Any replies are also sent via the Barracuda Message Center.
According to Tojek, the cost for the encryption service wasn’t much more than if the company hosted its own server. “The cost is well worth it to us as there is one less piece of hardware that we need to deal with in house, as well as making sure the filtering updated properly,” she said. “Because this is cloud-based, the updates for any threats are practically instantaneous.”
Whether the data is included in the email or an attachment, the system will encrypt emails that include Social Security or credit card numbers. Additionally, a predefined filter can be set up to encrypt emails that contain two or more of the following data types: credit card number, expiration date, date of birth, Social Security number, driver’s license number, street address or phone number. The system is also compliant with HIPPA requirements.
“I was skeptical because it said it could encrypt Social Security numbers within an attachment,” Tojek said.
She tested the encryption ability by randomly including a properly formatted Social Security number in Word and PDF documents. Click here to view a sample Word document that included a Social Security number that Tojek randomly inserted (See yellow highlighted text).
“Sure enough, the system scanned the documents, found the Social Security number and encrypted the email,” she said. “We don’t have to do anything on our side. Other than setting up encryption rules, it’s seamless. Someone from our office will send an email to a client and not even know it was encrypted.”
The third pillar of ALTA’s ”Title Insurance and Settlement Company Best Practices” provides guidance on how to protect non-public personal information. The Best Practices Framework includes a set of Assessment Procedures that can be used by title professionals to help lenders decide if a service provider meets different pillars of the Best Practices. A Certification Package also is available and can be used by title professionals to warrant and attest to lenders that they have implemented ALTA’s Best Practices.