Erik Kangas, CEO of LuxSci: how to keep your email safe?
“No company wants to make headlines for a breach or cyberattack,” Erik Kangas, the CEO of LuxSci, an internet service company specializing in HIPAA-compliant email solutions, said in an interview with CyberNews. Unsurprisingly so, more businesses are looking for reliable ways of protecting their data, and LuxSci’s CEO joined us to share his perspective on solving the ever-lasting challenges of email security.
Launched in 1999, LuxSci has been dedicated to designing high-quality, detail-oriented email and web infrastructures. Their goal is to reduce the impact of human behaviour on email systems and create reliable means of communication. They have been at the forefront of delivering secure email solutions to accompany a wide range of different sectors for over two decades.
When it comes to assessing online security, ransomware and phishing remain the most prominent and evolving threats according to Kangas. We have reached out to discuss how to combat those and other online dangers, learn more about the concept of “zero trust”, and find out how to ensure your email is as secure as it possibly can be.
What makes LuxSci unique when there are so many email security solution providers out there?
LuxSci provides a unique combination of both high security and high flexibility. We address strict compliance requirements at scale while enabling organizations to execute their desired business workflows. We don’t like shared public clouds. Instead, we assign every customer to their own private server, cluster, or network segment. In this way, they achieve strong data isolation in the storage point of view and a transmission point of view. And that's truly fundamental security. Beyond these differences, LuxSci uniquely enables the sending of massive amounts of secure email messages, making our services perfect for high-volume marketing and transactional email use cases where data security and compliance are important.
Run me through some of the biggest cyberthreats out there. What are they, and what dangers do they pose?
Ransomware and phishing remain two of the biggest cyberthreats. Several high-profile ransomware attacks have already occurred this year and, with companies paying the ransoms, it’s likely the attacks will continue. Phishing is a tried-and-true tactic that has only become more sophisticated over the years. It only takes one click for a bad actor to infiltrate your systems.
How would you describe the trend of emerging cyber threats? Should we expect to see more of them in the future, or are we getting things under control?
Threats are increasing at an accelerating pace. The government is taking action to control threats, but it will take a very long time for basic cybersecurity best practices to trickle down to smaller organizations. Increased reliance on cloud computing technology puts more organizations at risk if not properly secured. On the other hand, outsourcing services to companies that focus on security can go a long way to reducing each organization’s risk profile, the chance of a breach, and even the impact of a breach, should one occur.
What precautions should users take to protect their emails?
Follow best practices when it comes to access controls - namely, use unique and complex passwords that are not easy to guess or remember, set up multifactor authentication (MFA) for your accounts, and do not share accounts or login information with others. Also, use encryption when sending highly sensitive information via email. Apply quality email filtering and active ongoing training to protect against phishing attempts.
What do you think is the key ingredient to perfect email security?
In addition to enforcing access controls, we suggest encrypting all emails by default. Most other providers take the opposite approach. They allow you to choose which emails should be encrypted. This leaves space for human error. And as you know, human error is the biggest security vulnerability we have on the internet. Reducing the ability of humans to make critical security errors is the most important thing any organization should do to improve its security posture.
What is the next “big thing” in email security, and are you planning to implement it?
“Zero Trust” is the latest cybersecurity buzzword, but at LuxSci, we’ve been recommending dedicated servers and micro-segmented environments for over a decade. We’ve always believed that isolated servers are more secure and we will be continuing to educate our customers on the benefits of moving to micro-segmented email server architectures that isolate them from other organizations. Shared cloud servers are popular and cheap, but we strongly believe in the security and performance benefits that dedicated infrastructures offer.
Aside from email security, what should computer users pay close attention to in order to stay safe when browsing the net?
If I had to pick one thing that would have the largest impact on reducing the risk of web browsing, I would suggest that computer users stay on top of software patching. Update your web browsers as soon as they tell you that updates are available; update your computers as soon as possible after patches are released. The vast majority of computer compromise related to web browsing takes advantage of vulnerabilities that have already been fixed; only the victims had not yet updated their systems.
Do you think the pandemic will or has already changed the cybersecurity industry? If yes, how have you dealt with this new digital reality?
The pandemic has already changed the cybersecurity industry by accelerating the transition to digital. We see an expansion of security issues and problems due to rapid changes made without considerable security efforts.
What should we expect from LuxSci in the future?
We want organizations to realize that securing their business communications does not have to slow down or impede their workflows. In fact, protecting their business communications can give organizations a strategic advantage. No company wants to make headlines for a breach or cyberattack. While taking preventative measures to protect your data saves time, money, and reputation in the long run, it also opens new use cases that improve operational efficiency and increase ROI.