Speak to our cloud consultant
  • CAPTCHA image

Worrying about GDPR?

  • General Data Protection Regulation (GDPR)

    On 28 May 2018 General Data Protection Regulation (GDPR) came into full effect, but 60% of the Indian respondents said they were unfamiliar with it and only 13% said they were working toward it (EY’s Forensic Data Analytics 2018 survey).

  • For those who are unfamiliar, GDPR is a compliance standard that aims to protect users of the European Union, against misuse of their personal data. If you are not processing data of EU residents, be it clients or employees, then you have nothing to worry about, at the moment.

  • But this milestone move, along with various other developments in regulatory compliances standards, brings us to the ongoing and increasing awareness towards the privacy & security aspects of the software systems that business use.

  • Most of Pharma, Healthcare and wellness organization’s privacy sensitive data (patient records, medical documentation, human resource records, invoices, physician certification forms, vendors, new drugs in R&D etc) reside in your business email. With increasing mail access points, mail data transmission and storage of very sensitive user mail data has huge repercussions, if data gets into wrong hands and hence businesses small or large, will also need to have high security & privacy business mail systems.

  • Rediffmail Enterprise is a multi-award winning, cloud based advanced communication & collaboration solution provider, designed to meet the needs of healthcare companies - privacy sensitive info management, fortify security of all services, applications & infra for risk mitigation at granular levels and adherence of compliance regulations and standards. Our familiarity with strict compliance, certifications and security regulations in multiple industries helps meeting industry specific regulations in the pharma industry more efficient.

  • 1. Secure transmission & encryption:

    Secured transmission starts with secure login to mail service via 'HTTPS', so that no unauthorized entity can intercept mail data across all access points. Ensure Emails and the files encryption of incoming & outgoing mail data.

  • 2. Secure storage at India Hosted Data Centres:

    Storage at secured locations at multiple data-centres in India, in proximity to the international internet landing stations to reduce latency and most reliable power supply, equipped with bio-metric scanner, surveillance cameras and guarded 24x7x365 and multi-level checking to ensure only the authorized personnel have access to storage location.

  • 3. Security Vulnerability detection:

    Automatic vulnerability detection systems foil hacking even before the process starts, blocking access to mails, if any deviation from standard email usage is detected.

  • 4. Security Audits:

    In accordance with IT act 2000, to ensure there is no vulnerability left, Rediffmail Enterprise has reasonable up-to-date security practices like periodic security audits (audits -technical, physical, logical and administrative) by third-party auditors & tools, monitoring, patching similar to ISO 27001 standards.

  • 5. In-built Virus & Spam protection:

    Inbuilt antivirus of zero virus outbreak capability, real time new virus definitions, Multi-layered spam protection with advanced mail filters, and custom spam setting for individual & entire domain whitelisting & blacklisting.

  • Email Admin has features further to better manage privacy, security & compliance management:

  • 6. Password Policy:

    Effective password policy prevents passwords from being hacked, guessed or cracked by a cyber-vandal and cause severe damages - entire customer database might be deleted, mess up your inventory, critical data posted onto the Internet, steal your customer list, customer's credit card numbers. Password policy feature must allow to set length, complexity and expiry (typically for a period for 15-30-45 days). User gets an alert of expiry & should change password, in case he is unable to do so IT team can reset password via email admin.

  • 7. Access Restriction:

    Mail Access Restriction feature allows admin to control users access to mails through multiple settings. Prevent people outside your network from accessing your email by restricting users to access mails only from allowed network/IP. Restrict certain users from accessing mails outside your company network or allow them to access mails only via secure channels with reference of protocol. Control user mail access from more than 10 channels like HTTP, POP3, IMAP, SMTP, WEB etc

  • 8. Mail Restrictions (Incoming and Outgoing):

    Protect inflow and outflow of mail data by framing suitable policies. Restrict incoming/outgoing of mails from/to unwanted domains from the cloud-based admin panel. Once the restrictions are applied, the User will no more be able to receive mails matching the conditions specified by you. e.g. @xyz.com or abc@xyz.com.

  • 9. Attachment Restrictions (Incoming and Outgoing):

    Framing suitable policies on the attachment and send-received mails from a domain or an individual. Admin can block sending/receiving of unwanted/suspicious attachments like exe, cab, etc. On applying restrictions, user will not receive or sent mails of similar attachments. Admin can also restrict the file size as per the business requirement of each user or on the entire domain, to ensure just enough transfer of email data via attachments.

  • 10. Auto-Forward restriction & monitoring:

    Disabling of auto-forward must be set by Admin to all or required users. For those who are allowed to auto-forward, Admin can check Auto-forwards set by user.

  • 11. Two Factor Authentication (TFA or 2FA):

    Two factor authentication is enforced on all the users having valid mobile numbers by default. Every user with valid mobile number will be challenged with extra authentication in form of mobile code while logging in to webmail. TFA is also triggered when user changes his password, change the password recovery info or sets an auto forward to his account.

  • 12. Mail Monitoring:

    Do you have managers of group of users dealing with information critical to your company and worried about the mail activity of those users? Sweat not, prevent mischief and control the quality of mails send and received by email users of your company's various teams by setting up mail monitoring for those accounts. The users would not get to know that they are being monitored and the monitoring manager would be able to see all mails sent & received by the group of users in a single stream.

  • 13. Proactive ID-Protection:

    Attempts to compromise account credentials have been on an exponential rise - with situations like spurious login attempts, identity thefts, etc. Rediffmail Enterprise IDProtect has been built to protect proactively in real time and act as a shield against most type of access frauds. It is a self-learning engine that uses sophisticated algorithms to map every users legitimate access patterns. If IDProtect detects any new access pattern (from a new location or new network), the notification sent will have details of Service (Web, App, SMTP, POP3, IMAP) & ISP. Aberrated access patterns are intercepted real time & are red flagged. Users are then notified to Allow or block such access requests and the system will Whitelist or Blacklist them. For any unknown access, it is recommended to change password immediately & disinfect all devices using standard anti-virus/malwares. Admin can monitor all notifications sent to his users using Admin Panel & can also Block or Allow access on behalf of users.

  • 14. Email Spoof protection:

    Email Spoofing scamsters send email to your users from an anonymous proxy using your own domain. Emails sent using a good email service provider's SMTP are signed using DKIM technique. If intended for internal (same domain) users, then DKIM signature can be verified on receipt & delivered in inbox and mails failing to verify will be considered as spoof. Emails sent using SMTP of other Service provider (using third party system like Payroll, CRM, Email Marketing, etc) may not be signed using DKIM, and could create a problem as Legit mails will be identified as Spoof. To avoid the same, SPF (Sender Policy Framework) record must be added in your DNS along with IP address. SPF is a system to help domain owners specify the IP addresses of servers which are authorized to send mail from their domain. Recipient's mail systems can check to make sure that the server sending email from that domain is authorized to do so, to reduce the chances of email spoofing. Mail servers that accept emails, do a SPF check by looking up the SPF record of the sender. Rediffmail Enterprise make best efforts to track and block such attempts of spoofing via DKIM & SPF, among other methods.

  • 15. Archival, Backup & restoration

    Go for Completely automated, centralised, device & location agnostic, real-time & tamper-proof secondary mailbox services – a) Archive all mails in your domain with data retention as per compliance and use e-Discovery to locate & download any mails or 2) Back-up select critical mailboxes with one-click-restoration of accidentally deleted mails within select time frame from admin control panel.

  • 16. Mail Delivery log tool

    Admin can monitor mail delivery and resolve queries like "Mail sent by your domain users, but not received by external recipients" and vice versa, without reaching out to our support team. Search for a specific email ID (Mail sent from or to be received from) & get results with details of delivery time, bytes & delivered-to folder, only if delivered.

  • Mentioned Features to a larger extent will help comply with most of the regulations and prevent cases of spam/compromised accounts.

  • Apart from these, there are other compromises can still happen in the local network in your company via their machine, desktop, laptop or device which may be infected by a Keylogger, Malware, Spyware or another virus. Here are our recommendations to prevent those breaches.

  • Recommendations to better manage IT security within your company:

    • IT manager must update all PCs on your LAN with latest OD service packs/security patches (This can be downloaded from respective OS website e.g Microsoft.com for windows)

    • Users must be advised to never subscribe- free newsletter, opt-in to marketing mails or open any unknown link using their official email.

    • Users must not open any mails/attachments sent by Unknown Senders & also not visit any unknown websites as they may affect the user machines without his knowledge

    • Advice users not to access mails from any open/unknown networks especially WIFI networks or cyber cafes and Email admin can control their access too.

  • Implementing advanced features & following IT policies mentioned will help in keeping your business email Secured.

  • So if your company does not deal with EU residents data, then do not worry about GDPR, but talk to us to see how we can help enhance your privacy, security & compliance. If you do deal with EU residents data, then in consultation with your lawyer, do speak to us, about how we can provide enhance security & compliance with third party products

New here ?

Already our customer?

For Support 022-61820000 For Renewals Only 7208517464, 9833067363,
9833081258, 9833081934 Mon - Sat 9am to 6pm

© 2024 Rediff.com India Limited. All rights reserved. Terms & ConditionsDisclaimerPrivacy Policy

VedikaRediffmail's 24X7 Chat Support