Resources

24. Hoala Greevy "As plain common sense in 2020, have multi-factor authentication for your accounts, especially your email account."

Written by Hannah Trum | Sep 16, 2020 7:00:00 AM

This week on the HIPAA Critical Podcast, Hoala Greevy chats about working remotely from Alaska, details on Paubox SECURE, and how you can attend for free. We also discuss HIPAA violations, ransomware and phishing attacks, and Punahou School is another Paubox success story to share.  

 

 

Rather read?

Here's the full transcript of this episode.Olena Heu: This week on the HIPAA Critical Podcast, I'm joined by Paubox Founder and CEO, Hoala Greevey.

Hoala Greevy: Olena! Nice to be with you again.

Olena: Thank you so much.  This week, we're going to chat about Paubox SECURE, what it is, who's participating, and why you need to attend this year's event. Then Hawaii's own coming up. Punahou School will be highlighted today. Did you know that's where President Obama went to school as a kid? We'll tell you more about that.  Our very own Hoala Greevy is working remotely from Alaska, from the 50th state to the 49th state. We'll hear what that is like for him currently.  We've got a packed show for you. Let's begin.

Hoala: Yep, we got a lot of things to talk about. Let's dive right in.

Olena: How is everything going in Alaska? Where are you, and what's the weather like?

Hoala: I'm in Soldotna with my fiancé, which is on the Kenai River, about three hours south of Anchorage. The weather is sunny today, but it is getting colder each week. There's fish everywhere and not much COVID, so it makes sense to work remotely in Alaska. I have never been, and I'm having a good time.

Olena: Are you in a cabin? Describe what it's like and is the WiFi working well for you?

Hoala: WiFi is good. We brought our WiFi router to make sure we could get good performance. 

We're staying in a three-plex fishing cabin kind of thing. It's an 80-second walk to the river, about an hour's drive to the ocean. 

There are just tons of salmon. I learned about all these different types of salmon and which ones are good, which ones aren't so good, and the weird ways people catch them here.

That's the funny thing about fishing, everywhere you go, there's just this weird technique. So it's just fun to learn them all.

Olena: Interesting.  Are the bears out right now? I know when I went to Alaska last September, we didn't see any.

Hoala: Yeah, we've seen a few, but we've gone looking for them, so no surprises there yet. We've seen quite a few tracks and saw some tracks yesterday on the sand. We were fishing from the shore. We noticed some tracks there were a couple of days old. They're around for sure.

Olena: Wonderful. Well, I'm sure that you're able to get a lot of work done since you're nice and isolated, and you're doing things that make you happy, too.

Hoala: It's been good for the mental health aspect and spending time in a very low COVID environment, but we'll see when the weather drops how smart this was.

Olena: All right.  Well, what can you tell us about some of the highlights and things that you'd like to feature today on the podcast?

Hoala: Yeah, sure. 

There's a new version of Transport Layer Security, TLS version 1.3. It was released last year in a stable form, and the previous upgrade before that was eight years prior version 1.2. 

Some of the larger internet players, like Cloudflare, have adopted TLS 1.3 on the web server side of things. So we are diving in and looking to upgrade our email infrastructure to support TLS 1.3. As far as I know, there is no other encrypted email vendor providing support for TLS 1.3 at the moment. 

If we can execute this, which I think we will, I believe, will be one of the first vendors to provide that critical layer of security. Two of the biggest tractors with TLS 1.3 is speed and increased security. 

We're going to get our hands wet with that and stay current on the latest security offerings while deprecating security encryption protocols that have weaknesses in them. That's something we're looking to do before the end of the year.

Olena: That is fantastic, very exciting.  Coming up next month, you got something really special.

Hoala: Yes! We have our third annual Paubox SECURE Conference. It'll be remote, of course, on October 21 and 22. We recently expanded it to two days. 

We've found a lot of good speaker talent, and since it's remote, it's a little easier to get them on the schedule. 

Also, we have two ticketing options. We have free access, which enables you to attend all live sessions and one-on-one networking. Then our paid ticket is only $79, and you get access to live sessions, the recordings of those sessions, special breakout discussion groups, and we're going to have some killer giveaways. 

We've been upgrading our Paubox swag game, so we'll have some cool swag to be given out during this conference. I'm very excited about that. 

One of our headliners will be Jeremiah Grossman, who's also Hawaii born from Maui. He gained prominence in the late 90s after he hacked Yahoo, and they eventually gave him a job. Now he's the founder and CEO of Bit Discovery. It will be great to catch up with him. The last time I saw him in person, we spoke at a conference in Hawaii, maybe a year and a half ago. 

I'm looking forward to hearing him speak.

Olena: Wow, that's incredible.

Hoala: He's one of the security Gods on the internet, and he's also from Hawaii! So that's an excellent time for us.

Olena: Who else is going to be featured?

Hoala: We've got people from the HITRUST universe. We've got some folks from Oracle, NIST, and from the National Cyber Security Alliance, Kelvin Coleman, the executive director. We also have some folks from Blue Shield. 

Then we've got a couple of our customers, of course, and partners, one of which is Marc Haskelson of Compliancy Group, and Cathlynn Nigh of Beyond, LLC. 

We've got a lot of security, compliance, HITRUST, NIST, and HIPAA bundled into one. So, we're looking forward to sharpening the skill set there. That'll be an excellent use of time to attend some of these breakaway sessions.

Olena: Excellent. Going virtual will be convenient for people to do it from the comfort of their own home.

Hoala: Yes, I think so. Virtual is just the way the world is heading right now. We might do this again next year as well, regardless of what happens with COVID. 

We found we're able to book a lot more high caliber talent. Not to say last year's conference was less caliber; we just got more of it this year. They don't have to travel to San Francisco to be a part of it. That's been an unexpected benefit for us.

Olena: It's definitely something you don't want to miss. How can people get more information? Are there early bird registrations available?

Hoala: Sure. We have a domain name for it. So it's PauboxSECURE.com.

You can register for your free ticket or upgrade to a paid ticket for $79. We also have vendor sponsorships as well.

HITRUST is our lead vendor lead promoter this year as they were last year, and we are very thankful to have them on board.

Olena: Excellent. All right, well, thank you for that. Be sure to visit the website PauboxSECURE.com.  Now, let's talk a little bit about what's happening in the news.

Hoala: We see a common trend that a HIPAA violation gets reported, whether that's an email breach or a stolen laptop. What ensues is a multi-year investigation by the HHS, the U.S. Department of Health and Human Services. At least two to three years later, sometimes longer, there's a fine that gets issued. Frequently the penalty is a result of other things they find out during the investigation. 

We've seen three characteristics of these fines. It'll start with an initial breach. Then when they dig in, they find things like: was a risk analysis conducted for your business? Frequently, no. Were there implemented and documented HIPAA security policies and procedures? Frequently, no. Was there ongoing security awareness training for your workforce? 

In the case of a small provider, it was a seven-year investigation, and they failed all three. So, they had to agree to a $25,000 fine. That's a recurring trend I see when I read up on people who pay HIPAA fines. 

You have ongoing phishing campaigns still working because we all know that healthcare records are worth more in the black market than a credit card. 

We have phishing and ransomware continuing to make the headlines and network breaches, as you saw in the case of Imperium Health last month, which was covered in this month's HIPAA Breach Report.

Olena: So, what would you recommend? Besides people visiting our blog and learning more about these breaches, how do they prevent this from happening?

Hoala: The two big players in the cloud email provider space are, of course, Microsoft's Microsoft 365, formerly known as Office 365, and Google Workspace. We've seen firsthand evidence that the email filters that are enabled by default with the services are not enough. You really want to think hard about having an additional layer in front of those email providers to provide that extra filtering for you. 

One of the things we built last year, called ExecProtect, provides robust protection against display name spoofing attacks, which are many of the attacks being perpetrated right now. 

As plain common sense in 2020, have multi-factor authentication for your accounts, especially your email account. That's a fundamental thing you should be enabling for your entire workforce. Even if your account is compromised, you still need to have your phone or an SMS text to log into the account. Two factors authentication has become table stakes in 2020.

Olena: All right, good reminders.  Now, last but not least, we want to highlight another success story. We want to chat a little bit about Punahou School.

Hoala: Yes! Punahou had another solution that they were using that involved a lot of friction. It was also very easy to turn off. They were looking for something more seamless, especially for the receiving party to actually read the secure message. So, we worked to flip them over from the other solution, which was Virtru, to our solution and provide enterprise-wide email encryption for their outbound mail for all of their staff and faculty. We had a nice smooth transition with them, and we're thrilled to have them as customers. 

And yes, Barack Obama did go to Punahou as did Steve Case, co-founder of AOL, and Pierre Omidyar, co-founder of eBay. So some heavyweights there! 

My alma mater, McKinley, had Senator Danny Inouye, The Rock, Duke Kahanamoku, Governor Ariyoshi, to name a few. I want to make a plug about fire on water; we also have some well-known people.

Olena: Excellent. Yes. Nothing wrong with public school.

Hoala: That's right.

Olena: All right. Well, thank you so much for that insightful chat, Hoala. It's always a pleasure to catch up with you.  If you'd like more information about Paubox or Paubox SECURE, as we mentioned, visit our website Paubox.com or PauboxSECURE.com. Thank you, everybody, so much for tuning in.  If you appreciate this podcast, be sure to like and subscribe. Until next time.

Hoala: Aloha!

[THEME MUSIC]