Why FortiMail is a Perfect Email Security Solution for Healthcare
I’ve deployed FortiMail for a few clients and have been managing it for a while now and, I have to say, it is an excellent solution for healthcare organizations needing true email security.
Before getting into why FortiMail is awesome, let's get a few housekeeping things out of the way.
First - We know that email security is important. Ransomware, Phishing, Social Engineering, etc. are real threats and cause real damage - so much so that the US government healthcare organizations state that email security should be essential to an organization’s cyber security strategy.
Second - We know that hundreds of healthcare organizations fell victim to successful Ransomware attacks resulting in fines, damaged reputations, loss in revenue, and affected patient care.
Third - Employees are an organization’s weakest link concerning cyber security. Users open messages and click on links they shouldn’t. That is why cyber security training and email phishing campaigns are extremely important for all organizations.
Now that we have that out of the way, let’s talk about FortiMail. FortiMail can be deployed on-premises or as a SaaS service. I prefer the SaaS service because it acts as a gateway between the sender and your SaaS email service (i.e. Office 365 (O365) Exchange Online). Messages that flow into and out of your O365 Exchange system are inspected by the FortiMail gateway service.
Fortimail threat protection signatures are the same signatures Fortinet uses in its Fortigate Firewall and endpoint protection solutions. The signatures themselves are from Fortinet’s Fortiguard Labs which is a highly respected and trusted organization within the cybersecurity community. Fortiguard Labs leverages AI and other techniques to detect threats and update signatures to aid in the fight against zero-day attacks.
Another benefit of FortiMail over say, Microsoft Defender for Office, is the inclusion of Data Loss Prevention (DLP). The DLP engine in FortiMail includes pre-configured templates that align with multiple compliance policies like SOX, HIPAA, PII, and the Healthcare Common Procedure Coding System (HCPCS). The Healthcare templates contain thousands of preconfigured patterns that match PHI, medication names, medical terms, and coding. Other email security solutions don't include such templates, which means you must develop and maintain the data dictionary or purchase another solution to provide this functionality.
FortiMail also includes a secure webmail portal to ensure that sensitive data is encrypted from end to end. Recipients of the secure message must log into the webmail portal to view it and its contents. The recipient can also reply to messages within the secure webmail portal to keep the communication flowing. FortiMail also provides URL click protection and can add custom text to flag email messages as external or spam.
The final point I’ll raise regarding FortiMail’s capabilities for healthcare is its business email compromise (BEC) attacks feature. FortiMail can scan for the most common BEC attack types, such as cousin domains, suspicious characters, sender alignment, action keywords, and URL categories. This is a great way to deter impersonation attempts for senior leadership email addresses.
Let’s review a few email security requirements that FortiMail can address for Healthcare organizations:
I am looking for an email security solution that is from a trusted and industry-leading vendor at an affordable price. It must use AI to hunt Ransomware, viruses, and malicious URL
I want to increase employee productivity by limiting the amount of SPAM email my organization receives from the Internet.
I want to encrypt external emails that contain sensitive information regarding patients and employees. This encryption must happen automatically in the event users forget to force email encryption manually.
I need to satisfy HHS/HITECH/CMS security requirements
I need a solution that has a minimal learning curve for end users
I need a solution that allows users to maintain their own “safe senders” list, minimizing IT administrative overhead
I want the ability to report and analyze email usage and threat statistics for my organization
If you’d like to discuss how FortiMail can protect your environment, please email me at aaron.brooks@bcs-tech.biz