Mardon Insurance Email Policy

Mardon Insurance is committed to upholding the security of information that we retain and ensuring such information remains protected when we communicate with you. Accordingly, Mardon Insurance has adopted this email policy. Wherever possible, Mardon Insurance emails which contain private and sensitive information will be sent from a Mardon Insurance email account using the security protocol called Transport Layer Security (TLS).

TLS secures emails transmitted over the internet using standard encryption technology in order to reduce the risk of interception, eavesdropping and mail forgery. A more detailed explanation of how TLS works and how Mardon Insurance uses it is available in the Appendix of this document and we urge you to review this carefully so that you can better understand how TLS works, who it’s suitable for and how to set up a TLS connection with us. The appendix also includes a glossary of terms used in this email policy.

Opportunistic TLS

Mardon Insurance has implemented Opportunistic TLS for its email communications. If you take the necessary steps to configure your email domain(s) to accept Opportunistic TLS, our email server should automatically make an Opportunistic TLS connection with you. If you have Opportunistic TLS enabled, your server will accept a TLS encrypted connection from us when requested; this will provide for secure transport of the information in the email. A TLS connection is not mandatory. The email will still be delivered to you if you do not have Opportunistic TLS enabled; however, the encrypted connection will not be created, and the information will not be transported securely.

In order to take advantage of TLS email encryption in communicating with Mardon Insurance, please contact your internet provider or technology expert to find out if TLS is already enabled. If it is not, ask your provider to activate TLS if possible. If your provider does not offer TLS encryption, we recommend you change to a more secure provider.

Once Opportunistic TLS is configured, no further action is required and your email communication with Mardon Insurance will have the security offered by Opportunistic TLS.

Verified TLS

Mardon Insurance has also implemented a Verified TLS option. If you want further confidence that emails are secure, you can contact Mardon Insurance to set up a Verified TLS connection. While we don’t require Verified TLS in order to communicate by email, we do offer this option to our clients that request the highest level of security. As mentioned above, please contact your internet provider or technology expert to configure Verified TLS if possible. Once configured, you can contact your broker at Mardon Insurance and provide the email domains that should be listed with us and, if applicable, the contact details for your IT representative. Your Mardon Insurance broker will forward these details to our IT department, who will help with testing the Verified TLS connection with your IT representative.

As set out above, more information and the benefits of both Opportunistic and Verified TLS are set out in the appendix.

Your Options

Mardon Insurance urges you to take the necessary steps to enable TLS so that we can send emails to you via Opportunistic TLS or Verified TLS. This is for the better protection of your personal information and security. If you are unable to configure TLS within your mail server, or choose not to use TLS to communicate with us, you can still receive emails and documents via email from us. However, in doing so, you acknowledge and accept that non-encrypted email communications are not secure, and that we have advised you in writing that Mardon Insurance has made available and recommends email encryption. We are willing to communicate with you by email, but point out that you are doing so at your own risk and we accept no responsibility for the potential loss of your confidential information. If you wish to opt out, or partially opt out, of email communication with Mardon Insurance, you may do so by notifying us, in writing, of your election as to one of the following options:

I do not wish to participate in any email communications with Mardon Insurance. Please contact me only by telephone or post, and please provide any documents to me by post to such address as I notify you of in writing, by facsimile, to such facsimile number as I notify you in writing, or in person.

Or:

I wish to participate in email communications with Mardon Insurance, but do not want to receive any documents or attachments via email. Please provide any documents to me by post to such address as I notify you of in writing, by facsimile, to such facsimile number as I notify you in writing, or in person.

If you do not notify us in writing of your opt-out, setting out one of the above statements, then you are deemed to accept email communications and provision of documents by emails, and the inherent risks associated with email communications, with or without TLS encryption. Messages sent over the internet and personal information contained in them cannot be guaranteed to be completely secure or confidential as they are subject to possible interception, loss, or alteration. Mardon Insurance does not supply, maintain, support, license or otherwise derive a fee from a client’s use of TLS and makes no representations or warranties, including without limitation as to non-infringement, performance, uninterrupted accessibility, delays, failures, errors, omissions, or loss of transmitted information. The use of TLS is at your own risk and Mardon Insurance assumes no liability or responsibility pertaining to TLS, your use of it, or the receipt, storage, transmission or other use of your personal information or other confidential or sensitive information. In no event will Mardon Insurance, its affiliates, agents, licensors, suppliers, or their respective directors, officers or employees, be liable for damages or losses resulting from: the use of TLS to send and receive messages over the internet; viruses, data corruption, failed messages, transmission errors or problems; telecommunications service providers; the internet backbone; personal injury; third-party content, products or services; damages or losses caused by you, or your respective employees, agents or subcontractors; loss of use or lack of availability of facilities including computer resources, routers and stored data; or events beyond the reasonable control of Mardon Insurance, even if Mardon Insurance or any of its lawful agents, or employees have been advised of the possibility of such damages or claim. The capitalized words “Mardon Insurance” when used in this document mean, collectively, Mardon Insurance Brokers Ltd., Mardon Insurance Brokers (Coquitlam) Ltd., Mardon Insurance Brokers (White Rock) Ltd., Mardon Insurance Brokers (Vanguard) Ltd., and Mardon Group Insurance Services Ltd.


Appendix - Transport Layer Security (TLS)

About TLS and Secure Email at Mardon Insurance


Secure email at Mardon Insurance

At Mardon Insurance we are committed to upholding the strictest security on information that we retain and ensuring that the information remains protected when we communicate with you. That’s why we have made it our policy to encrypt and secure emails when they contain information that could pose a risk to you or Mardon Insurance if intercepted by someone else.

Wherever possible, Mardon Insurance emails which contain private and sensitive information will be sent from a Mardon Insurance email account using the security protocol called Transport Layer Security (TLS).

About Transport Layer Security (TLS)

Transport Layer Security (TLS) secures emails transmitted over the internet using standard encryption technology. Securing emails this way reduces the risk of interception, eavesdropping and mail forgery.

If you take the necessary steps to configure your email domain(s) to accept TLS, our email server should automatically make an Opportunistic TLS connection with you.  Opportunistic TLS means that the recipient’s server will accept a TLS encrypted connection from the sender when they are requested, but the TLS connection is not mandatory in order for the email to be delivered to the recipient.  When the opportunity arises that a sender does request TLS, an encrypted connection between the email servers will be created and provide secure transport of the information in the email. This is useful typically for servers sending emails to any recipient, and must allow either TLS or non-TLS connections.

The following information provides more detail about how TLS works, who it’s suitable for and how to set up an Opportunistic TLS connection with us.

What is Transport Layer Security (TLS)?

Transport Layer Security (TLS) is an email security tool based on the Secure Sockets Layer (SSL) protocol. It secures the transmission of email over the internet using standard encryption technology.

How does TLS work?

To work, TLS needs to be enabled on the mail servers of both the sender and the receiver of the email. Any information exchanged between the servers is encrypted, including the subject line, text and any attachments.

When sending encrypted messages, the mail exchange works as follows:

  • When the sender connects to the recipient, the system automatically checks whether TLS is enabled on the recipient’s mail server.
  • If TLS is enabled at both ends, a secure TLS connection is established by using a ‘handshake’ procedure.
  • During the handshake, TLS certificates are exchanged. The sender’s server uses the certificate as presented from the recipient’s mail server, the TLS session starts, and the email is sent via a secure internet connection.
  • The protection comes from TLS’s ability to stop electronic eavesdroppers from watching the email as it is in transmission from sender to receiver.

Who is TLS used by?

TLS is fast becoming an industry standard and is now supported by the majority of mail server applications. Mardon Insurance has joined a growing number of organizations that have implemented it.

Why are organizations using TLS?

TLS has proved to be a stable and reliable service that requires no intervention by the email sender or receiver once it is available on both parties’ mail servers. This means that both the sender and receiver can send and receive emails as they currently do today.

For these reasons TLS is fast becoming an industry standard which many financial services organizations are planning to implement if they have not already done so.

What are the other benefits of using TLS?

Greater Protection – Email servers can be configured to permit TLS as an option, known as Opportunistic TLS.  As mentioned previously, Opportunistic TLS means that a server will accept TLS connections from the sender if the sender asks for TLS in its handshake, but it won’t require it. When the opportunity arises that a recipient’s server also has TLS, a TLS session will be created and encrypt the traffic of the connection.  At Mardon Insurance, our policy is to set up Opportunistic TLS connections with clients and third parties wherever possible.

Availability – TLS is available on most mail servers and is a globally accepted email security solution.

Allows emails to be scanned for viruses – Messages sent via TLS can still be scanned for viruses or malicious content just like regular emails.

Reduced costs – Where TLS is already a feature of the organization’s mail server, the organization only needs to purchase the annual TLS certificate, unlike many peer to peer systems which require enterprise licenses or licenses per user.

Quick deployment – As TLS is configured direct with mail servers, the set up process is simple and does not require configuration for individual workstations. Time should be allowed for implementation and testing, but this is a matter of days and not months. Once TLS is set up, emails can be exchanged as normal.

Setting up an Opportunistic TLS connection with Mardon Insurance

As TLS is configured within a mail server, you should contact your internet provider or technology expert, as applicable, to find out if TLS is already enabled. If it is not, ask your provider to activate TLS if possible.  If your provider does not offer TLS encryption, we recommend you change to a more secure provider.

Once Opportunistic TLS is configured, no further action is required and your email communication with Mardon Insurance will have the security offered by Opportunistic TLS.

Setting up a Verified TLS connection with Mardon Insurance

If you want further confidence that emails are secure, you can elect to contact Mardon Insurance to set up a Verified TLS connection.  While we don’t require Verified TLS in order to communicate by email, we do offer this option to our clients that request the highest level of security.  As mentioned above, please contact your internet provider or technology expert, as applicable, to find out if TLS is already enabled. If it is not, ask to activate TLS if possible.

Once TLS is configured, you can contact your broker at Mardon Insurance and provide the email domains that should be listed with us and, if applicable, the contact details for your IT representative. Your Mardon Insurance broker will forward these details to our IT department who will help with testing the Verified TLS connection with your IT representative.

What if TLS is not supported by your mail server application?

Mardon Insurance urges you to take the necessary steps to enable TLS so that we can send emails to you via Opportunistic TLS or Verified TLS. This is for the better protection of your personal information and security.  If you are unable to configure TLS within your mail server, or choose not to use TLS to communicate with us, but would still like to receive email from Mardon Insurance, you can still receive emails and documents via email from us.  However, in doing so, you acknowledge and accept that non-encrypted email communications are not secure, and that we have advised you in writing that Mardon Insurance has made available and recommends email encryption.  We are willing to communicate with you by email, but point out that you are doing so at your own risk and we accept no responsibility for the potential loss of your confidential information. If you wish to opt out of email communication with Mardon Insurance, you may do so by notifying us, in writing. Please contact your broker at Mardon Insurance if you wish to opt out of email communications. 

Support

Please refer to your Mardon Insurance broker who can forward your query to the relevant Mardon Insurance team member.

Disclaimer

Messages sent over the internet and personal information contained in them cannot be guaranteed to be completely secure or confidential as they are subject to possible interception, loss, or alteration. Mardon Insurance (as defined in the Glossary below) does not supply, maintain, support, license or otherwise derive a fee from a client’s use of TLS and makes no representations or warranties, including without limitation as to non-infringement, performance, uninterrupted accessibility, delays, failures, errors, omissions, or loss of transmitted information. The use of TLS is at your own risk and Mardon Insurance assumes no liability or responsibility pertaining to TLS, your use of it, or the receipt, storage, transmission or other use of your personal information or other confidential or sensitive information. In no event will Mardon Insurance, its affiliates, agents, licensors, suppliers, or their respective directors, officers or employees, be liable for damages or losses resulting from: the use of TLS to send and receive messages over the internet;  viruses, data corruption, failed messages, transmission errors or problems; telecommunications service providers; the internet backbone; personal injury; third-party content, products or services; damages or losses caused by you, or your respective employees, agents or subcontractors; loss of use or lack of availability of facilities including computer resources, routers and stored data; or events beyond the reasonable control of Mardon Insurance, even if Mardon Insurance or any of its lawful agents, or employees have been advised of the possibility of such damages or claim. 


Glossary


Email domain

The email domain is the part after the @ in the email address.  Your company may have more than one.

Email server

An email server processes inbound emails in some way (e.g. filter spam) before it is delivered to the recipient’s email inbox.

Encryption

Encryption is the process of transforming data so that it is unreadable to anyone except the person that is authorized to receive it.

Mardon Insurance

The capitalized words “Mardon Insurance” when used in this document mean, collectively, Mardon Insurance Brokers Ltd., Mardon Insurance Brokers (Coquitlam) Ltd., Mardon Insurance Brokers (White Rock) Ltd., Mardon Insurance Brokers (Vanguard) Ltd., and Mardon Group Insurance Services Ltd.

Secure email

Secure email is an email that has been encrypted so that it can be sent securely over the internet.

Server

A server is a computer system or device that manages network resources. Often servers act as storage devices for files.

SSL – Secure Socket Layer

SSL provides enhanced security for internet communications. It uses encryption (see above) to ensure the confidentiality of sensitive information – such as credit card numbers, account balances and financial and personal data – which is sent between a web browser and a web server (see above).