In University, email is one of the main medium of communication and it contains sensitive information about our business. This brings up the importance of achieving email security by adopting effective strategies to secure email data. Here are some simple guidelines and business practices that can mitigate the risk of emailed data security breaches.
- Mistakes often happen when people are busy and distracted. When working on tasks involving important or sensitive information, set aside some dedicated time and have a clear desktop with no other windows open. Avoid multi-tasking when crafting significant communications.
- Identify high-risk processes and develop your own strategies for ensuring safe practices for them. Wherever possible, privacy should be built in to and not built on to existing processes.
- If you often send emails containing sensitive information, add an automatic footer which states the recipient should advise the University if they receive any information they feel that they should not have, and that they should delete that information. Accidents happen and recipients should be aware that they have accountabilities in response to them.
- Consider the content of attachments, and whether any information should be limited. i.e. don’t send more information that you need to.
- Ensure that all confidential communications are clearly marked as such (in the subject line and/or message and/or attachments). Explicitly state the use/purpose of the attached information and any limitations as to its sharing by others. Don’t assume that people will instinctively know this.
- Understand the nature of the information that you are sending and the implications for the University if it were to end up in the wrong hands.
- Consider having a colleague review any email relating to significant matters before sending.
- Send documents in formats that can’t be easily interfered with (such as pdfs) rather than as Word documents or Excel spread sheets, which can be more easily manipulated. Be aware that ‘hidden’ cells within spread sheets can be unhidden. Lock documents as necessary.
- Care should particularly be taken when communicating outside the University community.
- Ensure email mailing lists are accurate and up-to-date. Take care with the automatic generation of email addresses, particularly for people with similar names.
- Consider encrypting and digitally signing particularly sensitive information.
- Utilize departmental file shares as a mechanism to share sensitive data.