Email Encryption and Data Loss Prevention
Emails containing sensitive information must be encrypted when sent to an email address on a service that is considered less secure than the one you sent from. For the purposes of this concept, the three-level security hierarchy starts with the IT-managed Exchange service, followed by other IT-managed services, followed by all other Drexel and external mail services. Messages sent within the same security level or from a lower security level to a higher one do not need to be encrypted.
Detection of Sensitive Information
The definition of what kind of information is "sensitive" will evolve as required by law, University policy, and common sense. Currently, credit card information, social security numbers, and Drexel University IDs are detected. Additional financial data and health records will eventually be include in the definition.
For each type of sensitive information, the detection system has a threshold for when it must have the sender review the message and affirm that the information must be sent and that it must be encrypted. The thresholds are lower for types of data that are very sensitive or quite difficult to change. When a threshold is exceeded, the system discards the message and notifies the sender.
Review and Encryption of Information
Senders who receive notification that sensitive information was detected must review the recipient list, message body and all attachments to confirm that only the minimum required data is being transmitted and to only the recipients intended. The sensitive information notification provides additional guidance on how to perform a review.
When the review is complete, the result will be either the same message or a newer version with sensitive information removed. If no sensitive information remains, the message can be sent normally. If the message still contains sensitive information and it must be sent, the sender can append [reviewed-resend] to the subject line before resending the message; this will encrypt the message.
In the case of University ID numbers, which are simply 8-digit numbers, sometimes the system will improperly detect non-IDs as IDs. Once the message review is complete and a sender knows that the detection was a false alarm, the message should be resent with [reviewed-noissues] appended to the subject line; this will send the message without encryption. Note that the "no issues" command will only override detection of University ID numbers; credit card numbers and social security number detection is not affected by this command. Also, all uses of the "no issues" command are logged so that they can be reviewed by the Office of Internal Audit, Privacy and Compliance.
Manual Encryption
There may be times when a sender wants to encrypt a message being sent outside even if it does not contain any of the type of information that the system always protects. To manually encrypt any message being sent to someone on a less secure mail service, simply add [encrypt] to the subject line.
Receiving Encrypted Messages
Upon opening an encrypted message for the first time, a recipient will be invited to set up an encryption account and password. Once the account is established, secured messages for the recipient are encrypted using the password and delivered as password-protected PDF files.
When opened, these PDFs show the message body, a secure "Reply" button, and any attachments that were sent with the message. The Reply button inside the PDF is used to send encrypted replies. Note that using the email program's "Reply" button (i.e., not the one inside the PDF file) will not encrypt the outgoing message so it should not be used if the reply will contain sensitive information.