Is Your E-mail Secure?
Remember the advice, “Don’t send an e-mail that you wouldn’t want printed on the front cover of a newspaper”? When e-mail was becoming popular, we were reminded regularly that e-mail is not secure and to assume every message could potentially be intercepted.
Today, though e-mail security has improved, awareness is still paramount.
- Messages you send can be easily redistributed by the recipient, so it is important to think about the information you send.
- Do not send sensitive information by e-mail, for example, passwords, PINs, banking information, credit card, SSNs.
- Use a telephone to communicate with a person requesting sensitive information and make sure they actually need it.
- If required, determine what the most secure method for sharing sensitive information is; likely not by e-mail.
- OIT asks that you never e-mail passwords or social security numbers when working with the Help Desk.
There are some strategies you can use to protect your personal information and the AU data you handle when using e-mail. OIT supports two primary e-mail applications, Lotus Notes and AU-sponsored Gmail for students, and each has some security.
AU’s Lotus Notes e-mail is secured and protected when both the sender and receiver are using Lotus Notes with an @american.edu address and neither the sender nor the receiver has forwarded their e-mail to another account.
Here’s how to enable settings to increase security and ensure that only the intended recipient can open your message and that he or she cannot easily redistribute it.
- Before sending a message, click “encrypt” which ensures only the recipient—and not other people who may have access to the inbox—can open your message in AU Lotus Notes.
- Click “delivery options” and check the box that says “prevent copying” so the message cannot be forwarded.
- Note: “encrypt” and “prevent copying” work only on messages sent to accounts in the American Notes Domain where the address ends in @american.edu or /AmericanU.
It is difficult for a recipient to read or forward an encrypted message in any program other than the Lotus Notes desktop client. However, nothing is perfectly safe: if the information you are thinking of sending could be damaging to a person or AU if intercepted, it should not be sent by e-mail.
If you use Google Gmail, including the AU-sponsored Gmail for students, you have fewer security options. However, check that HTTPS is turned on when you are logged into the Google site.
- HTTPS will encrypt the connection between the Gmail server and your computer, making you less vulnerable to people who may want to view your messages as they travel the network.
- Check the address window or the lower right hand corner of your browser window. You should see an icon of a closed lock if HTTPS is enabled on the Web page.
- To turn on HTTPS, sign into Gmail, click on “settings” and scroll down to “browser connection,” select the radio button “always use HTTPS” and click “save changes.” Press “reload.”
Contact the IT Help Desk at 202-885-2550, e-mail email@example.com or on instant messenger at AskAmericanUHelp for assistance and further information.
Check for outages and scheduled maintenance on AU systems at http://status.american.edu.