With over 10,000 faculty and staff email users on ECU’s Exchange system, one of the biggest concerns is the accidental breach of sensitive information through an unencrypted message. Therefore, as an added layer of security, ECU has a Data Loss Prevention (DLP) program to further protect sensitive information emailed to recipients outside the ECU network.
As a first step in protecting sensitive data, faculty and staff are required to encrypt email containing sensitive information when addressed to recipients outside ECU. Examples of sensitive information include HIPAA, FERPA and PCI. To encrypt an email, a user simply types the words, [sendsecure] in the email's subject line or tags the message as Confidential. See the encryption page for the easy, three-step process (Outlook 7, 10, 11, 13 and Piratemail).
When sent, the email passes to the Exchange server to be delivered. Encrypted messages are sent to the recipients while unencrypted messages are checked against sensitivity "markers." If the message meets certain criteria, the following happens:
No one is reading your email. The spam filter simply checks the message against certain criteria, such as digits in the xxx-xx-xxxx format that could indicate a social security number or a long string of numbers near a date that might indicate a credit card number.
Email Encryption: www.ecu.edu/cs-itcs/email/encryption.cfm
Sensitive Data: www.ecu.edu/cs-itcs/itsecurity/sensitive-data.cfm
Sensitive Data Storage: www.ecu.edu/cs-itcs/itsecurity/sensitiveStorage.cfm
Social Security Numbers: www.ecu.edu/ssnresource/
FERPA policy: www.ecu.edu/acad/registrar/FERPA.cfm
Payment Card Industry (PCI): www.ecu.edu/admin/financial_serv/pci/