About Belinda Perkinson

Belinda works with the ITCS Training and Communications team at East Carolina University.

Staff Requirements for Sensitive Information and Email Encryption

Ted works in the billing department of a large university’s medical clinic. He replies to an email request for billing information from their associated hospital partner.

Ted knows this message contains sensitive information for a recipient outside the university’s network. Therefore, he tags the email as Confidential to encrypt it before sending. Ted also includes a set of instructions to the recipient explaining how to decrypt and read the sensitive message and re-encrypt any replies.

With over 10,000 faculty and staff email users on ECU’s Exchange email system, one of the biggest concerns on campus is the accidental breach of sensitive information such as FERPA, HIPAA or PCI through email. This can happen when an email containing sensitive information is sent unencrypted to a recipient outside the ECU network. The message could be stolen while en route or inadvertently sent to the wrong recipient.

 

All faculty and staff now have the ability to send encrypted email and are required to do so when a message contains sensitive information to an outside address. Fortunately, this is a simple matter of either tagging the message as CONFIDENTIAL or typing [sendsecure] in the subject line.

What is Encryption?

Encryption uses a mathematical algorithm to scramble electronic text in an email or document so that it can only be read by the recipient who has the key to unscramble (decrypt) the information back to a readable form.

It is the easiest and most practical method of protecting data stored or transmitted electronically and is particularly essential with sensitive data. Even a single failure to encrypt sensitive data, whether through email or via a stolen flash drive or laptop, can result in a security breach with criminal or civil liabilities and irreparable harm to finances and the reputation of the university.

When is Encryption Required?

If an email containing sensitive information is addressed to a recipient outside the ECU network, it must be encrypted by tagging it as CONFIDENTIAL or typing [sendsecure] in the subject line. To decrypt and read the email, the recipient registers once with Cisco.

Note that all messages in a conversation – replies and forwards – must be encrypted before sending.

To see step-by-step instructions for both encrypting and decrypting an email: http://www.ecu.edu/cs-itcs/email/upload/EncryptEmail2010-13.pdf

What is Considered Sensitive Information?

Examples of sensitive information include:

  • Social Security number (SSN)
  • credit & debit card number
  • driver’s license number
  • personally identifiable patient information
  • personally identifiable student information
  • personnel information
  • proprietary research data
  • legal data

Learn More about Sensitive Information at ECU

To learn more about sensitive information at ECU, visit the following websites:

Guidelines for Protecting Sensitive Data – http://www.ecu.edu/cs-itcs/itsecurity/Sensitive-Data.cfm

Compliance and Regulations – http://www.ecu.edu/cs-itcs/itsecurity/regulations.cfm

Email Encryption – http://www.ecu.edu/cs-itcs/email/encryption.cfm

HIPAA Policies – http://www.ecu.edu/PRR/12/60/

FERPA Policies – http://www.ecu.edu/cs-acad/registrar/FERPA.cfm

Payment Card Industry (PCI) Information – http://www.ecu.edu/cs-admin/financial_serv/pci/index.cfm

Social Security Number Regulations – http://www.ecu.edu/ssnresource/

Windows 8.1 Support for Faculty/Staff and Apple Vulnerability Discovered

Windows 8.1 Support Now Available for Faculty/Staff

However, be aware of 8.1’s incompatibilities

While Windows 7 is still the official operating system for ECU-purchased PCs, some faculty and staff may require assistance with computer systems running Windows 8.1. ITCS now offers support for Windows 8.1 computers.

However, users need to note that, while Windows 8.1 is certainly compatible with Banner Self-Service accessed through Pirate Port, SAS v. 9.4 and the current version of SPSS, Windows 8.1 is not compatible with Banner INB or the ECU Physicians Electronic Medical Record. There may also be other systems that do not function using the Windows 8.1 operating system. Please call the IT Help Desk at 252.328.9866 to report any problems.

Learn more about the Windows 8.1 operating system at this Microsoft support site: http://windows.microsoft.com/en-us/windows-8/meet.

BEWARE! New iOS/Mac Vulnerability

Only download apps from the official app store

Two iOS vulnerabilities have been discovered that affect iOS 7 or higher on iPads, iPhones and Mac computers. These attacks are coming from apps downloaded through unsecured websites.

WireLurker allows hackers to gain access to private data on your device. The hackers may even be able to take control of your iOS device or Mac.

Masque Attack replaces legitimate apps with fakes that look exactly like the originals. Any data entered into the app, like phone numbers, passwords and credit card numbers, are gathered and used by the hacker.

Recommendation: Download all apps from the official Apple App Store only.
To learn more and actually see an attack in action, please visit the Mac Life website: http://www.maclife.com/article/news/dangerous_masque_attack_vulnerability_lets_malware_hide_legit_ios_apps?utm_source=Adestra&utm_medium=email&utm_campaign=10681&utm_term=1803041&utm_content=13974

Have Questions about either of these articles? Contact the IT Help Desk at 252.328.9866 | 800.340.7081