Staff Requirements for Sensitive Information and Email Encryption

Ted works in the billing department of a large university’s medical clinic. He replies to an email request for billing information from their associated hospital partner.

Ted knows this message contains sensitive information for a recipient outside the university’s network. Therefore, he tags the email as Confidential to encrypt it before sending. Ted also includes a set of instructions to the recipient explaining how to decrypt and read the sensitive message and re-encrypt any replies.

With over 10,000 faculty and staff email users on ECU’s Exchange email system, one of the biggest concerns on campus is the accidental breach of sensitive information such as FERPA, HIPAA or PCI through email. This can happen when an email containing sensitive information is sent unencrypted to a recipient outside the ECU network. The message could be stolen while en route or inadvertently sent to the wrong recipient.

 

All faculty and staff now have the ability to send encrypted email and are required to do so when a message contains sensitive information to an outside address. Fortunately, this is a simple matter of either tagging the message as CONFIDENTIAL or typing [sendsecure] in the subject line.

What is Encryption?

Encryption uses a mathematical algorithm to scramble electronic text in an email or document so that it can only be read by the recipient who has the key to unscramble (decrypt) the information back to a readable form.

It is the easiest and most practical method of protecting data stored or transmitted electronically and is particularly essential with sensitive data. Even a single failure to encrypt sensitive data, whether through email or via a stolen flash drive or laptop, can result in a security breach with criminal or civil liabilities and irreparable harm to finances and the reputation of the university.

When is Encryption Required?

If an email containing sensitive information is addressed to a recipient outside the ECU network, it must be encrypted by tagging it as CONFIDENTIAL or typing [sendsecure] in the subject line. To decrypt and read the email, the recipient registers once with Cisco.

Note that all messages in a conversation – replies and forwards – must be encrypted before sending.

To see step-by-step instructions for both encrypting and decrypting an email: http://www.ecu.edu/cs-itcs/email/upload/EncryptEmail2010-13.pdf

What is Considered Sensitive Information?

Examples of sensitive information include:

  • Social Security number (SSN)
  • credit & debit card number
  • driver’s license number
  • personally identifiable patient information
  • personally identifiable student information
  • personnel information
  • proprietary research data
  • legal data

Learn More about Sensitive Information at ECU

To learn more about sensitive information at ECU, visit the following websites:

Guidelines for Protecting Sensitive Data – http://www.ecu.edu/cs-itcs/itsecurity/Sensitive-Data.cfm

Compliance and Regulations – http://www.ecu.edu/cs-itcs/itsecurity/regulations.cfm

Email Encryption – http://www.ecu.edu/cs-itcs/email/encryption.cfm

HIPAA Policies – http://www.ecu.edu/PRR/12/60/

FERPA Policies – http://www.ecu.edu/cs-acad/registrar/FERPA.cfm

Payment Card Industry (PCI) Information – http://www.ecu.edu/cs-admin/financial_serv/pci/index.cfm

Social Security Number Regulations – http://www.ecu.edu/ssnresource/

WordPress blogs now only created upon request, Changes to ECU’s Buccaneer wireless network

January 5, 2014
Please take a few moments to read these important announcements from ITCS…

 


 WordPress blogs now only created upon request 

ECU WordPress blogs are no longer automatically created when a user logs into MyWeb the first time. Blogs will only be created upon request. To request a blog, please submit an IT Help Desk service request at https://ithelp.ecu.edu. 


Changes to ECU’s Buccaneer wireless network
 

On Sunday, January 4, 2015, ITCS began requiring users to have the Cisco NAC Agent installed on Windows computers prior to accessing network resources through the ECU BUCCANEER wireless network. 

This change has been implemented as a means to safeguard the ECU network, systems, and data against computer viruses and vulnerabilities. This software determines whether or not your system is up to date with critical updates to the operating system and if you have an acceptable antivirus application loaded with current virus definitions.
  • ECU-owned Windows mobile computers should have received the Cisco NAC Agent automatically through ITCS Desktop Technologies Support.
  • For personal Windows computers, the Cisco NAC Agent software is available via the ECU Download Center.
The software is not available for iPads, Windows Tablets, Google Chrome Books and Smartphones. These types of devices will be allowed access to the network without the software. 
Will this change the way I connect to the Buccaneer wireless network?
Upon connecting to the ECU BUCCANEER wireless network, the Windows user will be prompted to install the Cisco NAC Agent prior to accessing network resources through the ECU BUCCANEER wireless network if the agents is not already installed.
Once installed, the software will determine if you need to install critical updates to your operating system or current virus definitions to your Antivirus application. We encourage you to follow any recommendations to update your device(s); however, if you choose not to install updates at this time, you will still be able to connect to the Buccaneer network.
As of March 2015, you will be required to follow the Cisco NAC Agent recommendations and install critical updates to your operating system or current virus definitions to your antivirus application. 
 
More information and help 

You can connect to either the Pirates, Buccaneer, or Campus Living (residence halls) wireless network while on campus:.

  • connecting to Pirates will allow you to access ONLY the Internet and ECU Internet services like OneStop, Blackboard, the ECU Web site, Piratemail, Outlook Live student e-mail, ect.
  • connecting to Buccaneer and Campus Living will allow you to access the Internet AND internal university resources like direct access to personal departmental Piratedrives, ECU network printers and departmental systems, ect.

If you have any questions or experience any difficulties with the new wireless security service, please contact the IT Help Desk at 328.9866 or http://help.ecu.edu