AirWatch App Now Required for Some Mobile Devices

AirWatch MDM Agent is a mobile app that provides faculty and staff secure access to ECU’s online resources. It is required that all ECU-owned smartphones and tablets and personal mobile devices accessing or storing sensitive data have AirWatch configured. Personal devices that do not access or store sensitive information are not required to install AirWatch.

Beginning this week, if you access or store sensitive data using an ECU-purchased mobile device or your personal smartphone/tablet, you should implement the AirWatch app. See the website – www.ecu.edu/itcs/itsecurity/mdm.cfm – for instructions and profile options.

During installation, security measures are configured for the device according to one of three organizational profiles:

  1. University. Generic profile required for all ECU-purchased mobile devices. No sensitive data is accessed or stored on the device.
  2. Sensitive. For ECU-owned and personal devices that access sensitive data through a browser. For example, AirWatch Inbox and AirWatch Browser are part of this installation. For example, an administrator accesses email containing FERPA data using an Android phone.
  3. Workspace. Required profile for ECU-owned and personal devices that store sensitive information. For example, a medical resident stores patient notes on an iPad.
  4. Certain departments, such as the College of Education, also have an AirWatch profile. Members should ask department administrators for profile details.

For more information on profile options and instructions on installation and configuration of the AirWatch app, please visit the AirWatch website: www.ecu.edu/itcs/itsecurity/mdm.cfm

Still have questions? Call the IT Help Desk, 252.328.9866 | 800.340.7081.

Staff Requirements for Sensitive Information and Email Encryption

Ted works in the billing department of a large university’s medical clinic. He replies to an email request for billing information from their associated hospital partner.

Ted knows this message contains sensitive information for a recipient outside the university’s network. Therefore, he tags the email as Confidential to encrypt it before sending. Ted also includes a set of instructions to the recipient explaining how to decrypt and read the sensitive message and re-encrypt any replies.

With over 10,000 faculty and staff email users on ECU’s Exchange email system, one of the biggest concerns on campus is the accidental breach of sensitive information such as FERPA, HIPAA or PCI through email. This can happen when an email containing sensitive information is sent unencrypted to a recipient outside the ECU network. The message could be stolen while en route or inadvertently sent to the wrong recipient.

 

All faculty and staff now have the ability to send encrypted email and are required to do so when a message contains sensitive information to an outside address. Fortunately, this is a simple matter of either tagging the message as CONFIDENTIAL or typing [sendsecure] in the subject line.

What is Encryption?

Encryption uses a mathematical algorithm to scramble electronic text in an email or document so that it can only be read by the recipient who has the key to unscramble (decrypt) the information back to a readable form.

It is the easiest and most practical method of protecting data stored or transmitted electronically and is particularly essential with sensitive data. Even a single failure to encrypt sensitive data, whether through email or via a stolen flash drive or laptop, can result in a security breach with criminal or civil liabilities and irreparable harm to finances and the reputation of the university.

When is Encryption Required?

If an email containing sensitive information is addressed to a recipient outside the ECU network, it must be encrypted by tagging it as CONFIDENTIAL or typing [sendsecure] in the subject line. To decrypt and read the email, the recipient registers once with Cisco.

Note that all messages in a conversation – replies and forwards – must be encrypted before sending.

To see step-by-step instructions for both encrypting and decrypting an email: http://www.ecu.edu/cs-itcs/email/upload/EncryptEmail2010-13.pdf

What is Considered Sensitive Information?

Examples of sensitive information include:

  • Social Security number (SSN)
  • credit & debit card number
  • driver’s license number
  • personally identifiable patient information
  • personally identifiable student information
  • personnel information
  • proprietary research data
  • legal data

Learn More about Sensitive Information at ECU

To learn more about sensitive information at ECU, visit the following websites:

Guidelines for Protecting Sensitive Data – http://www.ecu.edu/cs-itcs/itsecurity/Sensitive-Data.cfm

Compliance and Regulations – http://www.ecu.edu/cs-itcs/itsecurity/regulations.cfm

Email Encryption – http://www.ecu.edu/cs-itcs/email/encryption.cfm

HIPAA Policies – http://www.ecu.edu/PRR/12/60/

FERPA Policies – http://www.ecu.edu/cs-acad/registrar/FERPA.cfm

Payment Card Industry (PCI) Information – http://www.ecu.edu/cs-admin/financial_serv/pci/index.cfm

Social Security Number Regulations – http://www.ecu.edu/ssnresource/