Unencrypted email is not a secure method for transmitting confidential information or sensitive data over the Internet. If you have reviewed the information below and determined that it is necessary to send such information, take steps to secure it by encrypting your message, taking into account the sensitivity of the data being transmitted and the level of security at the source and destination systems.
At Long Island University, do not send sensitive data via email unless:
- It is required by your role within the university and you’ve reviewed Your role within the university.
- You’ve reviewed Choosing an appropriate storage solution for more secure alternatives.
- The message either:
- is encrypted by the Cisco Registered Envelope Service (CRES) and you’ve reviewed Sensitive data sent outside Long Island University, or
- stays within the LIU email systems (Microsoft Exchange; not LIUmail) and you’ve reviewed Sensitive data sent within Long Island University.
For more about data protection, see Protecting Data.
Your role within the university
You should only send sensitive data via email if it is absolutely required in order to conduct the business function of the university. If you are unsure whether email is appropriate for a particular situation, consult with the university Data Steward in charge of the data involved, as well as with the University Information Policy Office.
Sensitive data sent outside Long Island University
The Cisco Registered Envelope Service (CRES) provides encryption for email sent from LIU mail servers to recipients outside the LIU network. While all outgoing mail is scanned for sensitive data, you should always force encryption of messages you know to contain such information. See What is the Cisco Registered Envelope Service (CRES)? and How can I ensure that mail sent from my Exchange account to an outside address is encrypted by CRES?
Sensitive data sent within Long Island University
Email sent from one account on a central LIU email server (i.e., an Exchange server) to another email account on the LIU Exchange servers has technical and physical safeguards, and is considered secure. However, because a recipient might forward any message you send, or might have his or her LIU email configured to send all messages to an outside account, you should tag all messages containing sensitive data, even ones to LIU addresses, to force encryption; see How can I ensure that mail sent from my Exchange account to an outside address is encrypted by CRES?
Security for large files
If the information you need to send securely is a large file, you might not be able to share it securely via email; LIU restricts the size of email attachments. See At LIU, what is the maximum size of email messages, and how can I send messages that exceed that size?
In these cases, you should use Slashtmp Critical. This service allows you to store sensitive data securely, for a limited time, and share it with specific recipients. See At LIU, what is Slashtmp, and how do I use it? and How do I upload a file larger than 2 GB to Slashtmp?