IT News


New Email Security Enhancements Starting July 2018

University of Miami's Information Technology department (UMIT) continues to work diligently to protect and secure your and the University's sensitive and private information. On Monday, July 23, 2018, UMIT will enable the following new email security enhancements: 1) Email notifications for data loss prevention (DLP); and 2) Email auditing for troubleshooting and support. No action is necessary on your part in order for these enhancements to be enabled.


Email Notifications for Data Loss Prevention (DLP):

Microsoft's email notifications for DLP automatically scans emails for sensitive information and/or potential HIPAA violations, such as social security numbers, credit card numbers, and/or other personally identifiable information (PII) and protected health information (PHI). When composing a new email that contains sensitive information, you will see a "Policy tip" appear at the top of the message (please see the screengrab below, which indicates that your email contains potentially sensitive information and asks if you wish to continue sending your message).

If you send the message, after receiving the Policy tip, it will automatically be encrypted* to ensure the data is sent securely. The recipient(s) will need to follow the decrypt instructions found here in order to view the contents of the message. Please see the example below, which includes randomly generated credit card information:

"Policy tip: Your email message appears to contain information that may be confidential and protected by the University. Are you sure you want to send it? Learn more"

The new email notifications for DLP feature affirms that UMIT is meeting U.S. government regulations as well as University of Miami policy regulations, which include compliance with UM’s Data Classification and Electronic Data Protection and Encryption policies.


Email Auditing for Troubleshooting and Support:

UMIT will also enable email auditing for troubleshooting and support, which will be primarily used for troubleshooting when a support ticket is submitted to the UMIT Service Desk. These email audit logs are only available for 30 days, and will help UMIT Technicians when troubleshooting issues like changes to inbox rules or if you are unable to locate a sent/received message. Audit logs can help determine when a message was sent, to whom it was sent, who received the message, and/or where the message is located within a folder (i.e. inbox > folder 1). Please keep in mind that the message body/content is not visible within audit logs. For a complete list of auditable actions, please review Microsoft's mailbox auditing actions.

The new email auditing for troubleshooting and support feature is compliant with the University of Miami’s Use of University Computing Facilities policy.


UMIT values and respects the privacy of our UM community members and their information. Respectively, these new email security enhancements ensure compliance with the University of Miami’s policies for the security of private and protected information. If you have any questions, please contact the UMIT Service Desk at: (305) 284-6565 or help@miami.edu.

Thank you.

 

*In some cases, Outlook clients on Mac and/or mobile devices may not display the "Policy tip" above the message body. Although you may not see the policy tip on your Outlook client, any message sent with sensitive information will be automatically flagged as having sensitive data within it and the message will be sent with encryption.