- Carefully consider if sending confidential information by email is appropriate (e.g. an alternative, more secure, method is to send a link from a secure storage area).
- When sending confidential information by email, clearly state 'confidential' in the subject line and protect the email by restricting access.
- Be cautious and always think before you click links, open attachments, or download files in emails you receive, regardless of who sent them (for more information on suspicious emails see 'How to spot phishing').
- In order for IT Services to investigate new threats, send any suspicious messages by using the 'Report Message' button or by forwarding the email to firstname.lastname@example.org and deleting it from your inbox.
- Remember, if an email is too good to be true, it probably is.
- Click any links or attachments in emails, unless you already know what they contain.
- Respond to suspicious email messages from:
- Anyone, including IT Services, that ask you to confirm your password or personal information or demand an immediate response or threaten loss of accounts or services.
- Unrecognised senders.
Who should I contact if I'm not sure?
- For help with handling information e.g. identifying personal data, how it should be handled or when it can be deleted, contact your local data protection liaison officer (Intranet access only).
- For all student queries and / or questions on GDPR or data protection, contact the Data Protection and Records Management Officer.
- For help with protecting your information, review the Information Security Toolkit including the information security policies. For further support, contact the IT Service Desk.
My device is encrypted. Does this mean emails sent from my device are also encrypted?
No, email is not secure as it can be read as it travels over the internet to the recipient. Restrict access to the email or put the confidential information in a protected (encrypted) file and attach it to the email.