Educause Security Discussion mailing list archives

Re: Employees forwarding their email offsite

From: "Pete, Andrew" <000000d06e28c017-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Tue, 26 May 2020 16:25:59 +0000

Hi Jonathan,

We have don't have much in written policy at the moment.  Some high level stuff that prohibits sending financial 
account/CC numbers and user passwords in email at all.  Sensitive information has to be encrypted if emailing an 
external recipient.  Last, we have a basic statement prohibiting use of non-university provided email for university 
business purposes.  The last statement gives us the breadth we need to keep email information in house.

We are an Office 365 shop and our infrastructure manager did block auto-forwarding administratively.  This was a few 
months back so I don't remember the specific details.  If you are interested in more detail I can get you some.

Andy

Andrew Pete
Information Security Architect

New England Institute of Technology
One New England Tech Boulevard
East Greenwich, RI 02818-1205
401-780-4460 (Direct)
apete () neit edu<mailto:apete () neit edu>

[NEIT_Full_Stack_H_White_BG_PNG1]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Kimmitt, Jonathan
Sent: Tuesday, May 26, 2020 12:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Employees forwarding their email offsite


This message originated outside of New England Institute of Technology. Use caution when opening attachments, clicking 
links or responding to requests for information.
Hi all,

  After an issue has come up, we are looking at a way to prevent employee's (but not students) from auto-forwarding 
their university email to personal email accounts.

I was curious to what other Universities were doing.

1.       Are you blocking auto forwarding?
2.       Do you have a university policy on what can and can't be sent?
3.       Is anybody doing this in an office365?

Thank for anything you can share!

-Jonathan

~
Jonathan Kimmitt
CISSP, PCIP, CEH, CIPM, CDPSE
GPEN, CIPT, CIPP/E, GSNA
Chief Information Security Officer
Information Technology
The University of Tulsa
918.631.2743


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Employees forwarding their email offsite Kimmitt, Jonathan (May 26)
- Re: Employees forwarding their email offsite Pesino, Sherry (May 26)
- Re: Employees forwarding their email offsite Pete, Andrew (May 26)
  - Re: EXTERNAL: Re: [SECURITY] Employees forwarding their email offsite Spiars, Vince (May 26)
- Re: Employees forwarding their email offsite Karen Brown (May 26)
  - Re: [<External>]Re: [SECURITY] Employees forwarding their email offsite Kimmitt, Jonathan (May 27)
- Re: Employees forwarding their email offsite Paul Chauvet (May 29)
  - Re: Employees forwarding their email offsite Larry K. Emmons (May 29)