Educause Security Discussion mailing list archives
Re: Employees forwarding their email offsite
From: Paul Chauvet <chauvetp () NEWPALTZ EDU>
Date: Fri, 29 May 2020 17:05:42 +0000
Hi Jonathan, We prevent employees - with the exception of adjunct faculty - from forwarding their mail. The way we enforce this is an alert in Office 365 on when a forwarder is setup. That policy is setup within the Office 365 Security & Compliance center. * Condition: Activity is MailRedirect * Action: notify admins We then review: * Does the forward look like it was applied by the user themselves? If they are not an adjunct we then disable the forwarder and remind the employee of the policy. * Does it look like a rule which may have been applied maliciously and is an IoC? If so - we investigate. The latter was more common pre-MFA. Paul Chauvet, CISSP Information Security Officer State University of New York at New Paltz 845-257-3828 chauvetp () newpaltz edu<mailto:chauvetp () newpaltz edu> [cid:image001.png@01D635B9.DAE98FD0] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Kimmitt, Jonathan Sent: Tuesday, May 26, 2020 12:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Employees forwarding their email offsite CAUTION: Message from a non-New Paltz email server. Treat message, links, and attachments with extra caution. Hi all, After an issue has come up, we are looking at a way to prevent employee's (but not students) from auto-forwarding their university email to personal email accounts. I was curious to what other Universities were doing. 1. Are you blocking auto forwarding? 2. Do you have a university policy on what can and can't be sent? 3. Is anybody doing this in an office365? Thank for anything you can share! -Jonathan ~ Jonathan Kimmitt CISSP, PCIP, CEH, CIPM, CDPSE GPEN, CIPT, CIPP/E, GSNA Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Employees forwarding their email offsite Kimmitt, Jonathan (May 26)
- Re: Employees forwarding their email offsite Pesino, Sherry (May 26)
- Re: Employees forwarding their email offsite Pete, Andrew (May 26)
- Re: EXTERNAL: Re: [SECURITY] Employees forwarding their email offsite Spiars, Vince (May 26)
- Re: Employees forwarding their email offsite Karen Brown (May 26)
- Re: [<External>]Re: [SECURITY] Employees forwarding their email offsite Kimmitt, Jonathan (May 27)
- Re: Employees forwarding their email offsite Paul Chauvet (May 29)
- Re: Employees forwarding their email offsite Larry K. Emmons (May 29)