Account and Mobile Device Security
Please see the KB page SoIC SICE Account Security Recommendations for information about securing your IU accounts and mobile devices so you are in compliance with IU security policies.
In most cases, you will want to avoid sending critical sensitive data via email if at all possible. This section applies only to non-critical sensitive data in the restricted and university-internal classifications (see previous section). If you have a need to send critical data via email, please contact the IT staff so we can discuss options and appropriate safeguards.
IU has a CRES (Cisco Registered Envelope Service) encryption service that is extremely simple to use. All you have to do is put "[Secure Message]" (including the square brackets but not the double quotes) in the subject of the message and that's it. It doesn't get much easier than that! The way this works is as follows:
So, if you need to email non-critical sensitive data (including a 9-digit IU ID number) just put "[Secure Message]" (including the square brackets but not the double quotes) in the subject of the email and you are in compliance with IU email policy. Do note, however, that this requires that you be using the IU mail servers for your outgoing email. This will be true for most people using the IU mail system but if you are using a non-IU email system and have questions on how you can take advantage of this service, please contact the IT staff.
Option 2: Manual Encryption
This KB page is intended to be a simple summary of a rather complex issue involving various IU policies. Below are various reference documents if you want to pursue this subject further.
- What is sensitive data, and how is it protected by law?
- Classifications of Institutional Data
- Should I send confidential information via email?
- Student use of email for work-related purposes
- Secure File Transfer Alternatives
- Data Management at IU and the Critical Data Guide
- What is the Cisco Registered Envelope Service (CRES)?
- How can I ensure that mail sent from my Exchange or Cyrus account to an outside address is encrypted by CRES?
- IT-21: Use of Electronic Mail