This article contains information on the following topics:


How do I send a secure email outside the University?


When sending emails outside of St. John's University email system, it's essential to take steps to ensure the security of sensitive information. Please note that emails sent outside of the system are not encrypted and therefore, not secure. If you need to communicate sensitive information, you have several options available.


However, before transmitting Personally Identifiable Information (PII) outside the University, it must be cleared by the Office of Information Security. St. John's University has policies and standards in place to ensure that all sensitive data is transmitted securely and encrypted.


Sending attachments or files securely

If you are not transmitting PII and require a method of communication to send files, you can:

  • Password-protect the file before transmitting it. Do not send the file and password together in the same email. Instead, send the password through a different medium, such as a phone call, SMS, a separate email, etc., to ensure maximum security.

  • If you have more than one file to send, you can create a ZIP file and include a password. For maximum security, use AES 256-bit encryption. Again, do not share the password and the file together in the same email; send them separately.


Sending secured, encrypted, confidential email messages


By adopting these measures, you can enhance the security and confidentiality of your emails when sharing sensitive information outside of St. John's University email system.


1. Secured / Encrypted Communication Emails:  (Secure)

  • First-level form of security.

  • Begin the email subject with "(Secure)"
    This action will encrypt the message when it leaves the Outbox.

(Note: You MUST include parentheses. It is not case-sensitive).

Recipient Alerts:

  • The recipient will receive a notification indicating the receipt of a secure message.

  • The first time that a recipient receives a secured/encrypted/confidential email, it will not be displayed in the preview pane, if using Outlook. The following alert will appear:


  • The following alert will be displayed at the top of the email message:

  •       The recipient may forward the email to ANY recipient. When attempting to forward the email, the following disclaimer will appear:

  • If the recipient is using a non-Microsoft email platform, they may receive a disclaimer similar to the image below. It is ok for them to mark it as “Safe”.

2. Encrypting, Preventing Forwarding, Printing or Copying:  (Do Not Forward)

  • Mid-level form of security

  • Begin the subject line with "(Do Not Forward)"
    This action will encrypt the message when it leaves the Outbox.
    (Note: You MUST include parentheses, not case-sensitive).

  • Safe to send to external, non-SJU email addresses

Recipient Alerts:

 

  • The following alert will be listed at the top of the email message when it is displayed:

  • The email may ONLY be forwarded to other INTERNAL SJU EMAIL recipients. The following message will appear:

  • When a recipient attempts to forward the email, the following error will appear from within Outlook:

 3. Confidential, Internal-ONLY Email: (Secret)


  • High-level form of security – INTERNAL SJU EMAIL ADDRESSES ONLY

  • Begin the subject line with "(Secret)":
    This action will encrypt the message, and mark it as Internal-Only
    (Note: You MUST include parentheses. It is not case-sensitive).

  • The message will be flagged to the recipient that it contains confidential information.

  • The recipient may be required to open the email as an attachment, depending on their email platform.

  • The content of the email cannot be copied or printed. Efforts to copy, screenshot, or image capture will block out all of the content of the email.

  • Forwarding is permitted only to SJU Email addresses only.


Recipient Alerts:

 

  • The following alert will be listed at the top of the email message when it is displayed:

  • The email may ONLY be forwarded to other INTERNAL SJU EMAIL recipients. The following message will appear:

  • If a message is sent to a non-SJU email address with this security, they will be given a link to view the email. That link will route them to Office 365, and prompt them to log in with an SJU email address.


4. Confidential, Internal-Only, View-Only

  • Highest-level of security - Internal-Only, View-Only

  • Recipients will only be able to view content.

  • The content will NOT be able to be: modified, copied, printed, or forwarded.

  1. Log in to the Sign-On Portal (https://signon.stjohns.edu), and click on the Office 365 app.

  2. Click on the “New Mail” button:


  3. Click on the “Options” tab at the top of the compose window. Then, locate the “Lock” image, and choose “Encrypt.”


  4. An encryption label will appear at the top of the email. Click on the “Change Permissions” link. Then, choose the “St. John’s University - Confidential View Only” option.


Recipient Alerts:

 

  • The following alert will be listed at the top of the email message when it is displayed:


  • When a recipient attempts to forward the email, the following error will appear from within Outlook:





 If you experience any issues with this, please report it by visiting the I.T. Support Portal: https://ithelp.stjohns.edu, and clicking “Report an Incident”.