Data Loss Prevention
prevention (DLP) is a strategy for making sure that end users do not send
sensitive or critical information outside an organization's network. DLP
products use business rules to classify and protect confidential and critical
information so that users do not accidentally or maliciously share data whose
disclosure could put the organization or individual at risk.
Beginning Friday February 1, 2019, all email that contains sensitive information will be automatically encrypted. The sender will receive an Outlook tip and a message when an email is sent that contains sensitive information. Sensitive data should be redacted from email whenever possible, but UNF now supports this new protection allowing it to be sent securely when no alternative exists. Faculty and staff can still manually encrypt any email by following the email encryption section below.
Example sensitive data matches include but are not limited to:
- Social Security Number (SSN)
- Credit Card Number
- Bank routing information (Account/Routing Numbers)
- Drivers license or passport number
- Other Personally Identifiable Information (PII)
See UNF's Data Classification Policy for more information.
If you have any questions about DLP, please submit a ticket to the help desk at email@example.com or (904) 620-4357.
- Do not forward email you receive that contains sensitive information. If it is required to do so, redact the sensitive information before replying.
- Seek alternate means of transmitting the sensitive data. (secure web applications, phone, etc.)
- Become familiar with UNF's Data Classification Policy.
- See IT Security's best practices website for more information.
Before sending an email, user tips will be displayed in Outlook when sensitive data is found in a draft email. This is to warn the user of the potential sensitive information found in the current draft email.
If you send an email to an external mailbox (not @unf.edu)
that contains sensitive information, you will receive a notification from the system
warning you about the content found in the email. This includes any attachments. The notification will contain the email you sent as an attachment and the type of sensitive information that was found in the email.
The email will still be sent with encryption and the recipient of the email will get an email notifying them of the secure message.
UNF email now supports email encryption. The encryption feature can be found in both the Outlook web client and the latest version of Outlook Click to run for desktop.
When creating a new message, you will see a button at the top named, "Protect". Clicking this button will bring up the following notification that sets the email to "Do Not Forward".
Clicking the "Change Permissions" button in the notification will allow you to turn on encryption for that email by selecting the "Encrypt" option. Please note that if the email contains sensitive information as noted above, you will still need to override the DLP block and provide a business justification including a note that you encrypted the email.
In Outlook for desktop, when drafting a message you will see the option to encrypt found under the Options menu after dropping down the Permission button. Ensure to not use the Encrypt button found next to the permission drop down as this is a feature that is not supported at UNF.
The receivers of the email are the only recipients that can open and read the message after authenticating. An example of a received message can be seen below.