Policy Name: Email Security Policy
Policy ID Number: 03-05-006
Version Effective Date: April 5, 2019
Last reviewed on: January 1, 2019
Policy Applies To: University Employees and Students
Responsible Office: Information Technology
INTRODUCTION AND STATEMENT OF PURPOSE
The University recognizes the necessity of providing Email that is free from computer viruses and harmful attachments. In addition, the University views advertisements via Email, commonly known as Spam, as a waste of resources and will make every effort to prevent NJCU systems from promoting or passing these type of messages.
The University accepts Microsoft’s definition of Level 1 & 2 attachments that present a security risk and will follow Microsoft’s recommendation that all Level 1 attachments will not be allowed to pass through the University’s Email system. Level 2 attachments will be allowed to pass through but will be rigorously tested for viruses and other harmful programs. As an additional security measure, anti-virus software is installed on all University computers. To prevent the proliferation of Spam, NJCU uses several methods, from relay blocking to the direct blocking of problematic domains listed with the following Spam tracking services:
Email is often the medium of hacker attacks, confidentiality breaches, viruses and other malware. These issues can compromise our reputation, legality and security of our equipment. Employees must:
Employees should always be vigilant to catch emails that carry malware or phishing attempts. We instruct employees to:
If an employee is not sure that an email they received is safe, they can ask our Helpdesk. We remind our employees to keep their anti-malware and virus programs updated.
For your safety and the safety of the University network, Email that passes through the University Email system (both in-coming and out-going messages) is automatically scanned for viruses, including the attachment, using the Barracuda Spam Firewall.
Level 1 attachments, deemed too dangerous for transfer, such as URL shortcuts (.url), programs (.exe), et-cetera, are blocked.
Level 2 attachments, equally dangerous but allowed to pass through, are rigorously checked for viruses using the latest virus identifiers available.
Attachments, not on the Level 1 or Level 2 list (a.k.a. Level 3 attachments), will be scanned and usually pass through with no issues. All email, sent or received, will be scanned for viruses at two levels: Barracuda and Client.
The Barracuda Firewall will block any Level 1 attachment. The sender will get an error message stating why the file was blocked. Files found to contain a virus are blocked and the sender will be notified that the email was not delivered. The recipient will not receive any notice. As part of Exchange Email services, messages from domains that appear on the block list are automatically blocked.
Client Security Process
In the event a virus gets through, new and updated versions of Outlook will not allow the client to access Level 1 attachments. The client anti-virus program will scan these files for viruses. The software will attempt to clean the file anytime a virus in an email is detected. If the software cannot clean the file, it is deleted or quarantined. If Outlook is set up to filter Spam, advertisement messages will be moved to the Junk E-Mail folder.
Scanning messages and files at the server level is extremely processor intensive. The total number of users and the use of Email Listserv lists further exacerbate this issue. For example, a message to the University staff list generates 900+ Emails. If the message has an attachment, the list also generates 900+ copies of it! The University hosts 40,000+ Email accounts and many lists. The University Email system is very busy 24/7. To ease Email processing and delivery delays, please follow these guidelines:
DATE TO INITIATE REVIEW AND UPDATE
As deemed necessary or appropriate by the Policy Coordinator but at a minimum, at least every 5 years from the date of last review.