Email is insecure. Sensitive information should not be send via email. Any email (including those claiming to be private) is often compared to a postcard in that anyone who comes in contact with it can read it. Email may also be read when it is stored on servers.
Email is hard to destroy. Most electronic documents are backed up and recoverable. Check with your system administrator about email archived.
Other reasons not to send personal/confidential information via email...
Email may not be deleted by the person to whom the email was sent;
Email can be stored on the recipient's workstation indefinitely;
Email can be modified and sent to someone else;
Email can be forwarded without your consent;
Email can be forwarded unencrypted.
Logging. Most software used to operate networks (including web servers, mail servers and gateways) log transactions and communications will normally include the email addresses of senders and recipients of email and the time of transmission. The content of emails themselves will not normally be logged but may be stored on mail servers. Web server logs record information on the sites people visit. Keeping these logs is usually necessary for the routine maintenance and management of networks and systems. System administrators are also capable of reading the contents of emails sent and received across the network or stored on servers.
Computer Data Logging
Email is not private. Departments within the university can establish policies to monitor communication. If your department has a monitoring policy for email communication you can assume that messages sent within your department as well as those that are sent from your workstation to another location or from another location to you can be subject to monitoring. This may include web-based email accounts such as Yahoo and Hotmail as well as instant messages. The same holds true for voice mail systems. Some email systems have options marked "private" however it does not guarantee that those are kept confidential.
Internet 'cafes' and wireless access points are not secure. Therefore email sent through them will not be private. Private, sensitive or confidential information should not be sent from insecure wireless sites.
Spam is defined as unsolicited email.There are several types of spam, some are nuisance and others can lead to identity theft. Phishing is defined as online scams using email, pop-ups, or text messages to get your personal and financial information. View the short FTC videos on "Reducing Spam" and "phishing", and how to fight them.
Phishing and Spam Federal Trade Commission (FTC) videos
Users should be aware of the technology used and available at the university:
The university's email is secured by Secure Sockets Layer (SSL), a commonly used means of encryption for accessing your email. Check your department services to determine the level of security offered.
Secure Sockets Layer (SSL)
Encrypt email from home or while traveling by using the university's virtual private network (VPN). If you use an outside ISP or a wireless connection at home, using the VPN system will prevent others on the network from seeing your traffic. The Rutgers University Office of Information Technology recommends using the Cisco VPN Client which encrypts all communication going out to the Internet from your computer. Never send private/confidential information over the Internet without encryption as your account can be compromised and the information you are sending easily accessible to anyone. Unencrypted information puts you, your department, and the university at risk by allowing your information and password to be read by others. Email is never a truly secure mechanism with which to send sensitive information.
Documentation for Cisco Virtual Private Network (VPN)
Cisco Client Download
PGP (pretty good privacy) is available as freeware for encryption for email, however, the user should be well versed prior to sending confidential information. PGP encrypts email by matching public keys to user identity so that only the intended recipient can read it. Free versions of PGP are available for noncommercial use. There are also commercial versions, however email is never a truly secure mechanism with which to send sensitive information.
Pretty Good Privacy (PGP)
Encryption software is commercially available, though not necessarily approved, supported or endorsed by the university.
Data-at-Rest/encryption software available to university departments