Technology/Email Security Policy

From Help

Revision as of 14:57, 16 September 2024 by Admin (talk | contribs) (Created page with " == Email Security Policy == <h4><p>1. Overview</h4></p> <p>Email at the Art Academy of Cincinnati (AAC) is to be treated as an essential and crucial resource. Therefore, we...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Email Security Policy

1. Overview

Email at the Art Academy of Cincinnati (AAC) is to be treated as an essential and crucial resource. Therefore, we are implementing this policy to:

  1. Develop sensible and appropriate guidelines for using information resources.
  2. Inform users about their duties related to the utilization of these resources.
  3. Set up a timeline for the retention and archiving of emails.

2. Purpose

The purpose of this Email Security Policy is to ensure the integrity, confidentiality, and availability of AAC's email services. This policy outlines the standards and procedures by which all employees must abide to safeguard AAC's electronic communications.

3. Scope

This policy applies to all employees, students, contractors, and third-party representatives of AAC who have access to the school’s email system. It encompasses all hardware and software, as well as any associated services, used to conduct school business via email.

4. Policy Details

4.1 Privacy and ownership of information

Notice of waiver: Users relinquish any expectation of privacy for materials they produce, store, send, or receive using AAC's computer systems.

AAC reserves the right to monitor communications, such as emails, without prior notification. Furthermore, all content—including personal emails, files, and documents—are the property of AAC, may be accessed per company policy, and could be subject to public records requests.

4.2 Email security measures

Vigilance against malware: Emails must be handled with extreme caution to mitigate information security risks. An antivirus tool is employed to detect and manage malicious codes or files.

All incoming emails undergo filtering to check for viruses, malicious codes, or spam, which will be isolated for user review. Introducing malware into AAC's systems can severely disrupt business operations. Any detected security threats must be reported to IT immediately.

Anti-spoofing efforts: Procedures are in place to detect spoofed emails. Employees are expected to identify and report suspected email spoofing to IT promptly.

Safe handling of email attachments: Emails are screened for malicious attachments. Files with extensions known to harbor malware or pose a significant risk are removed before email delivery.

Blocking malicious senders: Emails from domains or IP addresses linked to known malicious entities are automatically blocked. Misbehaving email accounts, especially those sending out spam, will be deactivated and investigated.

4.3 Proper use of email

Business communication standards: Email should be used solely for school-related purposes and must mirror the professionalism expected in other school and business communications.

Outgoing attachments are automatically scanned for malware. Improper use of email can damage both the recipient's system and the Art Academy's reputation.

Prohibited activities:

  • Sending intimidating, harassing, or offensive emails.
  • Using email for personal matters.
  • Engaging in unauthorized promotional activities.
  • Violating copyright laws.
  • Sending emails from another user's account without permission.
  • Creating a false identity or forging email messages.
  • Disabling security features, such as automatic scanning.
  • Circumventing email security protocols.
  • Sending joke emails, chain letters, or engaging in spam-like activities.
  • Sending overly large emails or attachments.
  • Distributing emails containing viruses.

4.4 Email confidentiality and security

Data encryption: Any confidential or sensitive Art Academy information sent outside the company’s network must be encrypted. Passwords or decryption keys should never be transmitted via email.

Security precautions: Email is inherently insecure; therefore, sensitive information like passwords, social security numbers, and personal identifiers should not be emailed to external parties without encryption. All user activity on AAC's systems is logged and subject to monitoring.

Representation restrictions: Users must avoid giving the impression they are speaking on behalf of AAC unless they have explicit or implicit authorization.

Use of non-AAC email accounts: Confidential or sensitive company information must not be sent, forwarded, or received through non-AAC email accounts.

Users employing non-AAC issued devices must comply with the Personal Device Acceptable Use and Security Policy.

4.5 Incidental use policy

Guidelines for personal use: Incidental personal use of AAC's email systems is permitted for approved users only and must not extend to family members or acquaintances.

Such use should not incur any direct costs to AAC nor interfere with an employee’s regular duties.

4.6 Content restrictions

Employees must not send or receive files or documents that could expose AAC to legal liability or cause embarrassment. The storage of personal files within AAC's IT systems should be kept to a minimum.

4.7 Email retention practices

Retention period: All emails are retained in the system for a period of 36 months. Emails that exceed this age will be automatically purged from the system.

Purging policy: Both deleted and archived emails are automatically purged after the retention period. Similarly, appointments, tasks, and notes older than 36 months will also be purged.

4.8 Email archive access

  • Access rights: Only the mailbox owner and the system administrator are granted access to email archives.
  • Archive maintenance: Emails stored in the online archive will be deleted 36 months from their original send or receive date, consistent with the general email retention policy.
Retrieved from "https://help.artacademy.edu/index.php?title=Technology/Email_Security_Policy&oldid=883"