Versions Compared

Old Version 1

changes.mady.by.user hartung

Saved on

compared with

New Version Current

changes.mady.by.user Daniel LaGrow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rev. 8.1416.1719

Purpose

The State University of New York at Fredonia is required by UniversitySUNY, New York State and Federal regulations to implement practices to limit the unintended exposure or unauthorized access to Social Security Numbers (SSNs) and Credit Card Numbers (CCNs). SSNs and CCNs are strictly prohibited from being transmitted (sending or receiving) via email. Therefore, the Fredonia Messaging Gateway policy Mail Data Loss Prevention (DLP) Policy for Credit Card Numbers (CCNs) and Social Security Numbers (SSN)  is is intended to actively filter and block fredonia.edu email accounts from sending and receiving this regulated data.  The Messaging Gateway Fredonia Mail DLP Policy will utilize an advanced algorithm and internationally accepted key phrases to effectively filter and then  bounce bounce emails that contain this data. The Fredonia Messaging Gateway also enables Fredonia to provided critical security measures to protect our email and productivity infrastructure with effective and accurate real-time antispam and antimalware protection, targeted attack protection, advanced content filtering, and data loss prevention.

Scope

All inbound and outbound e-mails for fredonia.edu accounts.

NOTE: This also includes email to and from within fredonia.edu accountsdomain.Messaging Gateway

Fredonia Mail Data Loss Prevention (DLP) Policy

  • The

    • Messaging Gateway

  • Fredonia Mail DLP uses algorithms to distinguish between valid credit card numbers or valid social security numbers and other numeric strings of the same length and/or format.

    • Valid

  • Detected numbers may not be actual numbers of either type.

    • Filter

  • Filters based on the presence of any

    • known key phrases AND a number that is a

  • valid credit card number

    • regardless of format.

  • Filter based on the presence of any of the known key phrases AND a number that is a valid  social security number regardless of format. 

    • Fredonia

  • , or social security number and any known key phrases. This means that email accounts will be prevented from sending or receiving e-

    • mail

  • mails with a credit card or social security number and an associated keyword anywhere in the body, subject or attachment

    • of email

  • . If you are the sender, then you will receive

    • an Non-Delivery Report notification

  • a Message Quarantine Notification (bounce message.)

    •  If

  • If someone from outside of Fredonia sends to a fredonia.edu email account such a message, they

    • would

  • will also receive the

    • Non-Delivery Report notification

  • Message Quarantine Notification.

  • Encrypted attachments cannot be scanned.  Therefore

    •  contents

  • contents of encrypted attachments will not trigger this policy.

  • The quarantine (bounce) notification will

    • not

  • contain a copy of the original email. 

SAMPLE Social Security Number Inbound and Outbound Non-Delivery Report (NDR) E-mail:

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to its.servicecenter@fredonia.edu.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

...

SAMPLE Credit Card Number Inbound and Outbound Non-Delivery Report (NDR) E-mail:

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to its.servicecenter@fredonia.edu.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

“Fredonia respects the privacy and security of personal information.  In addition, we are prohibited from sending or receiving credit card numbers via e-mail.  Your e-mail appears to contain this information. We are permitted to accept credit numbers as a method of payment over the phone in a secure manner, in person, and via an online authorized payment gateway.  Please contact the individual or office you were trying to reach to determine an alternate means to relay the information. You may contact the ITS Service Center should you have any questions or concerns (716) 673-3407 regarding this e-mail message. Thank you.”

NOTE: If you have a valid business need to send this type of data via fredonia.edu email then please contact the Information Security Office at 716-673-4725 for an approved solution.

SAMPLE Message Quarantine Notification:

...

Compliance

...

...

...

Live Search
sizelarge
additionalpage excerpt
placeholderSearch Answers
typepage

Filter by label (Content by label)
showLabelsfalse
max5
spacesSKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ( "block" , "numbers" , "card" , "security" , "filter" , "credit" , "email" , "gateway" , "social" ) and type = "page" and space = "SKB"currentSpace ( )
labelsemail credit card social security numbers gateway filter block
Page Properties
hiddentrue


Related issues