Guidance on the Use of E-mail
Guidance on the Use of E-mail
It is not possible to fully separate e-mail from other forms of communication or to deal with its security other than in the context of information security more broadly. When considering appropriate guidance on the use of e-mail, there are a number of areas of concern:
- Security of Information - preventing information from falling into the wrong hands,
- Appropriate Use - using e-mail facilities for the purposes for which they are provided,
- Legal Issues - not using e-mail for purposes which are illegal, or which breach confidentiality or privacy,
- Retention and Compliance - some e-mail may be required as part of legal proceedings.
This document does not attempt to be a comprehensive guide to the use of e-mail and should be read in conjunction with the "Regulations and Code of Conduct for the Use of Information Technology Facilities".
- In common with other channels for communication within the University, e-mail accounts are provided for academic, administrative and career development purposes and messages should be accurate, courteous and necessary. Messages should not be sent to a larger audience than is reasonably justifiable, particularly when they contain attachments.
- Do not leave a machine which is logged into your e-mail account unattended, unless it is disabled by a password protected screen saver
- Do not leave your password written on a piece of paper adjacent to your machine. Others may use it to gain access to your e-mail and may impersonate you in sending e-mail. You should not disclose the password which you use to gain access to your account to others as they may use your account to impersonate you in sending e-mail. In either case you will be the one held responsible, until you can prove that you were not (which may be difficult).
- If you receive e-mail purporting to come from a particular individual, but out of character with their normal style, treat it as the result of possible impersonation until you have had the chance to confirm it as genuine.
- Take great care when addressing e-mail messages, to avoid mis-delivery, this is particularly true when sending e-mail addresses which consist primarily of numbers (such as student addresses). You are most at risk when sending e-mail to people with whom you have never communicated before, or infrequent correspondents for whom you do not have an alias set up. If sending important information it is often helpful to have the intended recipient e-mail you first and use the e-mail 'Reply' facility which will ensure that you get the address correct.
- You are well advised not to send, via e-mail, material which you would not be happy sending in an unsealed envelope, unless you have made explicit arrangements to exchange the material via a secure e-mail channel with the recipient.
- Ensure that e-mail sent to you 'for your eyes only' is not sent to unattended shared printers and that printed copies of e-mails are not left lying around.
- Be very careful when sending documents as attachments because Word and Excel files may contain information relating to earlier corrections to the document or material which previously occupied the disk space currently occupied by your file. Whilst this hidden material is generally not seen by the recipient under some circumstances it might be. Word files sent in RTF format (Save As RTF from the files dialog) greatly lessen this danger and in most cases are smaller in size. In addition they have the advantage of being readable by ALL versions of Word and many other packages.
- Check all incoming attachments to ensure that they are genuine document files (
.XLS, etc.) and are not executable files (
.EXE, etc.) which may carry viruses, etc., before clicking on them to open them up. Ensure that you use the facilities within Word to check for files with attached macros and choose to disable any macros found should that occur. Install a reliable virus protection program and ensure that it is kept up-to-date.
- Bear in mind that legal proceedings may result from inadvertent or negligent disclosure of medical records, confidential employment records or commercially sensitive information (or material pertaining to it). Considerable problems, embarrassment and expense might be caused by the inadvertent disclosure of examination questions, external examiners reports or examination marks. Sending any of these things via normal e-mail exposes both you and the University to risk.
- E-mail may be treated as written evidence in law. Any e-mail which forms part of a commercial negotiation or contract for goods, services or employment might be required as evidence in a court of law and should be carefully stored in a folder where it is unlikely to be deleted accidentally.
- Ensure that e-mail is not used to defame others, as such e-mail might come back to haunt you. There have been cases where companies/institutions have been found liable for the e-mail activities of their employees and have been forced to take severe disciplinary proceedings against offenders.
Issued by Information Services
Last reviewed 8 April 2014