Versions Compared

Old Version 5

changes.mady.by.user Rebecca R. Gagnon

Saved on

compared with

New Version 6

changes.mady.by.user Danette D Carll [X]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
_Hlk5609214
_Hlk5609214
Anchor
_GoBack
_GoBack
Sending Encrypted Emails from Outlook with Office 365

PURPOSE

To allow users to securely send email messages and attachments to external users without installing PGP Client Software.

SCOPE

All NYSERDA Users

RESPONSIBILITIES

  1. IT Operations Systems Administration is responsible for User Account and Mailbox Administration
  2. All users are responsible for knowing the Data Classification for any information and/or files being shared both within and outside of NYSERDA and assuring this information is properly secured in accordance with that classification.

...

*Contact Data Governance for more details on Data Classification

PROCEDURES


  1. Sending Secure, Encrypted Email from Outlook has been made very easy for NYSERDA users now on the Office 365 email platform. To send an encrypted email to an external user you simply need to add the appropriate wording to the Subject of the message.
    1. Create new message in Microsoft Outlook and add the recipients like usual.
    2. Enter the following to the beginning of your "Subject" #encrypt

Then enter the rest of the subject as you would like it to be seen


        2. Attachments  Information may be intercepted in motion when sending an email to an external stakeholder so attachments must be converted to an Adobe password protected file or converted to a Microsoft Excel (or MS Word or Excel .xlsx ) password protected file for Confidential-Internal, Confidential-Private or Confidential-Restricted data before you send sending an encrypted email . This to an external stakeholder or emailing a State entity within the ITS domain.

For encrypted email, the content of the email is the only information that is encrypted. The password protected file ensures the information stays secure. Reference instructions on sending an encrypted email. The receiver of the email must have a Microsoft Account or be given a one-time password to access the information.
• Instructions to Password Protect Documents
 To password protect an Adobe Acrobat Pro PDF file, save the file as a PDF. Open the PDF. Click on “Tools” (right side). Click on “Protection”. Select “Encrypt”. Select “Encrypt with Password”. Click “Yes” to change security of the document. Click “Require Password to Open Document”. Enter a secure password per the guidelines (last bullet).
 To password protect an Excel file (.xlsx only), Select “Review”. Select “Protect Sheet”. Enter a secure password per the guidelines below. Excel password protected files must be saved as .xlsx only to meet New York State encryption requirements. Please be sure to select .xlsx when saving the file. Files in the .xls format must be recreated and saved as a new .xlsx file. The .xls format does not meet NYS security requirements and may be hacked. Enter a secure password per the guidelines (last bullet).
 To password protect a MS Word files, Select “File”. Select “Info”. Select “Protect Document”; then select the “Encrypt with Password Option”. Enter a secure password per the guidelines (last bullet).
• Secure Password Guidelines
 The password should be provided over the phone or in a separate email. With so many email accounts compromised at other entities, it is recommended to transmit the password over the phone if possible.
 The password must be changed every 90 days and contain 8 characters of upper/lower case

...

, number,

...

and special characters.

       3. Once you are done creating your message and adding password protected attachments. Click SEND. Be sure you have #encrypt in your subject as that is key! NOTE: You can also do this same process from the Outlook Web Client at {+}https://outlook.office365.com/owa+ when logged in with your nyserda.ny.gov or greenbank.ny.gov user id!

...

                           Please contact me if you have any questions or issues accessing the encrypted email.  We appreciate your commitment to protecting sensitive information.


DATA LOSS PROTECTION (DLP)

Data Loss Protection (DLP) to prevent unprotected sensitive information in outgoing email.  NYSERDA’s Data Governance Council have agreed to enforce the least disruptive action known as the DLP encryption template.  This encryption template is effective immediately.

...

Receiving the email works the same as utilizing #encrypt referenced above.


PASSWORD PROTECTING DOCUMENTS

  • Information may be intercepted in motion when sending an email to an external stakeholder so attachments must be converted to an Adobe or MS Word or Excel .xlsx password protected file for Confidential-Internal, Confidential-Private or Confidential-Restricted data before sending an encrypted email to an external stakeholder or emailing a State entity within the ITS domain.
  • For encrypted email, the content of the email is the only information that is encrypted. The password protected file ensures the information stays secure. Reference instructions on sending an encrypted email. The receiver of the email must have a Microsoft Account or be given a one-time password to access the information.
  • Instructions to Password Protect Documents
  • To password protect an Adobe Acrobat Pro PDF file, save the file as a PDF.  Open the PDF. Click on “Tools” (right side). Click on “Protection”. Select “Encrypt”. Select “Encrypt with Password”. Click “Yes” to change security of the document.  Click “Require Password to Open Document”. Enter a secure password per the guidelines (last bullet).
  • To password protect an Excel file (.xlsx only), Select “Review”. Select “Protect Sheet”. Enter a secure password per the guidelines below.  Excel password protected files must be saved as .xlsx only to meet New York State encryption requirements. Please be sure to select .xlsx when saving the file. Files in the .xls format must be recreated and saved as a new .xlsx file. The .xls format does not meet NYS security requirements and may be hacked.  Enter a secure password per the guidelines (last bullet).
  • To password protect a MS Word files, Select “File”.  Select “Info”. Select “Protect Document”; then select the “Encrypt with Password Option”. Enter a secure password per the guidelines (last bullet).
  • Secure Password Guidelines
  • The password should be provided over the phone or in a separate email. With so many email accounts compromised at other entities, it is recommended to transmit the password over the phone if possible.
  • The password must be changed every 90 days and contain 8 characters of upper/lower case, number, and special characters.