Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The State University of New York at Fredonia is required by UniversitySUNY, New York State and Federal regulations to implement practices to limit the unintended exposure or unauthorized access to Social Security Numbers (SSNs) and Credit Card Numbers (CCNs). SSNs and CCNs are strictly prohibited from being transmitted (sending or receiving) via email. Therefore, the Fredonia Messaging Gateway policy Gmail Data Loss Prevention (DLP) Policy for Credit Card Numbers (CCNs) and Social Security Numbers (SSN)  is is intended to actively filter and block fredonia.edu email accounts from sending and receiving this regulated data.  The Messaging Gateway Gmail DLP will utilize an advanced algorithm and internationally accepted key phrases to effectively filter and then  bounce bounce emails that contain this data. The Fredonia Messaging Gateway also enables Fredonia to provided critical security measures to protect our email and productivity infrastructure with effective and accurate real-time antispam and antimalware protection, targeted attack protection, advanced content filtering, and data loss prevention.

Scope
All inbound and outbound e-mails for fredonia.edu accounts.

NOTE: This also includes email to and from within fredonia.edu accounts domain.

Messaging Gateway Gmail Data Loss Prevention (DLP) Policy

  • The Messaging Gateway Gmail DLP uses algorithms to distinguish between valid credit card numbers or valid social security numbers and other numeric strings of the same length and/or format. Valid Detected numbers may not be actual numbers of either type.Filter

  • Filters based on the presence of any known key phrases in the BODY & SUBJECT AND a number that is a valid credit card number, or social security number regardless of format.Fredonia and any known key phrases. This means that email accounts will be prevented from sending or receiving e-mail mails with a credit card or social security number and an associated keyword anywhere in the body, subject or attachment of email. If you are the sender, then you will receive an Non-Delivery Report notification a Message Quarantine Notification (bounce message.)  If If someone from outside of Fredonia sends to a fredonia.edu email account such a message, they would will also receive the Non-Delivery Report notificationMessage Quarantine Notification.
  • Encrypted attachments cannot be scanned.  Therefore  contents contents of encrypted attachments will not trigger this policy.

  • The quarantine (bounce) notification will not contain a copy of the original email. 

SAMPLE Social Security Number Inbound and Outbound Non-Delivery Report (NDR) E-mail:

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to its.servicecenter@fredonia.edu.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

...

SAMPLE Credit Card Number Inbound and Outbound Non-Delivery Report (NDR) E-mail:

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to its.servicecenter@fredonia.edu.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

“Fredonia respects the privacy and security of personal information.  In addition, we are prohibited from sending or receiving credit card numbers via e-mail.  Your e-mail appears to contain this information. We are permitted to accept credit numbers as a method of payment over the phone in a secure manner, in person, and via an online authorized payment gateway.  Please contact the individual or office you were trying to reach to determine an alternate means to relay the information. You may contact the ITS Service Center should you have any questions or concerns (716) 673-3407 regarding this e-mail message. Thank you.”

NOTE: If you have a valid business need to send this type of data via fredonia.edu email then please contact the Information Security Office at 716-673-4725 for an approved solution.

SAMPLE Message Quarantine Notification:

Image Added

Compliance

...

Livesearch
sizelarge
additionalpage excerpt
placeholderSearch Answers
typepage

Content by Label
showLabelsfalse
max5
spacesSKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("block","numbers","card","security","filter","credit","email","gateway","social") and type = "page" and space = "SC"
labelsemail credit card social security numbers gateway filter block

...