The Towson University email system now has a Data Loss Prevention (DLP) security service. The Office of Technology Services (OTS) has implemented this automated security function on all TU faculty and staff email accounts, effective today. No action is required from account holders.
DLP security service identifies confidential data that is sent from and received by the Towson University email system. When confidential data is sent–intentionally or unintentionally–DLP blocks the reception and alerts of storage or transmission of credit card and Social Security information. The purpose of the DLP process is to prevent confidential data loss.
How DLP works
Using a set of predefined rules, DLP automatically scans emails and attachments for credit card and Social Security Numbers that are put at risk of exposure.
DLP on Incoming Email
DLP automatically scans incoming email messages. If confidential information is believed to be found in the email body or attachment, the DLP system will inform the Towson University email system, which will in turn send the recipient an email alert containing this message:
You are receiving this message because an email message that potentially contains a credit card number (CC) or Social Security number (SSN) was detected entering the university email system, and it has been included as an attachment to this alert message. If institutional business requires transmitting confidential data, it should be done responsibly and securely in accordance with Towson University’s Data Stewardship Policy (10-04.00). The Office of Technology Services recommends using the secure File Delivery Service (FDS). Information regarding FDS is located in the OTS Training Self-Help Learning Resources on the university website.
DLP on Outgoing Email
DLP automatically scans outgoing email messages. If confidential information is believed to be found in the email body or attachment, the DLP system will prevent the email from being sent. This protects the user from accidentally sending confidential data, and the Towson University email system informs the TU sender of the prevention recipient with an email alert containing this message:
You are receiving this message because an email message that potentially contains a credit card number (CC) or Social Security number (SSN) was detected leaving the university email system. The email was not delivered, and the subject of that email has been included in the subject line of this alert message. If institutional business requires transmitting confidential data, it should be done responsibly and securely in accordance with Towson University’s Data Stewardship Policy (10-04.00). The Office of Technology Services recommends using the secure File Delivery Service (FDS). Information regarding FDS is located in the OTS Training Self-Help Learning Resources on the university website.
If the credit card or Social Security Numbers have been erroneously detected and you wish to resend the email, type “#publicdata#” at the start of the message body to send the message.
The Office of Information Security in OTS reminds the campus that all members of the Towson University community are responsible for protecting the confidentiality, integrity and availability of data created, received, stored, transmitted or otherwise used by the university. Towson University reserves the right to restrict the use of Information Technology resources in order to preserve data security or comply with law or policy. If you have questions, please contact the OTS Faculty/Staff Help Center at 410-704-5151.
