Data Breaches

There is a risk of data breaches when you send emails, either through selecting the wrong people, attaching the wrong document, leaving confidential data in the attachments, or by people being able to see who else has received the email. Before you press Send you must check:

• Have you selected the right recipients? The university is a large institution and we have many people with the same names
• Are the recipients in the correct address field? If you are sending to a large group of individuals make sure their names are in the "Bcc" field, especially if there is some sensitivity around the selection criteria for the people
• Have you added the correct Attachments? Check you have removed unnecessary or confidential data from the attachment. You need to be especially careful with Excel spreadsheets - check all the sheets in the workbook, check the metadata, and check for hidden sheets, columns and rows.

It is really important that all actual or suspected security breaches are immediately reported.

Email Overload

We are all deluged by email, so be considerate when you send emails.

• Only include people who are absolutely necessary
• If you have your university emails on a mobile device, set a schedule so you are not disturbed outside of your regular hours
• Do not circulate jokes or chain mails

Potential for Causing Offence

• Send nothing that could be considered offensive by any recipient
• Do not assume that your tone of voice or a joke will be conveyed to the recipient
• Think before sending - especially if you're upset
• Emails can live for ever and can come back to haunt you!

Spam and Phishing Emails

While the University employs several layers of security and filtering, scammers are constantly updating and evolving their techniques to bypass these. Learn how to spot phishing emails.

You need to be suspicious by default of any email that contains an attachment, link, button, or where you are urged to respond quickly.

Attachments and webpages can carry programs that infect your computer, steal or corrupt data, or spy on you.

Links and buttons in an email may take you to a login webpage that appears to be genuine but is controlled by the scammer allowing them to harvest your username and password for future attacks.

You need to be cautious even if the email appears to be from someone you know, and the subject of the email is something you've been discussing.

A scammer may have gained access to the sender's account (in which case they'll have access to previous emails and contacts), or they may be using a technique that makes their email appear to be from someone you know or from a utility, company or bank.