All Pacific employees and students have the ability to send email messages in encrypted format. Doing so helps to ensure that, once the email leaves the Pacific email server, only the recipient of that email address can access the contents of the email. Encrypting email helps protect private information from being accessed by illegitimate third parties. Depending on the type of information you are sending, you may be required to send it in encrypted format (see the HIPAA policies, or consult with your supervisor or with the university Privacy Officer). For health clinic communications with patients, using client messaging within the Electronic Health Records system is always recommended over using email and email should be used when that is not possible.
Procedure
Sending Encrypted Email
Put "[pacusendsecure]" anywhere in the subject line of an email you send from your Pacific email account to a non-Pacific email address. It will be automatically encrypted as it leaves the email server.
IMPORTANT NOTE: Old web browsers that still use TLS or SSLv3 will not work with the email encryption system.
Receiving Encrypted Email
When someone outside Pacific is notified that you have sent them an encrypted message, a link inside the message will take them to Pacific's email encryption gateway and prompt them to login or create a new account before they are allowed to open and see the message. They will have to create an account with a password, which will then allow them to access the email.
The following shows what a secure message looks like in your recipient's inbox:
If a recipient has already setup an account with on Pacific's email encryption gateway, they will need to use the same password to login for future messages until the account expires. Once expired, the user will need to go through the setup process again. The account on the Pacific's email encryption gateway does not give access to any other Pacific system and will not work at any other provider. If a client cannot remember their password, they can use the link on the login screen to recover their password.
Replies to Encrypted Email
If the recipient of an encrypted message unencrypts the message and replies from within the Pacific email encryption gateway, their reply will also invite you to sign in to your email encryption gateway account to view the message.
Storage of Sent Messages
When you send via your Pacific email account, these messages are stored in your sent box and are not encrypted. This means that the information in the email message could become compromised if someone other than you gains access to your account. Deleting these messages from your sent box helps protect the privacy of your recipient.
Forgotten Passwords
To change your password on the Pacific email encryption gateway if you've forgotten it, open the link in the email you received when an encrypted email was sent to you and click on the link provided for "Forgot the password?" Answer the security questions you setup when creating the account and follow the instructions to make a new one.
To change the password while already logged in you go to "Preferences" under the settings drop down menu on the upper right corner of the page. There will be a change password link in the center of the page.
FAQ
Q: How do I send encrypted emails?
A: Putting "[pacusendsecure]" in the subject line of a Pacific email will encrypt an email if sent to any email not associated with a Pacific faculty, staff. or student.
Q: Can encrypted emails be sent to other faculty, staff, or student?
A: Yes. However, please utilize your Pacific account at Box.com whenever possible and follow the security guidelines for using Box as it is a preferable method for data sharing.
Q: Will I receive a receipt when my encrypted email is and opened by the recipient?
A: Yes. Once an encrypted email is opened, a receipt will be sent to the sender of the email.
Q: What is the size limits on attachments?
A: Attachments are limited to 20 megabytes.
Q: Are attachments also encrypted along with messages?
A: Yes attachments are also encrypted and can be opened and downloaded when the email is decrypted.
Q: I used to be able to send messages without using the brackets around the word pacusendsecure. Why doesn't that work any more?
A: This was changed when the encryption system was replaced with different equipment from a different vendor. This required us to use [ ] around the keyword. If no brackets are used in the message, your message will be bounced back to you to let you know that your messages will not be encrypted unless you use the new format with the brackets. We do not want someone to accidentally send a private message off campus without encryption.
Q: Encrypted email recipients are getting messages that their web browsers are not supported. What should they do?
A: Old web browsers that still use TLS or SSLv3 will not work with the email encryption system. Please advise them to update or install a more current web browser.
Q: Can Google Collaborative Inboxes send and receive encrypted messages?
A: Yes.
Questions?
Contact Support