On this page you will learn how to use email securely.
Norsk versjon - Sikker e-post
Table of Contents [-]
- Classification according to confidentiality
- Personal data and sensitive personal data
- How to classify personal data?
- Internal email within NTNU
- Email to external recipients
- Alternative ways of encrypting information in email
- Report suspicious email
Classification according to confidentiality #
Confidentiality is a fundamental premise in all information processing, and addresses the fact that all information should not be open to everyone. This requires an awareness of how we classify the information we process, as this has an impact on which digital tools we can make use of. The following confidentiality classes are defined: Public, Internal, Confidential and Highly confidential.
Emails sent over internet, without protection, will be interceptable. For this reason, unproteced email is best suited for information that can be classified as Public. In this guide you can read about how information can be protected.
Personal data and sensitive personal data #
It can be difficult to distinguish between personal data and sensitive personal data. You can read more about this here (in norwegian only).
How to classify personal data? #
Personal data that is not considered as sensitive, should be classified as internal. Sensitive personal data should be classified as confidential or highly confidential information.
Internal email within NTNU #
When writing an e-mail, you must consider the following before pressing the "Send" button: Is the information Public, Internal, Confidential or Highly confidential?
Email to external recipients #
Classification and encryption of documents works best if both the sender and recipient have an NTNU account, but it is possible to send encrypted emails and share encrypted documents to external recipients as well, under given conditions.
Alternative ways of encrypting information in email #
There are some alternative ways of encrypting information in email, if you cannot use tools as described above.
- Office document encryption: All Office documents have an encryption feature that can be easily used by setting a strong password. (Only to be used if AIP does not work. If you set a password and forget it, the data will be lost!)
Guide on how to protect Microsoft Office documents with encryption
- Encryption of other file types using the 7-zip program. Here you can create an archive of files and store them with password protection.
Guide on how to protect files using password and encryption
All of these encryption approaches employ strong encryption algorithms and are considered secure enough to send confidential and strictly confidential information. The important thing here is that you set a strong password and send it via a channel other than email, for example. via SMS.
Report suspicious email #
If you receive a suspicious email, this should be reported to NTNU SOC.
Should I delete old emails? #
Answer: If you have sensitive personal data in old emails, this must be deleted. If the content of the emails ought to be archived, it should be transferred to ePhorte. Emails containing social security numbers must also be deleted. If you have emails containing personal data, this should not be stored any longer than is necessary.
- Read more about personal data and sensitive personal data (norwegian only)
- Storage, deletion and archiving email (norwegian only)
For how long should I sync emails? #
On mobile devices and PCs, where the local programs store your emails locally, could theft be a risk? What is the recommended length of sync?
Answer: On mobile devices we recommend that you store up to 30 days back in time. On your own PC, when the hard drive is encrypted, emails can be stored locally for as long as you prefer.
Orakel Support Services can help if you have questions or if you encounter difficulties.