Secure Email at URI
The Information Security Office has implemented a new service – “Secure Email” – to give users the option to send emails to people outside of the URI environment in a secure manner.
What is “secure email”?
Secure email provides a way to send encrypted messages containing sensitive and/or private data to people outside of URI (i.e., to addresses other than @uri.edu or @etal.uri.edu).
When should you use “secure email”?
While it is a good rule of thumb to avoid using email to send sensitive or private information if possible, if you need to provide the information to a person outside of URI, secure email now provides you with a solution.
Before using email to share sensitive and/or private information, it’s always important to consider government and industry laws and regulations, University and local policies, guidelines and practices. Use of URI’s secure email system is intended to address the need for communicating high risk/confidential data (i.e. PHI) in a safe and secure manner and in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, it can also be used to secure other sensitive information including, but not limited to, personal identifiable information (PII), financial or student information. You are required to use secure email whenever you send a message that contains sensitive information such as PHI or PII to a recipient outside of URI (i.e., to addresses other than @uri.edu or @etal.uri.edu).
You will want to remember that using email for any information has some risks. If your URI password and username are stolen, they can be used to access your email account and view your messages. Also, be careful to check who will receive the email. It’s easy to send to a wrong email address or a wrong person.
How to send secure email?
The first step is to request an account by sending an email to email@example.com. Once your account is configured, using secure email is pretty simple to do. When composing your email message, just add the word confidential to the subject line. What this does is routes your message to a secure environment and when the person you are sending it to opens it, they are provided a link to view it on the secure URI website.
** NOTE: The subject line of the email is not encrypted; therefore, you should not include sensitive information in subject line of the email.
To send a secure email message:
- Place the word “confidential” in the Subject line.
- Complete the email body as usual and click Send.
To read the secure message, the recipient clicks the link labeled Click here to read your message in the message and the encrypted message will be decoded and presented.
The recipient may reply to the message or attach a file.
Note: If the recipient sees red or blue X icons in their browser, their email client is blocking images. These images are just the URI logo and the encrypted email symbol. They can display the images or ignore them without affecting their ability to read the message.
If the recipient of your message doesn’t receive your message, tell them to check their Spam or Junk folder.
Can users who need to communicate securely outside URI initiate secure messages to me?
Yes, third parties can initiate an encrypted communication using URI’s secure email system. Instruct them to visit https://securemail.uri.edu/encrypt and follow the instructions for registering an account.
What will happen if I attempt to encrypt an email to someone with a URI email address?
Email sent within the URI email system is secure, therefore, email sent with confidential in the subject line to someone with an “@uri.edu or @etal.uri.edu” address will not be encrypted using the Proofpoint secure email system and will be sent just like any other email. Only email sent to a recipient outside of URI (i.e., to addresses other than @uri.edu or @etal.uri.edu). will be encrypted.
Can I send attachments?
Yes, the total size of attachments you send must not exceed 15 megabytes.
May I send an encrypted message to myself?
Only if you send the message to a non-URI email account.
Can the recipient forward the message?
Why does the message warn the recipient that they have two weeks to read the message or download it as an attachment?
After two weeks, the server that stores the message archives the message. The recipient can still read the message but it has to be downloaded as an attachment.
Can the message be read on a smartphone?
Mostly-yes. However, some smartphones cannot download files or modify HTML files. The secure message is sent as an HTML attachment, so it is possible that you may not be able to read it on your smartphone.