Security

In the past, website subscriptions and renewals were approved by University Systems and Security (USAS), as the department held the role of both Information Security and Networking. An email would be sent to the department, and approval would be gained via an email response.

With the separation of Information Security from University Systems and Networking (USAN), a new process has been created to better serve those within the FDU community that utilize external websites for services.

Moving forward, requests for website subscriptions and renewals should be requested through this form below:

If information is missing, a representative of UTAC might reply inquiring more about the request. When all information has been gathered, the ticket will be forwarded to our Information Security Officer. They will review the request, engage the Networking team if necessary, and then either approve or deny the request (via email response) or inquire further, before closing out the ticket.

We hope this new process will help identify, track, and move requests quickly through the process.

Virtru email encryption is a security enhancement to FDU’s Office 365 and Microsoft Outlook email environment, which provides Faculty and Staff the option of sending and receiving encrypted emails using their FDU email account.

Section – About

Part : About Virtru Email Encryption

What is Virtru Email Encryption

Virtru email encryption is a security enhancement to FDU’s Microsoft Office 365 and Microsoft Outlook email environment, which provides Faculty and Staff the option of sending and receiving encrypted emails using their FDU email account. Virtru for the Microsoft Outlook desktop email client is available for installation for approved FDU Faculty and Staff via the FDU Self Service Portal for Software on Windows 10 desktops and laptops owned by the University.

Virtru Email Client

The Virtru client provides a seamless experience when using the Microsoft Outlook desktop client. The Virtru Outlook plugin is only available on university laptops or desktops running Microsoft Windows.

Virtru for Office365

All Apple macOS users and users who access their FDU email through Office 365 can use Virtru email encryption to send sensitive information electronically.

What is Virtru Secure Reader?

Virtru’s Secure Reader is a platform that can be accessed within FDU’s Outlook on the Web (office365.fdu.edu) and right on your web browser by clicking the “Unlock Message” button in your Virtru secured email. From there, all you have to do is quickly validate you are an authorized recipient of that email or file. Once complete, you can read and reply to the secure email directly in your browser.

A secure message encrypted by Virtru will have a few key components, including a short unencrypted message from the sender, and a button that says “Unlock Message”.

Request Form

To obtain access to Virtru in order to send encrypted emails, you must fill out the request from below:

For additional support, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC).

Section – Installation and Activation

Part : Installing Virtru onto a University PC

Installing Virtru onto a University PC

Part : Activating Virtru on a University PC

Activating Virtru on a University PC

1. When you open Microsoft Outlook after the Virtru has been installed, you will be prompted to activate your Virtru plugin. Click “Activate“ to begin. You may choose “Later” if you do not wish to activate at this time

2. You will be presented with a list of FDU email accounts configured to use in Microsoft Outlook. If your Microsoft Outlook application is associated with multiple email accounts, click on only those you will need to use Virtru email encryption. Then click “Continue“

3. After selecting the proper accounts, you will have the choice of signing in with FDU’s email provider (Microsoft Office 365) or choosing to receive an activation email. Choose “Sign in with Office 365“

Activating Virtru through Office 365 Sign in

1. Enter your FDU NetID credentials when prompted and proceed through the FDU Single Sign-on webpage, including completing Duo Multi-Factor authentication. If you experience issues, choose to “Send me an activation email” and follow the directions given below in item

Activating Virtru through Activation Email

1. If you are unable to activate your account(s) using “Sign in with Office 365,” choose to “Send me an activation email.” The process will take a few moments to complete in the background

2. During this process, Virtru will send a unique email from noreply-activation@virtru.com to your mailbox. The Virtru plugin will search for this email in your inbox. When the activation email is found, Virtru will automatically delete the email from your email inbox, and the Virtru plugin will complete the activation

If your activation does not automatically complete in a few minutes, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC).

Activating from the Virtru Menu

If you have disabled automatic activations, you can still activate Virtru on your account(s) at any time.

1. Select the ‘Virtru‘ menu tab from the top bar of the main Microsoft Outlook window

2. Choose “Authorize Accounts” or “Options“

3. If you select “Options,” go to the ‘Account Activation‘ menu tab, select your FDU email account, and click on “Activate Selected“

4. You will then follow the activation process already illustrated above in “Activating Virtru through Office 365 Sign-on“ or “Activating Virtru through activation email” described above

Part : Re-enabling a Virtru Account

Re-enabling a Virtru Account

FDU Virtru users will occasionally be required to reactivate their Virtru add-in due to the following:

• You’ve cleared your registry
• Your Virtru activation status has expired. For security purposes, Virtru will invalidate your activation status every
  • 120 days for users accessing their own mailboxes
  • 10 days for users accessing shared or delegated mailboxes
• You are using Virtru on a new machine

You are automatically prompted when you need to re-activate. You can also proactively reactivate at any time via the ‘Virtru’ menu tab. This process was described above in “Activating from the Virtru Menu.”

Reset Activations

If you wish to fully deactivate all accounts in Microsoft Outlook, you can do so from the ‘Virtru’ menu tab:

1. Click on the ‘Virtru‘ menu tab at the top of your Microsoft Outlook window and select “Debug Log“

2. Click on the ‘Debug Commands‘ menu tab option and select the “Reset Activations (clears registry only)” option

3. Click “Yes” and then “OK” to confirm the changes

4. From the ‘Virtru‘ menu tab, you can reauthorize by clicking on “Authorize Accounts“

Part : Virtru Walkthrough Video

Virtru Walkthrough Video

Section – Virtru for Microsoft Outlook

Part : Send a Virtru-encrypted Email in Outlook

Send a Virtru-encrypted Email in Outlook

With Virtru, you can easily protect your emails by encrypting messages and attachments in a few simple clicks.

1. Left-click “New Email” from the main Outlook window

2. Open the ‘Message‘ menu tab and left-click the “Virtru button” to turn “Virtru ON.” The button should turn blue and read “Virtru ON”

3. Add recipients, a subject, the body of the email, and any relevant attachments

4. When your message is ready, click “Send.” You should see a brief animation letting you know that the message is “Encrypting” before it is fully sent

FDU Virtru-encrypted Email Introduction for Recipients

FDU includes a standardized introduction to inform the recipient that they are viewing a Virtru-encrypted email. Below is an example of what the recipient will see. If you have updated the introduction, it will be reflected accordingly

Personal Virtru-encrypted Email Introduction for Recipients

You can also set a one-time, unencrypted personal introduction for the message to either clarify the introduction of Virtru to the recipient or provide some context about the email. Left-click the “Personal Introduction” menu button in your email draft window.

Section – Virtru for Microsoft Office 365

Part : Send a Virtru-encrypted Email on Microsoft Office 365

Send a Virtru-encrypted Email on Microsoft Office 365

With Virtru, you can easily protect your emails by encrypting messages and attachments in a few simple clicks. To send Virtru encrypted emails from your Microsoft Office 365 email acount, simply prepend the subject line of your email as follows:

#secure#

Virtru-encrypted Email Recipient Experience

The recipient will receive an email that looks like this:

Part : Read a Virtru Encrypted Email on Microsoft Office 365

Read a Virtru Encrypted Email on Microsoft Office 365

In this article, we’ll show you how to quickly access and read your Virtru-secured message or attachment within Microsoft Office 365 using Virtru’s Secure Reader.

How to Access and Read your Message

1. Login to FDU’s Microsoft Office 365 web portal using any web browser. Enter your FDU NetID credentials

2. Open the Virtru-secured email in your inbox and left-click “Unlock Message.” A new tab will open

3. When prompted, select your FDU email address

4. Choose how you’d like to verify your identity
   • Microsoft Office 365 users can use their FDU NetID credentials to log into the Secure Reader using “Sign In with Microsoft.” If you choose this route, you can skip step #5 below.
   • Alternatively, users may choose “Or sign-in with a one-time verification link.”

5. If you selected “Or sign-in with a one-time verification link,” check your inbox for your verification email. It will come from verify+xxxxxxxx@virtru.com (with each “x” being a digit). Open the verification email and left-click “View Message” to open your message

6. Your message will open the Virtru Secure Reader in a new tab in the browser. You will also be able to view and access attachments at this time

For a variety of reasons, some recipients may occasionally receive an error message when trying to open a secure email or attachment. If you are having problems accessing your secure email and/or files, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) for assistance.

Part : Reply to a Virtru Encrypted Email on Microsoft Office 365

Reply to a Virtru Encrypted Email on Microsoft Office 365

In this article, we’ll show you how to quickly reply to your Virtru-secured message or attachment within Microsoft Office 365 using Virtru’s Secure Reader.

How to Reply to a Secure Message

1. Login to FDU’s Microsoft Office 365 web portal using any web browser. Enter your FDU NetID credentials

2. After successfully opening the Virtru-secured message, to send a “Secure Reply,” scroll down the page below the main message, or click the icon in the top right with the arrow pointing to the left. You may also click on the arrow next to it to reveal additional options such as “Secure Reply All“

3. Attachments can be added by clicking “Add Attachment.” These attachments will be sent securely as well

4. When you are ready to send your email, hit the “Secure Send” button. Both you and all applicable recipients will receive a copy of your reply. Please note that your secure reply will be sent from secure-reply@virtru.com

Part : Viewing a Secure File or Attachment on Microsoft Office 365

Viewing a Secure File or Attachment on Microsoft Office 365

This article covers the different options you have for viewing and downloading secure attachments and files within Microsoft Office 365 using Virtru’s Secure Reader. Depending on the type of attachment you’ve received, you can view your file directly in the Virtru Secure Reader or download the file to your computer. The Virtru Secure Reader can preview various file types, including PDF, Word documents, most image files, and plain text files.

Viewing Directly in the Secure Reader

1. Login to FDU’s Microsoft Office 365 web portal using any web browser. Enter your FDU NetID credentials

2. If you’ve received an attachment in a Virtru secured email or an encrypted file that was shared directly with you, you can hover over the file name and choose “View” or “View Protected file” to view the attachment right in your web browser

Downloading Unsupported File Types

If you’ve received a file that cannot be previewed in the Virtru Secure Reader, you will be prompted to download that file directly. There will be no “View” option.

Printing Attachments in the Secure Reader

You can print a document from the Secure Reader by selecting the menu under the “Download “button and then selecting “Print.” You may also choose to download it first, then open and print via a preferred program on your computer.

Section – Additional Resources

Part : Using the Virtru Dashboard for Microsoft Office 365 Users

Using the Virtru Dashboard for Microsoft Office 365 Users

Users who access their FDU email through the Microsoft Office 365 web portal and all Apple macOS users will need to use the Virtru Dashboard to manage all of Virtru’s security options.

1. To use the Virtru Dashboard, click the link below:

2. Choose “Sign in with Office365“, and skip to Step 5. If you choose to request a one-time verification link, enter your FDU email address and click on “Submit“

3. If you request the one-time verification link, you will receive an email from Verify for Virtru, as shown below. If you are using different web browsers, such as Google Chrome or Mozilla Firefox, it will be reflected in the email message accordingly

4. Click “Verify me” and choose “Copy Link Location.” Open a new browser tab and paste the link location into the URL space. Hit the “Enter” or “Return” key on your keyboard

5. When you log in to the Virtru Dashboard for the first time, you will see the message below. Left-click “OK, GOT IT!“

6. You will now be able to view Virtru encrypted emails or files you have sent, as well as open the ‘Settings‘ menu tab to set behaviors for your Virtru account

Part : Manage Virtru’s Expiration Date Security Option in Outlook

Manage Virtru’s Expiration Date Security Option in Outlook

In addition to encrypting messages and files, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply an “Expiration Date” to an encrypted email or file.

Typically, if a Virtru email recipient receives an encrypted message or file, they can indefinitely access that content. However, as the owner of that content, you can restrict access after a particular point in time. If a recipient tries to access the content after expiration, they will receive a prompt indicating their access is expired.

Part : Manage Virtru’s Expiration Date Security Option in the Virtual Dashboard

Manage Virtru’s Expiration Date Security Option in the Virtru Dashboard

In addition to encrypting messages and files, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply an “Expiration Date” to an encrypted email or file.

Typically, if a Virtru email recipient receives an encrypted message or file, they can indefinitely access that content. However, as the owner of that content, you can restrict access after a particular point in time. If a recipient tries to access the content after expiration, they will receive a prompt indicating their access is expired.

Part : Manage Virtru’s Disable Forwarding Security Option in Outlook

Manage Virtru’s Disable Forwarding Security Option in Outlook

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Disable Forwarding” to a Virtru-encrypted email.

Typically, if a Virtru plugin for Microsoft Outlook user receives an encrypted message, they can use Virtru to forward the email to a new party. This will add the new recipient as an authorized user and allow them to unlock the message. “Disable Forwarding,” however, ensures that your recipients can access the encrypted content but will stop any additional users from gaining access to the message. If the original recipient passes the email to a new party, then the new user will not be added as an authorized user and will not be able to unlock the message.

Part : Manage Virtru’s Disable Forwarding Security Option in the Virtru Dashboard

Manage Virtru’s Disable Forwarding Security Option in the Virtru Dashboard

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Disable Forwarding” to an encrypted email.

Part : Manage Virtru’s Watermarking Security Option in Outlook

Manage Virtru’s Watermarking Security Option in Outlook

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Watermarking” to an encrypted file.

Typically, if a Virtru recipient receives an encrypted file, they can preview the file in the Virtru Secure Reader and download a decrypted copy locally. When “Watermarking” is applied to a secure file, recipients will only have access in the Secure Reader and will see their email address watermarked across the document.

The addition of the watermark is visible but transparent enough not to obscure the contents of the file when viewed. A recipient will not be able to download a local decrypted copy of the file.

This feature can be applied using the Virtru plugin for Microsoft Outlook or the Virtru Dashboard. It supports the following common file types:

• Microsoft Office documents: .docx, .pptx, .xlsx
• Common image file formats: .jpeg, .png
• PDF documents

Part : Manage Virtru’s Watermarking Security Option in the Virtru Dashboard

Mange Virtru’s Watermarking Security Option in the Virtru Dashboard

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Watermarking” to an encrypted file.

Typically, if a Virtru recipient receives an encrypted file, they can preview the file in the Virtru Secure Reader and download a decrypted copy locally. When “Watermarking” is applied to a secure file, recipients will only have access in the Secure Reader and will see their email address watermarked across the document.

The addition of the watermark is visible but transparent enough not to obscure the contents of the file when viewed. A recipient will not be able to download a local decrypted copy of the file.

This feature can be applied using the Virtru plugin for Microsoft Outlook or the Virtru Dashboard. It supports the following common file types:

• Microsoft Office documents: .docx, .pptx, .xlsx
• Common image file formats: .jpeg, .png
• PDF documents

Part : Revoke Virtru Encrypted Content in Outlook

Revoke Virtru Encrypted Content in Outlook

When a Virtru user sends encrypted content, they have full control over access to the message(s) and/or file(s). Even if a recipient receives encrypted content, the sender has the ability to revoke (or reauthorize) access at any time. Virtru even allows the sender to revoke access to specific recipients.

Part : Revoke Virtru Encrypted Content in the Virtru Dashboard

Revoke Virtru Encrypted Content in the Virtru Dashboard

When a Virtru user sends encrypted content, they have full control over access to the message(s) and/or file(s). Even if a recipient receives encrypted content, the sender has the ability to revoke (or reauthorize) access at any time. Virtru even allows the sender to revoke access to specific recipients.

Part : Using Virtru’s Persistent File Protection (PFP) Security Option

Using Virtru’s Persistent File Protection (PFP) Security Option

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Persistent File Protection (PFP)” to an encrypted file.

PFP provides a secure file container that is portable, universally accessible, and built on top of open standards. Regardless of where files are stored, PFP allows you to select, protect, and share a file with anyone while maintaining full visibility into how it is being used and retaining the ability to revoke access at any time. Any file protected with PFP will convert into the .tdf.html file format. This ensures that the contents are only accessible in Virtru’s Secure Reader, and only authorized parties can view it.

This feature can be applied using the Virtru plugin for Microsoft Outlook on Windows Operating Systems only. It supports the following common file types:

• Microsoft Office documents: .docx, .pptx, .xlsx
• Common image file formats: .jpeg, .png
• PDF documents

There are a few different ways to change your University NetID password. However, Computing Services strongly urges everyone to change their FDU NetID password using a provided Apple or Windows university computer.

The process for changing your FDU NetID password on a macOS device differs from a Windows device, so please follow the instructions provided for macOS computers below.

If you do not have a university-owned Apple or Windows laptop/desktop and cannot use a University lab computer, please follow the procedures described in “Using identity.fdu.edu Web Portal to Change your FDU NetID Password” below.

Please click on one of the links below for instructions on how to change your FDU NetID password:

1. On FDU-issued laptops, desktops, and lab machines, the FDU NetID password can be changed by pressing the “Ctrl+Alt+Del” button combination on the keyboard from any screen and selecting “Change a Password”

2. Now enter the following:
   
   • Your old or current password
   • Type in a new password
   • Retype the new password to confirm
   • Press the “Right Arrow” button to continue

3. Once this has been done, you must lock and unlock the machine once to complete updating your password:
   
   • Press the “Ctrl+Alt+Del” keys combination again
   • Click “Lock”
   • Then log back in with your new password

Your FDU NetID password was changed successfully!

To change and/or synchronize your FDU NetID password with your FDU Issued Apple computer, please follow the directions provided in the following article:

Adjunct professors, students, and anyone with a personal laptop/desktop/tablet device will use the FDU Identity Web Portal to change their NetID password.

1. Open a web browser (e.g., Google Chrome, Mozilla Firefox, Internet Explorer, Safari) and navigate to the following URL:

FDU Identity Web Portal

2. Click on “Account Maintenance” on the top right hand of the web page

3. You will be redirected to the FDU Single-Sign-On login page. Enter your FDU NetID email and password in the corresponding text boxes and click “Sign In.” Complete the FDU 2fa Duo push notification to proceed

4. Under Sign-In and Security, select “Change My Password”
   
   • Enter your current password
   • Enter a new password
   • Retype your new password to confirm
   • When finished, select “Change My Password”

5. “Password successfully changed” will be displayed if your FDU NetID password was successfully changed

You also have the option to change the name that is displayed on your NetID account.

1. Open a web browser (e.g., Google Chrome, Mozilla Firefox, Internet Explorer, Safari) and navigate to the following URL:

FDU Identity Web Portal

2. Click on “Account Maintenance” on the top right hand of the web page

3. You will be redirected to the FDU Single-Sign-On login page. Enter your FDU NetID email and password in the corresponding text boxes and click “Sign In.” Complete the FDU 2fa Duo push notification to proceed

4. Under Sign-In and Security, select “Change Display Name”
   • Enter your New Display Name
   • Click on “Change Display Name“

5. “Display Name successfully changed” will be displayed if your Display Name was successfully changed

Spam Quarantined Email

Microsoft 365 email has filters to protect users from spam and malicious emails like phishing scams.

Messages caught by the filters are placed in quarantine for Fairleigh Dickinson University and its users’ protection. Users will receive a Spam Notification message once a day, notifying them of any messages placed in quarantine. Any legitimate mail caught by mistake can be released directly from this message or from the quarantine portal.

Handling Quarantined Email

Legitimate messages placed in quarantine may be released into your inbox in one of two ways:

1. From the daily spam notification email message

If you receive mail that has been placed in quarantine, you’ll receive an email message from quarantine@messaging.microsoft.com. The message will look like the one below:

The following options will be available to you by clicking the respective links in the email notification or you can choose to do nothing.

• Review Message – go to the Microsoft 365 Security & Compliance Center to review it
• Release – the message is removed from quarantine and placed in your inbox
• Block Sender – add the sender to the Blocked Senders list in your mailbox

2. From the Microsoft 365 Security & Compliance Center

Quarantined email can also be handled in the Microsoft 365 Security & Compliance Center.

1. Go to Microsoft 365 Security & Compliance Center >
   
   • A list of your emails in quarantine will be displayed
     
2. Click on any message to select it, then choose from the options given:
   
   • Release message
   • Preview message
   • View message header
   • Block Sender

For more details, use this link:

Fairleigh Dickinson University’s Acceptable Use Policy for Computer Usage states, “All computers and mobile devices accessing any FDU resource must run an operating system and configuration that is supported by its vendor with regard to security patches and updates.”

Ensure your Duo Mobile app and device’s operating system are up-to-date to keep your two-factor authentication (2FA) effective. Regular updates are crucial for accessing the latest features, security, and maintenance improvements in Duo Mobile.

General Recommendations

• Update Duo Mobile Regularly: Make sure your device’s operating system is current to support the latest version of Duo Mobile, ensuring access to vital security updates and features.
• Check After OS Updates: If you update your device’s OS, verify that Duo Mobile has also updated. You might need to manually update the app if it doesn’t automatically.

Guidance for Older Operating Systems

• For Android Users: Starting Feb. 8, 2024, Android devices on OS 10 or below will not support new versions of Duo Mobile or receive updates. Upgrade to Android 11 or newer to continue using Duo Mobile without interruptions.

Which versions of Android does Duo Mobile support?

• For Apple Users: Similarly, from Feb. 8, 2024, Apple devices on iOS 14 or earlier will not be eligible for the latest Duo Mobile version or updates. Update to iOS 15 or newer to maintain functionality.

Which versions of iOS does Duo Mobile support?

Alternatives for Incompatibility

• Switch Devices: If your device cannot be updated, consider using another device that supports the latest Duo Mobile version.
• Voice Call Authentication: You can enroll a phone number for authentication via voice calls.
• Temporary Bypass Codes: If you encounter issues with Duo Mobile, obtaining a temporary bypass code can provide secure access to systems for a limited time.

Additional Notes

• Continuous 2FA Protection: Duo Mobile will continue to offer 2FA protection on older OS versions after Feb. 8, 2024, though updates are recommended for the best security.
• SMS/Text Passcodes: Note that SMS/text passcodes are not supported; 2FA passcodes should be generated through the Duo Mobile app for security.

Creating strong, secure passwords is essential to protecting your personal information and maintaining the safety of your FDU NetID account. This article provides clear guidelines for password creation, including complexity requirements, helpful tips, and best practices to ensure your account remains secure. By following these guidelines, you can create passwords that are not only compliant with university policies but also resilient against potential threats.

Guidelines for Passwords

• Passwords must be between 8-16 characters
• Pass a basic complexity check

Password Requirements:

• At least one uppercase letter
• At least one lowercase letter
• At least one number
• At least one special character

Passwords must not:

• Contain your first or last name
• Be the same as any prior passwords

Helpful Tips:

• Longer passwords (or “passphrases”) can be created using a phrase or sentence. These are easy to remember but difficult for others to guess.
• A short, meaningful phrase or sentence is often easier to recall.

Other Important Password-Related Guidelines:

• Your account is your responsibility. Do not share your password with others, including technicians. FDU IT staff will never ask for your password.
• Avoid choosing a password based on personal information that someone who knows you could guess.
• Do not use your FDU NetID or your name/department name as your password.
• Refrain from using your FDU NetID and password to access third-party systems (e.g., online shopping, newspapers, travel websites).
• Avoid letting software save or store your passwords. This increases the risk of unauthorized access and makes it harder to remember your password if you don’t type it in regularly.
• Always log out of programs or websites and close your browser (e.g., Internet Explorer, Firefox, Chrome) when done, especially on public computers.
• Treat your passwords as valuable and protect them accordingly.

---

To learn how to change your NETID password, follow the steps in this article:

---

For more details, refer to the University’s Password Policy:

As a member of our community, your FDU NetID is your passport to accessing many of Fairleigh Dickinson University’s IT services. Most important is your student, employee, or alumni FDU Email account. When using FDU Email, you are an ambassador for our institution and we expect that you will conduct yourself in an efficient, effective, ethical, and lawful manner. Please review our Policy for Acceptable Use of Email to ensure that you are adhering to all security and decorum requirements.

Effective Date: 08/01/2024
Last Revision Date: 08/01/2018

1.0 Introduction

The purpose of this policy is to ensure the proper use of e-mail by all those assigned a Fairleigh Dickinson University (FDU) e-mail account. This policy applies to any e-mail system that FDU has or may install in the future. It also applies to employee use of personal e-mail accounts via browsers, as directed below. All users of FDU e-mail systems have the responsibility to use their e-mail in an efficient, effective, ethical and lawful manner. E-mail users must follow the same code of conduct expected in any other form of written or face-to-face business communication. FDU may supplement or modify this policy for specific employees in certain roles. This policy complements similar FDU policies such as the Acceptable Use Policy and the Written Information Security Program (WISP). Please read and follow those policies as well.

The University subscribes to the 1940 Statement of Principles on Academic Freedom and Tenure and the 1940 and 1970 Interpretive Comments issued thereon, formulated jointly by the Association of American Colleges and the American Association of University Professors. Nothing in this policy is intended to supersede those statements and principles.

2.0 Ownership of Email Data

The University owns all University email accounts in the fdu.edu domain, or any subsequent domains it may create (University Email Accounts). Subject to underlying copyright and other intellectual property rights under applicable laws and University policies, the University also owns data transmitted or stored using the University Email Accounts.

3.0 Employee Responsibilities

FDU only supports the installation and usage of approved e-mail clients.

Usernames will be assigned as part of the University’s e-mail registration process and reflect internally mandated e-mail naming conventions.

Email is the primary means of official communication for Fairleigh Dickinson University. All employees, full-time and part-time, are responsible to check their @FDU.edu email accounts regularly for communication from students, faculty, staff, and administrators.

Further, all FDU employees, including faculty, full-time and part-time, are required to use their @FDU.edu email account for all University-related correspondence except in such situations when Office365.fdu.edu is unavailable.

3.1 Acceptable Uses

• Communicating in a professional manner with other FDU associates about work-related matters.
• Communicating in a professional manner with parties outside FDU for business purposes.
• Personal communications that are brief and do not interfere with work responsibilities.
• Users are allowed to access personal e-mail accounts on a limited basis, without disrupting business responsibilities. Access can be gained only by using a browser. Use of e-mail-specific protocols, such as POP3 and IMAP4, is prohibited, since they require specific firewall ports to be open.
• Electronic messages are frequently inadequate in conveying mood and context. Users should carefully consider how the recipient might interpret a message before composing or sending the message.

3.2 Unacceptable Uses

• Creating and exchanging messages that can be interpreted as harassing, obscene, racist, sexist, ageist, pornographic, or threatening, as defined by University policies.
• Creating and exchanging information that is in violation of copyright or any other law. FDU is not responsible for an associate’s use of e-mail that breaks laws.
• Personal communication that interferes with work responsibilities.
• Opening file attachments from an unknown or untrustworthy source, or with a suspicious or unexpected subject line.
• Sending unprotected healthcare data and personally identifiable consumer data or other confidential information to unauthorized people or in violation of FDU’s Acceptable Use Policy, or the Written Information Security Program (WISP). , Health Insurance Portability and Accountability Act and/or Gramm-Leach-Bliley Act regulations. Exceptions may be authorized by the University Chief Information Security Officer working with the employee’s supervisor. Communications that strain FDU’s network or other systems unduly, such as sending large files to large distribution lists.
• Communications to distribution lists of only marginal interest to members, and replying to the entire distribution list when a personal reply is effective.
• Communications with non-specific subject lines, inarticulate language, and without clear purpose.
• Auto-forwarding e-mail messages from your University e-mail account.
• Using any e-mail system, other than FDU’s e-mail system, for FDU-related communications.
• Circulating chain letters and/or commercial offerings.
• Circulating unprotected healthcare data and personally identifiable consumer data that would violate U.S. Federal HIPAA and GLB regulations. Exceptions may be authorized by the employee’s supervisor and in conjunction with the use of a University-approved e-mail encryption service.
• Altering or forging the “From” line or any other attribution of origin contained in electronic mail or postings.
• Using any of the University systems for sending what is commonly referred to as “SPAM” mail (unsolicited bulk email)

4.0 Student Responsibilities

Email is the primary means of official communication for Fairleigh Dickinson University. All students are responsible to check their FDU.edu email accounts regularly for communication from faculty, staff, and administrators.

FDU students are required to use their FDU.edu email account for all University-related correspondence except in such situations when Office365.fdu.edu is unavailable.

4.1 Acceptable Uses

• Communicating in a professional manner.
• Electronic messages are frequently inadequate in conveying mood and context. Users should carefully consider how the recipient might interpret a message before composing or sending the message.

4.1 Unacceptable Uses

• Creating and exchanging messages that can be interpreted as harassing, obscene, racist, sexist, ageist, pornographic or threatening, as defined by University policies.
• Creating and exchanging information that is in violation of copyright or any other law. FDU is not responsible for an individuals use of e-mail that breaks laws.
• Opening file attachments from an unknown or untrustworthy source, or with a suspicious or unexpected subject line.
• Auto-forwarding e-mail messages from your University e-mail account.
• Using any e-mail system, other than FDU’s e-mail system, for FDU-related communications.
• Circulating chain letters and/or commercial offerings.
• Altering or forging the “From” line or any other attribution of origin contained in electronic mail or postings.
• Using any of the University systems for sending what is commonly referred to as “SPAM” mail (unsolicited bulk email)
• Use of e-mail-specific protocols such as POP3 and IMAP4 for access to non-FDU email accounts is prohibited since they require specific firewall ports to be open.

5.0 Privacy Guidelines

The University typically does not review the content of electronic messages or other data, files, or records generated, stored, or maintained on its electronic information resources; however, it retains the right to inspect, review, or retain the content of such messages, data, files, and records at any time without prior notification. Any such action will be taken for reasons the University, within its discretion, deems to be legitimate. These legitimate reasons may include, but are not limited to,

• responding to lawful subpoenas or court orders;
• investigating misconduct (including research misconduct);
• determining compliance with University policies and the law; and
• locating electronic messages, data, files, or other records related to these purposes.

FDU maintains the right to monitor and review e-mail activity to ensure compliance with this policy, as well as to fulfill FDU’s responsibilities under the laws and regulations of the jurisdictions in which it operates. Users should have no expectation of privacy.

• Except as otherwise stipulated in this policy, on termination or separation from FDU, FDU will immediately deny access to e-mail, including the ability to download, forward, print or retrieve any message stored in the system, regardless of sender or recipient.
• Except as otherwise stipulated in this policy, employees who leave FDU will have their mailbox deleted within six months of their termination date. The employee’s manager may request that access be given to another employee who may remove any needed information within the same six month time frame.
• FDU reserves the right to intercept, monitor, review and/or disclose any and all messages composed, sent or received on the University e-mail system. Intercepting, monitoring and reviewing of messages may be performed with the assistance of content filtering software, or by designated FDU employees and/or designated external entities. Employees designated to review messages may include, but are not limited to, an employee’s supervisor or manager and/or representatives from the HR, legal or compliance departments.
• FDU reserves the right to alter, modify, re-route or block the delivery of messages as appropriate. This includes but is not limited to:
  
  • Rejecting, quarantining or removing attachments and/or malicious code from messages that may pose a threat to FDU resources.
  • Rejecting or quarantining messages with suspicious content.
  • Rejecting or quarantining messages containing offensive language or topics.
  • Re-routing messages with suspicious content to designated FDU employees for manual review.
  • Appending legal disclaimers to messages.
    
• Electronic messages are legally discoverable and permissible as evidence in a court of law.
• Users of the University’s computing and electronic communications resources must understand that electronic messages, data, files, and other records generated, stored, or maintained on University electronic information resources may be electronically accessed, reconstructed, or retrieved by the University even after they have been deleted.

6.0 Security

As with any other type of software that runs over a network, e-mail users have the responsibility to follow sound security practices.

• Users should not use the e-mail system to transfer sensitive data, except in accordance with FDU data protection policies. Refer to the Written Information Security Program (WISP). Sensitive data passed via e-mail over the Internet could be read by parties other than the intended recipients, particularly if it is clear text. Malicious third parties could potentially intercept and manipulate e-mail traffic.
• In an effort to combat propagation of e-mail viruses, certain attachment types may be stripped at the University e-mail gateway. Recipients will be notified via e-mail when this occurs. Should this create a business hardship, users should contact the University Technical Assistance Center (UTAC).
• Attachments can contain viruses and other malware. User should only open attachments from known and trusted correspondents. Suspicious attachments should be reported to the University Technical Assistance Center (UTAC).
• Spam is automatically filtered at the University gateway in a highly efficient manner. Errors, whereby legitimate e-mail can be filtered as spam, while rare, can occur. If business-related mail messages are not delivered, users should check their local spam folder or the daily spam digest. If the message is not there, users should contact University Technical Assistance Center (UTAC).
• Users will not be asked by OIRT or any other FDU group by e-mail for personal information such as usernames or passwords. Any such requests should not be responded to and should be referred to the University Technical Assistance Center (UTAC). Such approaches – known as phishing – are fraudulent approaches carried out for the purpose of unlawful exploitation.

7.0 Operational Guidelines

FDU employs certain practices and procedures in order to maintain the health and efficiency of electronic messaging resources, to achieve FDU objectives and/or to meet various regulations. These practices and procedures are subject to change, as appropriate or required under the circumstances.

• For ongoing operations, audits, legal actions, or any other known purpose, FDU saves a copy of every e-mail message and attachment(s) to a secure location, where it can be protected and stored for three years. Recovery of messages from this store is prohibited for all but legal reasons.
• To deliver mail in a timely and efficient manner, message size must be less than 25MB. Messages larger than 25MB will be automatically blocked and users will be notified of non-delivery. Should this create a business hardship, users should contact the University Technical Assistance Center (UTAC)
• For all employees who handle sensitive information on a regular basis, to aid with ensuring that any accidental misdirection of emails are properly handled, the following disclaimer should be placed as part of and at the end of their signature block for all internal and external outbound emails.
  • This message and any attached documents contain information that may be confidential and privileged. If you have received this message in error, please immediately notify the sender and delete the message from your system without forwarding it to any other person.

Access to the content of electronic mail, data, files, or other records generated, stored, or maintained by any user may be requested from the University’s Associate Vice President of Technology Infrastructure for the reasons set forth below and shall be authorized as follows:

1. by the Associate Vice President of Human Resources for all University employees;
2. by either Dean of Students for students; or
3. by the General Counsel for the purposes of complying with legal process and requirements or to preserve user electronic information for possible subsequent access in accordance with this policy.

In all cases, the Office of the General Counsel must be consulted prior to making a decision on whether to grant access. In the case of a time-critical matter, if the authorizing official is unavailable for a timely response, the General Counsel may authorize access.

All full-time faculty who retire from the University may keep their email address for life if they request to do so.

All full-time faculty who leave the University for reasons other than termination for cause, may request email forwarding for up to six months.

8.0 Governance and Enforcement

This policy was created with input from the University’s Data Security Incidence Response Team (DSIRT). At the request of the University’s Chief Information Security Officer (CISO), the DSIRT will review this policy annually to ensure that FDU is in compliance with internal or external requirements. FDU faces liability if users violate the terms of this policy. Therefore, willful or repeated violations of this Acceptable Use Policy for e-mail can result in informal or formal warnings, the loss of e-mail privileges, and other sanctions including termination. Any such discipline shall be in accordance with processes and procedures of Human Resources and subject to any protections afforded under the University’s agreement with “Office & Professional Employees International Union”, the “Faculty Handbook”, and similar documents. Third parties who violate this Policy may have their relationship with the University terminated and their access to campus restricted.

For assistance with this policy, please contact the University’s Chief Information Security Officer (CISO).

Exceptions to this policy may be authorized by the University Chief Information Security Officer working with the employee’s supervisor.

Policy violations should be reported immediately to the University’s Associate Vice President of Technology Infrastructure

The University reserves the right to suspend an e-mail account while investigating a complaint or troubleshooting a system or network problem.

This document will be reviewed semi-annually and is available both electronically and in printed form at each of the Campus Computing Centers.

It is the user’s responsibility to remain informed about the contents of this document.

Other Related and Applicable Policies

---

The Report Message add-in works with Outlook to allow you to report suspicious messages to Microsoft and manage how your Microsoft 365 email account treats these messages.

Messages marked as junk by your Microsoft 365 email account are automatically moved to your Junk Email folder. However, spammers and phishing attempts are continually evolving. If you receive a junk email in your Inbox, you can use the Report Message add-in to send the message to Microsoft, helping improve spam filters. If you find an email in your Junk Email folder that is not spam, you can use the add-in to mark it as legitimate, move it to your Inbox, and report the false positive to help Microsoft enhance the filters.

What is Junk Email?

Junk email, often referred to as spam, consists of messages you do not want to receive. These emails may advertise unwanted products or contain content that is offensive. If you select the Junk option, a copy of the message may be sent to Microsoft to improve spam filters, and the message will be moved to your Junk Email folder.

What is Phishing?

Phishing is a tactic used to trick you into disclosing personal information, such as bank account numbers and passwords. Phishing messages often appear legitimate but contain deceptive links that lead to fake websites. If you select Phishing, a copy of the message may be sent to Microsoft to improve filters, and the message will be moved to your Junk Email folder.

For more information and tips on spotting phishing emails, please refer to the following support article:

How to Spot a Phishing Scam

Microsoft has recently updated the process for reporting phishing or junk emails in Microsoft 365 Outlook and classic Outlook clients. With this update, a new Report Message button is now available in a dedicated tab within the Outlook client.

Reporting a Message as Phishing/Junk

By default, the Report button is inactive (grayed out). To activate the button and report a message as phishing or junk, the email must first be highlighted.

To report a message as Phishing or Junk:

1. Click on the email message you want to report
2. Click the “Report” button
3. Select either “Report phishing” or “Report junk” to properly submit the message

4. Click “OK” on the confirmation window

A secondary window will appear, explaining that regularly reporting junk emails helps improve junk email filtering in the future.

What is a Legitimate Email?

A legitimate email is one that comes from a sender you know, are expecting, or that has been mistakenly marked as junk. If this happens, you can use the Report button to mark the message as Not Junk. This will move the message from your Junk Email folder back to your Inbox.

Reporting Messages as Not Junk:

1. Click on the “Junk Email” folder in Outlook
2. Select the email message you want to report as “Not Junk“
3. Click the “Report” button
4. Select “Not Junk” to properly report the message

If a call is threatening or harassing, immediately contact Public Safety at:

Campus Security Phone Numbers

• Metro Campus: extension x2222, 1-(201)-692-2222
• Florham Campus: extension x8888, 1-(973)-443-8888
• Cambie Building: 1-(604)-786-6098
• Georgia Building: 1-(236)-990-7036

Being connected to the internet suggests that the internet is connected to you. Without concern and proper safeguards to protect the information you share, you are at a greater risk of cybercrime.

The university assumes its share of responsibility to protect sensitive information but you must do the same. The vast majority of data and identify thefts are not the result of enterprise breaches but a direct consequence of individuals who are complacent about sharing sensitive information or unaware of the risks.

Please take a moment to review this video to obtain a better understanding of how you can help protect yourself from cybercrime.