Skip to content
contact us | home | accessibility


Google Custom Search
good practice and innovation
about us infoKits Tools & Techniques Publications Events
You are here: Home » infoKits » Email Management infoKit » Active Use » Email Security
Email Management infoKit

Information Management


This infoKit is a strand within the Information Management resource. Use one of the following links to view more on a particular lifecycle phase.

Email Security

The question of email security is addressed within this resource from a broadly non-technical perspective and instead focuses on the role of the user in this regard and the role they must play in protecting the security of the emails they create and use.

Perhaps rather strangely one of the key messages that users should be supplied with with regards to email security is that email is inherently insecure. Unless specific measures have been taken to provide a secure, encrypted system users should be made aware of the limitations of current security provision. Such technical limitations may have a bearing on the institution's acceptable use policy by prohibiting the use of email to transmit sensitive or confidential material due the institution's inability to provide appropriate levels of security for such information.

Passwords & User Behaviour

Users should be provided with guidance as to what makes a good or bad password and encouraged (if not forced) to change them regularly. If no password is required to access a user's email account once they have logged on to their machine they should be encouraged to make use of password controlled screensavers, especially if working in an unsecured area. Password-controlled access should also be enacted on any mobile device used to send or receive email.

Institutions need to be mindful that whilst the majority of their staff are likely to be experienced email users, there may also be a small number who are using it for the first time and who are less aware of the dangers posed by viruses, spam and email 'phishing' scams. Care should be taken to ensure that appropriate guidance and awareness training is provided for such 'novice' users.

Account Maintenance

Institutions should ensure they have well established procedures for terminating access to a user's accounts when they leave the institution. This is particularly important now that virtually all institutions offer a webmail service which would allow the former member of staff to continue to access and use their account even without access to the desktop email application.

This of course raises the question of what should happen to the contents of a user's email account when they leave the institution. This subject will be addressed in the Managing Email Retention section of this resource.
Bookmark and Share
Link to the JISC Website

© 2012 Northumbria University, on behalf of JISC Advance
JISC infoNet is a JISC Advance service
This website is powered by Plone | Cookies Statement

Creative Commons

 JISC Advance logo
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)