Email is insecure and should not be used to send sensitive or confidential information. Email is often compared to a postcard because anyone who comes in contact with it can read it. It may also be read when stored on servers.
Email is hard to destroy. Most electronic documents are backed up and recoverable.
Other reasons not to send personal/confidential information via email...
Email may not be deleted by the person to whom the email was sent;
Email can be stored on the recipient's workstation indefinitely;
Email can be modified and sent to someone else;
Email can be forwarded without your consent;
Email can be forwarded unencrypted.
Most software used to operate networks, including mail servers and gateways, log transactions and communications, and messaging systems normally record email addresses of senders and recipients and time of transmission. The content of emails themselves will not normally be logged, but may be stored on interim or destination servers, where it can be read by system administrators. Messages sent from your workstation to another location or from another location to you are subject to monitoring. This is true whether using a Stevens e-mail account or web-based email accounts such as Yahoo, Hotmail or Google. Some email systems have options marked "private" however it does not guarantee that those messages are truly secure.
Users should also becareful about who they are accepting email messages from. As a general rule users should not open email attachments or click on any links in any email sent by an unknown address. Users should also not complete any forms within an email. These emails may be phishing attempts to steal your personal information to commit identity theft.
Email away from Stevens
Internet 'cafes' and public wireless access points are especially insecure. Email sent through them should be encrypted by using SSL or by establishing a VPN connection. Users should be aware of these technologies, which are available at the university, to improve e-mail security. Although these technologies secure electronic transmissions, but do not guarantee e-mail privacy for the reasons stated previously so sensitive or confidential information should not be sent via e-mail.
The university's email is secured by Secure Sockets Layer (SSL), a commonly used means of encryption for accessing your email. Stevens supports SSL-IMAP, SSL-POP and WebMail via https.
Encrypt email from home or while traveling by using the university's virtual private network (VPN) . If you use an ISP or a wireless connection away from Stevens, using the VPN system will prevent others on the network from seeing your traffic. Failing to do so on a public or open network can result in your account being compromised and the information you are sending easily accessible to anyone. Unencrypted information puts you, your department, and the university at risk by allowing your information and password to be read by others. Email is never a truly secure mechanism with which to send sensitive information.
Stevens will never ask for your password or other logon information via email.