Encryption
- If you are implementing email encryption, you should inform your users that you have an encryption policy in place.
Example text To ensure the privacy and integrity of our email communications, we have implemented policy-based email encryption. - The TLS part of email encryption requires no intervention from your users, but you may want to communicate to them which organizations you have configured within the encryption policy,
especially to those users to whom you are making ad hoc encryption available (see below).
Example text Our policy is set up to encrypt data that is sent to or from organizations with whom we communicate sensitive information on a regular basis. The organizations affected are XX / a list of the organizations affected can be found here: XX. - Standard (ad hoc) encryption rules can affect users and/or a rule can require user intervention to trigger it. Your communication may be user or group specific and will depend on the rules
configured. Below are some examples of what you could communicate for each rule.
Example text Our policy allows individual messages to be encrypted according to a set of rules configured within our Forcepoint Forcepoint Email Security Cloud service. When an outbound email meets the criteria in a rule, it is saved into a secure quarantine area for collection by the recipient using a secure Web browser session. The recipient will receive a notification with a link to the email. They also need a password to allow them to access it. It is your responsibility to communicate this password to the recipient. Email that meet ALL of the following criteria will trigger rule XX: - Email from XX
- Email sent to XX
- Email that is marked as sensitive
- Email with the prefix XX at the beginning of the subject line, followed by a space, before the subject.
When using automatic password generation, you should communicate this.
| Example
text You will receive a notification email confirming that the email that you sent has been encrypted. This will contain the password that recipients need to access this email. |
If you are allowing a user-specified password and are using a prefix to trigger the ad hoc encryption process, you should communicate the format.
| Example
text You must specify the prefix trigger word XX at the beginning of the email subject. Follow the trigger word by a space, the password that you want the recipient to use to access the email in parentheses, another space, and the subject itself. For example: |
If you are allowing a user-specified password and are not using a prefix to trigger the ad hoc encryption process, you should communicate the format.
| Example
text You must specify a password that you want the recipient to use to collect the email in the subject line. This must be indicated by a prefix XX followed by a space, the password in parentheses, another space, and the subject itself. For example: |
If you have the Forcepoint Email Security Encryption Module, you can set up advanced encryption rules in a similar manner to standard encryption, but the message retrieval process is different. You should communicate something similar to the following:
| Example text Our policy allows individual messages to be encrypted according to a set of rules configured within our Forcepoint Email Security Cloud service. When an outbound email
meets the criteria in a rule, it is saved into a secure quarantine area for collection by the recipient using a secure Web browser session. The recipient will receive a notification with a
link to the email. They will need to enter their email address and create a password to allow them to access it. The recipient then uses this password to access all subsequent encrypted
messages sent to their email address.
Email that meet one or all of the following criteria will trigger rule XX:
|