Working securely: Splitting the email address book
Why is this important?
Most people use email for sharing documents with colleagues within and outside the University. Email is not the most secure form of communication. The main risks come from someone getting access to your account, or from sending information to the wrong people. Mistakenly copying a private email to the wrong person can be embarrassing enough, but accidentally sharing personal or sensitive data with the wrong individual or group can lead to a serious data breach. By making this change, we will reduce the risk of that happening.
How will it work?
Up until now, all staff and student names have been included in a single address list. This makes it quite possible to accidentally click on the wrong person among a long list of similar-looking names.
With these changes in place, there will be two main effects:
- We will have two separate address book lists, one of the staff names and one of the student names. Users communicating with both groups together will need to consult both lists separately, adding an extra, but necessary, step to the process.
- Student names are now shown in capitals when they are displayed in a draft or sent an email to quickly distinguish them from staff names. The level of study will also be added – UG, PG, PGR.
For the majority of us, the changes will only affect how names are displayed when we fill the 'To', 'Cc' and ‘Bcc’ email fields. Some email tools produce a list of 'commonly used' names and there too, student names will now appear in capitals. The same applies when compiling or looking at distribution lists - student names will be in capitals - making it easier to 'scan' a list and spot if a student has been added by mistake.
What will it mean?
The work of separating the email lists will take place over the next few weeks. By making a clear separation of staff and student names, the change introduces an extra step to sending emails and compiling lists. But it will help reduce the number of occasions when information is shared by mistake. This will increase confidence in our system and address an agreed regulatory concern.