How to Use Faculty/Staff Email Encryption
All Pacific employees have the ability to send email messages in encrypted format. Doing so helps to ensure that, once the email leaves the Pacific faculty and staff email server, only the recipient of that email address can access the contents of the email. Encrypting email helps protect private information from being accessed by illegitimate third parties. Depending on the type of information you are sending, you may be required to send it in encrypted format (see the HIPAA policies, or consult with your supervisor or with the university Privacy Officer). For health clinic communications with patients, using client messaging within the Electronic Health Records system is always recommended over using email and email should be used when that is not possible.
Sending Encrypted Email Via Outlook or Employee Webmail
Put "[pacusendsecure]" anywhere in the subject line of an email you send from your Pacific faculty or staff email account to a non-Pacific email address or to a student email address. It will be automatically encrypted as it leaves the email server.
Messages sent to Pacific University employees by this method will not be encrypted because emails are only encrypted upon leaving the faculty/staff email server. Please use your Pacific account on Box.com to securely transfer files to other employees or students.
IMPORTANT NOTE: Old web browsers that still use TLS or SSLv3 will not work with the email encryption system.
Receiving Encrypted Email
When someone outside Pacific is notified that you have sent them an encrypted message, a link inside the message will take them to Pacific's email encryption gateway and prompt them to login or create a new account before they are allowed to open and see the message. They will have to create an account with a password, which will then allow them to access the email.
The following shows what a secure message looks like in your recipient's inbox:
If a recipient has already setup an account with on Pacific's email encryption gateway, they will need to use the same password to login for future messages until the account expires. Once expired, the user will need to go through the setup process again. The account on the Pacific's email encryption gateway does not give access to any other Pacific system and will not work at any other provider. If a client cannot remember their password, they can use the link on the login screen to recover their password.
Replies to Encrypted Email
If the recipient of an encrypted message unencrypts the message and replies from within the Pacific email encryption gateway, that reply will not be encrypted when it arrives in a Pacific employee's inbox. Since Pacific's gateway is inside the university's network, the reply message is not exposed to the public Internet and does not need to be encrypted between our own email systems.
Storage of Sent Messages
When you send via your Pacific email account, these messages are stored in your sent box and are not encrypted. This means that the information in the email message could become compromised if someone other than you gains access to your account. Deleting these messages from your sent box helps protect the privacy of your recipient.
To change your password on the Pacific email encryption gateway if you've forgotten it, open the link in the email you received when an encrypted email was sent to you and click on the link provided for "Forgot the password?" Answer the security questions you setup when creating the account and follow the instructions to make a new one.
To change the password while already logged in you go to "Preferences" under the settings drop down menu on the upper right corner of the page. There will be a change password link in the center of the page.
If you continue to have problems recovering your password, Fortinet's support number is 1 (866) 868-3678. Please be sure to have access to the email you use to login to receive encrypted emails.
Q: How do I send encrypted emails?
A: Putting "[pacusendsecure]" in the subject line of a Pacific faculty or staff email will encrypt an email if sent to any email not associated with a Pacific faculty or staff.
Q: Can encrypted emails be sent to other faculty and staff?
A: No. Please utilize your Pacific account at Box.com and follow the security guidelines for using Box.
Q: Will I receive a receipt when my encrypted email is and opened by the recipient?
A: Yes. Once an encrypted email is opened, a receipt will be sent to the sender of the email.
Q: Can employees send encrypted emails to students?
A: Yes, an employee can send encrypted messages to students like any other outside recipient. Their reply messages will not be encrypted.
Q: Can students send encrypted email messages?
A: No, students cannot send encrypted messages using this system.
Q: What is the size limits on attachments?
A: Attachments are limited to 20 megabytes.
Q: Does the encryption work through Webmail?
A: Yes as long as "[pacusendsecure]" is in the subject it will act the same way as through Outlook.
Q: Are attachments also encrypted along with messages?
A: Yes attachments are also encrypted and can be opened and downloaded when the email is decrypted.
Q: I used to be able to send messages without using the brackets around the word pacusendsecure. Why doesn't that work any more?
A: This was changed when the encryption system was replaced with different equipment from a different vendor. This required us to use [ ] around the keyword. If no brackets are used in the message, your message will be bounced back to you to let you know that your messages will not be encrypted unless you use the new format with the brackets. We do not want someone to accidentally send a private message off campus without encryption.
Q: Encrypted email recipients are getting messages that their web browsers are not supported. What should they do?
A: Old web browsers that still use TLS or SSLv3 will not work with the email encryption system. Please advise them to update or install a more current web browser.