Email has become such an integral part of our work and personal lives that many of us do not realize how dependent we are on it. The spread of smartphones, tablets and other smart computing devices have also made it easy to blend our digital work and personal lives.
These devices make it easy to sync up your email accounts for access at any time. Many of us will sync both personal and work email accounts on the same device, and then do the same on several devices. However, to reduce security risks, you should only synchronize your laboratory email on devices needed to accomplish your work.
We all know about phishing, and Argonne’s annually required ESH-223 training course reminds us how to determine if an email is a phish and what to do in the event you believe you have been phished. However, that is not where the email security stops. Have you thought about what you can send over email? Argonne’s policy is that email is to be used for collaboration and discussion of non-sensitive topics and items. If sensitive topics need to be discussed that are deemed to be Controlled Unclassified Information (CUI) per LMS-POL-19, Protection of National Security and Other U.S. Interests, email needs to be used with encryption. The U.S. Department of Energy has developed an encrypted email system, called Entrust, for this purpose. Argonne employees can enroll in Entrust with a call to the Service Desk at ext. 2-9999.
Email can also pose a security risk while on personal travel outside of the United States. Since many people have their work email synchronized to a personal smartphone or tablet, this could cause issues while traveling abroad. In recent years, many countries have started exercising authority at their customs checkpoints to inspect personal electronic devices. The inspections often result in the traveler being required to unlock the device. If your work email is synchronized to the device, it could potentially reveal more information to foreign customs than some would be comfortable with. Travelers should consider removing their Argonne email from their smart devices when traveling outside of the country, especially when going to a country on the DOE Sensitive Country List.
Any questions regarding email security should be directed to the Cyber Security Program Office. Questions regarding Controlled Unclassified Information or LMS-PROC-19 should be directed at to the OPSEC Working Group.
By Brent Kolasinski, Cyber Security Architect (BIS)