Enhanced Email Security

Keeping your emails cyber safe at Western

At Western, your cyber safety and security matters to us. Protecting your emails is one of the most important ways to keep your data cyber safe. That is why we are enhancing your email security with a new functionality.

Our new email functionality will help you receive ongoing protection from cyber-attacks and suspicious senders, across all devices, without you having to install any software.

No action from you is required – this will all happen behind the scenes. It is email security made simple.

What is this new functionality?

Western’s new enhanced email security tool is a form of email ‘quarantine’: an automatic filtration system for potentially suspicious senders. You can review and release the quarantined/held emails for up to 30 days, from the time of quarantine.

Key benefits include:

See an example in this short video:

https://player.vimeo.com/video/695984664?h=09cc504931&badge=0&autopause=0&player_id=0&app_id=58479

An example of the email quarantine digest feature. Click to view full size.

An example of the daily digest email

Why do I need it?

It is important for all students and staff to have robust mechanisms in place to protect confidential and sensitive information. Our emails include private exchanges and University business materials, and are therefore considered data that should be protected. In addition, a potential threat to one individual’s email account places the University at risk of a larger cyber-attack.

We all have a responsibility to be cyber aware

Please keep in mind that no tool can guarantee 100% cyber safety and security. We all have a responsibility to be cyber aware. Ensure you know how to recognise suspicious emails and links, and always follow best practice guidelines on cyber safety and security at Western.

How can I learn more?

This page answers some frequently asked questions about the new functionality and enhanced email security measures in our email tool.

For more information, please see:

FAQs

General queries (for staff and students)

What is the new URL protection feature for students?
The new email URL protection feature is a preventative functionality that will help students gain extra protection against malicious senders and suspicious links and attachments.
This email that came in looks like a scam, what do I do?
Please contact ITDS via WesternNow if you are unsure. Do not click the links or open the attachments.
I don't like this feature, can I turn this off?
No, these security measures have been enabled for the benefit of all staff and students. It will enhance cyber safety for you and everyone at the University.
I'm working from home today / Sometimes I log onto my Western email from home or my mobile. What do I do to make this work?
Nothing – there is no need to manually install or update anything. Most of the work is happening behind the scenes.

The '[External]' tag (for staff)

Why am I getting emails from internal University systems tagged as ‘External’?

The tool can automatically determine whether an email originated internally, but there are instances where a Western system is hosted by an external party outside our network, such as cloud-based services, which may be categorised as 'External'. An example of this includes email digests from Yammer, which is an externally hosted platform.

If you receive an email from an internal system that you believe has been tagged as ‘External’ in error, please contact ITDS via WesternNow with details so it can be reviewed.

This message gets added to all emails with the 'External' tag. It is intended as a reminder that unusual or unexpected hyperlinks and attachments in emails are cause for suspicion, and should not be clicked on unless you recognise the sender and know they are safe. Please contact ITDS via WesternNow if you are unsure.

an example of the 'external' email tag

An example of the 'Caution' message. Click to view full size.

I'm emailing a student from my staff account, will it be marked as 'External'?
No, emails between Western email accounts will not get marked as external.
I have a trusted external partner, can their emails be excluded from the 'External' email warning?
In most cases, the answer is no. We still want to warn people of external emails – it helps to increase protection in case a trusted source’s security is compromised. However, we have excluded some system-generated emails (like WesternNow).
Will emails sent from students to my staff email address still be marked as 'External' or have the URLs redirected?'

Emails between students and staff is considered internal and so they should not be marked as external. However, if a student emails from a personal email address, this is the same as any other external email addresses and it will be marked 'External'.

Also, any emails containing links from students sent to staff will have their links redirected (re-written).

The Email Quarantine feature (for staff)

What happens if I don't release or block an email?
The email will be deleted after 30 days and any future similar emails will likely show up again in another digest email. If you never want to see these emails again you should select ‘block’, but if unsure, you can simply ignore for now.
What happens if I don't receive a digest that day?
If you do not have any emails ‘held’ for some reason, you will not receive an ‘empty’ digest. So when you have no quarantined emails that day, you will not receive a digest email that day either (indeed sometimes you may not see one for days or even months at a time – depending on recent emails that have been sent to you).
What is graymail?
Graymail is bulk email that does not fit the definition of spam because it is solicited, comes from a legitimate source, and has varying value to different recipients. Examples of graymail can be periodic newsletters, announcements, or advertisements targeted for a recipient's specific interests. Although ‘spam’ to some people, for someone interested in the content, it is not.
Can I still 'hover' over a link to determine the destination link?

Yes, when you hover over the link, the link will appear like this example below, where domain=xxx portion indicates the original link domain. You should continue to check links before clicking on them as before, but only need to check the domain (at the end) is as expected and can ignore the rest (eg. in the example below, you would be visiting “abc.net.au”).

e.g. https://protect-au.mimecast.com/s/dizbc1wlan?domain=abc.net.au

Can I still send and receive links via email?
Yes, links that are in the body of an email will still be received and appear normal. Only if you hover over the link will the URL change. Note however that links in a ‘plain text’ email will be re-written, although it is rare to see a plain-text email now.
What do I do if I’m presented with the 'This link is potentially harmful' page?

Double-check the link is correct (going to where you expected it to) and think about if it is really somewhere you need to visit.

If it is, you can click the 'Accept Risk and Continue' link; however it will be logged that you over-rode the warning. You should then also be extra careful about any information you enter at the site and clicking on any links or downloading any files.

If unsure (or if you feel the site is safe and the warning is incorrect) please contact ITDS via WesternNow and seek advice.

What if I find a dangerous link that is not blocked?
Please forward the details to ITDS via WesternNow so that the link can be blocked on the system for everyone else.