University faculty, staff, students, and affiliates may not transmit confidential data via email and/or via email attachments unless the message and attachments are encrypted.
For transmission of email messages containing confidential data within the University's Google domains, encryption of these messages occurs with the integrated feature of Google Message Security policy-enforced TLS (Transport Layer Security). External encryption occurs either by policy based encryption or the use of keywords added by the sender.
What is email encryption by policy?
Policy based encryption is the automatic process of:
- Identifying outbound email messages that match encryption policies
- Encrypting the email messages
- Sending encrypted messages using ZixCorp's Best Method of Delivery
Whose emails are automatically scanned?
Clinical departments and clinical schools (Dentistry and School of Medicine) that handle sensitive data may have their email routing configured to automate the process of encryption for external emails. Contact your department IT support to confirm.
What if my message should not be encrypted?
If your message is encrypted based on policy, you will receive an email notifying you this has occurred with instructions to resend your message with a subject keyword of insecure or cleared.
What if the recipient does not retrieve the message?
If the recipient does not retrieve the message before the expiration date, the sender receives an expiration notification message. The original message will be deleted from the secure website.
Transmitting encrypted email to external (not vcu.edu or vcuhealth.org) recipients is achieved by adding a keyword to the subject line.
- Add the word secure or zixmail in your email subject line.
- Type remaining message body and send.
- Recipient will receive email sent securely via Zix.
Receipt of encrypted email only applies to external email contacts. Those with vcu.edu and vcuhealth.org email addresses will receive secure email messages directly in their Inbox.
- When a secure message is received, recipient will receive an email noting that "You have a VCU Secure Email" from a VCU sender, via email@example.com
- The URL in a secure message from VCU will always begin with https://securemail.vcu.edu. If recipient receives an email directing them elsewhere, do NOT view the secure message. Report to firstname.lastname@example.org immediately.
- First-time users may click the "create your account" link at https://securemail.vcu.edu to register their email address or authenticate using existing Google or Microsoft credentials. Otherwise, proceed with entering existing login credentials.
- Open the secure message and take the appropriate actions (reply, delete, etc.). When finished, click Sign Out. Note message will automatically expire in two weeks if no action is taken. Sender receives notification of expired message.