CIO's Blog

Stephen Frazier, Western Illinois University

Scanning of WIU E-mail for Sensitive Information Underway

Throughout this spring semester, automated processes will be scanning the Zimbra email accounts of all Western Illinois University community members (faculty, staff, students, and alumni) to identify sensitive information (social security numbers and credit card numbers) contained in email messages and attachments. The date when individual email accounts will actually be scanned cannot be determined because of the way email accounts are distributed across the mailbox clusters. However, we will email the campus community sometime in the late spring or early summer when the process has completely finished.

This is part of Western Illinois University’s ongoing commitment to protect its electronic assets. Scans of desktop computers and infrastructure servers in recent years have resulted in the remediation of over 37 million instances of sensitive data. Until recently, however, we have not had the means of scanning Zimbra accounts where this type of information is also stored. In addition to protection efforts, the remediation of sensitive information in Zimbra accounts is necessary to prepare for the possible migration of email accounts to another email service provider (such as Google or Microsoft).

When the automated scans identify possible credit card or social security numbers in an individual’s Zimbra account, it will send a notification via email to the account owner. The subject of the notification message will be “Sensitive Data Scan Report”. If you receive one of these messages, click on the link in the message to view instructions and then determine the nature of the information that was identified by the scans. Delete the email message or the attachment containing the sensitive information. You may also secure it outside of the email system, preferably in an encrypted format. However, do not simply copy it to your desktop or a shared folder where it will still be discoverable.

If no action is taken within a week of when the alert message is sent, the data will be archived and removed from the email account. If you have questions on how to protect sensitive information that needs to be retained, need access to the information once it has been archived, or are concerned about the validity of any email notification that you receive, please contact the uTech Support Center at (309) 298-2704.

It is everyone’s responsibility at Western to help ensure the protection of WIU’s electronic data. We appreciate your help, understanding and commitment to these ongoing efforts!