In our continuous efforts to improve our information security readiness, the College uses two features in Mimecast to protect against phishing and data loss: URL Protect and Data Loss Prevention.
With URL Protect, emails that you receive from outside the emerson.edu domain that contain hyperlinks are first scanned by Mimecast to ensure they don’t lead to an untrusted site. You will notice when you click a link in the body of an email, it will first go to a “protect-us.mimecast.com” URL before redirecting to the real destination. Think of it as a virus scan for URLs. You may experience some lag (around 5 seconds) as it does this scan. Again, this will ONLY happen when you click on a hyperlink contained in an email. If you personally trust the URL and copy and paste it into your web browser, you will have gone around this process.
The College has dealt with email scams in the past which contained links that led to malicious duplicates of eCommon. If another message like that reaches our users, this feature will allow us to redirect those malicious links to someplace safe. This is a major defense opportunity for the College.
Data Loss Prevention
Data Loss Prevention allows us to build policies that block or encrypt emails originating from an Emerson address which contain credit card, social security number, and other private information strings.
In the event that your email contains credit card or multiple SSN strings, you will receive a bounce back:
Our DLP policy does allow a single SSN string, but Mimecast will auto-encrypt the message and the recipient will receive instructions for how to open the message. Visit Sending Encrypted Email for more.
False positives can occur - should you run into a false positive, where an email that you need to go outside of Emerson is blocked, we can allow it and make the appropriate modifications going forward. Simply place a ticket at it.emerson.edu/help.