Secure - Customer User Guide How to receive an encrypted

Secure Email - Customer User Guide

How to receive an encrypted email

This guide has been developed for customers/suppliers of Glasgow City Council who are due to receive sensitive information from us.

It will explain how to use our secure email process, which involves sensitive information being emailed through encryption software.

If you have any difficulties understanding the process and how to use it – please view our customer secure email frequently asked questions on our website at

www.glasgow.gov.uk/secureemail or contact the person who sent you the email.

Contents

1. Introduction

2. Why have we introduced this process? 3. Our council secure email process 4. Process for - the sender

5. Process for you - the recipient

a. If you are receiving an encrypted secure email for the first time b. If you have already registered a secure password

c. How to open your secure email

d. How to reply securely back to the council 6. Forgotten passwords – resetting/recovering 7. Important information for you

8. Support for you

9. Appendix 1 – An example email to let your recipient know that you are about to send a secure email.

1. Introduction

As part of our council Information Security policy – a new and secure way of sending sensitive information has been introduced across the council which all our staff must follow.

From 17 August 2015 all staff will be able to send sensitive emails using an encrypt function within our council email system.

This secure email process is a convenient and efficient way to send sensitive information electronically – and will be a change for the way in which you, our customers/partner

organisations, receive sensitive information from us. This secure process does not replace any previous secure email processes that you may have used with us, such as password protecting files – it can be used in addition to these.

Our process involves converting the message and any attachments into an encrypted PDF. You, as the person receiving the secure message, will need to enter a password to view the message and its content and also use the secure PDF portal to reply back to us.

Secure Email - Customer User Guide

To comply with our core council Information Security Policy our staff must not send any confidential and sensitive information without using our encryption software.

Encrypting information is a secure way to protect the data and. Using this secure email process can be used in addition to any previous methods you may have received sensitive information from the council such as:

 Password protected files

 WIN ZIP

 7 ZIP

Unencrypted sensitive information that falls into the wrong hands could:

 endanger someone’s personal safety

 play a part in undertaking a serious crime

 cause significant inconvenience, financial loss, distress or damage to a customer or to our own reputation.

3. Our council secure email process

Our secure email encryption process is provided by Sophos, the same supplier who provides our antivirus solution for our council computers and servers.

These guidelines have been broken down into two sections:

 What you will receive from the person sending the email – the sender

 What you need to do as the person receiving the email – the recipient

4. Process for- the sender

 If this is the first time that the sender is due to send you an encrypted secure

email you should receive an email from them first to let you know that it is coming. This will be similar to the email in Appendix 1 – an example email to let your recipient know you are about to send a secure email.

 Once the sender has sent you the encrypted email, you will receive an email from

the council telling you that you how to access your secure email.

 _{If this is the first time you have received an encrypted email from us you will need} to register and create a secure password to open it.

 Once you have registered and created a secure password – you do not need to do this again, unless you forget it or it expires.

Secure Email Customer Guide 3 5. Process for you – the recipient

a) If you are receiving an encrypted secure email for the first time:

 You will receive an email titled ‘Secure Email Registration Request’ (as shown in

diagram 1) to let you know that you have been sent a secure email from the council.

Diagram 1 – Secure email registration email request for you (first time)

 You will then need to create a secure password to allow you to access any

encrypted emails sent from the council.

 Once you have registered your secure password- you will use this to access any secure emails from any sender at the council (excluding schools).

 Alongside creating your secure password, you will also need to choose three security challenge questions and answers – which are used for any future

password reset\recovery issues (as shown in diagram two).

 It is very important that you remember the answers to your chosen security

questions as you will need them if you need to reset your password in future.

Diagram 2 – registering your secure password and security questions/answers

 Your password must meet the requirements of a strong password as shown in

diagram 2 - in the box on the top of the right hand side.

 Once you have successfully registered your secure password the sender of your email will receive a message to confirm that their email to you has been

delivered.

 You will then receive your encrypted email message which has two parts:

o the main covering email message as shown in diagram 3 and

o the encrypted PDF attachment which contains your secure email message and any secure file attachments.

 When you open the encrypted PDF to access your secure email and secure attachments – you must enter your secure password to view them.

 Please note that if you do not register a secure password within 30 days then

the email you have been sent will be deleted from the system and not delivered to you.

 You will be reminded five before the 30 days registration period ends, by

receiving a ‘secure email registration request’ message to register a password.

5  Once you have registered your secure password please follow the steps shown

in the next section to access your message.

Diagram 3 – the covering email message you will receive to access your encrypted PDF email message

b) Process for you – the recipient if you have already registered a secure password:  Your will receive a covering email message as shown in diagram 3 which will

contain an encrypted PDF attachment.

 This encrypted PDF attachment will contain your secure email message and any secure file attachments.

 Follow the steps in the next section on how to open and reply securely to your message.

Secure Email - Customer User Guide

c) Opening your secure email

 You need to open the secure PDF attachment in Adobe Reader (version 7 or

higher) to access your secure message and any secure attachments.

 You may need to save the PDF file to your network first before being able to open

it in Adobe Reader.

 If you do not have Adobe Reader – please speak to your IT department to about installing it. Instructions are given for how to download this on the covering email message.

 You should not open the encrypted PDF using an internet browser as you may

have problems viewing any secure file attachments.

 When you open the attached encrypted PDF you will be prompted to enter the secure email password you registered to access your message and any

attachments.

 Once your encrypted PDF is successfully opened with your secure password

you will see the first page of our SECURED council PDF screen – as shown in diagram 4 below.

 On this first page of the encrypted PDF you can see any attachments on the left

hand side (next to the paperclip icon) and what format they are in, for example, Word, Excel.

Secure Email Customer Guide 7 d) To access your secure message scroll down to the second page as shown

in diagram 5.

Diagram 5 – Our secure email screen, page 2 showing your email message d) How to reply securely back to the council

 If you need to send a secure email reply back to the person who sent you the message – you must reply to the original secure message (held within the encrypted PDF) that was sent to you from the person at the council.

 _{Open the original email message you received and enter your secure email}

password to access the encrypted PDF.

 Once you are in the encrypted PDF – scroll down to page 2 where you can see

your secure email message, as shown in diagram 5.

 Click the ‘reply’ box on the top right of the email header (shown in diagram 5) and

compose your email reply.

 If you need to attach any files – click on the ‘attachments’ button on your email –

as shown in diagram 6.

Diagram 6 – example of the secure email reply screen and attachment button

 You then need to click on ‘Choose File’ button and select the file you wish to

attach.

 Then click ‘Upload’ when you return to the council secure email screen.

 Finally click on ‘Done’ and then ‘Send’ and your reply will be sent back securely.  You will receive a confirmation message as shown in diagram 7 from our secure

email to show your secure email reply was successfully delivered back to the sender of the original secure email.

Secure Email Customer Guide 9 Diagram 7 – confirmation message that your reply was sent securely back to the council

 You are unable to send any information securely without replying to the

original email – it would simply be sent as a normal email otherwise and not be encrypted.

 It is important to note that by using our secure council reply function you will not receive a copy of the secure email in your ‘Sent’ folder. Instead, you will receive a copy of the secure email in your ‘Inbox’. This is because you are using our secure PDF email portal to send the message and not your email account.

6. Forgotten passwords

If you forget your secure password (or want to choose a new one) you will need to:

 Click on the link you receive in the covering email message (shown in diagram 3) “If you forget your password please click here to reset it.”

 You will then be asked to confirm your email address and have your three password security questions send to you – as shown in diagram 8 below.

Diagram 8 –request to answer challenge questions when forgotten secure password

 You will receive an email from the council called SPX Password Recovery Request’ email from Glasgow City Council ’ as shown in diagram 9 below.

Diagram 9 – message for recovering/resetting secure password.

 You will then have the option to recover or reset your secure password by answering the password recovery challenge questions that you answered

when you registered it – as shown in diagram 10.

Secure Email Customer Guide 11

4 August 2015

Diagram 10 – answering security questions to recover/reset your password

 If the three security questions are answered correctly you can chose to either ’reset my password’ or ’recover my password‘.

 Recovering a forgotten password

o If you choose to recover your password you will be sent a temporary password to access an email with your existing password in it. You will still be able to access all secure emails previously sent to you which were encrypted using this original secure password.

 Resetting a password

o If you choose to reset your password you will be asked to create a new secure password and answer your security challenge questions. You will not be able to use this new password to access any secure emails previously received which were encrypted using an older password.

 If you forget your password you should always try to recover it so that you can

still access all encrypted secure emails you have received.

 However, if you cannot successfully answer your security questions you will

not be able to recover or reset your password.

Secure Email - Customer User Guide

 If your password cannot be recovered or reset you should contact the person at

the council who sent you your secure email and request that your encryption account is deleted and replaced with a new secure password. You will not be able to access any secure emails you have previously been sent.

7. Important information for you

 Your secure password will automatically expire if it is not used to access an

encrypted email for more than 30 days.

 If you have already registered your secure password you will not receive a notification about when it is due to expire.

 If you are due to register your secure password for the first time, you will receive an automatic reminder that you must register one to access the secure

email you have been sent – you will receive this reminder five days before your message is due to expire.

 If a secure email is sent to you after your secure password has expired you

will receive another ‘secure email registration request’ email (as shown in diagram 1) - the same process you followed when you first registered your secure

password.

 Once you have registered a new secure password and new security answers you

will be able to receive new secure emails by entering this new secure password. However, it is important to note that you will not be able to view and access any secure emails previously sent to you which you used your old password to access.

 You must create a new password within 30 days of your previous one expiring,

otherwise you will not be able to receive any secure emails that are due to be delivered to you.

 You can only send a secure encrypted email by replying to a secure email that

Secure Email Customer Guide 13 8) Support for you

 If you have any issues about the secure encrypted email you have been sent please contact the person from Glasgow City Council who sent it to you.

 You can also visit our website at www.glasgow.gov.uk/secureemail to read our frequently asked questions.

9 Appendix 1

An example email to let your recipient know that you are about to send a secure email.

From: [email protected]

To: [email protected]

Subject: Our secure council email process – what you need to know

As part of our council Information Security policy – a new and secure way of sending sensitive information (encryption) is being introduced across the council which all our staff can use.

As this is the first time you are due to receive an encrypted secure email from the council we wanted to let you know what to expect, and what you need to do to view it.

Our secure email process involves converting the message and any attachments into an encrypted PDF file. You, as the person receiving the secure message, will need to enter a password to view the message content and also use the secure PDF portal to reply back to us.

To help you understand the process please read our customer support material on our web site at www.glasgow.gov.uk/secureemail

You will find a step by step user guide and a recipient frequently asked questions document. These will tell you how to register and open your secure email.