Email Best Practices

Confidential Information

When sending TCNJ Restricted Information, the user must encrypt the message in an approved method as described in the Transmission section of the document Information to Comply with the Policy on the Handling of Restricted Information.


TCNJ email users should be careful not to open unexpected attachments from unknown or even known senders, nor follow web links within an email message unless the user is certain that the link is legitimate. Following a link in an email message executes code, that can also install malicious programs on the workstation.

Identity Theft

Forms sent via email from an unknown sender should never be filled out by following a link. Theft of one's identity can result. 

Password Protection

TCNJ's policy requires the use of strong passwords for the protection of email. A strong password must contain digits or punctuation characters as well as letters. In addition, your email password should be different from your TCNJ network password. The Password Policy contains information on how to choose and maintain compliant passwords.

Departmental Email Boxes

Departments that provide services in response to email requests should create a shared mailbox to help support departmental functional continuity for managing requests sent via email. Further information about shared mailboxes can be found in the IT Knowledgebase articles on Google Groups.

Forwarding Email

A non-TCNJ forwarding address should not be used if there is a reasonable expectation that confidential information will be exchanged. Email is not considered a secure mechanism and should not be used to send information that is not considered public.

Staff email users on an extended absence should create an Out Of Office message, which should include the contact information for another staff member who can respond while the user is away from the office.

Staying Current

Official College communications such as urgent bulk email, course email should be read on a regular basis since those communications may affect day-to-day activities and responsibilities.

Compromised Accounts

An email account that has been compromised, whether through password-cracking, social engineering or any other means, must be promptly remedied with the appropriate means. The appropriate means will include a password reset, review of account settings, computer scans and malware disinfection to prevent possible leakage of PII, spamming, potentially infecting others and degradations of network service.  If the account is being used to harm others at TCNJ and the owner cannot be reached in a reasonable period of time (“reasonable” being driven by the negative impact to the TCNJ community), the Director of Information Technology Security will direct the office of Enterprise Infrastructure to reset the password. Should the same account be compromised three or more times in any 12-month period, the account will be immediately suspended, and will not be re-enabled until the user notifies the Director of Information Technology Security to ensure that all remediation has taken place, and is provided with remedial training.


Article ID: 56086
Mon 6/18/18 2:33 PM
Mon 6/18/18 2:36 PM