EMAIL ENCRYPTION This material is designed to assist you in learning how to send encrypted e-mail’s to external customers not using “@prmg.net”. Sending an e-mail to another PRMG associates using “@prmg.net” will not be encrypted as they are considered an internal associate and/or customer. There are two (2) methods for sending outbound encrypted messages: Outbound Policy using a key word Microsoft Outlook Add-In E-mail Encryption: Mandatory or not Gramm-Leach-Bliley Act (GLB) GLB compliance is mandatory; whether a financial institution discloses nonpublic information or not. The GLB has mandated that there must be a policy in place to protect the information from foreseeable threats in security and data integrity. PRMG is committed to protecting our customer’s privacy. As a result, we are required to use e-mail encryption when using electronic methods of communication and/or delivery of documents to the borrower. By forgetting to perform this task, places the company at great risk. Please use whatever method(s) work best for you as a reminder tool when sending sensitive information, which includes but is not limited to loan numbers, SS information, or any kind of attachments using the electronic delivery method. In addition, PRMG is required to have the consumers consent to use their e-mail address as a delivery tool. For your convenience, the e-sign consent form is available to all channels within Resource Center. Outbound Encryption Policy Our PRMG administrator has created an encryption policy allowing the user to encrypt messages using a character keyword located in the subject line or in the body of the message. The allowable keyword is as follows: [encrypt] When the message is sent through the encryption policy, the keyword triggers the encryption and the email is then sent to the recipient. NOTE: Messages sent internally are not encrypted. Page | 1 E-mail Encryption – 01/29/14 Rev. 3/24/2014 EMAIL ENCRYPTION Microsoft Outlook Add-In The Microsoft Outlook Add-In method is compatible with Microsoft Outlook 2003 – 2010. An outbound encryption policy keyword will not be required when using this method. Once the add-in is installed, there is nothing else to install or configure. Contact ITSupport@prmg.net for assistance to download the software for the Plugin. NOTE: Messages sent internally are not encrypted. Accessing Encrypted Messages The first time an encrypted message is sent to an external recipient, they will receive two (2) messages. Welcome message The encrypted message Page | 2 E-mail Encryption – 01/29/14 Rev. 3/24/2014 EMAIL ENCRYPTION The Welcome message displays a link requesting the recipient to activate the account. If the recipient does not have an active account, then they are redirected to an account registration screen. After the users account is created, the Welcome message will not be sent again. The Welcome message is only sent the first time an encrypted message is received by an external recipient If the user already has an existing account, they are simply redirected to the Encryption Console where they sign in using their credentials. Page | 3 E-mail Encryption – 01/29/14 Rev. 3/24/2014 EMAIL ENCRYPTION As mentioned earlier, if the recipient does not have an existing user account, they are redirected to register for a user ID and password. There is no way to bypass this process and the user will not be able to access the encrypted message without completing this one-time step. After they complete this task, the recipient will simply be redirected to the Encryption Console where they sign in using their credentials. Page | 4 E-mail Encryption – 01/29/14 Rev. 3/24/2014 EMAIL ENCRYPTION As soon as the user has either created a new user ID and password or uses their existing credentials to access the Control Console, the encrypted message is received and will be seen in their inbox. From the inbox reflecting on the left side of the panel, the user will see and can click on the encrypted message. After reading the new message, the user will have several options available to them: Reply to the Sender or Reply All Delete an e-mail address by clicking the red X next to the recipient’s name Attach a new document Some limitations to the “reply all” message include: New recipients cannot be added to the reply message. Attachments from the original message are NOT included in a “reply all” return message, however can be added using the Attached File feature. Messages cannot be larger than 30Mb Recipients cannot forward encrypted messages from the Control Console Page | 5 E-mail Encryption – 01/29/14 Rev. 3/24/2014 EMAIL ENCRYPTION Encrypted messages are maintained in the Control Console for a minimum of 30 days On the 27th day, an e-mail will be sent out providing notification Encrypted messages may be exported and saved into another location Page | 6 E-mail Encryption – 01/29/14 Rev. 3/24/2014