Bowling Green State University incorporates the ISO 17799 Code of Practice for Information Security Management. References to ISO 17799 section numbers facilitate Plan organization and assessment.

Specialist Information Security Advice (ISO § 4.1.5)

The following is provided to assist BGSU students, faculty, and staff with the protection and safe handling of information on computer systems and the University network.

General Advice
Email is a convenient and compelling communication medium. Email however, should not be used to communicate confidential or sensitive information without understanding the risks and taking appropriate precautions.

• Be wary of email from unknown or unexpected sources
• Do not open unexpected attachments or click on links in email, unless you know that you can trust the sender or otherwise verify that the action is safe.
• If you use Internet Explorer and you receive an email with a long URL that wraps onto a second line so that clicking on the link does not work, do not copy & paste the URL into the address bar as a circumvention unless you know that you can trust the destination web site.
• If you use Internet Explorer, do not trust the URL displayed in the address bar. There is a vulnerability in IE that can be exploited by enticing you to click on an email link.
• Be wary of security alerts when you cannot verify the authenticity and do not forward them to others.
• Develop a personal style when sending email, such as a unique salutation or signature. This will help others evaluate whether an email is from you or sent by a virus.
• University email could be obtained by  public records requests or as part of investigations. Keep it professional. Be aware of legal retention requirements, depending on content.
• To avoid hoaxes, see: NIST email hoaxes
• Keep email, browser, and anti-virus software current; see: NIST email updating
• Be advised that even if you do everything right, if anyone that you send an email to does not follow recommended security disciplines, or if you submit email to public listprocs, or if your email is forwarded to others without your consent, and if recipient systems subsequently become infected with a virus or worm, your email address could be exposed to random recipients and spammers.