Automatic email forwarding can seem like a convenient solution – to have emails from an infrequently monitored account forwarded to an account you use more often- but email forwarding rules that send university emails to external accounts create significant information security risks. Automatic email forwarding to external accounts contravenes the University’s Acceptable Use Policy.
Compliance
University emails often contain sensitive or personal data protected under GDPR. When automatically forwarded to external accounts, this data moves outside our protected environment, which can result in compliance violations.
Security
Our email system implements a number of security measures, including encryption, malware scanning, and data loss prevention settings. These protections don’t extend to external email providers, which can leave forwarded data vulnerable to attack or loss. Auto-forwarding of password reset emails creates an unacceptable risk of account compromise across multiple services, which can magnify the impact of a single security breach.
Criminal Use
Cyber criminals often set up email forwarding rules after compromising an account, which allows them to retain access to communications even after the account is secured with a password change. This can make detection and remediation of breaches more difficult.
Confidentiality
Sensitive university data could be exposed to unauthorised individuals if emails are sent to personal accounts that are accessible to others, such as family members.
Rather than automatic forwarding, consider using alternatives such as the Microsoft Outlook mobile app to access your university emails from anywhere. Outlook is also available on the web through your Microsoft 365 account. Read our guidance on email for staff and PGR students. Contact the Information Centre with any questions about email use or policies by logging a call in UniDesk Self-Service.