For Epic Cheers go-live support, please contact NYP IS at
nypres.service-now.com/nyp-portal
or 212-746-4357
Effective Date: August 17, 2015
Last Reviewed: July 30, 2024
Approval Date: July 30, 2024
Weill Cornell Medicine (WCM) Workforce Members are responsible for protecting the confidentiality, integrity, and availability of data created, received, stored, transmitted, or otherwise used by Weill Cornell Medicine.
Weill Cornell Medicine reserves the right to restrict information technology resources to preserve data security or comply with law or policy.
To further secure Weill Cornell Medicine data and members of Weill Cornell Medicine, an institution-wide email security system has been implemented that incorporates spam filtering, advanced threat protection, and threat classification.
Email is a common method of social engineering and data exfiltration, namely by spam or phishing campaigns that may trick individuals into providing sensitive information to unauthorized parties. To protect against these threats, Weill Cornell Medicine has implemented an email security solution that is modular in nature and robust in terms of its capabilities.
This policy applies to all WCM Workforce Members as defined in this policy, including WCM-Qatar Workforce Members responsible for managing and safeguarding WCM data.
Workforce Member: Faculty, staff, students, volunteers, trainees, and others whose conduct in the performance of work for WCM, is under its direction and control, regardless of whether or not they are paid by WCM.
Weill Cornell Medicine has implemented an email security solution that provides spam message filtering and protection against security threats by blocking junk mail, spoofing attempts, and suspicious or malicious hyperlinks and attachments.
The spam management feature is an email filtering tool; all incoming email is filtered by an anti-spam and anti-virus product. Messages are scored and thresholds have been set in alignment with industry standards and Weill Cornell Medicine’s needs to safely quarantine messages that contain spam or malicious content. These thresholds are tuned in response to environmental changes and individual feedback. Email security controls that may be used at least in part include Sender Policy Framework (SPF), Transport Layer Security (TLS), and Domain-based Message Authentication, Reporting and Conformance (DMARC).
The system also provides attack protection against suspicious or malicious hyperlinks and attachments. Hyperlinks are assessed for the likelihood of a threat or attack and rewritten in such a way to help protect individuals from accidentally clicking through and exposing themselves to an attack.
Attachments are securely screened and tested for suspicious or malicious code. Email messages containing such attachments are blocked from delivery to prevent infection or spread of malware such as ransomware. The delivery of emails containing attachments from external senders may be delayed on average up to five minutes, although the maximum delivery delay may take significantly longer depending on various technical circumstances.
Additionally, the email security system implements filtering of “spoofed” messages. Spoofed messages are often used by attackers to impersonate another individual to conduct a social engineering attack, typically to request monies or privileged credentials. The email system is configured to detect and quarantine messages that are spoofed. Quarantined messages will appear in the daily message digest or be outright blocked depending on various technical circumstances. False positives can be reported to ITS for investigation and allowlisting.
To help protect against email threats, all individuals are automatically enrolled in the email security solution. While individuals may tune some of the spam filtering and digest features, they cannot withdraw from the provided security features due to the resulting security implications.
The inclusion of High Risk data in email must be kept to the minimum necessary needed to meet the intended purpose of the message and must be directed only to people with legitimate authorization.
Senders must verify that the correct recipients are listed in the TO, CC, or BCC email address fields before sending messages containing High Risk data.
Make sure to verify the CWID or the exact email address!
Individuals that are experiencing technical difficulties with the email security system should contact ITS for assistance. A Spam Management System FAQ is available for assistance with common issues and questions.
If too many messages are being incorrectly filtered, individuals can adjust their quarantine, Safe Senders List, and Blocked Senders List options. ITS can assist individuals learning how to manage these controls.
The system has a target attack protection algorithm that rewrites hyperlinks in email messages to lessen the risk of clicking on something malicious. ITS recognizes there may be a legitimate business need to retrieve the original, unaltered hyperlink. Individuals can “decode” the hyperlinks contained in email messages by copying the hyperlink into the URL Decoder (https://decode.weill.cornell.edu).
By default, a summary digest of all quarantined messages is delivered to the individual’s mailbox twice daily at approximately 8:00 AM and 6:00 PM Eastern Time. Digests include a list of any messages that may have been quarantined since the previous digest was delivered. In the event no messages are quarantined, a digest is not delivered.
Individuals who wish to receive digests on a different frequency may request to switch to a once daily digest., delivered at approximately 12:00 AM ET. Individuals who do not wish to receive any digests may withdraw by deselecting the checkbox in their Profile settings of the web portal (https://antispam.med.cornell.edu). Individuals who choose to withdraw from a digest completely will be responsible for manually accessing the Proofpoint web console to check the quarantine at-will.
Requests to switch digest delivery options may be submitted by the individual as an ITS Support ticket.
Individuals that appreciate the use of spam filtering but find that too many messages are not being delivered and flagged inadvertently may opt to switch to a less restrictive policy. ITS has created a “moderate” policy with a lesser quarantine score which may increase the number of messages reaching the individual’s mailbox. This policy allows individuals to receive emails automatically classified as “bulk” messages, which typically consist of mass mailings, newsletters, and other commercial emails. It is important to note that suspicious or malicious messages may be incorrectly automatically classified as “bulk” messages and delivered to the individual’s mailbox without proper filtering. Consequently, individuals opting for less restrictive spam filtering may need to be on heightened alert for messages with suspicious or malicious hyperlinks or attachments.
Requests to switch to the less restrictive spam filtering policy may be submitted by the individual as an ITS Support ticket.
Individuals who wish to withdraw from spam message filtering altogether may experience an extreme excess in the amount of email messages that are delivered to their mailbox (as opposed to being filtered and quarantined by the system). This policy allows individuals to receive emails automatically classified as “bulk” and “spam.” If withdrawing from spam message filtering, the security features (anti-virus scan, hyperlink protection) remain in effect. It is important to note that suspicious or malicious messages may be incorrectly automatically classified as “bulk” or “spam” messages and delivered to the individual’s mailbox without proper filtering. Consequently, individuals opting for less restrictive spam filtering may need to be on heightened alert for messages with suspicious or malicious hyperlinks or attachments.
By withdrawing from spam message filtering altogether, individuals will be responsible for managing the excess email on their own.
Please note, as defined in ITS policy 500.08 – Use of Email, forwarding or providing email to a non-ITS managed third-party filter or email system will not be permitted.
Requests to withdraw from spam filtering may be submitted by the individual as an ITS Support ticket.
The following additional resources are available:
Weill Cornell Medicine Anti-Spam Portal
All WCM Workforce Members are responsible for adhering to this policy. Failure to comply will be evaluated on a case-by-case basis and could lead to corrective action, up to and including termination, consistent with other relevant WCM and University Policies. Instances of non-compliance that potentially involve a lapse of professionalism may lead to engagement of the Office of Professionalism for evaluation and intervention.
Direct any questions about this policy to the Chief Information Security Officer, using one of the methods below:
This policy was reviewed and approved by the Information Security and Privacy Advisory Committee.
