Secure E-mail Client & Third Party FAQs 1 P age
Table of Contents Secure E-Mail Overview... 3 Options for viewing secure e-mail... 3 Delivery Option Decision Tree... 4 Before you start using Secure E-mail... 4 To use a PGP key or S/MIME certificate... 4 To forward messages in PGP Web Messenger... 5 To start using PGP PDF Messenger... 5 To start using PGP Web Messenger... 5 How Do I change my secure e-mail options?... 6 Do I need to setup a passphrase with Northern Trust if I already use PGP?... 6 Are there set-up or usage costs for using the Northern Trust Secure E-Mail program?... 6 What requirements exist for establishing a PGP passphrase?... 6 What if I forgot my passphrase?... 7 How do I forward my messages in PGP Web Messenger after I change my settings?... 7 My organization has a managed desktop policy and I am unable to install software to my desktop. How can I participate in the Secure E-Mail program?... 7 What if there is a Secure E-mail outage, how should I communicate confidential information?... 7 When will my Secure E-Mail become invalid?... 8 How do I know when I have received a new Secure E-mail message?... 8 Can I send encrypted messages to a Northern Trust shared mailbox?... 8 Can I use my shared mailbox or a non-northern Trust distribution list in the Secure E-Mail program?... 8 Can Secure E-mail messages be sent to a Northern Trust group distribution?... 9 Can I forward Secure E-Mail to a person not on the original secure message?... 9 Is there an e-mail size limitation and how can I tell the size of an e-mail?... 9 What is the Secure E-Mail inbox storage limit?... 10 What is the Secure E-Mail message retention period?... 10 Are there other Secure E-Mail options besides PGP?... 10 2 P age
Secure E-Mail Overview Northern Trust offers a secure method to facilitate e-mail communication called Secure E-Mail. This secured approach is supported by PGP Universal encryption software. Encryption software minimizes the potential for unauthorized individuals to view information that is confidential or proprietary by converting an e-mail message and contents into an unreadable format. The message is decrypted on the receivers end by logging in, which converts the message to clear text so that it can be read There are no set-up or usage costs for participating in the secure email program. Options for viewing secure e-mail Northern Trust offers the following options to view encrypted messages. OPTION PGP Desktop or S/MIME DESCRIPTION If you are a Corporate User working on a secure network and you know that your company already uses PGP Desktop or you know you have an S/MIME certificate, you can select PGP Desktop or S/MIME. You will receive, send, and store messages in your corporate mailbox. This option is easy if you already use PGP. If you use S/MIME, you will need to upload your certificate. Refer to using PGP key or S/MIME certificate to get started using this option. PGP PDF Messenger If you are an Individual who sends and receives e-mail via a service provider (like Yahoo, Hotmail, Google, etc.), you can select PGP PDF Messenger. With PGP PDF Messenger, you will receive and store messages with secured PGP PDFs in your own email inbox. This option allows you to create a passphrase and have all contents of a message (the email text and all attachments) sent incorporated into a passphrase protected PDF file. Each message received will require that you type in your passphrase, upon doing this the PDF will open and the email text and all attachments will be available for your retrieval. You can then save the attachments to your computer. In order to send secure emails, you will need to click onto the PGP link from either your email message or sign-on to the PGP secure email link on NTRS.COM. This option is easy to implement and can be used immediately. If you are a Corporate User that does not have PGP Desktop installed, but want messages to be received in your desktop e-mail software you can select PGP PDF Messenger. Refer to start using PGP PDF Messenger to get started using this option. PGP Web Messenger If you are an Individual who sends and receives e-mail via a web mail service provider (like Yahoo, Hotmail, Google, etc.) you can select PGP Web Messenger. You will receive, send, and store messages in the PGP mailbox. This option is easy to implement and can be used immediately. There are some storage and retention limitations with this option. If you are a Corporate User that does not have PGP Desktop installed, but wants your messages to be received in your desktop e-mail software you can select PGP Web Messenger. Refer to start using PGP Web Messenger to get started using this option. 3 P age
Delivery Option Decision Tree Before you start using Secure E-mail 1. A Northern Trust partner will send you an encrypted e-mail message. 2. You will receive an e-mail notification about the encrypted message. This notification includes two links: Enrollment in the Secure E-Mail program Secure E-Mail program Frequently Asked Questions 3. Click the Enrollment link to begin enrolling in the Secure E-mail Program. 4. If you are prompted to do so you will need to setup a passphrase and follow the steps to specify how you want to receive secured messages. You will use this passphrase to change your settings, should you choose to change them at a later date. To use a PGP key or S/MIME certificate Before you Begin: You will need to export your PGP key or S/MIME certificate from your e-mail client prior to using your key or certificate. The process for exporting keys/certificates varies, so please consult your mail client help for instructions on how to export your key/certificate. 1. From your encrypted e-mail notification, click the Secure E-Mail Message link, opens. 2. In the Secure E-mail window, establish a Passphrase. 3. Select the PGP Desktop or S/MIME option. 4. Click Import Key File. 5. Enter the location of the Key File or Click Browse to search for the Key file or Click Import Key Block and enter the Key Block 6. Click Choose Option. 7. Review the encrypted E-mail message in PGP Web Messenger. 4 P age
Note: All secure e-mail that you have received prior to establishing a passphrase and setting up PGP Desktop or S/MIME is delivered to a PGP Web Messenger Inbox. You will have the option to resend all messages to your Inbox. For more information please see How do I forward my messages in PGP Web Messenger after I change my settings?. Ongoing Use Once a valid key or certificate is uploaded, subsequent secure messages will be delivered to your inbox already decrypted. To forward messages in PGP Web Messenger Once you have set up PGP Desktop or S/MIME you can forward the messages in your PGP Web Messenger to your regular inbox. From PGP Web Messenger Inbox: 1. Click Resend All Emails. 2. Remove messages from your PGP Web Inbox by selecting the check boxes next to each message then clicking Delete Selected Messages. Ongoing Use Once the software is downloaded, subsequent secure messages will be delivered to your inbox already decrypted. PGP will notify you when software updates are available and provide an option to install the update or postpone to another time. To start using PGP PDF Messenger 1. From your encrypted e-mail notification, click the Secure E-Mail Message link. 2. In the Secure E-mail window, establish a Passphrase. 3. Select the PDF Messenger option. 4. Click Choose Option. 5. Review the Encrypted E-Mail message. Ongoing Use: Once this option is chosen all subsequent e-mails will be received with passphrase protected PDF's attached. When opening the attachment you will be prompted to type in your passphrase. Upon successful confirmation of the correct passphrase the PDF will be decrypted and all underlying attachments will be available to be viewed. To start using PGP Web Messenger 1. From your encrypted e-mail notification, click the Secure E-Mail Message link. Note: You will need to enter this each time you receive a Secure E-mail Notification. 2. In the Secure E-mail window, establish a Passphrase. 3. Select the PDF Messenger option. 4. Click Choose Option. 5. Review the Encrypted E-Mail message. Ongoing Use: You will receive an e-mail notification when an encrypted message is received by your PGP Web Messenger inbox. The Secure E-mail notification will include a link to PGP Web Messenger. 5 P age
Note The Web Messenger delivery option is a messaging tool and should not be used as a mail storage facility See What is the Secure E-Mail inbox storage limitation? and What is the Secure E-Mail message retention period? for more details If you select this option as an interim solution, you will need to change your settings in the Web Messenger interface. See How do I change my settings my secure e-mail options? for more details. How Do I change my secure e-mail options? To change how you receive secure e-mail: 1. Go to http://securemail1.ntrs.com/ 2. Enter your E-mail Address 3. Enter your Passphrase 4. Click Settings on the top menu bar 5. Select the Option you want to change to 6. Click Choose Option 7. Follow the steps to setup that option To change your passphrase: 1. Go to http://securemail1.ntrs.com/ 2. Enter your E-mail Address 3. Enter your Passphrase 4. Click Settings on the top menu bar 5. Click Change My Passphrase 6. Enter a New Passphrase 7. Confirm the New Passphrase Do I need to setup a passphrase with Northern Trust if I already use PGP? If you are prompted to do so you will need to setup a passphrase and follow the steps to specify how you want to receive secured messages. You will use this passphrase to change your settings should you choose to change them at a later date. Are there set-up or usage costs for using the Northern Trust Secure E-Mail program? You will not incur expense for participating in the Secure E-Mail program. What requirements exist for establishing a PGP passphrase? The only requirement for a PGP passphrase is that you use a minimum of ten characters. The passphrase can be any combination of characters, spaces, letters, and numbers, but can not be larger than 255 characters. 6 P age
What if I forgot my passphrase? To reset your passphrase: 1 Go to http://securemail1.ntrs.com/ 2 Click the I lost my passphrase link 3 Enter your E-mail Address 4 Click Send You will receive a message including a link to reset your passphrase. How do I forward my messages in PGP Web Messenger after I change my settings? Once you have set up PGP Desktop or S/MIME you can forward the messages in your PGP Web Messenger to your regular inbox. From PGP Web Messenger Inbox: 1. Select the check boxes next to each message. 2. Click the Delete Selected Messages link. My organization has a managed desktop policy and I am unable to install software to my desktop. How can I participate in the Secure E-Mail program? Initially, you can use PGP Web Messenger. If you would prefer to use one of the other options available, we would recommend that you work with your technology group to determine which option would work best in your environment. What if there is a Secure E-mail outage, how should I communicate confidential information? You will follow present day processes for communicating confidential information with Northern Trust. Contact your Relationship Manager if you need assistance. 7 P age
When will my Secure E-Mail become invalid? For PGP Desktop or S/MIME your key or certificate will remain active for as long as the key or certificate is valid. For PGP Web Messenger if you do not receive Secure E-Mail messages within a six-month time frame, the account is considered inactive. When an account has been inactive for more than six months, the account is deleted - including any keys, email, or settings associated with the account. How do I know when I have received a new Secure E-mail message? PGP Desktop or S/MIME PGP PDF Messenger PGP Web Messenger you will receive Secure E-mail in your regular inbox you will receive Secure E-mail in your regular inbox you will receive Secure E-mail in the PGP mailbox Can I send encrypted messages to a Northern Trust shared mailbox? Yes, a Northern Trust shared mailbox can receive encrypted messages (you must first receive a secured email from the shared mailbox before you can send one). The message will be automatically decrypted within the shared mail Inbox. Note Contact your Relationship Manager to find out if the e-mail address you are sending to is a shared mailbox or a distribution list Can I use my shared mailbox or a non-northern Trust distribution list in the Secure E-Mail program? Yes. Your shared mailbox or non-northern Trust distribution list must be activated for use in the Secure E-Mail program. To activate, a Northern Trust partner must send a Secure E-Mail message to your shared mailbox or distribution list. Once the connection is setup, the passphrase that was established must be shared with all members of the shared mailbox or distribution list who would need the ability to retrieve secured messages. Send a note to the distribution list stating "I've set up a secure connection with Northern Trust. Here is the passphrase: Note A shared mailbox or distribution list will have a passphrase that all members of the mailbox will use to access messages. The passphrase is different and separate from the member s own passphrase. For example, if a mailbox is shared by John, Jane, and Mary, they will each share a passphrase used to access the shared mailbox, and each will have their own private passphrase to access their own mailbox. The easiest delivery option to accomplish such a shared environment is PGP Web Messenger 8 P age
Can Secure E-mail messages be sent to a Northern Trust group distribution? No, this is not available at this time. Note Contact your Relationship Manager to find out if the e-mail address you are sending to is a shared mailbox or a distribution list Can I forward Secure E-Mail to a person not on the original secure message? Yes. If you use PGP Desktop or S/MIME simply forward the secure E-Mail the same way you do an unsecured e-mail. If you use PGP Web Messenger: 1. Open the Secure E-Mail in PGP Web Messenger 2. Select the text of the message 3. Press CTRL + C OR Right click and click Copy 4. Create a New Message in your E-Mail tool 5. Press CTRL + V OR Right click and click Paste 6. Edit your message and Send Note Messages sent in this way will not be secure To forward reports outside of Web Messenger, download the reports to your computer PGP Web Messenger cannot be used to send Secure E-mail to parties outside of Northern Trust Is there an e-mail size limitation and how can I tell the size of an e-mail? Yes, encrypted e-mail cannot be larger than 10 megabytes (MB). If you use PGP Web Messenger you can send messages that are 10 MB. You can only store 50 MB in total of all messages. If the combination of messages is larger than 50 MB, then no additional messages will be received until the Web Messenger inbox has messages deleted. The best way to determine whether a message will exceed the 10MB limitation is to determine the total size of all the attachments. If the total exceeds 10,485,760 bytes, then the message will not be sent and a notification message will be sent to the sender informing them of the non-delivery because the size limitation was exceeded. To determine the size of attachments 1. While attaching files, right click the Attachment 2. Click Properties 3. Review the Size information 4. Close the Properties window To convert bytes into kilobytes (KB) and megabytes (MB) 1,024 bytes = 1 KB 1,048,576 bytes = 1 MB 9 P age
What is the Secure E-Mail inbox storage limit? PGP Desktop or S/MIME PGP PDF Messenger PGP Web Messenger Inbox storage limit is governed by the constraints of your e-mail system. Inbox storage limit is governed by the constraints of your e-mail system. Inbox storage limitation is 50 MB. When the limit has been exceeded a notification message will be sent to you and the sender of the e-mail. To receive new secure e-mail you will need to delete messages in your inbox. Note The Secure E-Mail program is a messaging tool and not a mail storage facility. When Secure E-Mail messages have reports attached, the reports should be downloaded to you desktop for storage. What is the Secure E-Mail message retention period? The PGP Web Messenger option has a message retention period of from your PGP Web Messenger Inbox. PGP Desktop or S/MIME PGP PDF Messenger PGP Web Messenger The inbox storage limit is governed by the constraints of your e-mail system The inbox storage limit is governed by the constraints of your e-mail system Six months. After six months messages are deleted. Are there other Secure E-Mail options besides PGP? Yes. In addition to PGP options, Northern Trust supports TLS. TLS is an acronym for Transport Layer Security and is a behind the scenes method of securing emails between sender and receiver organizations. TLS allows a client to send and receive encrypted email without having to log on. TLS only works between organizational domain names. If your e-mail is @yahoo. @gmail, @hotmail, etc. the TLS technology will not be activated. 10 P age
If you are interested in implementing TLS between your office and Northern Trust 1. You should contact your technology support to determine if TLS has been installed on your email server. If it has not, you can request that TLS be implemented. 2. You should then provide the name and phone number of your Technology Support person to your Northern Trust Client Servicing Team and Northern will have our Technology Group contact them to establish the secure connection. 3. Once a successful test has been completed, all e-mails between the two domains will be encrypted. 11 P age