Did you know that 53% of data breaches at the University happen through email?
Email is quick and convenient – but it's also one of the easiest ways for sensitive data to be sent in error. Nexus365 now includes built-in tools that help protect information automatically by spotting certain types of data and prompting you to double-check before sending.
On this page
- Why you might see an alert
- How to recall a message
- Top tips for safe emailing
- If you think you've had a data breach
- FAQs
- Further learning and support
Why you might see an alert
If you get a policy alert or email notification, you haven't done anything wrong.
The system has detected information that might be sensitive — it's simply a reminder to check your message and make sure you're happy to send it.
An alert does not mean a data breach has occurred. It's there to help prevent one.
How to recall a message
Realised you need to make a change after sending? Outlook lets you try recalling a message.
You can follow Microsoft's step-by-step guide here: Recall an Outlook email message (Microsoft Support)
Top tips for safe emailing
- Double-check recipients, attachments, and forwarded text before sending.
- Set a short delay on sending in Outlook to allow time for last-minute changes.
- Turn off auto-complete to reduce the chance of choosing the wrong contact.
- Think before forwarding: do you need the full email chain?
- Use BCC for large groups who don't know each other.
- If you email the same group often, use a Sympa mailing list instead.
- Use a shared link to a file to share documents directly with named people rather than sending attachments.
- Password-protect sensitive files and send the password separately.
- Use strong passwords, and if sending multiple files, consider an encryption tool such as 7-Zip.
- Keep up to date with information security and data privacy training.
If you think you've had a data breach
If personal data has been sent to the wrong place, report it immediately to: data.breach@admin.ox.ac.uk
The sooner you report it, the quicker the University can help limit any impact.
FAQs
Who triggers the alert?
It's automatic — the system checks for certain data patterns. No one is reading your email.
Am I being watched?
No. The system simply scans outgoing messages and flags potential risks to you.
What if it's a false positive?
If you're confident the content is fine, you can ignore it. Frequent false alerts? Please report it.
Can I be exempt?
If you handle sensitive data routinely, your department can discuss possible exemptions. Contact InfoSec email.
Are there safer alternatives to email?
Yes. Use secure file transfer tools or restricted shared drives.
For more guidance: Classify and handle University data securely | Information Security
Further learning and support
Annual training
Complete your Information Security and Data Protection training each year
Stay safe on email
Learn more about preventing common email mishaps