An updated software tool coming Friday will warn you if you include personally identifiable information in your Microsoft Outlook emails.
The Air Force is launching the tool — the Digital Signature Enforcement Tool, or DSET version 1.6.1 — on its will be integrated across the Air Force's main computer network this week in hopes of reducing accidental breaches.
The service is launching the Digital Signature Enforcement Tool, or DSET version 1.6.1 on Dec. 5, which will provide Microsoft Outlook email users with an updated interactive, automated virtual assistant that will help protect their personally identifiable information, according to a news release.
Last year, the Air Force said in a news release, it tracked about 500 PII breaches over about three months on the Air Force Network, or AFNET. That , for almost a three month period which prompted the service to lock out AFNET users who were inappropriately storing or transmitting their PII over the network. PII includes can be someone's name, address, Social Security number, rank, age, medical records, financial records, or any other data that can be used directly or with other data to identify, contact or locate a person.
The DSET tool — updated from DSET 1.6.0 which is used across the Air National Guard, Air Force Reserve Command and Air Force Space Command — detects personal information before it is sent out in an email exchange.
A The breach can happen during an email the exchange — for example, senders may not know that hackers have compromised email transport infrastructure between the sender's desktop and a destination, possibly a "non .mil" desktop that is not on the dot-mil network. Hackers can then mold additional attacks — usually through spear phishing — based on the information they acquire during the intercepted exchange.
The updated DSET tool detects personal information before it is sent out in an email exchange. Now used Air Force-wide, its earlier 1.6.0 version was used by the Air National Guard, Air Force Reserve Command and Air Force Space Command.
DSET will trigger when it detects potential PII in an email, giving the sender user the opportunity to delete the information, encrypt the information or override and transmit the email as originally written.
The DSET tool scans for unencrypted PII in the form of social security numbers, leaving overall responsibility on the user to safeguard the sensitive information in all of its forms, the release said.
"First, the user should ask him or herself if the PII in the email is truly necessary," said Alonzo Pugh, a cyber business system analyst for 24th Air Force in the release. "DSET scans the email draft before transmission.
"If PII is identified, DSET will notify the user through a series of pop-up windows," Alonzo Pugh, a cyber business system analyst for the 24th Air Force, said in the release. "This interactivity allows the user to make a conscious decision of how to proceed with the information in question."
If a user must send out any form of PII, encrypting it before hitting send is all that will be necessary, Pugh said. DSET will trigger when it detects potential PII in an email, giving the user the opportunity to delete the information, encrypt the information or override and transmit the email as originally written. DSET will not generate if the information has already been encrypted through Microsoft Outlook protocols, such as the "protect" feature.
Airmen should be aware that Outlook-encrypted information will only be able to send to dot-mil ".mil" addresses. — iIf a user attempts to send to outside non-".mil" accounts, DSET and Microsoft Outlook will provide pop-up boxes explaining the sender's user's options.
Users can also electronically exchange information through the approved Defense Department file exchange services found at https://safe.amrdec.army.mil/safe/.