In 2021, the National Cyber Security Centre reported an increase in the number of cyberattacks targeting the UK education sector. Alongside our guidance on What to do in Arbor if your school gets a ransomware attack, we've answered some common questions about sending communications through Arbor below.
Are emails and SMS sent through Arbor encrypted?
Emails and SMS are sent via a 3rd party provider using standard SMTP. They are not by default encrypted. This is standard across email and SMS sending platforms.
Sending emails or SMS through Arbor is just as safe as sending through any standard email or text client such as Gmail, outlook etc.
Can we use end-to-end encryption?
End-to-end encryption (such as that used by apps such as Whatsapp), requires specialist software to be installed for both the sender and receiver. This is not possible to apply in Arbor for emails and is not possible at all for SMS.
Who can read the emails and SMS sent?
Communications from Arbor to our communications providers are all sent with transport-level encryption (SSL/HTTPS). This provides safety against data being intercepted or read when in transport.
The content of an email or SMS is not encrypted, meaning that anyone who was sent the communication can read it. This is standard across email and SMS sending platforms.
This means it's vital to check that the users you're sending the communication to through Arbor have the right email address and phone number and that you exclude anyone who shouldn't receive the information.
Is it safe to send attachments to emails through Arbor?
We have features to help make sure you're sending attachments to the right people, including a pop-up. You can see more information on how to make sure attachments are sent to the right people here: Data protection guidelines for communications
Communications logs and sensitive data in Arbor
All data stored within Arbor is encrypted at rest, providing additional security from attackers. We also protect access to running servers through normal password protection, isolating access to VPCs etc.
How should we send sensitive information??
Wherever possible, we recommend sending sensitive details to guardians via an in-app message, or a dedicated secure portal for sending data to other schools.
The content of In-app messages doesn’t leave our network and are only sent using internal Arbor systems, so they never enter a public network like emails and SMS.
Although push notifications are not encrypted, no sensitive data is included in these.