Since data is the most valuable thing in today’s business world, organizations should be careful about protecting sensitive data. Especially when it comes to the security of emails, measures should be taken to safeguard them. Lots of things can be done to ensure that the sensitive data does not leave your firm in unsecured manner. Users should consider compliance management of Office 365 to safeguard the emails exchanged through their organization. The write-up will discuss how to enable data loss prevention in Office 365 Compliance Management. We will provide elaborate discussion on issues related to data loss protection policy.
Many of the data loss events involve employees, and most of them are not intentional. Many Organizations allow employees to access confidential information without auditing, that results in employees moving data without any concrete trace. Sometimes employees get tricked to share confidential information, sometimes they share information with the people they think they can trust. In strict systems, inability to follow certain procedure precisely may lead to vulnerability. For all these reasons, organizational compliance management should receive attention it deserves.
Different organizations handle the data loss protection through emails in different ways. While some firms have written policy against sharing private customer information outside organizations, others use “Transport Layer Security (TLS) encryption.” It protects emails by providing end-to-end encryption. TLS setup can be done in several ways. One is opportunistic TLS that requires both the companies to have TLS enabled. There also exists mutual TLS that has to be set between two organizations that want 100% TLS encryption while exchanging messages. Apart from these, many organizations set up data loss prevention (DLP). It can be configured to encrypt only the messages that contain sensitive information or stop such emails from sending.
Before setting up email-based security policy for your organization, you have to follow government regulations set for the sector your company belongs to. These policies help to protect data from all types of unauthorized exposure and access.
If your organization belongs to healthcare sector, you have to follow “Healthcare Insurance Portability and Accountability Act” (HIPPA) from 1996. It contains rules that have to be followed in healthcare sector.
For companies belonging to financial sector, the regulations come from Gramm-Leach Bliley Act (1999). According to this regulation, all financial organizations have to confirm the confidentiality and security of the data.
Publicly-traded companies also need to follow a 2002 Act named the Sarbanes Oxley Act. It imposes rules for companies to keep their data in safe and secure manner. It also requires data including emails to be available during any disaster.
Now, we will move to another section where we will talk about how to enable DLP in Office 365.
Here, we will be selecting “New DLP policy from template” option.
This puts the policy in a detection-based mode. You can evaluate and determine if this is the correct policy for your organization.
Creating Policy Tips
Using Policy Tips, you can notify other email users regarding non-compliant information placed in their message before they send it. Policy Tip configuration allows you to do various things like notifying sender, blocking the message, redirecting to compliance URL, etc. In this section, we will discuss creating policy tips to stop sending messages.
Using Policy Tips
Once the Policy Tips is in full testing mode, you can run this as long as you feel appropriate.
Ultimately, this entire security-related issue should be dealt by Email Administrators and the Security team together. They should create an appropriate plan together following the guideline of the organization. All must remember that the loss of personal information can have severe consequences. The organization involved in sending personal information and the people whose information is getting emailed outside the organization, both want to protect the personal information and parties involved. Therefore, everyone should work together to secure all types of sensitive information.
The aim of this post was to educate people about DLP. It has also depicted how to enable data loss prevention in O365 Compliance management. Readers will be able to test and run reports as well as enable DLP within the tenant of Office 365 Exchange Online. We must all understand that email security is a complex matter and every organization should be careful about it.