Are your employees careless with company data? Are you sure that company documents are shared securely? Did you have sensitive data leakage? Do you know how many outbound emails contain sensitive data?
To help mitigate this problem for all Microsoft 365 users there is a great Data Loss Protection feature.

DLP is part of the Security and Compliance center in Office 365 and it is tightly integrated with Exchange Online, SharePoint Online, and OneDrive for Business. It can also help protect information in desktop versions of Excel, Word, and PowerPoint files.

DLP in Office 365 consists of out of the box or custom-made policy in which you can define where, when, and how to protect sensitive content. It will automatically perform content analysis and search for the information you defined as sensitive.

For example, the U.S. Patriot Act defines the following data as sensitive:

  • Credit Card Number
  • U.S. Bank Account Numbers
  • U.S. Individual Taxpayer Identification Number (ITIN)
  • U.S. Social Security Number (SSN)

Additionally, you probably want to protect Personally Identifiable Information (PII) Data either to protect the identity of your employees, vendors, business partners, or clients. PII assumes the following data:

  • U.S. Individual Taxpayer Identification Number (ITIN)
  • U.S. / U.K. Passport Number
  • U.S. Driver’s License Number

All of this data is commonly shared by HR and Finance departments in many companies, and it can often happen that employees want to send something to a colleague via email but forget that their business partner or bank account manager is also cc-d in the email they are replying to. I have also witnessed many cases where sensitive employee PII data is sent in bulk to an external company that does accounting or similar. There is also an option to implement U.S. Health Insurance Act (HIPPA) protection that will help in the detection of medical terms.

Data Loss Protection policy provides a solid solution to automatically protect your company sensitive data, organization-wide, or just for certain departments or groups. It scans content for sensitive data and if conditions are met it can block people from sharing and restrict access to shared content or encrypt email messages in transit and ensure only the intended receiver can read the message.

A nice option to just provide info on how often a certain type of data is actually shared with external users is to use policy in testing mode. Policy would then just send incident reports via email to responsible company personnel, whenever it is triggered, but would not block or encrypt the data.

And of course, the most important part is educating users on sharing company data externally. That is why DLP also features policy tips. Tips appear as a small notification to warn users on the sensitivity of the data in document or email and suggests handling data responsibly. This message can be customized according to company needs.

If you find data loss protection policies useful and want to know more about how they can be utilized in your company, feel free to contact us at anytime.