Data Loss Prevention Policies (DLP)

Data Loss Prevention Policies (DLP)

Exchange 2013  provides comprehensive capabilities to help organisations identify, monitor, and protect sensitive information from leaking to third parties.Microsoft provides standardised regional libraries of policies to cope with management of credit card and financial information, personal information, and a variety of other metrics to help organisations comply with data protection laws according to the countries in which users are situated.

Office 365 is the only “off the shelf” product acceptable to US Federal Government and EU Covernment purchasing departments, and Microsoft’s DLP provisioning i relied on overwhelmingly by instititions large and small to establish data protection policies with the minimum of additional cost.

In Exchange 2013 Micorosoft introduced Document Fingerprinting and Policy Tips in Outlook Web App (OWA) to enhance document control and user education. Document Fingerprinting enables you to match documents that are derived from the same template.

This can be useful for organizations that frequently use standard forms or templates, for instance a law firm that uses a standard template to draft patent applications that it files on behalf of its clients.

Policy tips are designed to notify users in your organization when they are sending sensitive information over email. Policy Tips are similar to MailTips, and you can use them in Outlook in several different ways to help users avoid sending sensitive information in email. For example, you can use Policy Tips to:

  • Inform users of the presence of sensitive information and optionally block the email from being sent.
  • Educate your users through a Notify Policy Tip when sensitive content is present in their emails.
  • Empower your users to make case by case decisions by allowing them to override the sensitive information policy—with the option of including a business justification for the override.
Exchange Email – data leakage & loss protection

Exchange Email – data leakage & loss protection

From October 1st ComStat can provide support to help organisations and users manage data leakage and data protection.

On a large scale, data leakage is a serious issue which finds its way into national headlines. American retailer Target faced enormous losses and serious reputational damage in November 2013 when the company lost 40 million credit card numbers to hackers.

Small businesses may argue they do not face such risks, however small businesses are subject to the same data protection governance for due diligence regarding personal information, and even if a small business does not store credit card numbers electronically, users can still “leak” senstive date to third parties that can come back to haunt businesses.

ComStat network administrators have access to a large array of geographically relevant “policies” which can be established monitor outgoing email for sensitive information like credit card numbers, drivers licenses, passwords, in fact just about anything. On identification of an imminent “leak” users are notified with a number of options:

1. Users can override and permit transit of email, although the event is logged,
2. Sensitive information can be masked by the system,
3. Sensitive information can be delted,
4. Entire emails can be deleted with user notification.

ComStat’s engineers work with businesses with a strategy of using these kinds of tools to educate users of risk while enabling them to conduct their business with minimal obstruction.

In addition to monitoring email textual content, services also extend to identify attachments, which might comprise forms like applications, patents, etc.

Data leakage and data protection issues are difficult to meaasure because the risk of loss is usually hard to quantify until a significant event, by which time businesses can be exposed to substantial threat. As a lowest common denominator, however, businesses have an strict obligation to protect customer and third party personal information, and increasingly free email services like GMail, Yahoo, and Live do not provide tools to manage with the responsibilities European and UK law impose on businesses.

Although these services are aimed primarily at ComStat’s Exchange email users, the same tools are being expanded in 2014 and 2015 to encompass raw data storage like document libraries, spreadsheets, pdf’s, etc.

Please contact us to find out more about how our data protection services can help you.