Protect your Business with Data Loss Prevention, Rights Management, and Multi-factor Authentication.
Fellow Executives,
I have a scary thought for you to consider. As you are reading this note, you could have a disgruntled sales employee who is gathering all the emails that were sent to him/her with client information: names, contacts, sales information, purchase history, how much they bought and what they paid for it, etc. He/She is just checking their inbox for this type of information that has been sent over the years in different spreadsheets, PowerPoints, attachments, etc. He/She is then forwarding this information to someone outside of your company’s email domain! Are you aware if this is happening? What has your team done to prevent future occurrences? Does this scare you? If it doesn’t, then you are part of a select few of my peers who it doesn’t scare.
The point of the previous paragraph is to point out that there are challenges that we as leaders need to address with group policies. IT can help enforce this, but it’s our job to work with our leadership teams to develop these group policies. For example, what should Accounting be allowed to send outside the four walls of your company and what shouldn’t they send? What about Sales, R&D, Operations, Services, HR, etc.? This is no small feat; but one that must be done in order to protect your valuable assets. After you figure out what you don’t want to share with the outside world, the next step is to determine how to control it from being “leaked”. That is where your IT team comes in. Below are a few basic technologies to help you protect your business that are available today in Microsoft’s popular Office 365 suite of services.
DLP- Data Loss Prevention - DLP is increasingly important for enterprise message systems, because business-critical email often includes sensitive data that needs to be protected. Worrying about whether financial information, personally identifiable information (PII), or intellectual property data might be accidently sent to unauthorized users can keep a Chief Security Officer (CSO) up all night. The trick is determining how to set these policies up without bringing productivity to a standstill. The good news is that Microsoft’s Office 365 can set up standard template polices that cover many regulatory requirements such as: PCI-DSS data, Gramm-Leach-Bliley Act data, or even locale-specific personally identifiable information (PII). DLP is accomplished through what is called “transport rules” in Exchange. The new transport rules include a significant new approach to detecting sensitive information that can be incorporated into mail flow processing. This new DLP feature performs deep content analysis through keyword matches, dictionary matches, regular expression evaluation, internal functions such as validate checksum on credit card numbers, and other content examination to detect specific content types within the message body or attachments. While this seems a little complex, MessageOps DLP professionals can help you through this without much cost or time. Microsoft also offers “Policy Tips” for your employees within their email to notify them that they are sending something outside the policy that was determined by the company.
Rights Management - So now you setup your DLP policies, but what if something was sent out that wasn’t supposed to be? Whether on purpose or not, what happens then? That’s where Rights Management comes in. When a document is being shared in this manner, the user’s access rights to the document are validated each time the document is opened. If an employee leaves an organization or if a document is accidentally sent to the wrong individual, the company’s data is protected because there is no way for the recipient to open the file. Basically, this can be accomplished by asking the recipient to enter a password to open up the attachment. If the person doesn’t know the password, they can’t open the attachment.
Multi-factor Authentication – Ok, now you set up your DLP policies and you implemented Rights Management, but what happens if a person loses his phone, laptop, Surface or tablet. Let’s say the person who found the lost or stolen device figures out your password to your Office 365 cloud package. Multi-factor Authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their Smart phone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.
So there you have it: 3 steps to help you protect your business and valuable assets, keep you out of trouble, and help you sleep better. The great news is that these steps can be implemented and it will not hinder your teams productivity. So how much is this offering? For those of you who are on Office 365, much of the above comes with the suite, and the services to implement the features are very affordable.