A person holding a video game controller in their hand

Email Data Loss Prevention (DLP) in Office 365: Secure your company’s confidential email data

BLOG

Email Data Loss Prevention (DLP) in Office 365: Secure your company’s confidential email data

A person holding a video game controller in their hand

Email communication is right at the heart of today’s fast-paced work environment.

For most organizations, email is the fundamental tool for information exchange – both within the company and to the outside world. In fact, business email accounts for well beyond 100 billion emails sent and received every single day worldwide.

Email communication has its flipside, though. The vast number of email exchanges involve the increased danger of accidental leakage of confidential data – almost always with disastrous, costly consequences. Data exfiltration can occur in many ways, including but not limited to the following: 

  • Cybersecurity gaps 
  • Email phishing attacks 
  • Malware 
  • Ransomware 
  • Business Email Compromise (BEC) 
  • Deliberate cyberattacks by competitors 
  • Insider threats and human error (i.e., unintentional data leaks)
  • Outdated DLP software, email security solutions, and ineffective security policies

Mostly, these data breaches aren’t the result of sneaky hackers subverting data security measures, but simply stem from unintentional oversights by well-meaning employees.

Agonizing over whether sensitive content – be it financial data (i.e., credit card numbers, bank account details, etc.), personally identifiable information or intellectual property – might be sent via email messages to unauthorized endpoint recipients outside the organization, by accident, can keep CSOs and IT admins up all night.

Microsoft Office 365 and Exchange provide email Data Loss Prevention (DLP) tools to help you safeguard confidential information and identify data leakage in outgoing email conversations.

Have a look at how it works.

In this article

    What is a DLP policy?

    Microsoft released their first set of DLP tools for SharePoint Online and OneDrive in 2013, later adding capabilities for Exchange and Exchange Online. These facilities are managed in the Exchange Administration Center (EAC), which can be accessed through the Office 365 Administration Portal.

    In simple terms, a DLP policy allows you to identify, monitor and protect confidential information (including social security numbers, HIPAA-protected data, and other types of personal data protected by the GDPR and similar policies) across Office 365 based on a set of what is called ‘transport rules’.

    Incorporated into Exchange mail processing workflows, these rules detect sensitive data in the message body or in email attachments through keyword and dictionary matches, regular expression evaluation, machine learning, and further deep content review.

    Educate employees in real time with DLP Policy Tips

    Think about the human layer for a moment – can you be certain your employees are aware of whether the email they are about to send may violate your organization’s data protection and compliance policy? Do they know if it contains sensitive content that ought to stay within the company?

    When it comes to the protection of sensitive information, it is not enough to merely identify confidential content. You need to decide which actions to take in the event that your DLP policy is infringed.

    That’s where one of the major Office 365 customer compliance control features comes into play: DLP Policy Tips.

    How do DLP Policy Tips work?

    In essence, a Policy Tip is a warning that appears every time your employees are working with information that conflicts with your DLP policy.

    Policy Tips are similar to MailTips – you can configure them to present a brief note in Outlook, notifying your employees before sending an outbound email that they may be about to pass along sensitive data in the message body or in attachments. You can also provide key information about your compliance policy, thereby raising awareness and empowering your employees to act upon it.
    For each rule in your DLP policy, you can configure Policy Tips to:

    • Alert employees that the content conflicts with your compliance policy, requesting them to take action and resolve the conflict.
    • Allow employees with certain permissions to override the DLP policy.

    Optionally, you can:

    • Prompt employees composing the message to enter a justification for overriding the DLP policy. This information is logged in the DLP reports in the Security & Compliance Center.
    • Allow employees to report a false positive and override the DLP policy. Again, this information is logged for reporting, opening up the option to use false positives to fine-tune your rules.

    How to get started with DLP policies?

    You can start using DLP in one of these three ways:

    1. Out-of-the-box templates supplied by Microsoft. The quickest way to get started with DLP is to utilize Microsoft-supplied DLP policy templates, which allow you to jump right into the process without having to build a new set of rules from scratch.
    2. Pre-built policy templates from outside your organization. Besides ready-to-use policy templates available from Microsoft, you can import templates from independent software vendors. Using pre-built policy templates from outside your messaging environment allows you to extend the DLP solution to suit your organization’s needs best.
    3. Custom policy without any pre-existing conditions. In case your organization has its own requirements for monitoring specific types of data existing within a messaging system, you can create a custom DLP policy to check and act on your own unique message data.

    As you start to plan DLP for your Exchange domain, you can create policies that are enabled in test mode only, allowing you to look into how they perform without affecting your employees. Once you have activated your policies, you can use reporting and monitoring tools to check how they are invoked throughout your organization.