Virtual work means that work happens anywhere, Corporate information is accessed from home offices, smartphones, and tablets. How do you protect this information?
-
Encrypt sensitive information to protect it wherever it may go
-
Stop staff and contractors from sharing, downloading, or printing sensitive information
-
Stop staff from emailing sensitive information to internal or external parties
-
Stop disgruntled employees or contractors trying to steal company information
-
Stop staff from accessing sensitive information from high-risk areas
Below are some of the Microsoft tools available for you.
Data Protection
To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:
Sensitivity labels – A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization.
Azure Information Protection unified labeling client – For Windows computers, extends sensitivity labels for additional features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell
Double Key Encryption – Under all circumstances, only you can ever decrypt protected content, or for regulatory requirements, you must hold encryption keys within a geographical boundary
Office 365 Message Encryption (OME) – Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information
Service encryption with Customer Key – Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters
SharePoint Information Rights Management (IRM) – Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify
Rights Management connector – Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI)
Azure Information Protection unified labeling scanner – Discovers, labels, and protects sensitive information that resides in data stores that are on-premises
Microsoft Cloud App Security (MCAS) – Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud
Microsoft Information Protection SDK – Extends sensitivity labels to third-party apps and services
Data Loss Prevention
To help prevent accidental oversharing of sensitive information, use the following capabilities:
Data Loss Prevention (DLP) – Helps prevent unintentional sharing of sensitive items (Sensitive Information Types)
Insider Risk Management
Many risks are driven by internal events and user activities that can be minimized and avoided.
-
Leaks of sensitive data and data spillage
-
Confidentiality violations
-
Intellectual property (IP) theft
-
Fraud
-
Insider trading
-
Regulatory compliance violations
Insider risk management is centered around the following principles:
-
Transparency: Balance user privacy versus organization risk with privacy-by-design architecture.
-
Configurable: Configurable policies based on industry, geographical, and business groups.
-
Integrated: Integrated workflow across Microsoft 365 compliance solutions.
-
Actionable: Provides insights to enable user notifications, data investigations, and user investigations.
You can select from the following policy templates to quickly get started with insider risk management:
-
Data theft by departing users
-
General data leaks
-
Data leaks by priority users (preview)
-
Data leaks by disgruntled users (preview)
-
General security policy violations (preview)
-
Security policy violations by departing users (preview)
-
Security policy violations by priority users (preview)
-
Security policy violations by disgruntled users (preview)
-
Offensive language in the email
This table shows triggering events for the policies and prerequisites.
Communication Compliance
Communication compliance is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. Pre-defined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers.
Features include:
-
Prebuilt customizable templates and machine learning
-
Flexible remediation workflows
-
Actionable insights
Information Barriers
Information Barriers restrict communication and collaboration between two internal groups to avoid a conflict of interest. In Microsoft Teams, information barrier policies determine and prevent the following kinds of unauthorized communications:
-
Searching for a user
-
Adding a member to a team
-
Starting a chat session with someone
-
Starting a group chat
-
Inviting someone to join a meeting
-
Sharing a screen
-
Placing a call
-
Sharing a file with another user
-
Access to file through sharing the link
Next Step
A 30-day Infotechtion proof-of-concept for Microsoft Information Protection allows you to test:
-
Manual and automatic classification and protection of sensitive data
-
Warn users in real-time when trying to share sensitive data internally or externally
-
Stop sensitive data from being downloaded or shared externally
-
Stop users from accessing sensitive information from high-risk areas
Visit Infotechtion proof-of-concept for more information.