Protection Through Data Loss Prevention
All businesses have sensitive information under their control. Your sensitive business data could contain financials. Or proprietary data, credit card numbers, health records, and social security numbers.
To protect sensitive data and reduce risk, your business needs a way to prevent users from sharing it with people who shouldn't have it. This practice is data loss prevention (DLP). The term Data loss prevention (DLP) refers to a set of software tools and processes. These tools protect sensitive data. And ensure that it is not lost, misused, or accessed by unauthorized users.
A certified IT partner can help. Microsoft 365 delivers data loss prevention by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:
- Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive.
- Office applications such as Word, Excel, and PowerPoint
- Windows 10 endpoints
- Non-Microsoft cloud apps
- On-premises file shares and on-premises SharePoint.
Microsoft 365 detects sensitive items by using deep content analysis, not by a simple text scan. DLP uses machine learning algorithms and other methods to detect content that matches your DLP policies.
Graphic provided by Crazy Egg
Protective actions of DLP policies
Microsoft 365 DLP policies track the activities that users take on sensitive items. As well as sensitive items in transit, or sensitive items in use and take protective actions.
When a user attempts to take action that breaks the policy, DLP can take action at the moment.
As an example, if a user was copying a sensitive item to an unapproved location. Or sharing medical information in an email or other conditions laid out in a policy, DLP can:
- show a pop-up policy tip to the user that warns them that they may be trying to share a sensitive item.
- block the sharing and, via a policy tip, allow the user to override the block and capture the users' justification.
- block the sharing without the override option
- for data at rest, sensitive items can be locked and moved to a secure quarantine location for Teams chat, the sensitive information will not be displayed
Planning for DLP
The adoption of DLP may require a change to your business processes. and there will be a culture shift for your users if your team is new to data loss prevention practices.
Technology planning for DLP
DLP can track and protect your data at rest. And while the data is in use. As well as data in motion across all Microsoft 365 services. Including Windows 10 devices, on-premises file shares, and on-premises SharePoint. The leadership team will need to consider the type of data you want to monitor and protect, and the actions to be taken when a policy breach occurs.