Data Loss Prevention (DLP)
DLP Overview
To protect sensitive data from being erroneously sent or shared externally, Office 365 Data Loss Prevention (DLP) has been implemented for Alliant Email and OneDrive.
DLP will scan all email and documents sent or shared for sensitive information. If sensitive information is found, users will be presented a warning and be blocked from trying to Email or share OneDrive documents externally. Users will be able to override the warning and still be able to send, as long as a valid business justification is entered. SharePoint data is not available for external sharing.
Sensitive Email that is sent outside of Alliant, will also be encrypted automatically by the system. Sensitive data includes any Email or associated document attachment which contains a Social Security Number, Credit Card, HIPAA, CNS ID, UltiPro ID or other information deemed sensitive by Alliant Compliance and the IT Information Security Management System (ISMS)Team.
To protect sensitive data from being erroneously sent or shared externally, Office 365 Data Loss Prevention (DLP) has been implemented for Alliant Email and OneDrive.
DLP will scan all email and documents sent or shared for sensitive information. If sensitive information is found, users will be presented a warning and be blocked from trying to Email or share OneDrive documents externally. Users will be able to override the warning and still be able to send, as long as a valid business justification is entered. SharePoint data is not available for external sharing.
Sensitive Email that is sent outside of Alliant, will also be encrypted automatically by the system. Sensitive data includes any Email or associated document attachment which contains a Social Security Number, Credit Card, HIPAA, CNS ID, UltiPro ID or other information deemed sensitive by Alliant Compliance and the IT Information Security Management System (ISMS)Team.
DLP Example - Outlook Desktop Client
When using Microsoft Outlook to send an Email that contains sensitive information, a "Policy Tip" will appear on the top the Email to indicate that that the message appears to contain sensitive information. This message will appear when information that has characteristics associated with sensitive data (e.g. SSN, credit card, banking, student ID, etc.) is typed into the body of the message or if a message attachment contains sensitive information. The user can then select “override” to send the message after providing a business justification, or confirm the message does not contain sensitive information.
When using Microsoft Outlook to send an Email that contains sensitive information, a "Policy Tip" will appear on the top the Email to indicate that that the message appears to contain sensitive information. This message will appear when information that has characteristics associated with sensitive data (e.g. SSN, credit card, banking, student ID, etc.) is typed into the body of the message or if a message attachment contains sensitive information. The user can then select “override” to send the message after providing a business justification, or confirm the message does not contain sensitive information.
If the user selects Send without following the Override steps, the message is blocked and the message below will be displayed:
When the override link is selected, the dialog box below will be displayed. If the user determines that the email should be allowed, then they must enter a business justification in the "Enter explanation here" field, and then select Override. If the user believes the message was blocked in error (false positive) and there is no sensitive data included they can select “This message does not contain sensitive information”, and then select Override.
After Override is selected, the policy tip will change to indicate that the user has chosen to send the message, even though the message appears to contain sensitive information. If "I have a business justification" is selected, the message in the first example below displays. If "This message doesn't contain sensitive information" is selected, the message in the second example below displays. The user can then select Send .
When a message is sent with sensitive information, and therefore require the "I have a business justification" option to be selected, the sender will receive an Email notification from Secure Email to indicate a message was sent that contains sensitive information. The System Administrator will also receive a similar email to notify them that sensitive information was sent. The system will automatically encrypt the message.
DLP Example - Outlook Web App
When using Microsoft Outlook Web App to send an Email that contains sensitive information, a "Policy Tip" will appear on the top the Email to indicate that that the message appears to contain sensitive information. This message will appear when information that has characteristics associated with sensitive data (e.g. SSN, credit card, banking, student ID, etc.) is typed into the body of the message or if a message attachment contains sensitive information. The user can then select “Show details” to send the message after providing a business justification, or confirm the message does not contain sensitive information.
When using Microsoft Outlook Web App to send an Email that contains sensitive information, a "Policy Tip" will appear on the top the Email to indicate that that the message appears to contain sensitive information. This message will appear when information that has characteristics associated with sensitive data (e.g. SSN, credit card, banking, student ID, etc.) is typed into the body of the message or if a message attachment contains sensitive information. The user can then select “Show details” to send the message after providing a business justification, or confirm the message does not contain sensitive information.
If the user selects Send without following the Override steps, the message is blocked and the message below will be displayed:
When the override link is selected, the dialog box below will be displayed. If the user determines that the email should be allowed, then they must enter a business justification in the "Enter explanation here" field, and then select Override. If the user believes the message was blocked in error (false positive) and there is no sensitive data included, they can select “This message does not contain sensitive information”, and then select Override.
After Override is selected, the policy tip will change to indicate that the user has chosen to send the message even though the message appears to contain sensitive information. If "I have a business justification" is selected, the message in the first example below displays. If "This message doesn't contain sensitive information" is selected, the message in the second example below displays. The user can then select Send.
When a message is sent with sensitive information, and therefore require the "I have a business justification" option to be selected, the sender will receive an Email notification from Secure Email to indicate a message was sent that contains sensitive information. The System Administrator will also receive a similar email to notify them that sensitive information was sent. The system will automatically encrypt the message.