Over the past fifteen years, we’ve seen a relatively consistent increase in the number of annual data breaches. We’ve also seen an increase in the number of stringent data privacy laws being introduced across the globe, and a failure to comply with these laws may result in large fines being levied against the non-compliant organization.
That said, 2020 has actually seen a decrease in the number of data breaches, which may come as a surprise to some. As increasingly more employees have been working from home due to the ongoing pandemic, we might expect there to be an increase in the number of security incidents as the attack surface widens.
Fortunately, however, companies have been on high alert, and have taken measures to protect themselves from phishing scams, and other forms of attack. Not only that, but increasingly more organizations have started to adopt cloud-based collaboration tools, such as Office 365, which, in many cases, will improve their security posture.
A shift towards a more distributed IT environment will force companies to adopt a more data-centric approach to cyber-security, which actually makes a lot more sense than the traditional perimeter-based approach, given that most data breaches are, in some way or another, the result of negligent or malicious insiders.
However, before we get the champagne out to celebrate the potentially short-lived fall in cyber-crime, we must remain vigilant, and do everything we can to prevent our sensitive data from falling into the wrong hands, and this is where data loss prevention comes into the equation.
What is Data Loss Prevention in Office 365?
In simple terms, the purpose of data loss prevention (DLP) is to prevent the unauthorized sharing of sensitive data. There are numerous DLP solutions on the market that can automatically discover and classify sensitive data and use rules and policies to prevent this data from leaving the network.
For example, if sensitive information is sent to an email address or storage location outside of the company domain, it will be automatically blocked or quarantined. Administrators will be able to review all file shares that were flagged via a centralized dashboard and take further action if necessary.
How does Office 365 Data Loss Prevention work?
The Microsoft 365 compliance center provides users with a number of features that can help them improve their security posture, which includes features dedicated to data loss prevention.
The Office 365 DLP feature allows you to set up rules and policies, which determine what data should be protected, how it should be handled, and who should be notified, were it to be shared in a way that violates the rules and policies.
A DLP policy details the conditions the content must match before the rule is enforced, and the actions that you want the rule to take automatically when content matching the conditions is found. DLP policies can be applied to a wide range of Microsoft products, such as Exchange Online, SharePoint sites, OneDrive accounts, and so on.
The O365 DLP tool can also identify sensitive data on-the-fly, and classify the data accordingly, to help prevent the data from being shared to an unauthorized location.
How to setup O365 Data Loss Prevention
The first thing you need to do is create a set of DLP policies in the Microsoft 365 compliance center. You will need to specify how and where these policies should be applied. You can customize the rules which apply to your data, as you see fit. For example, you can specify how many times a particular piece of information can be shared before an alert is triggered.
You can also customize the tips that are shown to users to help them understand what data they can share, how, and why. Once a policy has been created, it can be either disabled or enabled, thus making it active immediately.
Office 365 Data Loss Prevention Best Practices
Even though this article is centered around Office 365 data loss prevention, the tips below can be applied to any technologies you are using to store and process your sensitive data.
As mentioned previously, Office 365 has features that can automatically identify and classify sensitive data. However, it’s worth noting that there are numerous third-party data classification tools available that may provide additional features.
Such tools are able to automatically scan your documents (and emails) for credit card numbers, Social Security numbers, passport numbers, protected health information, and more. In order to reduce the number of false positives, the O365 DLP tool uses a variety of methods to identify sensitive data. For example, to locate a credit card number, it will use regular expressions to find pattern matches, validate checksums, and examine other related content in an attempt to determine the context of the data.
Remove redundant data
Once you know what data you have, and where it is located, the next step is to remove any data that you don’t really need, as this will help to streamline your DLP strategy.
Restrict access to sensitive data
To ensure that your data loss prevention strategy is effective, it is imperative that you adhere to the principle of least privilege (PoLP), which stipulates that employees must only be granted access to the data they really need to adequately carry out their role.
Monitor access to sensitive data
A crucial part of data loss prevention is the ability to determine who has access to what data and when. You can enable auditing in the Security & Compliance Center with your Microsoft 365 Admin account, which allows you to review a wide range of activities such as uploads to OneDrive or SharePoint Online or user password resets. You can also enable mailbox auditing.
Of course, there are dedicated third-party auditing solutions that will provide features that are not available with the native O365 auditing tools. You may want to consider using a third-party solution if you are using multiple cloud platforms or a hybrid solution, which includes on-premise environments.
How Lepide Helps Prevent Data Loss in Office 365
Unauthorized configuration changes can potentially prevent Office 365 users from performing business-critical tasks, such as using documents on SharePoint Online or sending emails through Exchange Online.
Disruptions like these can result in severe financial losses.
To help prevent this from happening, Lepide Data Security Platform enables you to audit Office 365 to give you full visibility on changes taking place. Lepide is easy to use, scalable, and allows you to overcome all manner of security, operations, and compliance challenges – all from a single console.