While most organisations take measures to prevent and protect against external cyber-attacks, many don’t protect themselves against accidental leaks by their internal staff.
Accidental disclosure is the unintentional release or sharing of sensitive information. In Australia, human error was the cause of 32% of reported data breaches in the last half of 2019.
Sending private information to the wrong person can put an organisation’s reputation on the line and have a dramatic effect on the disclosed party. Under Australia’s Privacy Laws, businesses need to have security measures in place to protect personal data from being leaked unintentionally.
How does an accidental data breach occur?
It’s often a staff member sending an email to the wrong person or inadvertently attaching a document that contains sensitive information. It could also be sending Personally Identifiable Information like Tax File Numbers, Credit Card numbers or Medical information over insecure channels.
What steps can I take to prevent accidental data leakage?
It may be obvious, but it starts with user education.
Document your best-practices and train users on what types of information they can share outside of the organisation.
But what can we configure to make sure we detect and catch any mistakes before they go out?
Microsoft has tools that can prevent sensitive information from being sent unintentionally. Here is a brief list of each tool and what they can do:
Communication Compliance is the latest addition to Microsoft’s insider-risk toolset. Communication Compliance helps you detect, capture and take remediation actions when your team sends inappropriate messages.
So what’s an inappropriate message? It can be something that goes against HR policies, like the sending of harassment, inappropriate or offensive language. It can also detect adult, racy or gory images. You can use pre-configured templates to identify sensitive information types or create a custom policy that can detect references to confidential internal projects.
Once a message is detected, communication compliance triggers an alert for investigation and remediation.
Data Loss Prevention
While communication compliance can monitor messages for inappropriate or sensitive information, data loss prevention policies can prevent them from being sent. Data-loss Prevention policies allow you to block, or impose conditions on the sharing of sensitive information.
With DLP, you can specify types of content that cannot leave your organisation. Sensitive info types include credit card information, tax file numbers, drivers license information and more. Microsoft 365 scans the content of your email, attachments and shared files and can either notify you or prevent it from being sent.
Office 365 message encryption
You can encrypt email and attachments to ensure that only the intended recipients can view their contents. You can also prevent recipients from forwarding, saving, copying or printing your email and attachments. Encryption can be applied by default to all messages, enabled manually by users, or automatically based on the type of information you’re sharing.
Your files can be labelled according to their sensitivity level, and policies can be applied relating to these levels. By appropriately labelling files and emails, you can ensure that your most sensitive information is only accessible by trusted recipients no matter where it ends up.
You don’t have to rely on a user labelling content based on an arbitrary choice. Automated file labelling scans the content of your file and applies a sensitivity label based on its content.
Use built-in external sharing alerts
Configure built-in alerts for external sharing. Alerts in Microsoft 365 can notify you each time a user shares information externally, or when an unusual volume of external sharing occurs.
Microsoft Cloud App Security
Cloud App Security can detect suspicious activities across Microsoft 365 and third-party cloud apps. For example, it can let you know if someone performs a mass delete or download of your information from SharePoint, OneDrive, Dropbox Business, Google Drive or Box.
Cloud App Security also provides detailed reports and insights into how your information is shared externally.
Share files via cloud storage
A better way to share data is via cloud storage rather than email attachments. Using cloud storage, you can create links to files, set access control and timed expiry – as well as revoke access. You can also view audit logs of file access to understand who is viewing your information. Sending files as attachments is a less secure way of sharing data – if you have to use it, you should ensure your encrypting messages with file attachments or using sensitive labels to protect them.
Need help protecting your sensitive data?
Naturally, there is significant consideration and configuration to apply these settings and privacy controls for your organisation. At GCITS, we have experience in cloud environments with complex security requirements. We have developed a typical security profile based on the Australian businesses that we most often service.
We can deploy these security solutions with minimal disruption. Your team can work with unimpeded access to clients, suppliers and teammates knowing that automated safety nets are in place.