How do I prevent staff accidentally sending personal information outside the organisation?

, ,


While most organisations take measures to prevent and protect against external cyber-attacks, many don’t protect themselves against accidental leaks by their internal staff.

Accidental disclosure is the unintentional release or sharing of sensitive information. In Australia, human error was the cause of 32% of reported data breaches in the last half of 2019.

Causes of Australian Data Breaches December 2019

Sending private information to the wrong person can put an organisation’s reputation on the line and have a dramatic effect on the disclosed party. Under Australia’s Privacy Laws, businesses need to have security measures in place to protect personal data from being leaked unintentionally.

How does an accidental data breach occur?

It’s often a staff member sending an email to the wrong person or inadvertently attaching a document that contains sensitive information. It could also be sending Personally Identifiable Information like Tax File Numbers, Credit Card numbers or Medical information over insecure channels.

What steps can I take to prevent accidental data leakage?

It may be obvious, but it starts with user education.

Document your best-practices and train users on what types of information they can share outside of the organisation.

But what can we configure to make sure we detect and catch any mistakes before they go out?

Microsoft has tools that can prevent sensitive information from being sent unintentionally. Here is a brief list of each tool and what they can do:

Communication Compliance

Communication Compliance Alerts On Sensitive Info Types

Communication Compliance is the latest addition to Microsoft’s insider-risk toolset. Communication Compliance helps you detect, capture and take remediation actions when your team sends inappropriate messages.

So what’s an inappropriate message? It can be something that goes against HR policies, like the sending of harassment, inappropriate or offensive language. It can also detect adult, racy or gory images. You can use pre-configured templates to identify sensitive information types or create a custom policy that can detect references to confidential internal projects.

Once a message is detected, communication compliance triggers an alert for investigation and remediation.

Data Loss Prevention

Data Loss Prevention Policies To Stop External Sharing Of Sensitive Info

While communication compliance can monitor messages for inappropriate or sensitive information, data loss prevention policies can prevent them from being sent. Data-loss Prevention policies allow you to block, or impose conditions on the sharing of sensitive information.

With DLP, you can specify types of content that cannot leave your organisation. Sensitive info types include credit card information, tax file numbers, drivers license information and more. Microsoft 365 scans the content of your email, attachments and shared files and can either notify you or prevent it from being sent.

Office 365 message encryption

Office 365 Message Encryption

You can encrypt email and attachments to ensure that only the intended recipients can view their contents. You can also prevent recipients from forwarding, saving, copying or printing your email and attachments. Encryption can be applied by default to all messages, enabled manually by users, or automatically based on the type of information you’re sharing.

Sensitivity labels

Label Files And Emails With Sensitivity Labels In Microsoft 365

Your files can be labelled according to their sensitivity level, and policies can be applied relating to these levels. By appropriately labelling files and emails, you can ensure that your most sensitive information is only accessible by trusted recipients no matter where it ends up.

Use Auto-Labeling In Microsoft 365 Based On Sensitive Info Types

You don’t have to rely on a user labelling content based on an arbitrary choice. Automated file labelling scans the content of your file and applies a sensitivity label based on its content.

Use built-in external sharing alerts

Configure External Sharing Alerts in Microsoft 365

Configure built-in alerts for external sharing. Alerts in Microsoft 365 can notify you each time a user shares information externally, or when an unusual volume of external sharing occurs.

Microsoft Cloud App Security

Configure Microsoft Cloud App Security

Cloud App Security can detect suspicious activities across Microsoft 365 and third-party cloud apps. For example, it can let you know if someone performs a mass delete or download of your information from SharePoint, OneDrive, Dropbox Business, Google Drive or Box.

External Sharing Insights in Cloud App Security

Cloud App Security also provides detailed reports and insights into how your information is shared externally.

Share files via cloud storage

Share Files Via Cloud Storage To Prevent Accidental Leaks

A better way to share data is via cloud storage rather than email attachments. Using cloud storage, you can create links to files, set access control and timed expiry – as well as revoke access. You can also view audit logs of file access to understand who is viewing your information. Sending files as attachments is a less secure way of sharing data – if you have to use it, you should ensure your encrypting messages with file attachments or using sensitive labels to protect them.

Need help protecting your sensitive data?

Naturally, there is significant consideration and configuration to apply these settings and privacy controls for your organisation. At GCITS, we have experience in cloud environments with complex security requirements. We have developed a typical security profile based on the Australian businesses that we most often service.

We can deploy these security solutions with minimal disruption. Your team can work with unimpeded access to clients, suppliers and teammates knowing that automated safety nets are in place.

  • This field is for validation purposes and should be left unchanged.
/0 Comments/by

A new SharePoint-powered files experience is coming to Microsoft Teams

, , ,

This update will bring extra document management capabilities from SharePoint into Microsoft Teams.

The current Microsoft Teams files experience

The document storage and collaboration functionality in Microsoft Teams is built on SharePoint. Every Microsoft Team is also an Office 365 Group, and each team has a group-connected SharePoint site which stores all the files shared amongst the team.

You can already reach this site from the files tab of your Microsoft Teams channels, however the experience within Teams is a bit limited.

Microsoft Teams Open In SharePoint

An updated Document Library experience in Microsoft Teams

This update brings the full functionality of a SharePoint Document Library into Microsoft Teams. With the ability to add and manage custom columns, sort and filter files with custom views, trigger workflows and much more.

Sync files from Microsoft Teams with your PC or Mac

This is the standout feature in this update. The ability to sync files with a PC or Mac will be available from within Microsoft teams. At Ignite this year, Microsoft demonstrated the new interface during the Content Collaboration in the Modern Workplace – BRK2451 session.

This screen capture demonstrates custom columns, views and formatting, as well as the new sync button within Microsoft Teams.

The roadmap update for this feature listed a general availability date of Q3 of calendar year 2018, so it should be rolling out any minute now.

For more info on this feature, see the Content Collaboration in the Modern Workplace session from Microsoft Ignite.

/0 Comments/by

Office 365 ATP can now be integrated into your SIEM

, , ,

Office 365 Advanced Threat protection and Office 365 threat intelligence logs can now be integrated into your SIEM solution.

Threats discovered by these services can be made available on the audit.general workload of the Office 365 Management APIs.

What are the Office 365 Management APIs?

The Office 365 Management APIs are essentially the API version of the Office 365 Unified Audit Log

To get your Office 365 ATP info into your SIEM, you’ll need to have the Unified Audit Log enabled for your tenant. Unfortunately, it’s not enabled by default.

How to enable the Office 365 Unified Audit Log

The Office 365 Unified Audit Log is an important and useful tool which can help you secure your Microsoft Cloud environment. If you’re a Microsoft Partner, we have a longer article on enabling this for your customers’ tenants here, but to enable it for a single tenant, you have two options.

Enable the Office 365 Unified Audit Log via the Security and Compliance Center

  1. You can log into the Security and Compliance Center at protection.office.com as a global or security administrator.
  2. You’ll find the setting under Search and Investigation, Audit Log Search.
  3. If the audit log isn’t enabled, click Start recording user and admin activities

Enable the Office 365 Unified Audit Log via Powershell

  1. Connect to Exchange Online via Powershell
  2. Type: Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Connect your SIEM to the Office 365 Management APIs

Once the audit log is enabled, threats discovered by Office 365 ATP and Threat Intelligence will be available on the audit.general endpoint of the Office 365 Management API. For more information on setting this up, see the official Microsoft documentation here.

/0 Comments/by