The documents that an office generates each day can vary from a new sales flyer to a report on an upcoming product from R&D. While some content can be seen by anyone inside or outside your organization, other content might be considered classified and only for certain eyes inside your organization to see.
So, what do you do when all files are being stored in a general company OneDrive account within Office 365 together? How do you make sure someone can’t share a sensitive file with the wrong person or even know that the document is sensitive?
Not having a way to classify and manage content on a document level can lead to data leakage.
Data leakage is different from a data breach. A data breach generally involves someone outside your organization (like a hacker) gaining access or breaching your system through an email phishing attack or other method.
Data leakage is the inadvertent disclosure (leaking) of information to those not authorized to see it due to unsecure devices or mishandling of information. For example, a salesperson accidentally sending a link to an R&D document about a not-yet released product to a lead.
Approximately 52.9% of data leaks are caused by employees.
A mechanism that Microsoft has added into Office 365 to help businesses prevent data leakage and properly classify their documents are Sensitivity Labels.
Sensitivity Labels Explained
Office 365 Sensitivity Labels are a security classification that you apply to a document that will then allow security policies to be applied to the document automatically.
Sensitivity Labels will follow a document or email wherever it goes, including when shared between devices, applications, and cloud services.
Sensitivity Labels can be applied manually to a document by the user or an administrator and can also be applied automatically upon document creation based upon keywords you’ve specified.
To use Sensitivity Labels, you need one of the following licenses:
- Microsoft 365 E3 or higher
- Office 365 E3 or higher
- Azure Information Protection Premium P1 or higher
For access to automatic and recommended Sensitivity Labels, you need one of these subscriptions:
- Microsoft 365 E5 or higher
- Office 365 E5 or higher
- Azure Information Protection Premium P2
Sensitivity Labels can be customized per your organization when they’re turned on, for example, you might use designations such as: Public, Company Only, Classified, Restricted.
How to Use Sensitivity Labels Effectively
Initially, you’ll want to decide upon the types of restrictions you may need to enforce on documents, such as restricting the ability to share, restricting copying or deletion, etc.
Once your levels of sensitivity and the restrictions on each level are in place, the system safeguards your documents automatically according to the policies you’ve added – this includes both sensitive documents created in Word, Excel, and PowerPoint and Outlook email messages.
Here are some ways you can implement Sensitive Labels to increase your data and information security.
Apply Encryption to Sensitive Emails
Data is often leaked inadvertently when being sent via email. If an employee is on a public Wi-Fi and sending customer payment card details back to the office for an order, it could easily be intercepted by a hacker on the same unsecure network.
You can designate emails with a certain Sensitivity Label to apply encryption when they’re sent, safeguarding sensitive communications.
Restrict Email Forwarding or Copy/Paste of Information
Say an internal email has been sent containing confidential information about an upcoming internal reorganization. How do you keep that information from being forwarded or copied to someone that shouldn’t know?
Using Sensitivity Labels, you could label the content “Company Only” and add a restriction that won’t allow any emails with that label to be copied from or forwarded.
Restrict Reading, Editing and Printing of Documents
Sensitivity Labels allow you to restrict what can be done with documents depending upon their label. For example, you could restrict anyone from outside the accounting department from editing or printing a profit report that they originate.
You can also add an encryption setting that designates which entities can read certain documents that may be stored in a companywide OneDrive account.
Add a Watermark to Sensitive Information
If you want to make sure no one misses the classification of a document, you can set a policy on your Sensitivity Labels that adds a watermark that designates the security level of a document and any additional notes, such as “Copying or sharing is forbidden.”
Time-Limit Access to Documents
If you’re sending out information to a client that is time sensitive, such as offering them a discounted price for a limited period of time, you can block access to that pricing document after a certain date.
Sensitivity Label policies allow you to set an access expiration based upon a specific date or number of days after the label was applied. Once the time has expired, users will no longer be able to access the labeled document.
Let Technology Visionaries Help You Harness the Power of Office 365
We find that some businesses in New Jersey are using Office 365 but only utilizing a fraction of its capabilities. Let Technology Visionaries help you get the most out of the cloud subscriptions that you’re paying for.
Schedule a free cloud consultation today by calling us at 732-587-5960 or using our contact form.
