When was the last time you asked your
employees to carry your company’s handbook containing all the company policies
with them? Do your IT workers know whether a particular email message they’re
sending may violate company policy and run the risk of being noncompliant? Are
they sure whether an email they’re sending contains sensitive information?
Almost every IT worker faces compliance questions like these daily.
DLP Policy Tips inform your workers in
real time. With the DLP Policy Tips in Office 365, admins can inform email
senders that they may be about to pass along sensitive information that is
detected by the company’s policies-before they click Send. This helps your
organization stay compliant and it educates your employees about custom
scenarios based on your organization’s requirements. It accomplishes this by
emphasizing in-context policy evaluation.
Policy Tips not only analyzes email
messages for sensitive content but also determines whether information is
sensitive in the context of communication. That means you can target specific
scenarios that you associate with risk, external communication for example, and
configure custom policy tips for those scenarios. Reading those custom policy
tips in email messages keeps your workers aware of your organization’s
compliance policies and empowers them to act on them, without interrupting
DLP Policy Tips is supported only in
Outlook 2013, but even if your users don’t have the latest version of Outlook,
you are still protected from disclosing sensitive data through back-end
processing. Admins can configure rules and take actions by setting up DLP rules
in the Exchange Administration Center (EAC). This ensures that a single DLP
policy controls both the client and server endpoints, minimizing the admin administrative
How do Policy Tips work? Consider a
real-life scenario. A company has an internal policy to warn its employees any
time they include sensitive information like a credit card number in email
communications. An employee is composing an email to a person, who
works outside her organization. She includes credit card information in
the mail, and immediately a DLP policy tip shows up in the message in Outlook.
When you include sensitive information in
an email message, a DLP policy tip alerts you before you send the message.
At this point the employee can decide to:
send the email message with the credit card information, send the message with
the credit card information and click Report to report a false positive,
or delete the credit card information before sending the message. If she’s
unsure what to do, she can click Learn more to understand her company’s
policy, which her admin may have customized.
Let’s look at another scenario. A company
has recently set up a policy that blocks emails containing multiple credit
cards or that need to be overridden with a business justification. An employee
starts an email message to book the travel for multiple employees in the
company and attaches a document that includes the personal credit card
information of the employees. A different policy tip shows up, highlighting the
new compliance requirement. In Outlook 2013, the attachment that is the cause
of concern is also highlighted, making it easy for her to locate the
information being questioned.
A custom DLP policy tip alerts you about an
attachment that may contain high-count sensitive information.
As these two scenarios show, data loss
prevention empowers end users, making them part of the organization’s
compliance process and ensuring that the business flow is not interrupted or
delayed, because achieving compliance does not get in users’ way. At the same
time, data loss prevention simplifies compliance management for admins, because
it enables them to maintain control easily through the Exchange Administration
Center in the Office 365 admin portal.
Policy Tips are similar to MailTips, and Admins
can configure them to present a brief note in Outlook 2013 that provides
information about your business policies to the person creating a message. Admins
can configure policy tips that will merely warn workers, block their messages,
or even allow them to override your block with a justification. Policy tips can
also be useful for fine-tuning a company’s DLP policy effectiveness, because
they allow end users to easily report false positives. If policy tips are not
available to a user in Outlook, admins can still control compliance behavior by
setting up rules in the Exchange Administration Center. For example, admins can
set up an action to generate incident reports if a particular DLP event occurs.
Such incident reports can help tracks events in real time, because a report is
generated in real time and sent to a designated mailbox, such as the mailbox
for incident manager account.
The figure below shows a sample incident report.
Admins can generate incident reports for
specific DLP events in Office 365.
-gleaned from Office blogs