An employee accidentally shares a OneDrive folder link instead of document link with a client and that folder contains unprotected, sensitive company files.
A malicious actor gains access to an employee’s Office 365 account and is able to copy confidential files to a cloud storage account.
Unfortunately, the above document compromise, or “data leakage,” incidents happen all too often because companies do not have document security policies in place or don’t have a mechanism to easily enforce them.
In a study of over 4,800 reported data breaches during the first half of 2019, 60% of them were the result of human error.
Companies are creating files and content every day, including emails. Some of them are considered “public,” or okay to be seen by anyone outside the company, while others are “highly confidential” and may have internal restrictions related to viewing, copying, or sharing.
However, without an automated system in place that can apply security policies to documents, it can be very difficult for a company to enforce document-based security.
One way that Office 365 has addressed this issue is through the use of “Sensitivity Labels.” These are labels that can be applied to Word, Excel, and PowerPoint documents, in addition to Outlook emails.
These labels automatically apply designated document security policies to that document, and the policies are “sticky,” meaning they follow the document through the Office 365 platform, and can even be picked up by multiple 3rd party vendors, like Salesforce and Dropbox.
How Do Sensitivity Labels in Office 365 Work?
Sensitivity labels are akin to “tags” that are used to mark your content in Office 365. The system then applies the appropriate security policies to that document which you’ve outlined.
For example, say you set up a sensitivity label called “Internal Only” and designated policies attached to that label to restrict things like copying and sharing outside the organization. Once a document or email is tagged with that label, it cannot be copied, shared, or saved to an external storage medium (like a USB drive.
Let’s go over the steps for using sensitivity labels at your company.
Decide Your Label Classifications
Once you enable sensitivity labels in your Office 365 account, you can set up any labels that you like. They can be set up both for security policies and document handling and for document tracking activities.
Decide on your sensitivity label structure. It may look something like this:
- Public
- Internal Use Only
- Confidential
- Highly Confidential
Apply Policies to Each Sensitivity Label
Next, you’ll want to decide what types of restrictions or other policies that you want each label to extend to documents and emails.
These policies can include things like:
- Encryption of the document/email
- Adding a watermark
- Preventing content from being copied
- Stopping a mobile device from sharing through services like Twitter
- Assigning tracking capabilities
- Preventing data loss
- Allowing only particular users/groups to see content
Add Overall Policies Pertaining to Sensitivity Labels
Administrators can also apply overall polices that can help avoid things like users forgetting to label emails or documents and users changing a sensitivity label to gain copy or sharing access to a document.
Here are some policies that help automate the document protection process:
- Require justification for changing a label
- Require that labels are applied (i.e. a document can’t be saved without a label)
- Apply a default sensitivity label to all documents and emails
- Create a custom help page link that instructs users about sensitivity label classification
- Use a system automated or suggested label that is applied/suggested based upon the document content
How Sensitivity Labels Are Applied
Once sensitivity labels are enabled, users will see a drop down in their Office programs that will allow them to apply a sensitivity label. The label designation will also show up in the bottom bar of the document panel.
Administrators can set default labels, use automated label application based on content, or have users apply labels to documents and emails as they’re created.
Automated labeling can scan keywords that you set up in advance to apply labels based on specific document content. This automated labeling saves time and also helps avoid employees applying a “public” label when an “internal use only” label should be applied.
Who Can Use Sensitivity Labels?
Sensitivity labels are currently available to Microsoft 365 Business or Office 365 Business Premium users that purchase Advanced Threat Protection, and to Enterprise (E3, E5) users of Office 365.
Sensitivity label recognition in SharePoint and OneDrive is also soon to roll out which will allow those platforms to properly handle documents based on those label policies. Sensitivity labels will also soon have the ability to be applied to Microsoft Teams, Office 365 groups, and SharePoint Sites
You can view a video about creating and managing sensitivity labels on Microsoft’s site here.
Get Help Implementing Document Handling in Office 365
Use can use Office 365 “out of the box” or you can have it customized to fit your needs by Connect2Geek and unleash the full power of the platform to save time and money!
Contact us about customizing and securing your Office 365 platform today! Call 208-468-4323 or reach out online.