DLP

Data Loss Prevention Polices Business' should have for ISO 27001 certification

Obtaining an ISO Certification means companies need to have Polices written to and abided for in regards to Data Access and Prevention of Data Loss

Information Classification, Labelling and Handling

Development of a policy that defines the data companies own and use (both in motion and at rest) and guidelines on effective and secure handling and communication of said data.

Data Access Management

Development of a data access management policy to ensure that users only gain access to the data they need to perform their work function.

User additions, changes & removal

Policy & associated process to ensure starters and leavers are processed properly and all security considerations are taken care of.

Report to show access by user. Regular reviews of access and passwords.

Report to be delivered on a quarterly basis to Mark for review with the business.

Reponse IT work with business to make sure their technology stack can Audit and report on all of these as well as helping you write your internal IT Policy

Microsoft 365 Business - Free Upgrades

As Of May 1st 2017 the Office 365 License "Microsoft 365 Business" got some serious Upgrades

The full final list can be seen here

Exchange Online Archiving ( Unlimited Mailbox Size ) 

Azure Information Protection (AIP) Plan 1

Data Loss Prevention

Enterprise State Roaming

In-Place Hold and Litigation Hold

Microsoft Stream

Advanced Threat Protection (ATP)

 

Why you still might need an E3 License instead of Microsoft 365 Business

DLP : Data Loss Prevention

Recently I got shown the product Tessian

A nice piece of software that stops the following using clever AI : 

  • Internal parties emailing confidential documents out to themselves or to third parties by mistake
  • Data being passed between internal ethical walls
  • Miss addressed or mistaken emails
    .....with also other customizable filters defined by the customer.

This is a fancy version of the DLP you get with Office 365 with an E3 or E5 License ( but only applies to emails instead of your business Apps suite ) 

Office 365 Data Loss Prevention

Data Loss Prevention is especially evermore important now the rules have come in about GDPR

Where companies must now legally report on any EU customer data loss. It's much better to prevent this happening in the first place using restriction rather than report on it later! You can always release emails but you can never bring them back!

Office 365 comes with all the Sensitive information types you need to be wary of leaking:

Its not just Office 365 this comes with, you can actually enforce this with Exchange 2013 SP1 and Upwards

Data Loss Costs

The EU will be handing down fines to companies who do not comply with GDPR on top of that you will need to factor in internal costs to your company

  • Loss of clients due to their data being breached
  • Legal costs to business for insurance claims of loss of earnings
  • Loss to the business if important information such as Client Lists or information gets taken by an ex collegue