Data Loss Prevention in Microsoft Exchange - Get to Work on that, Boromir [New eBook]

If your unified communications strategy includes email security, take a page out of Boromir’s book and remember that the Ring, like email, wields incredible power for whoever wears it.

  • The Ring can make people invisible. Email can make them think (and behave) as if they’re invisible.
  • It can bind other, lesser ring-wearers to you (kinda like those emails from people in your organization trying to get you to do their work).
  • Most important, it can imbue its wearer with amazingly destructive powers. Ask anybody who has ever bungled a To: address and sent the right thing to the wrong person.

Email Security is Too Important to Leave to Chance

Email, like the Ring, can wreak havoc on your organization’s reputation, compliance record and legal landscape.

In fact, email is the biggest risk in your organization! Why?

  • 71% of IT managers consider email mission-critical, and another 28% consider it very important to doing business (Dimensional Research).
  • 81% of these same folks say that corporate email is THE MOST IMPORTANT tool for communication (same survey)
  • People send the craziest stuff in email!

Let me repeat: People send the craziest stuff in email! Oh, like . . .

  • Lord of the Rings and cat memes (ahem)
  • angry, who-stole-my-lunch messages to colleagues
  • personally identifiable health information 
  • credit card information 
  • protected employee data 

. . . and many other types of sensitive information (see tomorrow’s news cycle for more examples).

Opportunity Makes a Thief . . .

Some say opportunity makes a thief. For UPMC, the misdirected email released the personal information of 722 members. The ATF official had access to the data and for allegedly nefarious reasons sent that data to his personal email address, most likely from his work address. And some of the recipients of the master gift card spreadsheet from Woolworth stole other people’s gift numbers and used them.

These are just the examples that made it into the news. Think about what you or your colleagues email on a daily basis and imagine if some of that made it into the wrong hands. No one wants to see the Ring in Saruman’s hands, so you don’t want your latest patent ideas in the in-boxes of your competitors. Most of your email data leaks remain hidden and unknown underground, much like Gollum with the Ring for all those years.

. . . and Paves the Way for Data Loss Prevention and Email Forensic Tools

Opportunity can also pave the way to greater email security. Many organizations already have the tools to do this but don’t use them. Microsoft Exchange and Exchange Online include data loss prevention (DLP), a feature designed to reduce your company’s exposure to risky email behavior.

DLP enables you to protect your company’s sensitive data from being sent via email and keeps you compliant with various regulations on the treatment of data such as social security numbers and credit card information. Here’s how DLP works:

  • DLP applies rules and content analysis (keyword and dictionary matches, regular expression evaluation) to outgoing emails.
  • If a violation is found, one of the following things can happen:
    • Exchange warns the user that the content may violate a DLP Policy (Policy Tip).
    • DLP blocks the user from sending the message and shows details of the DLP Policy violation.
    • Exchange tracks all policy tips and blocks in the messaging tracking log.

Any of the companies listed above could have implemented data loss prevention policies in Exchange for greater email security.

Data Loss Prevention in Microsoft Exchange – New eBook

The primary cause of data loss is not outsider attacks but employee mistakes. Email security and data leak prevention are part of any unified communications initiative. That’s why we’ve put together a new eBook called Data Loss Prevention in Microsoft Exchange. It explains DLP violations in detail, shows you how to prevent your sensitive data from leaving via email and includes screenshots covering both Exchange 2013 and Exchange 2016.

Tracking DLP violations or flags can be tricky. Gollum has spent too long underground with His Precious, and it’s time to shed light on the DLP policy violations and other unusual email behavior going on in your organization.

 

About the Author
Jennifer LuPiba
Office 365, Azure, Active Directory, Exchange, SharePoint, and Skype for Business are my life. First in product marketing and then in strategic planning, I've focused on the Microsoft stack and cloud...