Microsoft provides a host of productivity and data management solutions for RIAs. So it comes as no surprise that the tech giant also offers ways to protect its enterprise users from data loss. Microsoft Data Loss Prevention (DLP) is one prime example.
If you don’t know the term Data Loss Prevention - that’s ok. But it is something you should get to know. It’s a series of tools you can use to prevent the accidental or intentional sharing of information that you don’t want shared outside of your RIA.
The technology is sophisticated, but applying it to protect your clients and your firm isn’t complicated. In fact, it’s one of the items we cover in our list of 2021 IT priorities for RIAs. Your IT provider should be able to get you set up. If not, contact us and we can help.
How Microsoft DLP helps your RIA meet your meets SEC requirements
- It identifies sensitive data across locations.
For example, you can pull up all documents containing a specific credit card number, even if they are scattered across Outlook attachments, Word documents, Excel files, or Business Central records. As long as the data is saved in the OneDrive cloud, you will be able to find all instances of specific information on different applications.
- It prevents accidental sharing of data.
DLP’s data tools provide access control, and can even prevent emails from being sent out if needed. It’s a great way to ensure that only the necessary information is shared with certain people, especially to those outside the organization.
- It monitors and protects Office-based sensitive information.
DLP can automatically recognize sensitive information and apply the appropriate data policies to them. The system also provides continuous monitoring of such content, even when they’re shared and accessed on different Microsoft applications.
- It helps users stay compliant without interruptions.
Because the system automatically identifies sensitive data and applies the corresponding privacy policies to them, it can also automatically inform your staff of the ways specific data should be handled. For example, if an employee attempts to send a file containing sensitive information, the system can send them an email notification about the data they’re sending out.
- It will inform you of content that matches your organization’s DLP policies.
Alerts and reports are readily available via the DLP Alerts Management Dashboard. You’ll be able to view how well your organization is complying with DLP policies and see what your employees have reported with just a couple of keystrokes.
How does Microsoft DLP work?
Microsoft DLP is powered by policies, which dictate how certain types of files and information are handled and stored. Policies contain sets of conditions that sift through email messages, attachments, and files. These conditions contain mail flow rules, conditions, exceptions, and actions that users create in the Exchange Admin Center or EAC.
With Microsoft DLP, you can perform deep content analysis and classify sensitive data in a compliant, coherent, and powerful manner. By setting your keyword matching, dictionary matching, regular expression evaluations, and other content examination conditions, you’ll be able to thoroughly analyze which content meets organizational DLP policies and which don’t.
- Ability to define your own DLP policy
At the start, you’ll define the specific coverage of your DLP policy. It sounds daunting, but it isn’t.
Essentially, you define when and how your RIA’s content and data must be protected using a combination of Rules, Conditions, and Actions.
Rules enforce business requirements on your company’s content, and each Rule consists of Conditions and Actions. Conditions specify the object of the Rule (e.g., files that contain Social Security numbers) and the event that threatens this object (e.g., unauthorized access). If the Conditions of a Rule are met, these trigger an Action — an automated response for protecting the object.
To illustrate, if an unauthorized user tries to access files with Social Security numbers, DLP may respond by blocking all access to such files and sending an email notification to a compliance officer about the incident.
You can choose to protect information stored and used in Exchange Online, SharePoint Online, OneDrive, Teams, or all of the above.
Notifications, alerts, and incident reports
DLP provides administrators with notifications and corresponding override options (if applicable) so users can immediately learn about policies that cover their activities. For example, should a user attempt to send out a file containing sensitive information, DLP may block them from doing so. When this Action is taken, the program will send the user an email notification about it. This will also include a tip that allows them to override the policy if they have an acceptable justification.
The system also has an alert protocol wherein it will send an email to your compliance officer should a rule be violated. This alert email will also contain a link to the DLP Alerts Management Dashboard, where the incident report containing details of the event that triggered the alert can be accessed.
- Rule prioritization
DLP executes Rules by level of priority. By default, priority levels are defined by the order in which the rules were created. But you can always define the specific order your rules will be used. Also, the system ensures that the most restrictive actions are always performed. Rules that block access will always be performed over rules that simply send notifications.
Related article: How RIAs keep private data safe with data retention
The main feature of advanced settings is the rule editor. It gives you total control over all settings of your DLP policy. It even allows your admins to customize instance counts, match accuracy levels, and other conditions and modifiers to suit your unique business needs.
Make sure your RIA practice meets compliance regulations with Microsoft’s tried and tested data protection tools. Our experts are always at hand to assist with data loss prevention and more. Contact us today to have your system assessed.