Implementing Sensitivity Labels in Office 365
The average office can generate hundreds of new documents each month, but not all of them need to be safeguarded in the same way. Some documents might be public facing, such as sales brochures, while others might involve proprietary company information that should not be shared outside authorised personnel.
Mishandling of sensitive information or human error accounted for 34% of the data breaches reported to the Office of the Australian Information Commissioner (OAIC) between 1 April and 30 June 2019.
If documents aren’t properly marked or protected, it can be hard for organisations to restrict access or how and where they’re shared.
One excellent tool within Office 365 to help you classify information automatically and enact protections based upon those classification is using sensitivity labels.
What is an Office 365 Sensitivity Label?
A sensitivity label applied to an Office 365 document, is a tag that can then give you certain controls over the security of that document.
Three features of the sensitivity label are:
- It’s customisable so you can create your own security categories such as personal or public, or general, confidential, secret, etc.
- It’s in clear text, which allows third-party apps and services to also apply protected actions based upon the label.
- It’s persistent, meaning once the label is applied it follows that document in the metadata, even if the document is emailed.
Sensitivity labels can be created in Microsoft 365 Compliance Center, Microsoft 365 Security Center, or Office 365 Security & Compliance Center under Classification > Sensitivity labels. You can even generate a default set of Sensitivity Labels utilising Azure Information Protection Labels. You can read more about it here.
Benefits of Using Sensitivity Labels in Office 365
Sensitivity labels are dynamic and allow you to employ multiple document-based security protocols to help protect your data from misuse.
Once sensitivity labels are activated, they can be applied as content is being created, and you can even require users to apply a sensitivity label to their emails and documents.
Here are some of the reasons this is a feature that offers a big security advantage to companies of all types.
Get More Control Over Sensitive Emails with Encryption
When sending emails, you typically lose control over how that content is used once you hit send. But sensitivity labels will help you restrict access to sensitive emails your team sends them out.
You can set a policy that only allows users in a specific domain outside your organisation to review certain information. You can also time-limit the content availability, for example giving 7 days after the content is labeled before it’s encrypted and unreadable.
Custom watermarks, such as CONFIDENTIAL, help protect sensitive documents by alerting the reader to the classification. You can use as many as 255 characters to add additional descriptive text such as “do not copy or share this document.” In the header and footers, you have up to 1024 characters, except in Excel, which is 255.
Label Content Automatically
You never have to worry that a user isn’t labeling sensitive data correctly when you enable auto labeling. Auto labeling will detect sensitive content in emails and documents that match the parameters you’ve set up previously. The content is then automatically labeled with the correct sensitivity label.
You can set conditions based upon the types of data the content contains, such as labeling any content that uses a customer’s credit card number as “highly sensitive” and restricting the ability to share it. This helps eliminate user error as well as the need to go through extensive classification training.
Apply Data Loss Prevention
Microsoft 365 users can use endpoint protection in Microsoft Intune to enforce data loss prevention (DLP) policies based upon sensitivity labels. DLP helps prevent data leakage and can allow you to set safeguards such as:
- Prevent a company document from being emailed with a personal Gmail account
- Prevent content from being copied to Twitter or another 3rd party app
- Stop a file from being saved to a USB drive
View the Activity of Your Content
Say you have a particular document that you’d like to track the usage for. Even if it’s not sensitive, you can still apply a classification that will persist and follow the content as it’s used and shared. This will allow you to generate usage reports on that classification showing you all activity for your document.
Protect Your Content in Other Applications
Most organisations are using other cloud-based applications in addition to Office 365, and data may be shared in programs like SalesForce or DropBox. If you use Microsoft Cloud App Security, you can ensure the enforcement of your sensitivity label policies even if the third-party cloud service doesn’t support sensitivity labels.
Get the Most Out of Office 365 with GKM2
Are you fully utlising your Office 365 platform? GKM2 is a Microsoft Silver Cloud Partner and we can help you fully harness the power of Office 365. Whether it’s setting up sensitivity labels or reviewing your Secure Score for data security, we’ll help you take full advantage of your subscription.
Schedule an Office 365 consultation today by calling +61 2 9161 7171 or contacting us online.