How To Create a Data Loss Prevention Policy in Office 365 With Zero IT Experience

How To Create a Data Loss Prevention Policy in Office 365 With Zero IT Experience

All businesses, regardless of their size or function, need a strategy for contending with sudden and unexpected data loss. Microsoft has addressed this by creating Data Loss Prevention policies to combat security risks in today’s online, cloud-driven business world. For law firms, which routinely handle and store sensitive documents long term, a DLP is vital.

Why Do You Need a DLP?

There have been several high-profile hacks and data leaks in recent years. In fact, 2017 was the worst year on record for cybersecurity and 2018 may be even worse. Any company that produces, stores, or transmits sensitive information needs to ensure that the access and distribution of that information is protected.

In some cases, there are regulatory concerns to contend with. Financial, legal, and personal health-related information are all covered by various rules for maintaining compliance.
Hacks and attacks get the headlines, but many data leaks are not due to malicious intent. Accidental and inadvertent leaks are unfortunately common and something as simple as sending the wrong email to the wrong user can put your firm in serious risk.

It is estimated that each lost document costs a company over $100. That may sound like a small number, but consider how many files your company holds. For example, say you had 10 clients, each with 10 documents (which is likely a very low estimate) -- a breach would cost you $10,000. Now consider that most data leaks include hundreds, if not thousands of files. Suddenly, a loss of $100/document is very problematic.

But you needn’t worry, Office 365 makes it easy to create a data loss prevention policy, even if you have no prior IT experience.

Use a Template

If you don’t know where to begin, Office 365 has dozens of ready-made templates for you to choose from. Some templates are broad, allowing for a fair amount of customization; others are more specific to the regulatory needs of a specific industry.

If you process credit card information, you’ll find a policy that is geared toward PCI compliance. If you handle sensitive health information, you’ll find HIPAA-compliant policies as well.

Just open the Security & Compliance window from the Admin Center, select Data Loss Prevention, and then click Policy. Select your region and industry and there you go, a long list of pre-made options!

Set Rules And Conditions

Most templates will have preconditions set, however you can customize them to suit your needs. Rules are set up to both restrict access to specific types of files and records as well as determine how that information can be distributed and to whom.

Once rules are established, conditions and actions are next. The condition is the content that matches the rule. For example, your firm may be handling a case that includes sensitive health or financial documents. The condition could be something like anything that contains one or more bank account numbers.

Actions further define what happens as a result of the conditions being met. For example, restricting access to a document to a select group of users. Further actions can be set up, such as notifying the user attempting to access the file, automatically notifying others in your firm, and more.

Limit Productivity Loss

The main focus of any data loss prevention policy is to maintain compliance and security without restricting workflow and impeding productivity. As such, rules and conditions may need to be tweaked to ensure that your data is safe, but not at the cost of business continuity.

Often, beginners tend to label everything as sensitive. On the one hand, this can result in too many restrictions that negatively impact workflow. On the other hand, you don’t want to go the other way where information that is sensitive is freely accessible.

It’s a Goldilocks scenario where too much and too little is bad, but striking a balance is just right.

Need a Hand?

Office 365 makes it easy to set up and administer your data loss prevention policy. However, if you still need a hand, contact Legal Imaging. Our document services can help you with scanning, securing, and archiving your important documents as well as help get everything you need ready by your trial date.

Contact us today for our FREE Practice Management Assessment and see how Legal Imaging can help your firm run more smoothly.