The Importance of Secure File Sharing

Businesses need to share information, but they have to make sure it doesn’t get into the wrong hands. The consequences of a leak can range from embarrassment to legal penalties. Some ways of sharing files obviously aren’t secure. Others may give the impression of security but aren’t up to business standards. File security requires transferring […]

Read More

Azure Information Protection (Day 4)

This the fourth in a series of posts documenting our experiences and impressions with Azure Information Protection. I’m pleased to report that we made a ton of progress today! We took a break from writing the series because we ran into issues with the Security and Compliance console that stopped our progress. I will say […]

Read More

NIST 800-171 Compliance

We’re way past the December 31, 2017 deadline for NIST 800-171 compliance, but not all businesses offering services and products to the U.S. government have developed the capabilities (technology, personnel, and experience) necessary to comply with the standard. Non-compliant federal contractors are in breach of the protocol, and they risk missing out on future government […]

Read More

Azure Information Protection (Day 3)

This is the third in a series of posts documenting our experiences and impressions with Azure Information Protection. Today we wanted to use Office 365 Data Loss Prevention (DLP) to map AIP classification labels applied within an external domain to labels defined within our domain. The use case for this is a customer or partner […]

Read More

Azure Information Protection (Day 2)

This is the second in a series of posts documenting our experiences and impressions with Azure Information Protection. Here are a few things we learned today: The Policy setting “All documents and emails must have a label (applied automatically or by users)” should be disabled. When doing manual classification of emails and files, forcing users […]

Read More

Azure Information Protection (Day 1)

This is the first installment of a 4-part series chronicling our efforts to configure and use Azure Information Protection for sensitive data in our Office 365 tenancy. AIP Microsoft’s suite of advanced security capabilities for Office 365 (and, sometimes, legacy on-premises environments). The concept is simple: manually or automatically classify files and emails and then […]

Read More

5 Best Practices for Employee Data Privacy

As a member of your Human Resources department, no doubt you already have a clear idea of the importance of the privacy of employees’ personal information. If scam artists can wreak havoc with a single voided check or credit card number, it’s not hard to imagine the harm they can do with the motherlode of […]

Read More

Discovering and Identifying Sensitive Data

The exposure of sensitive data in documents can create serious problems. Some types of information, such as Tax File Numbers (or other national identification number) and credit card numbers, are inherently sensitive. They always need to be kept out of public documents, and any internal documents that hold them need protection. Regulations and contractual obligations […]

Read More

Adding Data Security to Your Off-Boarding Checklist

Every time an employee leaves the company, whether willingly or unwillingly, HR has a checklist to complete. Not only are you responsible for coordinating their departure and replacement with their team, supervisor, and subordinates, but there is also an incredible amount of data management to do. This was one of your flock, one of the […]

Read More

Lessons from the OPM Data Breach

In 2015, the US government’s Office of Personnel Management (OPM) reported data breaches that affected millions of applicants and employees. It was the worst data breach in history in a human resources department. Most of the news coverage focused on the politics of the attack, which came from China. From the standpoint of HR departments, […]

Read More